National Security Act, 2024
Floor Speech
BREAK IN TRANSCRIPT
Ms. CANTWELL. Mr. President, I rise to urge my colleagues to pass this important legislation, and I want to thank Leader Schumer for his tremendous leadership on this entire package. It is amazing. His dedication and support to getting this done. He really, really held steadfast as well as our caucus, as he just described, and so many of our colleagues on both sides of the aisle.
I also want to thank Senator Murray for her continued leadership on appropriations bills.
This supplemental will supply Ukraine with desperately needed equipment, weapons, training, and logistics.
For over 2 years, the Ukrainian people have shown courage and resilience, enabling them to resist Russian aggression. As just described by our leader, it would be disastrous for our national security and democracy and human rights if we had not supported them.
This bill also continues to support American taxpayers by authorizing the President to use an estimated $5 billion in frozen Russian assets. These assets will help pay for Ukraine's reconstruction. And it designates the U.S. economic assistance, which Ukrainians will have to pay back once they have repelled the Russians.
The supplemental also includes support for our Middle East ally Israel, including support to make sure, just like these past few days, of shooting down 99 percent of missiles and drone attacks by Iran.
It also includes $9 billion of humanitarian aid for Gaza, Ukraine, and for people caught in conflicts around the world. These conflicts have taken an immeasurable toll on the Palestinian and Ukrainian people.
The supplemental also contains a range of sanctions that will make it harder for each of Israel's adversaries--Iran and Hamas--to finance their operations.
It contains the SHIP Act, which requires the President to post sanctions against individuals and companies that knowingly help evade oil sanctions. Illegal revenues funnel tens of billions to designated organizations and terrorist groups. And it builds on legislation Senator Murkowski and I enacted over a decade ago that helped expose the middlemen who were enabling Iran to evade these sanctions.
This package also includes over $8 billion to support Taiwan and other Indo-Pacific allies in this critical part of the world where we stand shoulder to shoulder with these democracies.
It also contains legislation, the FEND Off Fentanyl Act, of which I was proud to be a cosponsor--It is critically important legislation that does a couple of things. One, it declares that fentanyl is a national emergency. This enables the President to impose sanctions on fentanyl traffickers, enabling the U.S. Treasury to better fight fentanyl-related money laundering. Those fentanyl traffickers and money launderings have ties to organized crime and to drug cartels.
These issues have been clearly outlined in my State by communities, health providers, law enforcement, and others who want help in stopping the traffickers.
Part of the solution is stemming the flow of fentanyl. This supplemental would allow the proceeds from those seized assets of those narco-traffickers to be used by law enforcement in our local communities to fight this fentanyl scourge.
We must give our communities all the tools they need to stop this product from flooding across our borders, and this legislation will do just that.
I also want to address that technology should be a tool to help solve our greatest challenges, to improve the human condition, and to drive innovation and support economic opportunity. But foreign adversaries use technology for social and political control.
There is no individual right to privacy or freedom of speech in these autocracies. U.S. social media companies are not allowed to operate in China. In fact, China leads the world in using surveillance and censorship to keep tabs on its own population and to repress dissent.
Governments that respect freedom of speech do not build backdoors into hardware or software, into apps on phones, or into laptops. Backdoors allow foreign adversaries to target vulnerable Americans based on their user name or sensitive data. Backdoors allow foreign adversaries to use proxy bots to bombard--bombard--vulnerable populations--Americans--with harmful content or even to blackmail people.
The U.S. Department of Justice has stated: ``Hostile foreign powers are weaponizing bulk data and the power of artificial intelligence to target Americans.''
I do not want technology in the United States used this way. I want the United States to work with our most sophisticated technologically advanced countries, like-minded democracies--places like Japan, South Korea, our European allies--and set the global standards for technology and data protection. I want to see a technology NATO, one in which our allies come together and say there cannot be a government backdoor to any hardware or software if it wants to see global adoption.
We should have a trusted framework for cross-border data flows, as has been discussed by the Organization for Economic Cooperation and Development and the G7. And criteria for trusted data flow should include commitments to democratic governance, the rule of law, and the protection of property rights and free speech.
