September 18, 2021

Volume XI, Number 261

Advertisement

September 17, 2021

Subscribe to Latest Legal News and Analysis

September 16, 2021

Subscribe to Latest Legal News and Analysis

September 15, 2021

Subscribe to Latest Legal News and Analysis

Beyond TikTok and WeChat: How Biden’s New EO Could Impact Foreign-Owned Apps

On June 9, 2021, President Biden signed an Executive Order (“EO”) revoking Trump’s orders on TikTok and WeChat. In their stead, President Biden’s EO subjects software applications controlled or owned by “foreign adversaries” (i.e., China, Cuba, Iran, North Korea, Russia, and Nicolas Maduro) to a review process led by the Commerce Department to evaluate whether an app presents U.S. national security concerns. This EO fits within the broader confrontation between the United States and China when it comes to emerging technologies, sensitive personal data, and the threats we see from cyberattacks that exploit vulnerabilities in U.S. IT systems.

According to the Biden Administration, the orders issued by Trump (which we discussed here and here) were revoked because they did not provide “intelligible criteria” to evaluate national security risks posed by software applications and therefore were unenforceable. As context, the TikTok and WeChat orders were intensely litigated, though nationwide injunctions of the orders into late summer of 2020. Those cases froze the conflict between the Chinese social media companies and the U.S. government – which is why these apps are still widely available and currently in use in the United States.

Unlike the TikTok and WeChat orders, the recent EO is not directed at any one company. Therefore, any app that is owned by a “foreign adversary” and poses a threat to national security could potentially be subject to restrictions after the Commerce Department review. The review process will be similar to the one outlined in Executive Order  (“EO 13873”) related to information and communication technology or services (“ICTS”) involving “foreign adversaries,” where the Commerce Department may prohibit the covered transaction, approve, or approve with conditions (see our discussions about that EO here and here). Ultimately, the end result might be the same: the use of TikTok and WeChat may be restricted in the United States because the U.S. Government determines that TikTok and WeChat pose too great of a national security threat. But, this EO seeks to have a principled review process that would apply to other apps as well (i.e., the next TikTok or WeChat).

What Software Applications will be Covered by the EO? 

It’s all about the data. The underlying concern that Trump’s TikTok and WeChat orders were meant to address was the threat posed by Chinese actors having access to sensitive personal data of U.S. citizens. Biden’s EO targets that same concern but covers any app used on mobile devices, tablets, and computers that “collect, process, or transmit data via the internet.” A large swath of apps currently on the market could fall under the purview of the EO. However, a limiting factor is that the apps must also be designed, developed, manufactured, or supplied by persons that are owned or controlled by, or subject to the jurisdiction of a “foreign adversary” – i.e., China, Cuba, Iran, North Korea, Russia, and the Maduro Regime. So, apps like WeChat and TikTok are covered products under the EO.

Criteria for Identifying Apps that May Pose National Security Risks 

The EO outlines the following potential indicators of national security risk relating to apps made by foreign adversaries:

I.        

ownership, control, or management by persons that support a foreign adversary’s military, intelligence, or proliferation activities;

II.     

use of the connected software application to conduct surveillance that enables espionage, including through a foreign adversary’s access to sensitive or confidential government or business information, or sensitive personal data;

III.  

ownership, control, or management of connected software applications by persons subject to coercion or cooption by a foreign adversary;

IV.  

ownership, control, or management of connected software applications by persons involved in malicious cyber activities;

V.     

a lack of thorough and reliable third-party auditing of connected software applications;

VI.  

the scope and sensitivity of the data collected

VII.           

the number and sensitivity of the users of the connected software application;

VIII.        

the extent to which identified risks have been or can be addressed by independently verifiable measures.”

 

Transactions that involve a “heightened risk” would include those apps owned, controlled or managed by people supporting foreign adversary military or intelligence service or when the apps collect sensitive personal data.

So… What Now?

It seems clear that the EO is primarily targeted at apps owned by Chinese companies. Russian apps may also be a concern – we have seen significant instances of Russian criminal groups and Russian intelligence agencies use U.S. technological vulnerabilities for malign activity – but Russian software is not likely in wide, pervasive use in the United States. Three of the other countries listed as foreign adversaries (Cuba, Iran and North Korea) are already subject to comprehensive sanctions and therefore already largely restricted. Thus, even though the Biden EO is certainly broader and more in line with broader national security policy as to countries the United States deems “foreign adversaries,” the impact of the EO will be dominantly on software applications of Chinese origin. The Commerce Department has been ordered to begin their review immediately –but that means there is no immediate impact of this EO until the Commerce Department conducts its review and designates apps under the EO..

For now, U.S. companies that are evaluating their use of software applications developed by China or the other countries should take note of what might be coming down the pike. For a broader discussion about reevaluating your business relationships involving China, see our post here. As always, we will keep you updated on the quickly changing regulatory landscape impacting your international business relationships.

*Patrick Diaz is a summer associate in the Sheppard Mullin Washington D.C. Office.

Copyright © 2021, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume XI, Number 162
Advertisement

About this Author

Fatema Merchant, international, trade, Lawyer, Sheppard Mullin
Associate

Fatema Merchant is an associate in the Government Contracts, Investigations & International Trade Practice Group in the firm's Washington, D.C. office.

Fatema’s practice focuses on investigations and compliance counseling related to international trade laws.  She has extensive experience with U.S. Foreign Corrupt Practices Act and U.S.-Sanctioned Countries investigations, compliance, due diligence, and training.  Fatema also advises clients on compliance with International Traffic in Arms Regulations, Export Administration Regulations, Customs and Anti-Money Laundering...

202-469-4930
Mario Andres Torrico Government Investigations Attorney Sheppard Mullin
Associate

Mario Torrico is an associate in the Government Contracts, Investigations, and International Trade Practice Group in the firm's Washington, D.C. office.

Mario focuses his practice on compliance counseling, investigations, and cross-border transactional work concerning international trade matters including customs, trade remedies, export controls, economic sanctions and embargoes, the Foreign Corrupt Practices Act (FCPA), and other areas of international trade law.

Prior to entering the private sector, he served as an...

202-747-2652
Advertisement
Advertisement
Advertisement