[Senate Report 116-250] [From the U.S. Government Publishing Office] 116th Congress } { Report SENATE 2nd Session } { 116-250 _______________________________________________________________________ NO TIK TOK ON GOVERNMENT DEVICES ACT __________ R E P O R T of the COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS UNITED STATES SENATE to accompany S. 3455 TO PROHIBIT CERTAIN INDIVIDUALS FROM DOWNLOADING OR USING TIKTOK ON ANY DEVICE ISSUED BY THE UNITED STATES OR A GOVERNMENT CORPORATIONAugust 10, 2020.--Ordered to be printed ______ U.S. GOVERNMENT PUBLISHING OFFICE 99-010 WASHINGTON : 2020 COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS RON JOHNSON, Wisconsin Chairman ROB PORTMAN, Ohio GARY C. PETERS, Michigan RAND PAUL, Kentucky THOMAS R. CARPER, Delaware JAMES LANKFORD, Oklahoma MAGGIE HASSAN, New Hampshire MITT ROMNEY, Utah KAMALA D. HARRIS, California RICK SCOTT, Florida KYRSTEN SINEMA, Arizona MICHAEL B. ENZI, Wyoming JACKY ROSEN, Nevada JOSH HAWLEY, Missouri Gabrielle D'Adamo Singer, Staff Director Joseph C. Folio III, Chief Counsel Michael J.R. Flynn, Senior Counsel David M. Weinberg, Minority Staff Director Zachary I. Schram, Minority Chief Counsel Jeffrey D. Rothblum, Minority Senior Professional Staff Member Laura W. Kilbride, Chief Clerk 116th Congress } { Report SENATE 2nd Session } { 116-250 ====================================================================== NO TIK TOK ON GOVERNMENT DEVICES ACT _______ August 10, 2020.--Ordered to be printed _______ Mr. Johnson, from the Committee on Homeland Security and Governmental Affairs, submitted the following R E P O R T [To accompany S. 3455] [Including cost estimate of the Congressional Budget Office] The Committee on Homeland Security and Governmental Affairs, to which was referred the bill (S. 3455) to prohibit certain individuals from downloading or using TikTok on any device issued by the United States or a government corporation, having considered the same, reports favorably thereon with an amendment in the nature of a substitute and recommends that the bill, as amended, do pass. CONTENTS Page I. Purpose and Summary..............................................1 II. Background and Need for the Legislation..........................2 III. Legislative History..............................................3 IV. Section-by-Section Analysis......................................4 V. Evaluation of Regulatory Impact..................................4 VI. Congressional Budget Office Cost Estimate........................4 VII. Changes in Existing Law Made by the Bill, as Reported............5 I. Purpose and Summary S. 3455, the No TikTok on Government Devices Act, requires the Director of the Office of Management and Budget (OMB) to develop standards and guidelines, consistent with the Federal Information Security Management Act (FISMA) of 2014, to remove the TikTok application from Federal information technology devices and platforms. The standards and guidelines developed by OMB must be developed in consultation with the General Services Administration (GSA), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the Department of Defense (DoD). The bill includes an exemption for law enforcement activities, national security interests and activities, and security researchers. II. Background and the Need for Legislation In November 2017, a Beijing-based media and technology company, ByteDance Limited (ByteDance), acquired a Shanghai- based social media company, Musical.ly, Inc. (Musical.ly) for approximately $1 billion.\1\ At the time of acquisition, Musical.ly's flagship web application included a user base of over 60 million in the United States and Europe and its offices were located in Shanghai and Santa Monica, California.\2\ In August 2018, ByteDance merged Musical.ly's web application with its own social media short-form video app, TikTok, managed by its subsidiary TikTok, Inc.\3\ TikTok is estimated to have a global audience of approximately 800 million active users.\4\ --------------------------------------------------------------------------- \1\Liza Lin and Rolfe Winkler, Social-Media App Musical.ly Is Acquired for as Much as $1 Billion, Wall St. J. (Nov. 9, 2017), available at https://www.wsj.com/articles/lip-syncing-app-musical-ly- is-acquired-for-as-much-as-1-billion-1510278123. \2\Paul Mozur, Musical.ly, a Chinese App Big in the U.S., Sells for $1 Billion, N.Y. Times (Nov. 10, 2017), available at https:// www.nytimes.com/2017/11/10/business/dealbook/musically-sold-app- video.html. \3\Paige Leskin, Inside the rise of TikTok, the viral video-sharing app that Trump is trying to order its Chinese parent to sell, Business Insider (Aug. 8, 2020), available at https://www.businessinsider.com/ tiktok-app-online-website-video-sharing-2019-7. \4\Simone Chu, TikTok: The Summation of 2020's Duality and Chaos, Harvard Political Review (Jul. 12, 2020), available at https:// harvardpolitics.com/culture/tiktok-2020/. --------------------------------------------------------------------------- Notwithstanding the global popularity of the TikTok application, China's national intelligence and security laws raise serious concerns over the obligations of Chinese-owned technology companies to participate in intelligence gathering operations and share data with government officials.