Category: TikTok Meltdown

Good News for TikTok Users: The PRC Definitely Isn’t Interested in Your Data (Just the Global Internet Backbone, Apparently)

If you’re a TikTok user who has ever worried, even a tiny bit, that the People’s Republic of China might have an interest in your behavior, preferences, movements, or social graph, take heart. A newly released Joint Cybersecurity Advisory from intelligence agencies in the United States, Canada, the U.K., Australia, New Zealand, and a long list of allied intelligence agencies proves beyond any shadow of a doubt that the PRC is far too busy compromising the world’s telecommunications infrastructure to care about your TikTok “For You Page.”

Nothing to see here. Scroll on.

For those who like their reassurance with a side of evidence, the advisory—titled “Countering Chinese State Actors’ Compromise of Networks Worldwide to Feed Global Espionage System”—is one of the clearest, broadest warnings ever issued about a Chinese state-sponsored intrusion campaign. And, because the agencies involved designated it as not sensitive and may be shared publicly without restriction (TLP:CLEAR), you can read it yourself.

The World’s Telecom Backbones: Now Featuring Uninvited Guests

The intel agency advisory describes a “Typhoon class” global espionage ecosystem run through persistent compromises of backbone routers, provider-edge and customer-edge routers, ISP and telecom infrastructure, transportation networks, lodging and hospitality systems, government and military-adjacent networks.

This is not hypothetical. The advisory includes extremely detailed penetration chains: attackers exploit widely known “Common Vulnerabilities and Exposures” (CVEs) in routers, firewalls, VPNs, and management interfaces, then establish persistence through configuration modifications, traffic mirroring, injected services, and encrypted tunnels. This lets them monitor, redirect, copy, or exfiltrate traffic across entire service regions.

Put plainly: if your internet service provider has a heartbeat and publicly routable equipment, the attackers have probably knocked on the door. And for a depressingly large number of large-scale network operators, they got in.

This is classical intelligence tradecraft. The PRC’s immediate goal isn’t ransomware. It’s not crypto mining. It’s not vandalism. It’s good old-fashioned espionage: long-term access, silent monitoring, and selective exploitation.

What They’re Collecting: Clues About Intent

The advisory makes the overall aim explicit: to give PRC intelligence the ability to identify and track targets’ communications and movements worldwide.

That includes metadata on calls, enterprise-internal communications, hotel and travel itineraries, traffic patterns for government and defense systems, persistent vantage points on global networks.

This is signals intelligence (SIGINT), not smash-and-grab.

And importantly: this kind of operation requires enormous intelligence-analytic processing, not a general-purpose “LLM training dataset.” These are targeted, high-value accesses, not indiscriminate web scrapes. The attackers are going after specific information—strategic, diplomatic, military, infrastructure, and political—not broad consumer content.

So no, this advisory is not about “AI training.” It is about access, exfiltration, and situational awareness across vital global communications arteries.

Does This Tell Us Anything About TikTok?

Officially, no. The advisory never mentions TikTok, ByteDance, or consumer social media apps. It is focused squarely on infrastructure.

But from a strategic-intent standpoint, it absolutely matters. Because when you combine:

1. Global telecom-layer access
2. Persistent long-term SIGINT footholds
3. The PRC’s demonstrated appetite for foreign behavioral data
4. The existence of the richest behavioral dataset on Earth—TikTok’s U.S. user base

—you get a coherent picture of the intelligence ecosystem the Chinese Communist Party is building on…I guess you’d have to say “the world”.

If a nation-state is willing to invest years compromising backbone routers, it is not a stretch to imagine what they could do with a mobile app installed on the phones of oh say 170 million Americans to pick a random number that conveniently collects social graphs, location traces, contact patterns, engagement preferences, political and commercial interests that are visible in the PRC.

But again, don’t worry. The advisory suggests only that Chinese state actors have global access to the infrastructure over which your TikTok traffic travels—not that they would dare take an interest in the app itself. And besides, the TikTok executives swore under oath to the U.S. Congress that it didn’t happen that way so it must be true.

After all, why would a government running a worldwide intrusion program want access to the largest behavioral-data sensor array outside the NSA?

If you still believe the PRC is nowhere near TikTok’s data, then this advisory will reassure you: it’s just a gentle reminder that Chinese state actors are burrowed into global telecom backbones, hotel networks, transportation systems, and military-adjacent infrastructure—pure souls simply striving to make sure your “For You” page loads quickly.

After all, why would a government running a worldwide network-intrusion program have any interest in the richest behavioral dataset on Earth?

TikTok After Xi’s Qiushi Article: Why China’s Security Laws Are the Whole Ballgame

Xi Jinping’s new article in Qiushi (the Chinese Communist Party Central Committee’s flagship theoretical public policy journal) repackages a familiar message: China will promote the “healthy and high-quality development” of the private economy, but under the leadership of the Chinese Communist Party. This is expressed in China’s statutory law as the “Private Economy Promotion Law.”  And of course we have to always remember that under the PRC “constitution,” statutes are primarily designed to safeguard the authority and interests of the Chinese Communist Party (CCP) rather than to protect the rights and privileges of individuals—because individuals don’t really have any protections against the CCP.  

For U.S. policymakers weighing what to do about TikTok, this is not reassuring rhetoric in my view. It is instead a reminder that, in China, private platforms ultimately operate within a legal-and-political framework that gives state-security organs binding powers over companies, the Chinese people, and their data.

According to the South China Morning Post:

In another show of support for China’s private sector, Beijing has released the details of a speech from President Xi Jinping which included vows the country would guarantee a level playing field for private firms, safeguard entrepreneurs’ lawful rights and interests, and step up efforts to solve their long-standing challenges, including overdue payments.

The full address, delivered in February to a group of China’s leading entrepreneurs, had not been made available to the public before Friday, when Qiushi – the ruling Communist Party’s theoretical journal – posted a transcript on its website.

