Keeping China’s Digital Trojan Horses at Bay

Imagine if the people of ancient Troy had received advanced warning that the giant horse outside their fortified walls was not a gift, but instead an elaborate ruse to enable Greek infiltration of the city.

According to Greek mythology, several Trojan priests and scholars warned the horse was a trick, noting it defied reason to believe the Greeks, known for their subterfuge on the battlefield, had simply packed up and returned home empty-handed. These skeptics were deemed alarmists, and the wooden horse was wheeled inside Troy’s walls. The rest, of course, is history.

The United States and its allies now find themselves confronting an equally shrewd adversary in the Chinese Communist Party (CCP), which is eager to exploit our complacency and openness to foreign interests. Case in point: the ongoing debate over the future of TikTok, the popular social media platform, and the national security threats posed by Chinese apps and telecommunications platforms.

Rumors regarding a possible ban or forced sale of TikTok, which is owned by the Chinese technology giant ByteDance, have swirled around Washington for months. Several U.S. government agencies prohibited employees and their families from using the app, as did several political campaigns—including that of presumptive Democratic presidential nominee Joe Biden. The justification behind these prohibitions was clear: Chinese companies, and the CCP, have a track record of conducting cyber-espionage on U.S. citizens and businesses, as well as installing backdoors into their products. What’s more, Chinese national security laws mandate that Chinese companies hand over any and all information to the CCP, no questions asked.

Yet, millions of Americans have voluntarily downloaded TikTok, as well as other Chinese and Russian apps, onto their mobile devices, in effect mirroring Troy’s ill-fated decision. TikTok claims American users’ data is kept in the United States, but that may be impossible to verify.

The TikTok debate is hardly occurring in a vacuum. As Beijing works to re-write the rules-based order and undermine international organizations, it has set its sights on dictating the standards governing the internet, 5G and other next-generation technologies. From its perch overseeing the United Nations’ International Telecommunications Union (ITU), China is well-positioned to export technological authoritarianism far beyond its Great Firewall, further eroding human rights, transparency and the rules governing global competition. That is, unless, the United States, its allies and Western companies mount an aggressive campaign to expose and stymie Beijing’s corruptive efforts.

As many Americans are only now learning about the threat posed by Chinese apps and technology, the U.S. government, in partnership with private industry, should launch a multi-faceted public awareness campaign to educate consumers. This initiative should explain how China uses these platforms to steal everything from biographic information and internet search histories to medical information and other private data—as well as how China weaponizes these insights. Part of this effort should include enhanced partnership with the major U.S. mobile operators and handset producers to improve network security and simplify the process by which consumers can enhance the security settings on their devices. Assigning a qualitative risk score to apps would also help consumers understand the risks up front.

U.S. regulators and Congress should also focus on bolstering the rules governing commercial app retailers, like the App Store. Such outlets should be required to more thoroughly evaluate the security risks associated with new apps, with an emphasis on those with confirmed or suspected ties to China. For its part, the executive branch should be prepared to publicly explain future app bans or prohibitions, in contrast to its reliance on classified information to justify its approach to Huawei.

At the same time, greater scrutiny must be given to China’s ties to Silicon Valley, where Beijing has gained access to innovative technology by investing in venture capital firms. That same scrutiny must also be directed toward preventing Chinese companies deemed a national security risk from hiring former U.S. government officials to advocate on their behalf, a practice which has dogged both Republican and Democratic administrations.

Internationally, the Trump administration should augment its recently launched Economic Prosperity Network, which is focused on building a coalition of like-minded countries and companies to secure critical telecommunications, data analytics, mobile apps and 5G from malign actors. In coordinating these efforts with traditional democratic allies, such as the European Union, and emerging partners, like India and South Korea, the free world will be positioned to sustain a long-term fight to defend cyberspace. This framework should also be aligned toward challenging China’s efforts at the ITU, which include secretive attempts to advance Chinese telecommunications companies at the expense of the West.

History does not repeat itself, but it often rhymes. Rather than opening the gates and allowing China into our digital domain, it’s time to bolster our collective defenses and prepare for a long siege.

Craig Singleton, a national security expert and former U.S. diplomat, is an adjunct fellow at the Foundation for Defense of Democracies (FDD), where he also contributes to FDD’s Center on Military and Political Power and Center on Economic and Financial Power. FDD is a Washington, D.C.-based, nonpartisan research institute focusing on national security and foreign policy.