\5\ Specifically, China's National Intelligence Law includes numerous broadly written provisions that compel Chinese organizations and citizens to ``provide support and assistance to'' Chinese intelligence work.\6\ These requirements allow for the potential that Chinese government officials could use TikTok to violate the civil rights and privacy of users in the United States or otherwise gather data that may have national security implications.\7\ On this basis, in November 2019, the Committee on Foreign Investment in the United States (CFIUS) began a review of ByteDance's acquisition of the social media service TikTok.\8\ --------------------------------------------------------------------------- \5\Jack Nicas, Mike Isaac, Ana Swanson, TikTok Said to Be Under National Security Review, N.Y. Times (Nov. 1, 2019), available at https://www.nytimes.com/2019/11/01/technology/tiktok-national-security- review.html. \6\47 C.F.R. 54.26 (2020), available at https://www.govinfo.gov/ content/pkg/FR-2020-01-03/pdf/2019-27610.pdf. \7\See, e.g. Dangerous Partners: Big Tech and Beijing: Hearing Before the S. Comm. on the Judiciary, Subcomm. on Crime & Terrorism, 116th Cong. (Mar. 2020) (Statement of Samm Sacks), available at https:/ /www.judiciary.senate.gov/meetings/dangerous-partners-big-tech-and- beijing. \8\Drew Harwell and Tony Romm, U.S. government investigating TikTok over national security concerns, Wall St. J. (Nov. 1, 2019), available at https://www.washingtonpost.com/technology/2019/11/01/us-government- investigating-tiktok-over-national-security-concerns/. --------------------------------------------------------------------------- National security concerns related to Chinese-based information communications technology are well-documented. As Federal Bureau of Investigation (FBI) Director Christopher Wray testified, ``we're deeply concerned about the risks of allowing any company or entity that is beholden to foreign governments that don't share our values to gain positions of power inside our telecommunications networks.''\9\ These long-standing concerns of foreign-owned ICT led the Committee to pass the Federal Acquisition Supply Chain Security Act of 2018, enacted as part of the SECURE Technology Act,\10\ to standardize a process for the Federal Government to evaluate supply chain security risks by creating the Federal Acquisition Security Council (FASC).\11\ In addition, at a hearing before the Senate Judiciary's Subcommittee on Crime and Terrorism entitled, ``Dangerous Partners: Big Tech and Beijing,'' the Senate heard from the FBI Deputy Assistant Director of the Cybersecurity Division who testified that ``Chinese companies are increasingly acquiring or launching social media applications not housed in mainland China for the global consumer market [whose] data handling policies create a risk for U.S. big data and [personally identifiable information] to be targeted and exploited by [the People's Republic of China] actors.''\12\ --------------------------------------------------------------------------- \9\Worldwide Threats: Hearing Before the S. Select Comm. on Intelligence, 115th Cong. (2018) (statement of Director Chris Wray, Director of the U.S. Federal Bureau of Investigation). \10\Pub. L. No. 115-390, 115th Cong. (2018). \11\S. 3085, the Federal Acquisition Supply Chain Security Act of 2018, S. Rept.115-408 (2018). \12\See supra note 7 (statement of Clyde E. Wallace, Deputy Director, Cyber Division, Federal Bureau of Investigation), available at https://www.judiciary.senate.gov/imo/media/doc/ Wallace%20Testimony.pdf. --------------------------------------------------------------------------- The FASC is an inter-agency effort to manage Federal supply chain security risks through regular assessment of information communications technology purchases, information sharing, and, when necessary, recommend the exclusion or removal of vulnerable technologies.\13\ The mandate of the FASC covers information technology, telecommunications equipment, hardware, software, and cloud computing services;\14\ however, it does not specifically address free-to-download applications available in mobile device application stores, such as TikTok. --------------------------------------------------------------------------- \13\Pub. L. No. 115-390 (2018). \14\Id.; see also S. Rept.115-408 (2018). --------------------------------------------------------------------------- Several Federal agencies, including DoD, the State Department, and the Department of Homeland Security, have banned TikTok on devices those agencies are responsible for, but these decisions have been made by individual agencies and do not apply to the Federal Government as a whole.\15\ Under FISMA, OMB is responsible for developing and overseeing Federal cybersecurity policies, and as such it has the power to produce standards and guidance for the removal of TikTok across the Federal enterprise.