I believe in trade, and I want trade. And I believe that business should be about business. But business is not about business when foreign adversaries weaponize data, weaponize technology, and weaponize business approaches that hurt Americans.
I want to yield to my colleague, the chairman of the Senate Intelligence Committee, for his perspective on why this legislation before us is so important.
BREAK IN TRANSCRIPT
Ms. CANTWELL. I thank Senator Warner for his perspective as chairman of the Intelligence Committee and his hard work. He and I both drafted legislation more than a year ago trying to give our government the tools to deal with this issue.
In 2020, India concluded that TikTok and other Chinese-controlled apps were national security threats and prohibited them. As a result, India TikTok users migrated to other platforms, including Google's YouTube, and Indian small businesses found other ways to operate on other platforms.
This supplemental contains the Protecting Americans from Foreign Adversary Controlled Applications Act. Congress has a nonpunitive policy purpose in passing this legislation. Congress is not acting to punish ByteDance, TikTok, or any other individual company. Congress is acting to prevent foreign adversaries from conducting espionage, surveillance, and malign operations harming vulnerable Americans, our servicemen and women, and our U.S. Government personnel.
BREAK IN TRANSCRIPT
Ms. CANTWELL. I thank Senator Warner for his comments.
I find it most disturbing that they used TikTok to repeatedly access U.S. user data and track multiple journalists covering the company. Researchers have found that TikTok restricts the information that Americans and others receive on a global basis.
As of December 2023, an analysis by Rutgers University found that TikTok posts mentioning topics that are sensitive to the Chinese Government, including Tiananmen Square, Uighurs, and the Dalai Lama were significantly less prevalent on TikTok than on Instagram, the most comparable social media.
Foreign policy issues disfavored by China and Russian Governments also had fewer hashtags on TikTok, such as pro-Ukraine or pro-Israel hashtags. Here are some of those hashtags on TikTok:
The example of Tiananmen Square, which we all know was an example of students standing up to the military, and yet for Tiananmen Square, there are 8,000 percent more hashtags on Instagram than on TikTok.
The Uighur genocide protecting a Muslim population, there are 1,970 percent more hashtags about that on Instagram than on TikTok.
And my personal favorite, just because I had the privilege of meeting the Dalai Lama here in the Capitol, 5,520 percent more hashtags where the Dalai Lama is mentioned on Instagram than on TikTok.
And pro-Ukraine, 750 percent more hashtags on Instagram than on TikTok about Ukraine and support for Ukraine.
I think that says it all in this debate today. Are we going to continue to allow people to control the information by using an export- controlled algorithm and China-based source code?
My colleagues and I are urging for this deweaponization by saying that TikTok should be sold. Now, I know that the Chinese have an export control on that algorithm. Congress believes that you have to have adequate time to sufficiently address this issue posed by our foreign adversaries. That is why the legislation before us is for ByteDance to sell its stake in TikTok.
We think a year is ample time to allow potential investors to come forward, for due diligence to be completed, and for lawyers to draw up and finalize contracts. This is not a new concept to require Chinese divestment from U.S. companies.
The Committee on Foreign Investment in the United States requires Chinese divestment from hotel management platforms--StayNTouch, from a healthcare app called PatientsLikeMe, from the popular LGBTQI dating app Grindr, among other companies. And even after the Chinese owner divested from Grindr in 2020, Americans had continuity of service on this platform.
So I turn it back to my colleague, but we are giving people a choice here to improve this platform and have the opportunity for Americans to make sure that they are not being manipulated by our foreign adversaries.
Res. 1051, the House resolution originally on this legislation, be printed in the Record.
Res. 1051
Whereas TikTok collects vast amounts of data on Americans, though the total extent of its collection is unknown:
(1) On August 6, 2020, the President concluded that TikTok ``automatically captures vast swaths of information from its users'' and that TikTok's ownership by ByteDance Ltd. enables the People's Republic of China (referred to in this resolution as the ``PRC'') and Communist Party of China (referred to in this resolution as the ``CCP'') to gain access to ``Americans' personal and proprietary information,'' potentially allowing the CCP ``to track the locations of Federal employees and contractors, build dossiers of personal information for blackmail, and conduct corporate espionage''.