“The policies and measures to promote the development of the private economy must be implemented in a solid and thorough manner,” Xi said in February. “Whatever the party Central Committee has decided must be resolutely carried out – without ambiguity, delay, or compromise

I will try to explain why the emphasis of Xi’s policy speech matters, and why the divest-or-ban logic for TikTok under US law (and it is a law) remains intact regardless of what may seem like “friendly” language about private enterprise.  It’s also worth remembering that whatever the result of the TikTok divestment may be, it’s just another stop along the way in the Sino-American struggle­—or something more kinetic.  As Clausewitz wrote in his other famous quotation, the outcomes produced by war are never final. (See Book I Chapter 1 aka the good stuff.)  Even the most decisive battlefield victory may have no lasting political achievement.  As we have seen time and again, the termination of one conflict often produces the necessary conditions for future conflict.

What Xi’s piece actually signals

Xi’s article combines pro-private-sector language (property-rights protection, market access, financing support) with an explicit call for Party leadership and ideological guidance in the private economy. In other words, the promise is growth within control, and not just any control but the control of the Party. There is no carve‑out from national-security statutes, no “TikTok exemption,” and no suggestion that private firms can decline cooperation when state-security laws apply consistent with China’s “unrestricted warfare” doctrine.

Recall that the CCP has designated the TikTok algorithm as a strategic national asset, and “national” in this context and the context of Xi’s article means the Chinese Communist Party of which Xi is President-for-Life.  This brother is not playing.

The laws that define the TikTok Divestment risk (not the press releases)

The core concern about TikTok is jurisdiction, or the CCP’s extra-territorial jurisdiction, a concept we don’t fully comprehend. Xi’s Qiushi article promises support for private firms under Party leadership. That means that the National Intelligence Law, Cybersecurity Law, Counter‑Espionage Law, and China’s data‑export regime remain in force and are controlling authority over companies like TikTok. For U.S. reviewers like CIFIUS, that means ByteDance‑controlled TikTok is, by design, subject to compelled, confidential cooperation with state‑security organs. 

As long as the TikTok platform and algorithm is ultimately controlled by a company subject to the CCP’s security laws, U.S. reviewers correctly assume those laws can reach the service, even if operations are partly localized abroad. MTP readers will recall the four pillars of China’s statutory security regime that matter most in this context, being:

National Intelligence Law (2017). Requires all organizations and citizens to support, assist, and cooperate with state intelligence work, and to keep that cooperation secret. Corporate policies and NDAs do not trump statutory duties, especially in the PRC.

Cybersecurity Law (2017). Obligates “network operators” to provide technical support and assistance to public‑security and state‑security organs, and sets the baseline for security reviews and Multi‑Level Protection (MLPS) obligations.

Counter‑Espionage Law (2023 amendment). Broadens the scope of what counts as “espionage” to include data, documents, and materials related to national security or the “national interest,” increasing the zone where requests can be justified.

Data regime (Data Security Law (DSL)Personal Information Protection Law (PIPL), and the Cyberspace Administration of China (CAC) regulatory measures). Controls cross‑border transfers through security assessments or standard contracts and allows denials on national‑security grounds. Practically, many datasets can’t leave China without approval—and keys/cryptography used onshore must follow onshore rules.

None of the above is changed by the Private Economy Promotion Law or by Xi’s supportive tone toward entrepreneurs. The laws remain superior in any conflict such as the TikTok divest-or-ban law.

It is these laws that are at the bottom of U.S. concerns about TikTok’s data scraping–it is, after all, spyware with a soundtrack.  There’s a strong case to be made that U.S. artists, songwriters, creators and fans are all dupes of TikTok as a data collection tool  in a country that requires its companies to hand over to the Ministry of State Security all it needs to support the intelligence mission (MSS is like the FBI and CIA in one agency with a heavy ration of FSB).

Zhang Yiming, founder of ByteDance and former public face of TikTok, stepped down as CEO in 2021 but remains Chairman and key shareholder. He controls more than half of the company’s voting rights and retains about a 21% stake. That also makes him China’s richest man. Though low-profile publicly, he is actively guiding ByteDance’s AI strategy and long-term direction. Mr. Zhang does not discuss this part.  It should come as no surprise–according to his Wikipedia page, Mr. Zhang understands what happens when you don’t toe the Party line:

ByteDance’s first app, Neihan Duanzi, was shut down in 2018 by the National Radio and Television Administration. In response, Zhang issued an apology stating that the app was “incommensurate with socialist core values“, that it had a “weak” implementation of Xi Jinping Thought, and promised that ByteDance would “further deepen cooperation” with the ruling Chinese Communist Party to better promote its policies.

ByteDance’s AI strategy is built on aggressive large-scale data scraping including from TikTok. Its proprietary crawler, ByteSpider, dominates global web-scraping traffic, collecting vast amounts of content at speeds far beyond rivals like OpenAI. This raw data fuels TikTok’s recommendation engine and broader generative AI development, giving ByteDance rapid adaptability and massive training inputs. Unlike OpenAI, which emphasizes curated datasets, ByteDance prioritizes scale, velocity, and real-time responsiveness, integrating insights from TikTok user behavior and the wider internet. This approach positions ByteDance as a formidable AI competitor, leveraging its enormous data advantage to strengthen consumer products, expand generative AI capabilities, and consolidate global influence.

I would find it very, very hard to believe that Mr. Zhang is not a member of the Chinese Communist Party, but in any event he understands very clearly what his role is under the National Intelligence Law and related statutes.  Do you think that standing up to the MSS to protect the data privacy of American teenagers is consistent with “Xi Jinping Thought”?

Why this makes TikTok’s case harder, not easier

For Washington, the TikTok problem is not market access or entrepreneurship. It’s the data governance chain. Xi’s article underscores that private firms are expected to align with the Party Center’s decisions and to embed Party structures. Combine that political expectation with the statutory duties described above, and you get a simple inference: if China’s security services want something—from data access to algorithmic levers—ByteDance and its affiliates are obliged to give it to them or at least help, and are often barred from disclosing that help.

That’s why divestiture has become the U.S. default: the only durable mitigation against TikTok is to place ownership and effective control outside PRC legal reach, with clean technical and organizational separation (code, data, keys, staffing, and change control). Anything short of that leaves the fundamental risk untouched.

