Congress just touching the TikTok tip of the iceberg of China’s spying

Senate Republican leader Mitch McConnell this week urged the chamber to take up the bipartisan bill the House overwhelmingly passed last month requiring Chinese company ByteDance to sell off its interest in popular social-media app TikTok or face a ban on TikTok operations in the United States.

This is an important first step to address TikTok’s known surveillance risk, yet it leaves the vast bulk of China’s intelligence-gathering apparatus untouched.

As the Senate begins to consider the bill, it has an opportunity to address the widespread threat China’s weaponization of its high-tech private sector poses.

Chinese law, specifically its National Intelligence Law, requires that all private Chinese companies and persons turn over any data they collect to the government upon demand.

As the law states, “All organizations and citizens shall support, assist, and cooperate with national intelligence efforts.”

“National intelligence efforts” could be anything that, as the bill makes clear, involves information relevant to the “interests of the People’s Republic of China.”

Chinese President Xi Jinping has left no doubt tech-sector data meet that criterion and is considered relevant to the PRC’s interests.

More than a decade ago, shortly after assuming the presidency, he asserted: “The vast ocean of data, just like oil resources during industrialization, contains immense productive power and opportunities. Whoever controls big data technologies will control the resources for development and have the upper hand.”

The TikTok bill, therefore, would fix a substantial and very real risk to American data and privacy.

It is likely, given the legal framework, the Chinese Communist Party is seeking and receiving data from TikTok.

But the issue is far larger than TikTok alone.

Like the risks seen with Huawei’s 5G network and Chinese cargo cranes, any Chinese company that collects information about Americans poses a major problem.

Indeed, it’s a problem not only in America but around the world.

Chinese companies collect data in Canada, Europe and Latin America; near US overseas military bases and at international ports; online and on the ground; and across personal, governmental and commercial interests.

In light of the international risk, America and its allies need a unified approach to prevent Chinese multinationals from undermining our shared security.

We must collectively take a comprehensive view of the significant surveillance vulnerability a wide range of Chinese companies on our shores present.

Beijing’s bold public declaration that it legally mandates its private companies turn over sensitive and private data collected overseas is a global threat and needs a global solution.

We need to understand data broadly.

This is not just information gleaned from social-media profiles, locations and preferences.

A tremendous number of common brands are Chinese owned; they produce items capable of collecting personal or sensitive information — Volvo cars, Lenovo computers, and Lexmark printers, for instance.

This is not to say we know these or other companies are passing data to the CCP, but that is precisely the point: We don’t know what private American information is making its way to China.

This lack of informational certainty is a critical national-security concern.

Congress is recognizing this threat.

But we cannot address TikTok alone and stop there.

We need a comprehensive registration requirement for all Chinese-owned companies operating in the United States or affecting US assets overseas.

Chinese companies should be required to disclose the scope and scale of the data they collect and the steps they take to safeguard that data from the Chinese government.

This information should be verifiable and subject to audit and oversight.

Chinese-owned multinationals should also disclose all requests they receive from Beijing to turn over information.

Companies that do not or cannot comply should be barred from operating on US soil and conducting business with US public- and private-sector entities.

We should simultaneously encourage our allies to follow a similar template.

This approach does not seek to single out China, but we need to acknowledge China has enacted and now lives under a uniquely dangerous law that presents a concrete surveillance threat to American national security.

There is an urgent need to improve what we know about Chinese information-gathering via corporate actors.

Improving transparency around Chinese surveillance is a prudent and measured response to an aggressive use of private-sector espionage.

Congress cannot properly address this risk one Chinese company at a time.

We need a wider approach that attacks the full scale of the threat.

The Chinese Communist Party seeks to control Chinese citizens through a massive web of surveillance.

If we don’t take significant steps to protect our data, the CCP will inevitably try to control us, too.

Elaine Dezenski, a senior director and the head of the Center on Economic and Financial Power at the Foundation for Defense of Democracies, was an acting and deputy assistant secretary for policy at the US Department of Homeland Security. Joshua Birenbaum is deputy director of the center.