(2) Outside reporting has confirmed the breadth of TikTok's reach, concluding that its data collection practices extend to age, phone number, precise location, internet address, device used, phone contacts, social network connections, content of private messages sent through the application, and videos watched.
(3) On November 11, 2022, Federal Communications Commissioner Brendan Carr explained that ``underneath [TikTok], it operates as a very sophisticated surveillance app.'' He characterized it as ``a big risk'' for multiple reasons, including espionage. The risk posed by TikTok is exacerbated by the difficulty in assessing precisely which categories of data it collects. For example, outside researchers have found embedded vulnerabilities that allow the company to collect more data than the application's privacy policy indicates.
Whereas PRC law requires obligatory, secret disclosure of data controlled by Chinese companies at the PRC's unilateral request:
(1) Pursuant to PRC law, the PRC can require a company headquartered in the PRC to surrender all its data to the PRC, making it an espionage tool of the CCP.
(2) The National Intelligence Law, passed in China in 2017, states that ``any organization'' must assist or cooperate with CCP intelligence work. Such assistance or cooperation must also remain secret at the PRC's request.
(3) The PRC's 2014 Counter-Espionage Law states that ``relevant organizations . . . may not refuse'' to collect evidence for an investigation.
(4) The PRC's Data Security Law of 2021 states that the PRC has the power to access and control private data.
(5) The PRC's Counter-Espionage Law grants PRC security agencies nearly unfettered discretion, if acting under an effectively limitlessly capacious understanding of national security, to access data from companies.
(6) On September 17, 2020, the Department of Commerce concluded that the PRC, to advance ``its intelligence- gathering and to understand more about who to target for espionage, whether electronically or via human recruitment,'' is constructing ``massive databases of Americans' personal information'' and that ByteDance has close ties to the CCP, including a cooperation agreement with a security agency and over 130 CCP members in management positions.
(7) On December 2, 2022, the Director of the Federal Bureau of Investigation, Christopher Wray, stated that TikTok's data repositories on Americans ``are in the hands of a government that doesn't share our values and that has a mission that's very much at odds with what's in the best interests of the United States. . . . The [CCP] has shown a willingness to steal Americans data on a scale that dwarfs any other''.
(8) On December 5, 2022, the Director of National Intelligence, Avril Haines, stated, when asked about TikTok and PRC ownership, ``It is extraordinary the degree to which [the PRC] . . . [is] developing frameworks for collecting foreign data and pulling it in, and their capacity to then turn that around and use it to target audiences for information campaigns and other things, but also to have it for the future so that they can use it for a variety of means''.
(9) On December 16, 2022, the Director of the Central Intelligence Agency, William Burns, explained that ``because the parent company of TikTok is a [PRC] company, the [CCP] is able to insist upon extracting the private data of a lot of TikTok users in this country, and also to shape the content of what goes on to TikTok as well to suit the interests of the Chinese leadership''.
(10) On August 2, 2020, then-Secretary of State, Mike Pompeo, stated that PRC-based companies ``are feeding data directly to the Chinese Communist Party, their national security apparatus''.
(11) Public reporting has repeatedly confirmed statements made by the Executive Branch regarding the tight interlinkages between ByteDance, TikTok, and the CCP.
(A) The Secretary of ByteDance's CCP committee, Zhang Fuping, also serves as ByteDance's Editor-in-Chief and Vice President and has vowed that the CCP committee would ``take the lead'' across ``all product lines and business lines'', which include TikTok.
(B) On May 30, 2023, public reporting revealed that TikTok has stored sensitive financial information, including the Social Security numbers and tax identifications of TikTok influencers and United States small businesses, on servers in China accessible by ByteDance employees.
(C) On December 22, 2022, public reporting revealed that ByteDance employees accessed TikTok user data and IP addresses to monitor the physical locations of specific United States citizens.
(D) On June 17, 2022, public reporting revealed that, according to leaked audio from more than 80 internal TikTok meetings, China-based employees of ByteDance repeatedly accessed nonpublic data about United States TikTok users, including the physical locations of specific United States citizens.
