TikTok Proposes Robust National Security Measures as Viable Alternative to Banning

E. Congress Disregarded Alternatives to Banning TikTok, Such as the National Security Measures Petitioners Negotiated with the Executive Branch.

41. Petitioners have demonstrated a commitment to addressing both of those concerns without the need to resort to the drastic, unconstitutional step of shuttering one of the most widely used forums for speech in the United States. The 90-page draft National Security Agreement that Petitioners developed with CFIUS would, if implemented, provide U.S. TikTok users with protections more robust than those employed by any other widely used online platform in the industry.

42. The draft National Security Agreement contains several means of ensuring data security without banning TikTok. All protected U.S. user data (as defined in the National Security Agreement) would be safeguarded in the United States under a special corporate structure: TikTok U.S. Data Security (a new subsidiary of TikTok Inc.). A special board, with Security Directors whose appointment would be subject to the U.S. government’s approval, would oversee TikTok U.S. Data Security, and in turn exclude ByteDance and all of its other subsidiaries and affiliates from such responsibilities. Further separation between the U.S. TikTok business and ByteDance subsidiaries and affiliates, including TikTok in the rest of the world, would be achieved by appointing a U.S.-government-approved Security Director to the board of TikTok Inc. Protected U.S. user data would be stored in the cloud environment of a U.S.-government-approved partner, Oracle Corporation, with access to such data managed by TikTok U.S. Data Security.

43. The draft Agreement would also protect against the concern about content manipulation and propaganda. Multiple layers of protection address concerns related to content available on the TikTok platform, including ensuring that all content moderation — both human and algorithmic — would be subject to third-party verification and monitoring. The concern about content manipulation would also be addressed by securing all software code through Oracle Corporation, a U.S. trusted technology provider. The TikTok U.S. platform and application would be deployed through the Oracle cloud infrastructure and subject to source code review and vetting by Oracle with another U.S.-government-approved third party responsible for conducting security inspections. As part of this process, Oracle and third parties approved by CFIUS would conduct independent inspections of the TikTok recommendation engine.

44. The draft Agreement also includes strict penalties for noncompliance, including a “shut-down option,” giving the government the authority to suspend TikTok in the United States in response to specified acts of noncompliance. The Agreement also provides significant monetary penalties and other remedies for noncompliance.

45. Although the government has apparently abandoned the draft National Security Agreement, Petitioners have not. TikTok Inc. has begun the process of voluntarily implementing the National Security Agreement’s provisions to the extent it can do so without the U.S. government’s cooperation, including by incorporating and staffing the TikTok U.S. Data Security entity, and by partnering with Oracle Corporation on the migration of the U.S. platform and protected U.S. user data to Oracle’s cloud environment.

46. To date, Petitioners have spent more than $2 billion to implement these measures and resolve the very concerns publicly expressed by congressional supporters of the Act — all without the overbroad and unconstitutional method of an outright ban.