The RESTRICT Act Is Worse Than You Think // The TikTok Ban Bill
We need to talk about TikTok, VPNs, and the RESTRICT ACT. There’s a lot of information being thrown around about this bill. So let’s break it down, get to the facts, and why this Act is SO CONCERNING.
This bill didn’t come out of no where. The US Government has been trying to ban TikTok for literal years at this point. TikTok is a huge social media platform with over 150 million US users, those numbers were confirmed by the CEO of TikTok a couple of weeks ago, it’s got 1 billion users worldwide, overtaking Snapchat, Pinterest, and Twitter. Instagram, Facebook, and Youtube have larger user bases. According to Pew Research, TikTok is the only social platform who’s seen an increase in percentage of users who go to their platform to get news.
But… TikTok is owned by a company called ByteDance, a chinese company, who also made a TikTok clone app for mainland China called Douyin. Because TikTok’s parent company is Chinese based, many countries, not just the US, have been trying to ban it for years. Many middle eastern countries banned it early on, with Europe, the US, and Canada issuing bans of TikTok on government devices, and some colleges have also banned it on campus wifi or university owned machines.
Donald Trump signed an executive order to ban TikTok in 2020, but this was later revoked and replaced by President Biden.
But, why? Is it just because this is a Chinese owned product or is it actually sharing US user data with the Chinese government? Citizen Lab Research did a huge whopping analysis of TikTok code to find any security or privacy issues, but overall, found that the app match industry norms, with US data collection aligning with other social media applications. ByteDance has also proposed strengthened privacy for users to align with the basic principles of Europe’s leading privacy law, GDPR.
But none of this means TikTok is the golden child of data privacy. TikTok did come under fire when four employees were found accessing location data of journalists in 2022. Forbes also reported on some physical location surveillance in Oct of 2022. These reports made the scrutiny of TikTok much more heightened in the last few months.
Enter the RESTRICT ACT. This bill is proposed legislation that was introduced to the US Senate on March 7 of this year by Senator Mark Warner, member of the Democratic party serving the Virginia seat. I’m directly linking the bill below in case you wanna read it like I did, but I’m making this video so that you don’t have to (though I still think you should).
S 686 the RESTRICT Act is dubbed the TikTok ban bill, and it stands for Restricting the Emergence of Security Threats that Risk Information and Communications Technology Act. TLDR on the bill is it was written quote “To authorize the Secretary of Commerce to review and prohibit certain transactions between persons in the United States and foreign adversaries, and for other purposes.” That’s pretty vague.
The RESTRICT Act specifically points out “foreign adversaries” to include (unless removed by the Secretary): China, Cuba, Iran, North Korea, Russia, and Venezuela.
The Act also explains that entities would include ones that have over a million US based users, have sold over a million units to US persons, or controls, owns or manages information and communications technology products or services.
And THAT means any hardware, software, or other products or services intended to do data processing, storage, retrieval, or communications by electronic means. That could put any parts of the Information and Communications Technology and Services Supply Chain under the microscope of this bill.
It’s very important to note that Person is defined in this bill as any natural person including a citizen or national of the US or a foreign country.
The act explains that the government could identify and take action on products or services that could have catastrophic effects on critical infrastructure, the digital economy, could interfere with election results, etc.
No later than 180 days, the government can do a review, see if the product or service falls within any of these risky categories, and determine whether it should be prohibited or if any other action should take place.
The procedure to determine if something it a risk is to conduct a review, then refer it to the President, and the President would have the power to take any actions they deem necessary associated with the risk. Then the President, no later than 30 days after the referral from the Secretary, would make an announcement about whatever actions they want to take, and then enforcement would take place.
Depending on the jurisdiction for the risk, certain agencies would handle the execution, like Homeland Security could remove them, the FCC can revoke licenses, and CISA could execute removal.
So what services would be considered under these imposed restrictions? They list a lot of tech. That would include anything that is used in critical infrastructure, or telecommunications services like wireless LANs, mobile networks, satellites, cable and wireless access points, networking systems, and edge computing, plus anything used for data hosting or computing “with respect to greater than 1mil US persons”, like internet hosting services, cloud based services, machine learning, content delivery, and managed services.
But that’s not all! Webcams, sensors, surveillance and monitoring equipment, home networking, UAVs and drones, apps both for desktop and mobile (that’s where TikTok comes in), autonomous systems, robotics, AI, computing, e-commerce…
The Act also explains how they can add or removal foreign adversaries on the list and how they can issue subpoenas. As it is written, services or products under investigation may have to turn over user data to the government while under review. As for penalties: the Act specifically says that “no person may engage […], aid in violations […], solicit or attempt a violation, conspire or act in concert with 1 or more persons to do anything that constitutes a violation, no person shall engage in acts that evade provisions of this Act, and no person shall fail to comply with reporting or recordkeeping in accordance with the Act. Reminder: Person was defined as citizens of the US or foreign country.