(E) On January 20, 2023, public reporting revealed that TikTok and ByteDance employees regularly engage in practice called ``heating,'' which is a manual push to ensure specific videos ``achieve a certain number of video views''.
(F) In a court filing in June 2023, a former employee of ByteDance alleged that the CCP spied on pro-democracy protestors in Hong Kong in 2018 by using backdoor access to TikTok to identify and monitor activists' locations and communications.
(G) On November 1, 2023, public reporting revealed that TikTok's internal platform, which houses its most sensitive information, was inspected in person by CCP cybersecurity agents in the lead-up to the CCP's 20th National Congress.
Whereas the PRC's access to American users' data poses unacceptable risks to United States national security:
(1) As a general matter, foreign adversary controlled social media applications present a clear threat to the national security of the United States.
(2) The Department of Homeland Security has warned that the PRC's data collection activities in particular have resulted in ``numerous risks to U.S. businesses and customers, including: the theft of trade secrets, of intellectual property, and of other confidential business information; violations of U.S. export control laws; violations of U.S. privacy laws; breaches of contractual provisions and terms of service; security and privacy risks to customers and employees; risk of PRC surveillance and tracking of regime critics; and reputational harm to U.S. businesses''. These risks are imminent and other, unforeseen risks may also exist.
(3) On September 28, 2023, the Department of State's Global Engagement Center issued a report that found that ``TikTok creates opportunities for PRC global censorship''. The report stated that United States Government information as of late 2020 showed that ``ByteDance maintained a regularly updated internal list identifying people who were likely blocked or restricted from all ByteDance platforms, including TikTok, for reasons such as advocating for Uyghur independence''.
(4) On November 15, 2022, the Director of the Federal Bureau of Investigation, Christopher Wray, testified before the Committee on Homeland Security of the House of Representatives that TikTok's national security concerns ``include the possibility that the [CCP] could use it to control data collection on millions of users or control the recommendation algorithm, which could be used for influence operations if they so choose, or to control software on millions of devices, which gives it an opportunity to potentially technically compromise personal devices''.
(5) On March 8, 2023, the Director of the Federal Bureau of Investigation, Christopher Wray, testified before the Select Committee on Intelligence of the Senate that the CCP, through its ownership of ByteDance, could use TikTok to collect and control users' data and drive divisive narratives internationally.
Whereas Congress has extensively investigated whether TikTok poses a national security threat because it is owned by ByteDance:
(1) On October 26, 2021, during the testimony of Michael Beckerman, TikTok head of public policy for the Americas, before a hearing of the Subcommittee on Consumer Protection of the Committee on Commerce, Science, and Transportation of the Senate, lawmakers expressed concerns that TikTok's audio and user location data could be used by the CCP.
(2) On September 14, 2022, lawmakers expressed concerns over TikTok's algorithm and content recommendations posing a national security threat during a hearing before the Committee on Homeland Security and Governmental Affairs of the Senate with Vanessa Pappas, Chief Operating Officer of TikTok.
(3) On March 23, 2023, during the testimony of TikTok CEO, Shou Chew, before the Committee on Energy and Commerce of the House of Representatives, lawmakers expressed concerns about the safety and security of the application, including TikTok's relationship with the CCP.
(4) On February 28, 2023, former Deputy National Security Advisor, Matthew Pottinger, emphasized that it has already been confirmed that TikTok's parent company ByteDance has used the application to surveil United States journalists as a means to identify and retaliate against potential sources. The PRC has also shown a willingness to harass individuals abroad who take stances that contradict the Communist Party lines. The application can further be employed to help manipulate social discourse and amplify false information to tens of millions of Americans.
(5) On March 23, 2023, Nury Turkel, the Chair of the United States Commission on International Religious Freedom, raised the alarm that TikTok's parent company, ByteDance, has a strategic partnership with China's Ministry of Public Security, and China's domestic version of the application, Douyin, has been used to collect data and sensitive information from Uyghurs and other oppressed ethnic minority groups.