Where the U.S. law and process fit

Congress’s divest‑or‑ban statute requires TikTok to be controlled by an entity not subject to PRC direction, on terms approved by U.S. authorities. Beijing’s export‑control rules on recommendation algorithms make a full transfer difficult if not impossible; that’s why proposals have floated a U.S. “fork” with separate code, ops, and data. But Xi’s article doesn’t move the ball: it simply reinforces that CCP jurisdiction over private platforms is a feature, not a bug, of the system.

Practical implications (policy and product)

For policymakers: Treat Xi’s article as confirmation that political control and security statutes are baked in. Negotiated “promises” won’t outweigh legal duties to assist intelligence work. Any compliance plan that assumes voluntary transparency or a “hands‑off” approach is fragile by design.

For platforms: If you operate in China, assume compelled and confidential cooperation is possible and in this case almost a certainty if it hasn’t already happened. Architect China operations as least‑privilege, least‑data environments; segregate code and keys; plan for outbound data barrrers as a normal business condition.

For users and advertisers: The risk discussion is about governance and jurisdiction, not whether a particular management team “would never do that.” They would.  Corporate intent can’t override state legal authority particularly when the Party’s Ministry of State Security is doing the asking.

Now What?

Xi’s article does not soften TikTok’s regulatory problem in the United States. If anything, it sharpens it by reiterating that the private economy advances under the Party’s direction, never apart from it. When you combine Mr. Zhang’s role with Bytedance in China’s AI national champions, it’s pretty obvious whose side TikTok is on.

Wherever the divest-or-ban legislation ends up, it will inevitably set the stage for the next conflict.  If I had to bet today, my bet is that Xi has no intention of making a deal with the US that involves giving up the TikTok algorithm in violation of the Party’s export-control rules and access to US user data for AI training.

The Duty Comes From the Data: Rethinking Platform Liability in the Age of Algorithmic Harm

For too long, dominant tech platforms have hidden behind Section 230 of the Communications Decency Act, claiming immunity for any harm caused by third-party content they host or promote. But as platforms like TikTok, YouTube, and Google have long ago moved beyond passive hosting into highly personalized, behavior-shaping recommendation systems, the legal landscape is shifting in the personal injury context. A new theory of liability is emerging—one grounded not in speech, but in conduct. And it begins with a simple premise: the duty comes from the data.

Surveillance-Based Personalization Creates Foreseeable Risk

Modern platforms know more about their users than most doctors, priests, or therapists. Through relentless behavioral surveillance, they collect real-time information about users’ moods, vulnerabilities, preferences, financial stress, and even mental health crises. This data is not inert or passive. It is used to drive engagement by pushing users toward content that exploits or heightens their current state.

If the user is a minor, a person in distress, or someone financially or emotionally unstable, the risk of harm is not abstract. It is foreseeable. When a platform knowingly recommends payday loan ads to someone drowning in debt, promotes eating disorder content to a teenager, or pushes a dangerous viral “challenge” to a 10-year-old child, it becomes an actor, not a conduit. It enters the “range of apprehension,” to borrow from Judge Cardozo’s reasoning in Palsgraf v. Long Island Railroad (one of my favorite law school cases). In tort law, foreseeability or knowledge creates duty. And here, the knowledge is detailed, intimate, and monetized. In fact it is so detailed we had to coin a new name for it: Surveillance capitalism.

Algorithmic Recommendations as Calls to Action

Defenders of platforms often argue that recommendations are just ranked lists—neutral suggestions, not expressive or actionable speech. But I think in the context of harm accruing to users for whatever reason, speech misses the mark. The speech argument collapses when the recommendation is designed to prompt behavior. Let’s be clear, advertisers don’t come to Google because speech, they come to Google because Google can deliver an audience. As Mr. Wanamaker said, “Half the money I spend on advertising is wasted; the trouble is I don’t know which half.” If he’d had Google, none of his money would have been wasted–that’s why Google is a trillion dollar market cap company.

When TikTok serves the same deadly challenge over and over to a child, or Google delivers a “pharmacy” ad to someone seeking pain relief that turns out to be a fentanyl-laced fake pill, the recommendation becomes a call to action. That transforms the platform’s role from curator to instigator. Arguably, that’s why Google paid a $500,000,000 fine and entered a non prosecution agreement to keep their executives out of jail. Again, nothing to do with speech.

Calls to action have long been treated differently in tort and First Amendment law. Calls to action aren’t passive; they are performative and directive. Especially when based on intimate surveillance data, these prompts and nudges are no longer mere expressions—they are behavioral engineering. When they cause harm, they should be judged accordingly. And to paraphrase the gambling bromide, the get paid their money and they takes their chances.

Eggshell Skull Meets Platform Targeting

In tort law, the eggshell skull rule (Smith v. Leech Brain & Co. Ltd. my second favorite law school tort case) holds that a defendant must take their victim as they find them. If a seemingly small nudge causes outsized harm because the victim is unusually vulnerable, the defendant is still liable. Platforms today know exactly who is vulnerable—because they built the profile. There’s nothing random about it. They can’t claim surprise when their behavioral nudges hit someone harder than expected.

When a child dies from a challenge they were algorithmically fed, or a financially desperate person is drawn into predatory lending through targeted promotion, or a mentally fragile person is pushed toward self-harm content, the platform can’t pretend it’s just a pipeline. It is a participant in the causal chain. And under the eggshell skull doctrine, it owns the consequences.

Beyond 230: Duty, Not Censorship

This theory of liability does not require rewriting Section 230 or reclassifying platforms as publishers although I’m not opposed to that review. It’s a legal construct that may have been relevant in 1996 but is no longer fit for purpose. Duty as data bypasses the speech debate entirely. What it says is simple: once you use personal data to push a behavioral outcome, you have a duty to consider the harm that may result and the law will hold you accountable for your action. That duty flows from knowledge, very precise knowledge that is acquired with great effort and cost for a singular purpose–to get rich. The platform designed the targeting, delivered the prompt, and did so based on a data profile it built and exploited. It has left the realm of neutral hosting and entered the realm of actionable conduct.

