About three years ago, my then-seven-year-old brother asked me to film him dancing on my phone. I watched as he performed the 'floss', a dance move made popular by the 2017 hit video game Fortnite. He took my phone and uploaded it to an app that he and his friends were using to share short dance videos.
At this point you may be asking why this is even remotely relevant to IFLR, and you wouldn’t be remiss for doing so - but stick with me. The app was TikTok.
I did my due diligence at the time and ran a quick background check on the app. I found that it was owned by Chinese company ByteDance, the $100 billion valued internet conglomerate most famous for its content platform, Toutiao.
This was the first I had heard of TikTok, but certainly not the last. My initial concern was for my brother's safety: why was a seven-year-old in France uploading videos to a Chinese video sharing website?
These concerns were seemingly warranted. Three years on and TikTok is the app everyone is talking about, for all the wrong reasons. Like Huawei before it, TikTok has faced intense scrutiny from the US government on the grounds of national security. Strange as that may sound for an application intended to allow Gen-Z to share dance moves with each other.
According to US national security, this is not all the app does. Critics maintain that it is harvesting data from across the US and the rest of the world, giving China valuable information at the expense of its millions of users. This idea has spread rapidly: in July, Congress voted overwhelmingly in favour of banning the app from use on federal devices.
On August 6, things became so heated that President Donald Trump signed an executive order addressing the inherent threat to US national security. "Specifically, the spread in the United States of mobile applications developed and owned by companies in the People’s Republic of China continues to threaten the national security, foreign policy, and economy," it reads.
"At this time, action must be taken to address the threat posed by one mobile application in particular: TikTok."
Claiming that the app has been downloaded 175 million times, the executive order suggests that TikTok automatically captures huge amounts of information from users, including internet and other network activity information such as location data and browsing and search histories.
"This data collection threatens to allow the Chinese Communist Party access to Americans’ personal and proprietary information - potentially allowing China to track the locations of federal employees and contractors, build dossiers of personal information for blackmail, and conduct corporate espionage," it continued.
Trump's executive order prohibits US companies from doing business with TikTok after September 20, which would effectively see it removed from the app stores of Apple and Google.
Shortly afterwards it was announced that Microsoft was in talks to acquire the US assets of TikTok - which would separate US users from ByteDance and – accordingly – protect US national security, ratified by Donald Trump.
Soon after, Treasury Secretary Steven Mnuchin confirmed that the Committee on Foreign Investment in the United States (CFIUS) was scrutinising the deal to ensure it does not present any additional risk. Originally intended to monitor acquisitions of US companies by companies hailing from countries designated as a threat to the US, this is an extension of CFIUS' usual modus operandi.
The apparent concern is that ByteDance and ipso facto the Chinese government will maintain some form of control over TikTok even after the acquisition is complete.
The importance of this cannot be underplayed. If TikTok presents as much of a danger to US national security as the White House, Congress, CFIUS and many others have suggested, it is crucial to ensure that the utmost care goes into every aspect of the acquisition.
Cybersecurity issues have never been closer to the surface of public debate. Whether it be Microsoft or another acquirer, ensuring that the former parent company relinquishes control will be a difficult task, either via technology or board membership.
It would be incredibly difficult for the eventual acquirer – even if it is a company with the technical prowess of Microsoft – to prove that the eventual spinoff will be a distinct corporate entity from its former parent. Ensuring that code within the application itself or embedded within its user data does not contain any spyware or delayed reaction malware will be incredibly difficult.
Given the situation, what seems more likely is that the application is removed from the marketplace altogether. The backlash this act would receive from the country's teenagers would be immense, but if suggestions of espionage are correct, it would be better for the country's national security in the long run.