(6) On July 26, 2023, William Evanina, the former Director of the National Counterintelligence and Security Center, pointed to TikTok as just one of many areas of concern that combine to paint a concerning picture of the CCP's capabilities and intent as an adversarial, malign competitor.
(7) On November 30, 2023, John Garnaut of the Australian Strategic Policy Institute (ASPI) remarked that TikTok has sophisticated capabilities that create the risk that TikTok can clandestinely shape narratives and elevate favorable opinions while suppressing statements and news that the PRC deems negative.
(8) On January 18, 2024, the Select Committee on Strategic Competition between the United States and the Chinese Communist Party of the House of Representatives was briefed by a set of senior interagency officials to discuss these matters.
(9) On March 22, 2023, elements of the intelligence community provided a classified briefing on the threat to members of the Permanent Select Committee on Intelligence of the House of Representatives and leadership for the Committee on Energy and Commerce of the House of Representatives.
(10) On April 26, 2023, the Executive Branch provided a classified briefing on the threat to members of the Committee on Commerce, Science, and Transportation and the Select Committee on Intelligence of the Senate.
(11) On June 5, 2023, the Executive Branch provided a classified briefing on the threat to staff of the Committee on Banking of the Senate and the Committee on Energy and Commerce of the House of Representatives.
(12) In June 2023, at the request of the Permanent Select Committee on Intelligence of the House of Representatives, the intelligence community provided a classified threat briefing open to all Members of the House of Representatives.
(13) On November 15, 2023, elements of the intelligence community provided a classified briefing to the Select Committee on Intelligence and the Committee on Commerce, Science, and Transportation of the Senate on, inter alia, the Peoples Republic of China's conduct of global foreign malign influence operations, including through platforms such as TikTok.
Whereas Congress and the Executive Branch are of one mind on the risks presented by TikTok's data collection practices:
(1) On May 15, 2019, the President issued an Executive Order on Securing the Information and Communications Technology and Services Supply Chain, which stated that ``unrestricted acquisition or use in the United States of information and communications technology or services designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of foreign adversaries . . . constitutes an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States''.
(2) On June 9, 2021, the President issued an Executive Order on Protecting Americans' Sensitive Data from Foreign Adversaries, which stated that ``[f]oreign adversary access to large repositories of United States persons' data also presents a significant risk.'' The EO stated that ``the United States must act to protect against the risks associated with connected software applications that are designed, developed, manufactured, or supplied by persons owned or controlled by, or subject to the jurisdiction or direction of, a foreign adversary''.
(3) In May 2019, in connection with a review by the Committee on Foreign Investment in the United States (CFIUS), a company based in the PRC agreed to divest its interest in a popular software application reportedly due to concerns relating to potential access by the PRC to American user data from the application.
(4) On July 8, 2020, then-National Security Advisor, Robert O'Brien, stated that the CCP uses TikTok and other PRC-owned applications to collect personal, private, and intimate data on Americans to use ``for malign purposes''.
(5) On August 14, 2020, the President found ``there is credible evidence . . . that ByteDance, Ltd. . . . might take action that threatens to impair the national security of the United States''.
(6) In February 2023, the Deputy Attorney General, Lisa Monaco, stated, ``Our intelligence community has been very clear about [the CCP's] efforts and intention to mold the use of [TikTok] using data in a worldview that is completely inconsistent with our own.'' Deputy Attorney General Monaco also stated, ``I don't use TikTok and I would not advise anybody to do so because of [national security] concerns''.
(7) On July 13, 2022, Federal Communications Commission Commissioner, Brendan Carr, testified before the Subcommittee on National Security of the Committee on Oversight and Reform of the House of Representatives that ``there is a unique set of national security concerns when it comes to [TikTok]''.
(8) On March 23, 2023, the Secretary of State, Antony Blinken, testified before the Committee on Foreign Affairs of the House of Representatives that TikTok is a threat to national security that should be ``ended one way or another''.
Whereas the Executive Branch has sought to address the risks identified above through requiring ByteDance to divest its ownership of TikTok:
(1) On August 14, 2020, the President issued an Executive Order directing ByteDance to divest any assets or property used to enable or support ByteDance's operation of the TikTok application in the United States and any data obtained or derived from TikTok application or Musical.ly application users in the United States. The Order, however, remains the subject of litigation.