Courts are beginning to catch up. The Third Circuit’s 2024 decision in Anderson v. TikTok reversed the district court and refused to grant 230 immunity where the platform’s recommendation engine was seen as its own speech. But I think the tort logic may be even more powerful than a 230 analysis based on speech: where platforms collect and act on intimate user data to influence behavior, they incur a duty of care. And when that duty is breached, they should be held liable.

The duty comes from the data. And in a world where your data is their new oil, that duty is long overdue.

The OBBBA’s AI Moratorium Provision Has Existential Constitutional Concerns and Policy Implications

As we watch the drama of the One Big Beautiful Bill Act play out there’s a plot twist waiting in the wings that could create a cliffhanger in the third act: The poorly thought out, unnecessary and frankly offensive AI moratorium safe harbor that serves only the Biggest of Big Tech that we were gifted by Adam Theirer of the R Street Institute.

The latest version of the AI moratorium poison pill in the Senate version of OBBBA (aka HR1) reads something like this:

The AI moratorium provision within the One Big Beautiful Bill Act (OBBBA) reads like the fact pattern for a bar exam crossover question. The proposed legislation raises significant Constitutional and policy concerns. Before it even gets to the President’s desk, the legislation likely violates the Senate’s Byrd Rule that allows the OBBBA to avoid the 60 vote threshold (and the filibuster) and get voted on in “reconciliation” on a simple majority. The President’s party has a narrow simple majority in the Senate so if it were not for the moratorium the OBBBA should pass.

There are lots of people who think that the moratorium should fail the “Byrd Bath” analysis because it is not “germane” to the budget and tax process required to qualify for reconciliation. This is important because if the Senate Parliamentarian does not hold the line on germaine-ness, everyone will get into the act for every bill simply by attaching a chunk of money to your favorite donor, and that will not go over well. According to Roll Call, Senator Cruz is already talking about introducing regulatory legislation with the moratorium, which would likely only happen if the OBBBA poison pill was cut out:

The AI moratorium has already picked up some serious opponents in the Senate who would likely have otherwise voted for the President’s signature legislation with the President’s tax and spending policies in place. The difference between the moratorium and spending cuts is that money is fungible and a moratorium banning states from acting under their police powers really, really, really is not fungible at all. The moratorium is likely going to fail or get close to failing, and if the art of the deal says getting 80% of something is better than 100% of nothing, that moratorium is going to go away in the context of a closing. Maybe.

And don’t forget, the bill has to go back to the House which passed it by a single vote and there are already Members of the House who are getting buyers remorse about the AI moratorium specifically. So when they get a chance to vote again…who knows.

Even if it passes, the 40 state Attorneys General who oppose it may be gearing up to launch a Constitutional challenge to the provision on a number of grounds starting with the Tenth Amendment, its implications for federalism, and other Constitutional issues that just drip out of this thing. And my bet is that Adam Thierer will be eyeball witness #1 in that litigation.

So to recap the vulnerabilities:

Byrd Rule Violation

The Byrd Rule prohibits non-budgetary provisions in reconciliation bills. The AI moratorium’s primary effect is regulatory, not fiscal, as it preempts state laws without directly impacting federal revenues or expenditures. Senators, including Ed Markey (D-MA) as reported by Roll Call, have indicated intentions to challenge the provision under the Byrd Rule. The Hill reports:

Federal Preemption, the Tenth Amendment and Anti-Commandeering Doctrine

The Tenth Amendment famously reserves powers not delegated to the federal government to the states and to the people (remember them?). The constitutional principle of “anticommandeering” is a doctrine under U.S. Constitutional law that prohibits the federal government from compelling states or state officials to enact, enforce, or administer federal regulatory programs.

Anticommandeering is grounded primarily in the Tenth Amendment. Under this principle, while the federal government can regulate individuals directly under its enumerated powers (such as the Commerce Clause), it cannot force state governments to govern according to federal instructions. Which is, of course, exactly what the moratorium does, although the latest version would have you believe that the feds aren’t really commandeering, they are just tying behavior to money which the feds do all the time. I doubt anyone believes it.

The AI moratorium infringes upon the good old Constitution by:

  • Overriding State Authority: It prohibits states from enacting or enforcing AI regulations, infringing upon their traditional police powers to legislate for the health, safety, and welfare of their citizens.
  • Lack of Federal Framework: Unlike permissible federal preemption, which operates within a comprehensive federal regulatory scheme, the AI moratorium lacks such a framework, making it more akin to unconstitutional commandeering.
  • Precedent in Murphy v. NCAA: The Supreme Court held that Congress cannot prohibit states from enacting laws, as that prohibition violates the anti-commandeering principle. The AI moratorium, by preventing states from regulating AI, mirrors the unconstitutional aspects identified in Murphy. So there’s that.

The New Problem: Coercive Federalism

By conditioning federal broadband funds (“BEAD money”) on states’ agreement to pause AI regulations , the provision exerts undue pressure on states, potentially violating principles established in cases like NFIB v. Sebelius. Plus, the Broadband Equity, Access, and Deployment (BEAD) Program is a $42.45 billion federal initiative established under the Infrastructure Investment and Jobs Act of 2021. Administered by the National Telecommunications and Information Administration (NTIA), BEAD aims to expand high-speed internet access across the United States by funding planning, infrastructure deployment, and adoption programs. In other words, BEAD has nothing to do with the AI moratorium. So there’s that.

Supremacy Clause Concerns

The moratorium may conflict with existing state laws, leading to legal ambiguities and challenges regarding federal preemption. That’s one reason why 40 state AGs are going to the mattresses for the fight.

Lawmakers Getting Cold Feet or In Opposition

Several lawmakers have voiced concerns or opposition to the AI moratorium:

  • Rep. Marjorie Taylor Greene (R-GA): Initially voted for the bill but later stated she was unaware of the AI provision and would have opposed it had she known. She has said that she will vote no on the OBBBA when it comes back to the House if the Mr. T’s moratorium poison pill is still in there.
  • Sen. Josh Hawley (R-MO): Opposes the moratorium, emphasizing the need to protect individual rights over corporate interests.
  • Sen. Marsha Blackburn (R-TN): Expressed concerns that the moratorium undermines state protections, particularly referencing Tennessee’s AI-related laws.
  • Sen. Edward Markey (D-MA): Intends to challenge the provision under the Byrd Rule, citing its potential to harm vulnerable communities.

