Commitment Problems of Data
Data’s nonrivalry feature means that it can be reused infinitely. The reuse of data is difficult to detect because it is only partially excludable. Therefore, once citizens exchange their personal data for free services from digital firms, they usually lose control over future use of the data (Jin 2018).
This uncertainty regarding future data use is a critical political matter, because it can generate concerns about foreign government surveillance. An important premise of these concerns is that data is valuable and states have high incentives to control and compete for data. Concerns about foreign government surveillance arise from two commitment problems: (1) multinational firms cannot credibly commit to not sharing personal data with their home government; and (2) the home government cannot commit to not abusing personal data for surveillance or for other political purposes that encroach on individual liberty.
Both commitment problems are more severe in an authoritarian country such as China. Regarding problem (1), firms are less likely to defy data requests from an authoritarian government. In 2016, Apple openly resisted the FBI’s request to unlock the iPhone belonging to the shooter in a terrorist incident in San Bernardino, California. It is not impossible for firms to make such an open refusal in authoritarian states, but it is far riskier. For example, Russia banned the messenger app Telegram for 2 years after it refused to share encryption keys with Roskomnadzor.Footnote 33 As for commitment problem (2), autocrats may have a greater incentive to engage in digital surveillance, as they face an information issue of not knowing their citizens’ true preferences, due to preference falsification (Xu 2020).
There are two important caveats regarding the commitment problems. First, firms and governments in democracies are not immune from these commitment problems. Government mass surveillance projects are on the rise globally, as demonstrated by the US NSA’s PRISM program, the British Tempora project, and many others. According to the annual transparency reports published by Facebook, Apple, and Google, a significant portion of government data requests come from democracies, and these tech giants have fulfilled the vast majority of these requests in recent years.Footnote 34 Therefore, the commitment problem in data use is not unique to autocracies. One advantage for firms based in democracies, however, is that the institutional constraints—e.g., checks on a government’s arbitrary acts (including accessing data), free press, and the rule of law—are stronger in democracies. These constraints on both firms and governments can serve as commitment devices, albeit imperfect ones, to bind future actions of data abuse. Second, even for firms based in autocracies, that a firm cannot credibly commit ex ante does not mean it will surely hand user data to its home government ex post. Firms bear reputational costs of abusing their user data, and their interests are usually not aligned with the interests of political authorities.
When Chinese tech companies expand globally, they suffer from these commitment problems, which leave them vulnerable to national security investigations worldwide. As data is at the core of tech firms’ business operations, they must collect personal data of foreign users. A growing number of foreign governments, however, maintain that China-based tech firms may expose foreign citizen data to the Chinese government. Such distrust in Chinese tech firms is certainly related to—but not solely driven by—the rising skepticism toward China itself. The underlying issue is a general commitment problem facing every multinational tech firm and every government.
The rest of this section specifies how the commitment problem affects Chinese tech firms through a “deep versus broad” dilemma. I illustrate this point by examining the case study of the US investigation of TikTok.
Ownership Bias and Blurred State–Business Boundaries
All governments seek to maximize the economic benefits, while minimizing national security risks associated with inward FDI. When dealing with Chinese investors, foreign governments in the past had “ownership bias”: they used to be more cautious with investments from Chinese SOEs than those from private firms. This is consistent with existing research on the Chinese corporate sector, which has overwhelmingly relied on firm ownership to demarcate the boundary of the state. SOEs are portrayed as vehicles for the state to fulfill domestic political goals and to exert economic statecraft globally. By contrast, private enterprises are excluded from, or only peripherally connected to, the political process.Footnote 35 Although private firms are not entirely autonomous from the state, they are not as connected to the state as SOEs.
However, ownership has long been a fuzzy concept in China. In particular, the rise of tech companies has blurred the state–business boundary, making it porous, elusive, and fluid. Unlike traditional private companies that are marginalized in state initiatives, privately held Big Techs have taken many strategic roles that only SOEs could assume in the past.