Civil penalties for violations include a fine of up to $250k, or an amount that is up to twice the value of the transaction, and revocation of mitigation measures. Criminal penalties include a fine of up to $1 million, or 20 years in prison, or both.
While the bill doesn’t ban personal use, it does give agencies the authority to remove products from store shelves, stop them from shipping products into the US, or remove apps from the app store. It also targets more than just TikTok: Huawei and Kaspersky have been noted as targets too.
But as of yet, the US government hasn’t shared any info publicly to justify a ban on TikTok in app stores. But under the RESTRICT act, they wouldn’t necessarily need to share info publicly. For example, the executive branch wouldn’t need to explain it’s application of the law if it’s not practical or consistent with national security and law enforcement interests. What are those interests? Well, we don’t know, because the bill didn’t define those. It’s too vague.
People are rightfully worried about using a VPN to access TikTok or other banned apps or services. Even though the bill is supposed to target companies, it doesn’t point blank say that regular users wouldn’t get caught up in the legal system - in fact, it does sound very much like persons could get into trouble.
Currently how this bill is written, it does sound like any PERSON who evades “mitigation measures” could be prosecuted as a criminal, and since it’s so vague, that could include using a VPN to access a banned app, or side loading an app outside of the app stores. It also sounds like you could get into trouble if you visit another country and download an app while overseas and forget to delete it when you enter the States, all of which was pointed out by the EFF. And something I was thinking about: how would an average consumer know if an app is made by a company from a country listed as a “foreign adversary” without doing some digging? Not every company who sells products in the United States will have so much news and media pointed at them practically every day like TikTok has.
The good thing is that if you just use a VPN for general use, like for general privacy while on public wifi, for streaming Australian tv shows or buying something from Japan (I buy stuff while on VPNs all the time), then you’re good. Also, the bill hasn’t been passed yet, so hopefully they’ll make some changes to the verbiage so it isn’t as broad or so it can’t be taken out of context.
If the US government wants to protect US citizens from actual threats to our privacy, they should create legislation federally that protects personal data as an umbrella that ALL social media platforms need to abide by instead of using TikTok as, some may say, a scapegoat. Some states have already enacted their own laws like CCPA so if you live in those states, you do have some data protections. But many of us are left out in the cold. While they’re trying to ban TikTok, other social media platforms sell and share our data consistently and those ones have been built by US companies. Many of these platforms sell our data to data brokers for a profit, too, so banning TikTok for possibly sharing data with the Chinese government (that still hasn’t been proven), while we already have our own social media sites selling our data seems… a bit hypocritical?
That brings me to my sponsor DeleteMe. We don’t have those federal laws to protect data privacy so these data brokers do exist, and they also sell and share our data, too. Without our consent.
It’s pretty messed up, but they’re allowed to do this in the US. So I have a solution: DeleteMe! It’s a service I’ve paid for for years, so I’m glad I get to partner with them.
DeleteMe is the trusted online privacy service that removes your personal information from data broker websites, so you can take control of that data. They do all the work for you, scouring the internet and making sure your information is deleted from these sites, so you can keep your personal life private.
When you sign up for an account, you fill in any data that you want DeleteMe to find and delete for you, then DeleteMe continuously checks Data Brokers for matches, and does all the work to send opt outs and removal requests.
With DeleteMe, you can protect your identity, your family, and your online presence. They provide regular updates and a comprehensive privacy report, so you can see the results of their work every single quarter. Don't let your personal information be at risk.
Use the code SNUBS at checkout - that’s S N U B S - for 20% off any of the consumer plans. or just click the link below or hit up JoinDeleteMe.com/MorseCode to sign up today and that code will automatically apply at checkout! Sign up now and safeguard your personal information today!
Huge thank you to DeleteMe for sponsoring this episode.
I don’t understand TikTok as an elder millenial - it’s not my platform of choice, it ain’t my cup of tea. I’ve tried… but I just haven’t been able to figure it out as a content creator. I lean towards saying that we should absolutely scrutinize TikTok to protect users, but we also need to protect our rights to information, with the understanding that people use the internet in very different ways than they did 10 years ago. In my job, I analyze how folks interact with my videos every single day. I see a need for short educational content as well as longer formats like this video. I understand why TikTok is so popular - it’s got educational content, funny vids, memes, and sometimes some really bad false information - other apps do too - but TikTok’s user base is exploding. So it seems like you either love it, or you don’t care if it disappeared one day. Would banning TikTok, since we haven’t seen proof of government data collection, set up this precedent of banning any any other apps or services that fall under the RESTRICT Act categories without seeing proof to justify the restrictions.
Could people be prosecuted for using a VPN to access their favorite apps, especially when we often don’t know who made those apps?
Comment your thoughts, subscribe if you like deeply researched videos like this, bye y’all.