Recommendation: Allow Dissenting Voices

Full disclosure, I don’t think Trump gives a damn about the AI moratorium. I also think this is performative and is tied to giving the impression to people like Masa at Softbank that he tried. It must be said that Masa’s billions are not quite as important after Trump’s Middle East roadshow than they were before, speaking of leverage. While much has been made of the $1 million contributions that Zuckerberg, Tim Apple, & Co. made to attend the inaugural, there’s another way to look at that tableau–remember Titus Andronicus when the general returned to Rome with Goth prisoners in chains following his chariot? That was Tamora, the Queen of the Goths, her three sons Alarbus, Chiron, and Demetrius along with Aaron the Moor. Titus and the Goth’s still hated each other. Just sayin’.

Somehow I wouldn’t be surprised if this entire exercise was connected to the TikTok divestment in ways that aren’t entirely clear. So, given the constitutional concerns and growing opposition, it is advisable for President Trump to permit members of Congress to oppose the AI moratorium provision without facing political repercussions, particularly since Rep. Greene has already said she’s a no vote–on the 214-213 vote the first time around. This approach would:

  • Respect the principles of federalism and states’ rights.
  • Tell Masa he tried, but oh well.
  • Demonstrate responsiveness to legitimate legislative concerns on a bi-partisan basis.
  • Ensure that the broader objectives of the OBBBA are not jeopardized by a contentious provision.

Let’s remember: The tax and spend parts of OBBBA are existential to the Trump agenda; the AI moratorium definitely is not, no matter what Mr. T wants you to believe. While the OBBBA encompasses significant policy initiatives which are highly offensive to a lot of people, the AI moratorium provision presents constitutional and procedural challenges and fundamental attacks on our Constitution that warrant its removal. Cutting it out will strengthen the bill’s likelihood of passing and uphold the foundational principles of American governance, at least for now.

Hopefully Trump looks at it that way, too.

Winning without Fighting: Strategic Parallels between TikTok and China’s “Assassin’s Mace” Weapons

To fight and conquer in all your battles is not supreme excellence; supreme excellence consists in breaking the enemy’s resistance without fighting.
Sun Tzu, The Art of War (Giles trans.)

In his must-read book The Hundred-Year Marathon, Michael Pillsbury describes China’s “Assassin’s Mace” weapons strategy as strategic systems designed to neutralize superior adversaries, particularly the United States. Assassin’s Mace weapons are asymmetric, cost-effective, and intended to exploit specific vulnerabilities in order to deliver a knockout blow.

Key characteristics include:

  • Asymmetry: Undermines U.S. advantages without matching its power.
  • Concealment: Many programs are secretive and deceptive.
  • Psychological Disruption: Designed to shock and paralyze response.
  • Preemptive Advantage: Intended to disable key systems early in a conflict.

Examples Pillsbury cites include anti-satellite weapons, cyberwarfare tools, EMPs, anti-ship ballistic missiles, and hypersonic glide vehicles.

It must also be said that the PRC has long had a doctrine of “military-civil fusion.” Military-Civil Fusion (MCF) doctrine is a national strategy aimed at integrating civilian industries, research institutions, and private enterprises with military development to enhance the capabilities of the People’s Liberation Army (PLA). The policy seeks to eliminate barriers between China’s civilian and military sectors, ensuring that technological advancements in areas like artificial intelligence (of which Bytedance is one of the top 5 AI developers in China), quantum computing, aerospace, and biotechnology serve both economic and defense purposes.

Key aspects of MCF include:

  • Technology Acquisition – The Chinese government encourages the transfer of cutting-edge civilian technologies to military applications, often through state-backed research programs and corporate partnerships.
  • Institutional Integration – The Central Military-Civil Fusion Development Committee, chaired by Xi Jinping, oversees the strategy to ensure seamless coordination between civilian and military entities.
  • Global Concerns – The U.S. and other nations view MCF as a security risk, citing concerns over intellectual property theft and the potential for civilian technologies to be repurposed for military dominance.

MCF is a cornerstone of China’s long-term military modernization, with the goal of developing a world-class military by 2049. If you’re familiar with China’s National Intelligence Law mandating cooperation by the civilian sector with the Ministry of State Security, this should all sound pretty familiar vis a vis TikTok.

Comparison to TikTok’s Data Mining and AI Algorithms

While not traditional kinetic weapons, TikTok’s AI and data collection tactics mirror many elements of an Assassin’s Mace—particularly in the information and psychological warfare domains.

Comparison:

FeatureAssassin’s Mace (Military)TikTok Data/A.I. (Civil-Info)
AsymmetricTargets U.S. military dependence on techTargets U.S. cultural and cognitive weaknesses
Concealed capabilitiesHidden programs in cyberwarfare or spaceOpaque algorithms and data harvesting
Psychological effectShock and morale disruptionBehavioral influence and identity shaping
Preemptive edgeDeployed early in conflictInfluences before conflict or overt tension
Cost/AttributionCheap and hard to detectSocial media disguise, plausible deniability
Dependency creationReduces U.S. tech autonomyEntrenches digital reliance on foreign platform

Strategic Parallels, MCF and National Security Implications

  • Informational Warfare: TikTok’s algorithmic controls may shape narratives aligned with CCP objectives.
  • Data as Weaponized Intel: TikTok collects biometric and behavioral data potentially usable for state profiling or surveillance.
  • AI as Force Multiplier: Data harvested fuels China’s military-linked AI development.
  • Cultural Erosion: Gradual influence can diminish U.S. civic cohesion and resilience.

Surrender Videos and CCP Use of Video as Psychological Operations (PsyOps)

The Chinese Communist Party (CCP) has increasingly leveraged video platforms—including domestic networks like WeChat and global platforms like TikTok—for strategic psychological operations aimed at foreign populations. These campaigns serve to erode morale, stir political divisions, and promote favorable perceptions of the Chinese regime.