(2) On August 6, 2020, the President issued an Executive Order (E.O. 13942) that directed the Secretary of Commerce to take actions that would have prohibited certain transactions related to TikTok in 45 days if ByteDance failed to divest its ownership of TikTok. The companies and content creators using the TikTok mobile application filed lawsuits challenging those prohibitions, as a result of which two district courts issued preliminary injunctions enjoining the prohibitions.
(3) Following the multiple judicial rulings that enjoined the Executive Branch from enforcing the regulations contemplated in E.O. 13942, on June 9, 2021, the President issued a new Executive Order that rescinded E.O. 13942, and directed the Secretary of Commerce to more broadly assess and take action, where possible, against connected software applications that pose a threat to national security.
Whereas Congress has passed, and the Executive Branch has implemented, a ban on ByteDance-controlled applications like TikTok from government devices because of the national security threat such applications pose; even so, the application's widespread popularity limits the effectiveness of this step:
(1) Prior to 2022, several Federal agencies, including the Departments of Defense, State, and Homeland Security, had issued orders banning TikTok on devices for which those specific agencies are responsible.
(2) On December 29, 2022, following its adoption by Congress, the President signed into law a bill banning the use of TikTok on government devices due to the national security threat posed by the application under its current ownership.
(3) A majority of States in the United States have also banned TikTok on State government devices due to the national security threat posed by the application under its current ownership.
(4) To date, as long as TikTok is subject to the ownership or control of ByteDance, no alternative to preventing or prohibiting TikTok's operation of the application in the United States has been identified that would be sufficient to address the above-identified risks.
(5) The national security risks arise from and are related to the ownership or control of TikTok by a foreign adversary controlled company. Severing ties to such foreign adversary controlled company, for example by a full divestment, would mitigate such risks.
(6) As has been widely reported, TikTok, Inc. has proposed an alternative, a proposal referred to as ``Project Texas,'' which is an initiative to try and satisfy concerns relating to TikTok's handling of United States user data.
(A) Under the proposal, United States user data would be stored in the United States, using the infrastructure of a trusted third party.
(B) That initiative would have allowed the application algorithm, source code, and development activities to remain in China under ByteDance's control and subject to PRC laws, albeit subject to proposed safeguards relating to cloud infrastructure and other data security concerns. Project Texas would also have allowed ByteDance to continue to have a role in certain aspects of TikTok's United States operations.
(C) Project Texas would have allowed TikTok to continue to rely on the engineers and back-end support in China to update its algorithms and the source code needed to run the TikTok application in the United States.
(D) Allowing code development in and access to United States user data from China potentially exposes United States users to malicious code, backdoor vulnerabilities, surreptitious surveillance, and other problematic activities tied to source code development.
(E) Allowing back-end support, code development, and operational activities to remain in China would also require TikTok to continue to send United States user data to China to update the machine learning algorithms and source code for the application, and to conduct related back-end services, like managing users' accounts.
(7) On January 31, 2024, the Director of the Federal Bureau of Investigation, Christopher Wray, testified before the Select Committee on Strategic Competition between the United States and the Chinese Communist Party of the House of Representatives that TikTok gives the PRC ``the ability to control data collection on millions of users, which can be used for all sorts of intelligence operations or influence operations,'' and ``the ability, should they so choose, to control the software on millions of devices, which means the opportunity to technically compromise millions of devices''.
(8) The risks posed by TikTok's data collection would be addressed by the Protecting Americans from Foreign Adversary Controlled Applications Act, despite the potential that the PRC might purchase similar types of data from private data brokers.
(9) The degree of risk posed by TikTok has increased alongside the application's immense popularity in the United States.
Resolved, That the House of Representatives has determined that ByteDance and TikTok pose an unacceptable risk to the national security of the United States.
BREAK IN TRANSCRIPT
Ms. CANTWELL. I turn it back to my colleague Senator Warner and again thank him for his leadership.
BREAK IN TRANSCRIPT
Source