A law to ban TikTok in the United States by Sunday was upheld by the Supreme Court in a ruling Friday morning that emphasized national security concerns over the app’s collection of US citizens’ data.
The ruling could set the stage for future regulations regarding the collection of data by foreign-owned companies and furthers the US’ crackdown on technologies from foreign adversary countries like China and Russia.
“It sets a precedent or upholds the precedent that an organization that has ties to a designated foreign adversary should be banned. I think we could see this used for other organizations if the government actually enforces it, which is in limbo,” said Dustin Sachs, chief technologist and senior director of programs at CyberRisk Alliance.
TikTok is owned by ByteDance, which is headquartered in China and subject to Chinese law that requires it to give the Chinese government “power to access and control private data” held by the company, the ruling notes.
The app has approximately 170 million users in the United States, and collects data including device information, location, usage information and message contents; it can also access information about a user’s phone and social network contacts with the user’s permission.
In April, Congress passed the Protecting Americans from Foreign Adversary Controlled Applications Act, which would effectively ban TikTok and other “foreign adversary controlled” applications and websites in the United States.
Other than TikTok, the law would apply to other apps with more than a million monthly active users that allow users to generate, share and view content, are “controlled by a foreign adversary” and are “determined by the President to present a significant threat to the national security of the United States.”
TikTok can only continue to operate in the United States if ByteDance divests from the application and the president determines it is “no longer being controlled by a foreign adversary.”
While TikTok has denied sharing US users’ information with the Chinese government, proponents of the law argue the government’s authority over ByteDance could lead to vast amounts of information on US citizens being used for intelligence operations and espionage by the foreign adversary.
TikTok, in its petition asking the Supreme Court to block the law, argued that the law would impede free speech, and that less restrictive alternatives such as disclosure requirements, data sharing restrictions and a proposed national security agreement would be sufficient to address the security concerns.
The justices disagreed with the First Amendment argument, ruling that law was “content neutral,” that the national security concerns addressed by the law were warranted and that the law’s focus on TikTok was justified by the vast extent of data collected by the app.
“If you peel back all the politics, international negotiations, and social media hype, the TikTok ban came from genuine concerns about privacy and national security. To say that banning one platform will permanently affect free speech seems like a stretch. The fickle social media market will quickly find many alternative ways to share content and amuse themselves,” said Willy Leichter, chief marketing officer at AppSOC, in an email to SC Media. “Assuming this ruling doesn’t get watered down by the Trump administration, it’s an example of pursuing and acting upon serious security issues.”
The law will require TikTok to be removed from app stores and websites in the United States beginning on January 19, 2025, although President Joe Biden said he does not plan to enforce the law on his last day in office, according to the Associated Press. President-elect Donald Trump has said he plans to work out a solution that allows TikTok to remain available in the United States.
Sachs noted in previous coverage of the TikTok case for SC Media that the ruling could have implications not only for foreign-owned companies, but also for US companies that work with partners and vendors in other countries.
“CISOs should review technology stacks, conduct thorough vendor risk assessments, and implement strategies to mitigate supply chain risks,” Sachs wrote. “Organizations interacting with foreign-owned technologies could face heightened scrutiny, compelling CISOs to enhance security controls and incident response plans.”
The US government has recently been cracking down on the sale of technologies originating from foreign adversary countries, as critical infrastructure attacks and espionage by foreign adversary threat actors like China’s Volt Typhoon and Russia’s APT29 put the nation’s cyber defenders on high alert.
Last June, the US banned the Russia-based security company Kaspersky from selling its products in the country due to alleged ties to the Russian government. And earlier this month, the U.S. Commerce Department issued a final rule that will forbid Chinese and Russian software and hardware from being used in US passenger vehicles by 2027 and 2030, respectively.