A notable example includes the circulation of staged or coerced “surrender videos” purportedly featuring Taiwanese soldiers or civilians pledging allegiance to Beijing. Such footage is designed to sap resistance and cultivate an image of inevitable Chinese dominance over Taiwan, particularly in the event of an invasion or political crisis.

Another instance occurred on TikTok, where a Chinese user posted a video in fluent English urging Americans to support China and reject then-President Trump’s trade and tariff policies. I’m not a huge fan of the tariffs, but I found this video to be very suspicious.

The video called for solidarity with China and implied that U.S. opposition to Chinese economic expansion was both unjust and self-destructive. Though framed as personal opinion, such content aligns with Chinese state interests and is amplified by algorithms that may favor politically charged engagement. These efforts form part of a broader information warfare strategy wherein short-form video is used not only to manipulate algorithms and audience emotions but to subtly shift public opinion in democracies. By flooding feeds with curated messages, the CCP could exploit free speech protections in adversary nations to inject authoritarian narratives under the guise of popular expression

TikTok Could be a Combination Punch to Win Without Fighting

TikTok’s AI algorithms and extensive data collection constitute a modern parallel to China’s Assassin’s Mace strategy. Instead of missiles or EMPs, Beijing may be relying on AI-powered cognitive and cultural influence to erode Western resilience over time. This information-first strategy aligns with Pillsbury’s warning that America’s adversaries may seek to win without fighting a conventional war by use of strategic weapons like the Assassin’s Mace. As Master Sun said, win without fighting.

TikTok Extended

Imagine if the original Napster had received TikTok-level attention from POTUS?  Forget I said that.  The ongoing divestment of TikTok from its parent company ByteDance has reached yet another critical point with yet another bandaid.  Congress originally set a January 19, 2025 deadline for ByteDance to either sell TikTok’s U.S. operations or face a potential ban in the United States as part of the Protecting Americans from Foreign Adversary Controlled Applications Act or “PAFACA” (I guess “covfefe” was taken). The US Supreme Court upheld that law in TikTok v. Garland.

When January 20 came around, President Trump gave Bytedance an extension to April 5, 2025 by executive order. When that deadline came, President Trump granted an extension to the extension to the January 19 deadline by another executive order, providing additional time for ByteDance to finalize a deal to divest. The extended deadline now pushes the timeline for divestment negotiations to July 1, 2025.

This new extension is designed to allow for further negotiation time among ByteDance, potential buyers, and regulatory authorities, while addressing the ongoing trade issues and concerns raised by both the U.S. and Chinese governments. 

It’s getting mushy, but I’ll take a stab at the status of the divestment process. I might miss someone as they’re all getting into the act.

I would point out that all these bids anticipate a major overhaul in how TikTok operates which—just sayin’—means it likely would no longer be TikTok as its hundreds of millions of users now know it.  I went down this path with Napster, and I would just say that it’s a very big deal to change a platform that has inherent legal issues into one that satisfies a standard that does not yet exist.  I always used the rule of thumb that changing old Napster to new Napster (neither of which had anything to do with the service that eventually launched with the “Napster” brand but bore no resemblance to original Napster or its DNA) would result in an initial loss of 90% of the users. Just sayin’.

Offers and Terms

Multiple parties have expressed interest in acquiring TikTok’s U.S. operations, but the terms of these offers remain fluid due to ongoing negotiations and the complexity of the deal. Key bidders include:

Bytedance Investors: According to Reuters, “the biggest non-Chinese investors in parent company ByteDance to up their stakes and acquire the short video app’s U.S. operations.” This would involve Susquehanna International Group, General Atlantic, and KKR. Bytedance looks like it retains a minority ownership position of less than 20%, which I would bet probably means 19.99999999% or something like that. Reuters describes this as the front runner bid, and I tend to buy into that characterization. From a cap table point of view, this would be the cleanest with the least hocus pocus. However, the Reuters story is based on anonymous sources and doesn’t say how the deal would address the data privacy issues (other than that Oracle would continue to hold the data), or the algorithm. Remember, Oracle has been holding the data and that evidently has been unsatisfactory to Congress which is how we got here. Nothing against Oracle, but I suspect this significant wrinkle will have to get fleshed out.

Lawsuit by Bidder Company Led by Former Myspace Executive: In a lawsuit in Florida federal court by TikTok Global LLC filed April 3, TikTok Global accuses ByteDance, TikTok Inc., and founder Yiming Zhang of sabotaging a $33 billion U.S. acquisition deal by engaging in fraud, antitrust violations, and breach of contract. The complaint alleges ByteDance misled regulators, misappropriated the “TikTok Global” brand, and conspired to maintain control of TikTok in violation of U.S. government directives. The suit brings six causes of action, including tortious interference and unjust enrichment, underscoring a complex clash over corporate deception and national security compliance.

Oracle and Walmart: This proposal, which nearly closed in 2024 (I guess), involved a sale of TikTok’s U.S. business to a consortium of U.S.-based companies, with Oracle managing data security and infrastructure. ByteDance was to retain a minority stake in the new entity. However, this deal has not closed, who knows why aside from competition and then there’s those trade tariffs and the need for approval from both U.S. and Chinese regulators who have to be just so chummy right at the moment.

AppLovin: A preliminary bid has been submitted by AppLovin, an adtech company, to acquire TikTok’s U.S. operations. It appears that AppLovin’s offer includes managing TikTok’s user base and revenue model, with a focus on ad-driven strategies, although further negotiations are still required.  According to Pitchbook, “AppLovin is a vertically integrated advertising technology company that acts as a demand-side platform for advertisers, a supply-side platform for publishers, and an exchange facilitating transactions between the two. About 80% of AppLovin’s revenue comes from the DSP, AppDiscovery, while the remainder comes from the SSP, Max, and gaming studios, which develop mobile games. AppLovin announced in February 2025 its plans to divest from the lower-margin gaming studios to focus exclusively on the ad tech platform.”  It’s a public company trading as APP and seems to be worth about $100 billion.   Call me crazy, but I’m a bit suspicious of a public company with “lovin” in its name.  A bit groovy for the complexity of this negotiation, but you watch, they’ll get the deal.