Within China, there are extensive collaborations between the state and digital companies over a wide range of issues. Underlying this is a phenomenon that I call institutional outsourcingFootnote 36: as the authoritarian state is unable or unwilling to reform formal institutions, it has implicitly or explicitly outsourced some institutional functions to key private actors, particularly digital platforms (Liu 2018). To clarify, institutional outsourcing does not mean that these private Big Techs have become part of the state or act mainly upon the state’s political directives. Big Techs are still primarily profit-driven, pursuing commercial interests that are not fully aligned with the state’s goal. Institutional outsourcing features in the extensive collaborations between the state and Big Techs to solve various governance issues that the state falls short of addressing itself.
In the economic realm, online trading platforms assist the state to create market institutions (e.g., contract enforcement, fraud prevention), enforce laws (e.g., Alibaba and JD help the Supreme Court enforce debt repayment), conduct policy experiments (e.g., Alibaba helps local governments build “smart cities”), and facilitate rural development (Khanna et al. 2019; Koo and Eesley 2020; Couture et al. 2021).
In the political realm, private tech companies, such as social media platforms, help the state conduct surveillance and perform censorship (Gallagher and Miller 2018). In the social area, during the COVID-19 outbreak, Big Techs such as Alibaba and Tencent helped local governments in Hangzhou and Shenzhen build the “health code,” a contact-tracing app to contain the spread of the virus.
The intimate domestic collaboration between the Chinese state and private tech companies, especially on the data front, can become a liability for these firms in the overseas market. Although many of these collaborations are nonpolitical and Big Techs reportedly have turned down government data requests occasionally,Footnote 37 the lack of institutionalized checks on the state’s arbitrary power complicates efforts by private techs to prove their independence. Overseas regulators no longer view private ownership as a credible sign of a firm’s relative autonomy from the Chinese state, which, for example, constitutes a major hurdle faced by the Chinese tech giant Huawei as it rolls out its 5G network worldwide.Footnote 38
Private Techs’ “Deep versus Broad” Dilemma in Global Expansion
As Chinese firms rapidly expand their business worldwide (Ratigan 2020), foreign governments hosting Chinese investments face an information problem. Not all private firms are agents of the Chinese state (Kastner and Pearson 2020), but foreign governments do not have complete information to identify the real type of a Chinese firm—regarding whether it will pose a national security threat. As firm ownership no longer suffices to predict firm type, foreign regulators tend to infer a Chinese firm’s type from its business activities within China.
Therefore, China-originated private firms increasingly confront a “deep versus broad” dilemma: deep embeddedness in the Chinese market—where it is necessary to build strong political connections—takes a toll on their global expansion. Herein lies the rub: a deep tie with the Chinese government reduces domestic political risks, but increases overseas regulatory risks.
This dilemma is particularly salient for Chinese firms operating in countries with strong anti-China sentiment, and exceptionally tricky for digital companies, which collect personal data for business operation. As discussed previously, data is nonrival and only partially excludable. These features make it difficult for the firm to commit ex ante to not share data with the Chinese government ex post. As data is easier to transfer across borders than physical commodities, Chinese tech firms are particularly vulnerable to national security investigations by foreign governments.
Is there a way to resolve, or at least attenuate, the dilemma? Some tech firms have engaged in costly signaling by building “walls” to separate their domestic markets from overseas businesses. In the following, I examine the US national security investigation into TikTok to explicate the logic of data politics: how the collection of personal data becomes a sensitive issue, how the firm’s inability to commit generates suspicion, and how TikTok seeks to address the commitment problem by costly signaling its independence from the Chinese government.