\16\ This bill requires the Director of the OMB, in consultation with key agency stakeholders, to develop standards and guidelines requiring the removal of TikTok and any successor applications developed or provided by ByteDance or any ByteDance subsidiary. --------------------------------------------------------------------------- \15\Madeline Holcombe, TSA bans employee use of TikTok for the agency's outreach amid national security concerns, CNN.com (Feb. 25, 2020) available at https://www.cnn.com/2020/02/25/politics/tsa-tiktok- national-security/index.html. \16\44 U.S.C. Sec. 3553. --------------------------------------------------------------------------- III. Legislative History Senator Josh Hawley (R-MO) introduced S. 3455, the No TickTok on Government Devices Act, on March 12, 2020, with Senator Rick Scott (R-FL) and Senator Tom Cotton (R-AR). The bill was referred to the Committee on Homeland Security and Governmental Affairs. Senators Joni Ernst (R-IA), John Kennedy (R-LA), and Martha McSally (R-AZ) later joined as cosponsors. The Committee considered S. 3455 at a business meeting on July 22, 2020. Senator Hawley offered a substitute amendment that specifies that OMB, within 60 days of passage, shall issue standards and guidelines to Executive Branch agencies regarding the removal of the TikTok application from information technology (rather than previous language that would have banned the use of the application by Federal employees but without specific direction from OMB on how to do so), and makes minor technical corrections. The bill was ordered reported favorably as modified by the Hawley amendment by voice vote en bloc. Senators present for the en bloc vote on the amendment and the bill as amended were Johnson, Portman, Paul, Lankford, Romney, Scott, Enzi, Hawley, Peters, Carper, Hassan, Harris, and Rosen. IV. Section-by-Section Analysis of the Bill, as Reported Section 1. Short title This section established that the bill may be referred to as the ``No TikTok on Government Devices Act''. Section 2. Prohibition on the use of TikTok Subsection (a) defines the terms ``covered application'', ``executive agency'', and ``information technology.'' Subsection (b) requires the Director of OMB, in consultation with the Administrator of GSA, the Director of CISA, the Director of National Intelligence, and the Secretary of Defense, and consistent with the information security requirements of FISMA, to develop standards and guidelines for the removal of covered applications from information technology. This subsection also includes directs OMB to include in its standards and guidelines exemptions for law enforcement activities, national security interests and security researchers. V. Evaluation of Regulatory Impact Pursuant to the requirements of paragraph 11(b) of rule XXVI of the Standing Rules of the Senate, the Committee has considered the regulatory impact of this bill and determined that the bill will have no regulatory impact within the meaning of the rules. The Committee agrees with the Congressional Budget Office's statement that the bill contains no intergovernmental or private-sector mandates as defined in the Unfunded Mandates Reform Act (UMRA) and would impose no costs on state, local, or tribal governments. VI. Congressional Budget Office Cost Estimate U.S. Congress, Congressional Budget Office, Washington, DC, August 5, 2020. Hon. Ron Johnson, Chairman, Committee on Homeland Security and Governmental Affairs, U.S. Senate, Washington, DC. Dear Mr. Chairman: The Congressional Budget Office has prepared the enclosed cost estimate for S. 3455, the No TikTok on Government Devices Act. If you wish further details on this estimate, we will be pleased to provide them. The CBO staff contact is Matthew Pickford. Sincerely, Phillip L. Swagel, Director. Enclosure.
S. 3455 would require the Office of Management and Budget (OMB) in consultation with other government agencies to develop guidelines that would require the removal of the social networking service TikTok from any executive branch information technology. Several federal laws, regulations, and policies prohibit the use of government property for unauthorized purposes. S. 3455 would expand those prohibitions to include TikTok or any successor service provided by its developer. Some federal agencies including the Department of Defense have already banned TikTok from their devices. Based on the cost of similar requirements, CBO estimates that implementing S. 3455 would cost less than $500,000 over the 2020-2025 period, subject to the availability of appropriated funds. Those costs would primarily be for administrative expenses at OMB to develop the guidelines and for other government agencies to comply with the new restriction. Enacting S. 3455 could affect direct spending by some agencies that are allowed to use fees, receipts from the sale of goods, and other collections to cover operating costs. CBO estimates that any net changes in direct spending by those agencies would be negligible because most of them can adjust amounts collected to reflect changes in operating costs. The CBO staff contact for this estimate is Matthew Pickford. The estimate was reviewed by H. Samuel Papenfuss, Deputy Director of Budget Analysis. VII. Changes in Existing Law Made by the Bill, as Reported Because this legislation would not repeal or amend any provision of current law, it would not make changes in existing law within the meaning of clauses (a) and (b) of paragraph 12 of rule XXVI of the Standing Rules of the Senate.