Amazon and Blackstone: Amazon and Blackstone have also expressed interest in acquiring TikTok or a stake in a TikTok spinoff in Blackstone’s case. These offers would likely involve ByteDance retaining a minority interest in TikTok’s U.S. operations, though specifics of the terms remain unclear.  Remember, Blackstone owns HFA through SESAC.  So there’s that.

Frank McCourt/Project Liberty:  The “People’s Bid” for TikTok is spearheaded by Project Liberty, founded by Frank McCourt. This initiative aims to acquire TikTok and change its platform to prioritize user privacy, data control, and digital empowerment. The consortium includes notable figures such as Tim Berners-Lee, Kevin O’Leary, and Jonathan Haidt, alongside technologists and academics like Lawrence Lessig.  This one gives me the creeps as readers can imagine; anything with Lessig in it is DOA for me.

The bid proposes migrating TikTok to a new open-source protocol to address concerns raised by Congress while preserving its creative essence. As of now, the consortium has raised approximately $20 billion to support this ambitious vision.  Again, these people act like you can just put hundreds of millions of users on hold while this changeover happens.  I don’t think so, but I’m not as smart as these city fellers.

PRC’s Reaction

The People’s Republic of China (PRC) has strongly opposed the forced sale of TikTok’s U.S. operations, so there’s that. PRC officials argue that such a divestment would be a dangerous precedent, potentially harming Chinese tech companies’ international expansion. And they’re not wrong about that, it’s kind of the idea. Furthermore, the PRC’s position seems to be that any divestment agreement that involves the transfer of TikTok’s algorithm to a foreign entity requires Chinese regulatory approval.  Which I suspect would be DOA.

They didn’t just make that up– the PRC, through the Cyberspace Administration of China (CAC), owns a “golden share” in ByteDance’s main Chinese subsidiary. This 1% stake, acquired in 2021, grants the PRC significant influence over ByteDance including the ability to influence content and business strategies.

Unsurprisingly, ByteDance must ensure that the PRC government (i.e., the Chinese Communist Party) maintains control over TikTok’s core algorithm, a key asset for the company. PRC authorities have been clear that they will not approve any sale that results in ByteDance losing full control over TikTok’s proprietary technology, complicating the negotiations with prospective buyers.  

So a pressing question is whether TikTok without the algorithm is really TikTok from the users experience.  And then there’s that pesky issue of valuation—is TikTok with an unknown algo worth as much as TikTok with the proven, albeit awful, current algo.

Algorithm Lease Proposal

In an attempt to address both U.S. security concerns and the PRC’s objections, a novel solution has been proposed: leasing TikTok’s algorithm. Under this arrangement, ByteDance would retain ownership of the algorithm, while a U.S.-based company, most likely Oracle, would manage the operational side of TikTok’s U.S. business.

ByteDance would maintain control over its technology, while allowing a U.S. entity to oversee the platform’s operation within the U.S. The U.S. company would be responsible for ensuring compliance with U.S. data privacy laws and national security regulations, while ByteDance would continue to control its proprietary algorithm and intellectual property.

Under this leasing proposal, Oracle would be in charge of managing TikTok’s data security and ensuring that sensitive user data is handled according to U.S. regulations. This arrangement would allow ByteDance to retain its technological edge while addressing American security concerns regarding data privacy.

The primary concern is safeguarding user data rather than the algorithm itself. The proposal aims to address these concerns while avoiding the need for China’s approval of a full sale.

Now remember, the reason we are in this situation at all is that Chinese law requires TikTok to turn over on demand any data it gathers on TikTok users which I discussed on MTP back in 2020. The “National Intelligence Law” even requires TikTok to allow the PRC’s State Security police to take over the operation of TikTok for intelligence gathering purposes on any aspect of the users’ lives.  And if you wonder what that really means to the CCP, I have a name for you: Jimmy Lai. You could ask that Hong Konger, but he’s in prison.

This leasing proposal has sparked debate because it doesn’t seem to truly remove ByteDance’s influence over TikTok (and therefore the PRC’s influence). It’s being compared to “Project Texas 2.0,” a previous plan to secure TikTok’s data and operations.  I’m not sure how the leasing proposal solves this problem. Or said another way, if the idea is to get the PRC’s hands off of Americans’ user data, what the hell are we doing?

Next Steps

As the revised deadline approaches, I’d expect a few steps, each of which has its own steps within steps:

Finalization of a Deal: This is the biggest one–easy to say, nearly impossible to accomplish.  ByteDance will likely continue negotiating with interested parties while they snarf down user data, working to secure an agreement that satisfies both U.S. regulatory requirements and Chinese legal constraints. The latest extension provides runway for both sides to close key issues that are closable, particularly concerning the algorithm lease and ByteDance’s continued role in the business.

Operational Contingency:  I suppose at some point the buyer is going to be asked if whatever their proposal is will actually function and whether the fans will actually stick around to justify whatever the valuation is.  One of the problems with rich people getting ego involved in a fight over something they think is valuable is that they project all kinds of ideas on it that show how smart they are, only to find that once they get the thing they can’t actually do what they thought they would do.  By the time they figure out that it doesn’t work, they’ve moved on to the next episode in Short Attention Span Theater and it’s called Myspace.

China’s Approval: ByteDance will need to secure approval from PRC regulatory authorities for any deal involving the algorithm lease or a full divestment. So why introduce the complexity of the algo lease when you have to go through that step anyway?  Without PRC approval, any sale or lease of TikTok’s technology is likely dead, or at best could face significant legal and diplomatic hurdles.

Legal Action: If an agreement is not reached by the new deadline of July 1, 2025, further legal action could be pursued, either by ByteDance to contest the divestment order or by the U.S. government to enforce a ban on TikTok’s operations.  I doubt that President Trump is going to keep extending the deadline if there’s no significant progress.