Case: TikTok’s Commitment Problems and Costly Signaling
TikTok, owned by the Beijing-based tech giant ByteDance, is the first Chinese social app to take the world by storm.Footnote 39 This AI-empowered platform allows users to create and share short videos, often of themselves dancing, lip-syncing, or cooking. By April 2020, a mere three years after its launch, the app hit 2 billion downloads worldwide, amassing 800 million monthly active users,Footnote 40 26.5 million of whom reside in the USA.Footnote 41
TikTok’s meteoric rise has prompted US lawmakers to panic. Although it is privately owned and operates exclusively outside of China, it has been suspected of being under the control of the Chinese government. In an open letter released in October 2019, Senators Tom Cotton and Chuck Schumer contended that “TikTok is a potential counterintelligence threat we cannot ignore,” requesting intelligence officials to assess the national security risk posed by TikTok and other China-owned platforms.Footnote 42 In November 2019, the US government launched a national security investigation into TikTok.Footnote 43 As of March 2020, several US government agencies, including the Transportation Security Administration and the US Army, had banned the app from employee devices.Footnote 44
How could an app famous for lip-syncing and dance challenges raise national security concerns? The investigation is not driven simply by the growing US–China rift that has politicized business matters. Data politics is also at play, which can emerge between any country dyad and regarding any multinational firm that collects personal data.Footnote 45
The senators’ open letter specified two data-related concerns over TikTok. The first was how the company stores and handles US user data and whether such data will be exposed to the Chinese government. The second is related to the potential for disinformation and content manipulation. They argued that TikTok has reportedly censored political content disliked by the Chinese Communist Party, including material linked to the Hong Kong protests, Tibet, and Taiwan. They also mentioned that TikTok may serve as a potential forum for foreign meddling in US elections, as Facebook did in 2016.Footnote 46
TikTok denied all of these charges. In a statement, it emphasized that all US consumer data is stored in the US and backed up in Singapore, arguing that “our data centers are located entirely outside of China, and none of our data is subject to Chinese law.” It also claimed that it would not censor content based on political sensitivities and was not influenced by any government.Footnote 47
Some lawmakers disparaged TikTok’s denials as cheap talk. Senator Josh Hawley commented in a hearing that “TikTok claims they don’t store American user data in China. That’s nice. But all it takes is one knock on the door of their parent company, based in China, from a Communist Party official for that data to be transferred to the Chinese government’s hands, whenever they need it.”Footnote 48
This reflects a commitment problem facing TikTok: the firm cannot credibly commit ex ante that it will not share user data with the Chinese government ex post. Although every firm has a similar commitment problem, firms from an authoritarian country suffer from it more because authoritarian countries do not have strong institutional constraints on the ruler’s arbitrary power. As the senators’ open letter claims, “without an independent judiciary to review requests made by the Chinese government for data or other actions, there is no legal mechanism for Chinese companies to appeal if they disagree with a request.”Footnote 49
This commitment problem leads to the “deep versus broad” dilemma. TikTok’s parent company, ByteDance, is deeply embedded in the Chinese market. To some extent, ByteDance’s deep success within China is taking a toll on TikTok’s international expansion.
To expand globally, TikTok has to signal its independence from ByteDance’s China business. It made three costly moves to send this signal. First, TikTok limited its own revenue sources by not allowing any paid political advertising on its platform.Footnote 50 Second, it started to look for global headquarters outside China, in Singapore, London, or Dublin.Footnote 51 Third, TikTok announced that it would no longer use China-based moderators to monitor overseas content.Footnote 52 ByteDance even prohibited its own China-based engineers from accessing TikTok’s US user data and code.Footnote 53
These moves, however, were insufficient to address the commitment problem in the eyes of the Trump administration, which sought to propel ByteDance to sell TikTok. On August 6, President Trump issued an Executive Order banning all US transactions with ByteDance in 45 days, claiming that TikTok’s data collection “threatens to allow the Chinese Communist Party access to Americans’ personal and proprietary information.”Footnote 54 On August 14, a follow-up Executive Order stated that ByteDance shall “divest all interests and rights” in TikTok’s US business and destroy the US user data collected by TikTok.Footnote 55
Facing the ban, ByteDance reportedly negotiated with various interested parties in the USA over the sale of TikTok. However, the complication is that, to make the deal successful, ByteDance also needed to abide by China’s newly revised rule that restricts exports of recommendation algorithms and AI technologies. In other words, to satisfy both governments, TikTok needed to solve the commitment problem without transferring its core technologies.
In September, ByteDance reached a preliminary deal with two US companies, Oracle and Walmart. Tentatively approved by Trump, this deal points to a potential solution to the commitment problem. Under the deal, ByteDance will create a US-based subsidiary called TikTok Global, in which Oracle and Walmart, combined, have a 20% stake. TikTok Global will provide full TikTok services. To satisfy the national security requirements, US user data will be stored on Oracle’s cloud infrastructure, and Oracle will get full access to review TikTok’s source code and updates. ByteDance, on the other hand, neither needs to sell nor to transfer TikTok’s technologies and algorithms and will have an 80% share of TikTok Global. This deal has not been finalized by the time of writing, and it remains uncertain whether the deal can eventually address the commitment problem.