If I were a betting man, I’d bet on the whole thing collapsing into a shut down and litigation, but watch this space.

@RepRichHudson: Another reason why the best online security is to be offline

It comes full circle–Chief Justice Roberts raises some of the same issues as I raised in 2020 at MusicBiz

The Chief asks the most relevant foundational question in the first five minutes–and it was straight downhill for TikTok after that. See transcript at p. 8.

TikTok v Garland Transcript Oral Argument 24-656_1an2Download

And see the class materials from the MusicBiz Association Conference panel I moderated in 2020

musicbiz-tiktok-materials-v-2-2Download

TikTok CEO and Investor Lobbying President Trump as January 19 Divestment Deadline Approaches

President Trump is a man who understands leverage. The Protecting Americans from Foreign Adversary Controlled Applications Act aka the TikTok sell or shut down bill gives to the president the decision over allowing TikTok to continue to operate in America. As a practical matter, the TikTok Act gives whoever is in the office of the President of the United States the power to allow TikTok to sell shares in an initial public offering on the US exchanges. Given that TikTok is losing challenges to the TikTok Act as fast as the company files lawsuits, TikTok’s failures in the Congress and the courts gives President Trump tremendous leverage over the TikTok IPO.

It just so happened that TikTok’s CEO was in town yesterday, and, according to The Hill, TikTok’s “CEO Shou Zi Chew met with President-elect Trump in Florida on Monday, becoming the latest tech leader to hold talks with the incoming president ahead of Inauguration Day.” I wonder what they had to talk about?

As this drama plays out, guess who else happened to be at Mar-a-lago on Monday? Why it was Masayoshi Son, the CEO of SoftBank. Masa and President Trump announced that SoftBank will be investing $100 billion in the US and Trump was holding Masa to increase the investment to $200 billion on national television. That’s quite a pile of cash, and presumably Trump felt he had the leverage to display his negotiating in public. Now what ever gave him that idea?

SoftBank started its Vision Fund a few years ago which targeted $100 billion in various investments. So Masa’s investment in America is about the same scale as the Vision Fund. What did the Vision Fund invest in? Uber and WeWork which you’re probably familiar with as well as Arm Holdings (semiconductors) and South Korea’s largest online retailer Coupang.

And there was one other notable Vision Fund investment–ByteDance which owns TikTok. And make no mistake, Masa and SoftBank will do just fine in their TikTok exit if TikTok is allowed to continue to exist in the US.

Well worth Masa’s trip to Florida with his protege Mr. Chew.

Just sayin.

It’s the Stock, Stupid:  Will the Centrifugal Force of the Public Market Nix the TikTok Divestment?

It’s a damn good thing we never let another MTV build a business on our backs.

In case you were wondering, the founder of TikTok’s parent corporation Bytedance is now reportedly China’s richest man according to the Hurun Rich List at a net worth of US$49.3 billion.  Is that because of “profits”?  Ah, no.  It’s due to his share of the Bytedance stock valuation. This is why any royalty deal with Big Tech that is based solely on a percentage of revenue rather than a dollar rate based on total value is severely lacking.

Revenue is a factor in determining stock valuation, of course.  ByteDance’s first-half 2024 revenue increased to $73 billion, making Bytedance’s revenues almost as big as Facebook but potentially growing faster. (Meta/Facbook’s first half  revenue increased about 25% to $75.5 billion.)

But where does TikTok’s revenue come from? ByteDance’s international revenue reached $17 billion in the first half of 2024, largely driven by TikTok. Non-China revenues for ByteDance rose by nearly 60% during this period. ByteDance continues to leverage TikTok to expand into international e-commerce, sustaining its global popularity. So the company is throwing off a pile of cash–yet they are unable to come up with a functioning royalty system.

Then what would a Bytedance IPO price at?  We kind of have to guess because Bytedance is not publicly traded and doesn’t report its financials to the public (and even if they did, China-based companies got special beneficial treatment during the Obama Administration so PRC companies haven’t reported on the same basis as everyone else until recently).  Continuing the Meta/Facebook comparison, Meta has a market capitalization of $1.4 trillion give or take, while ByteDance’s valuation on the secondary market for private stocks is about $250 billion, according to a CapLight subscriber. 

That gap is not lost on our friends at Sequoia China and other influential investors in Bytedance such as Susquehanna,  SoftBank, and  General Atlantic.  And, of course, the Chinese Communist Party investing through its Cyberspace Administration of China owns “golden shares” in Bytedance that allows it to name directors to the board.  These cats did not put up cold hard cash for a distress asset sale of Bytedance’s principal operating unit aka TikTok.  

Assuming a constant growth rate, Bytedance is trading at a paltry 1.7x 2024 revenues compared to Meta which is trading at about 8.7x its revenues.  There are some difference, like operating profits:  Meta has a 38% operating margin compared to Bytedance at about 25%.  But we all know why Bytedance’s valuation is depressed—the TikTok divestment which seems to be on track to happen on or about January 19.

The Protecting Americans from Foreign Adversary Controlled Applications Act aka the TikTok Divestment Act, Bytedance must sell TikTok.  There’s a pretty good argument that the divestment is enforceable for a variety of reasons.  The law applies not only to TikTok, but also to any entity controlled by China, Iran, North Korea or Russia that distributes an application in the United States.  That’s a pretty significant barrier to IPO riches, or at least one major risk factor that could sour underwriters if not investors.  How to get around it?

As we saw with the Music Modernization Act that solved Spotify’s IPO issues due to the company’s massive copyright infringement business model, if you spread enough cash around Capitol Hill, it’s astonishing what can happen with the vast number of people on the take.  Whatever it costs, lobbyists and lawmakers are cheap dates compared to IPO riches.  Even so, it doesn’t look like the US government is quite ready to allow one of the biggest foreign agent data harvesting and user profiling operations in history to get its snout in the public markets trough.  At least not yet.

But an argument could be made that Bytedance is missing about $1 trillion in market cap.  Greed and resentment are a powerful combination.  To add insult to injury, even Triller managed to get to the public markets, so things could start to get weird while Mr. Tok watches his paper billions evaporate.