What are the implications of U.S. President Donald Trump’s recent moves against Chinese social media apps TikTok and WeChat? Are there likely to be spillover effects?

Jon Bateman: These moves are clearly important, but they cannot be fully assessed before they take effect. The Trump administration has announced many sweeping, high-profile measures against Chinese technologies and companies, only to delay their enforcement repeatedly while dangling waivers and exemptions. This tactic is designed to gain leverage over China (and U.S. companies) as well as obtain political advantages. The Trump administration’s lack of a clearly stated strategy means the final rules could be broad or narrow, and many stakeholders are already seeking to shape them.

If the ban has teeth, it would be the Trump administration’s strongest move yet toward technological decoupling from China. TikTok and WeChat are not fundamentally different from other Chinese apps; they are simply more popular. Banning them would therefore suggest the Trump administration has zero tolerance for Chinese apps in the United States. Indeed, the relevant executive orders define the problem as “the spread in the United States of mobile applications developed and owned by companies in the People’s Republic of China”—not just TikTok and WeChat.

Jon Bateman
Jon Bateman is a fellow in the Cyber Policy Initiative of the Technology and International Affairs Program at the Carnegie Endowment for International Peace.
More >

China’s presence in the U.S. app market is limited, but the logic of these actions could extend well beyond apps. Americans’ personal information can be exposed to Chinese companies (and by extension, the Chinese government) through a variety of other means too, including consumer purchases, financial transactions, international travel, or data brokers and foreign intermediaries. A true policy of zero risk tolerance, as Secretary of State Mike Pompeo seems to favor, would cause a severe technological and economic split.

Lyu Jinghua: The recent actions taken by the Trump administration against TikTok and WeChat, following those against Huawei and other Chinese technology companies, are producing effects that go far beyond the claimed concerns of national security. In the short term, China will definitely suffer from the technology quarrel with the United States. Its companies will lose overseas markets and, more broadly, key elements for technology research and development.

However, the administration’s decisions will also hurt U.S. companies in a significant way. For example, in a survey asking Chinese mobile phone users whether they would choose to use an iPhone without access to WeChat or another kind of cellphone with WeChat access, they voted “by a margin of 20 to one” to keep WeChat and find another phone. More importantly, such bans will force China to further develop its own information and communications technology (ICT) components and encourage its companies to concentrate on the domestic market. China will be incentivized to become self-sufficient and less reliant on foreign products. The country will likely become more isolated from the international community, which is, ironically, something for which China is already criticized.

Lyu Jinghua
Lyu Jinghua is a visiting scholar with Carnegie’s Cyber Policy Initiative. Her research focuses primarily on cybersecurity and China-U.S. defense relations.

What national security concerns should countries have about information and communications technologies?

Jon Bateman: The digitization of nearly all human activities means countries need to rethink almost every aspect of national security. But countries have very different perspectives on specific digital threats and opportunities, and they employ very different strategies for securing their interests.

These differences are seen in the language they use. Liberal democracies have traditionally focused on cybersecurity, or protecting computer networks from being hacked. Their main concern has been the integrity of the network infrastructure itself, not the human ideas and relationships these networks shape. This prioritization means combating three key problems: threats to the confidentiality of data (like the theft of classified information), threats to the integrity of data (like the manipulation of financial records), and threats to the availability of data (like possible disruptions to critical infrastructure, like a cyber attack on the electrical grid that would render it unavailable for normal use).

Authoritarian regimes prefer a broader term: information security. This term covers not only hacking threats but also the unrestrained spread of information and ideas, which might upset existing political and social orders. This point of emphasis implies that governments should have a much larger role in monitoring and controlling online communications. The clash of these two value systems has impeded global and bilateral cyber diplomacy.

But as technology and politics evolve, traditional fault lines are shifting. Democratic societies have recently become more concerned with controlling the flow of information online, in the wake of threats like the self-proclaimed Islamic State’s “virtual caliphate” and Russian election interference. Meanwhile, more countries are viewing the internet through an even wider frame—as a central arena for geoeconomic and geopolitical competition, where global power and sovereignty are at stake. These two shifts help explain U.S. actions against TikTok and WeChat.

Lyu Jinghua: Cybersecurity is a critical, complex issue that is interwoven with almost every facet of national policy. It is therefore not surprising that some governments view all cyber issues through the lens of national security. However, such a securitization of all cybersecurity concerns does more harm than good to a country’s interests. In fact, only some ICT-related cyber issues are critical to national security.

The first important cyber issue is the security of a country’s ICT-enabled critical infrastructure —that is, infrastructure that relies on ICT to run efficiently. Most countries agree that such critical infrastructure needs to be protected, as shown in a landmark 2015 report by the United Nations Group of Governmental Experts. Their security can be assessed by three measures: the trustworthiness of the ICT systems and their key components, a country’s ability to detect and identify security risks to critical infrastructure, and the resilience of critical infrastructure (for example, its ability to recover from a disruptive event).

The second issue is the confidentiality, integrity, and availability of data that contains information critical to national security. This so-called CIA triad ensures that countries can reliably safeguard information critical to their national security, make it accessible to legitimate users whenever necessary, and make certain that it is not accessed by other unauthorized actors.

The third important issue is a country’s ability to counter cyber terrorism, prevent cyber arms proliferation, manage cyber crises, and achieve and maintain military superiority in cyberspace.

How can countries address cross-border ICT threats?

Jon Bateman: Cyber and information threats are uniquely difficult to combat. Compared to the physical world, the internet enables faster interactions at higher volumes by more actors across greater distances.

There are two general ways for countries to respond: by actively countering threats and by shoring up their defenses.

The first category of active countering moves includes diplomacy, deterrence, and disruption. Diplomacy has led to several international agreements for restraining cyber activity, but they remain vague and underenforced. That makes deterrence necessary. The fact that major powers have never launched the most devastating cyber and information attacks they are capable of suggests that severe threats must be somewhat deterred. Yet lower-level hostility, like routine data breaches and disinformation campaigns, remains endemic. Such everyday threats can be disrupted, though not eliminated, by law enforcement, targeted sanctions, and tailored cyber counterstrikes.

The second category of defensive measures involves domestic cyber hygiene—habits and practices that protect online data—and risk reduction. Regulation, education, and information sharing are key tools. Still, the internet is simply too large, decentralized, and vulnerable to fully secure. Countries must therefore strive for resilience. This task entails tactical measures like backing up computer systems, and institutional efforts like promoting trusted sources of information. Preparing society to function in the face of disruptive events is an ongoing and never-ending challenge.

The limits of both these approaches have sparked renewed interest in shaping the very architecture of the internet and other digital services. The United States and China both seek greater control of technology supply chains and more influence over international standards. By molding digital systems at a basic physical and technical level, they each hope to gain enduring structural advantages over rival countries and keep threats at bay.

Lyu Jinghua: As there are no physical boundaries in cyberspace, countries should employ a combination of domestic measures and joint international efforts to address cyber threats. At the domestic level, countries must reverse their current policies of securitizing all cyber concerns. On the contrary, governments can take steps to identify which core national security interests are most vulnerable to cyber attacks. However, in other areas, where threats caused by the use of ICT are not critical to core national security interests, it is more feasible and cost effective to enhance malware detection and prevention as well as improve the resilience of networks, rather than trying to eliminate cyber attacks completely, as there is no perfect environment in which all malicious cyber activities can be fully eradicated.

On the global stage, it is essential for the international community to share information to improve situational awareness and exchange best practices to improve the overall defensive capabilities of state actors. It is also necessary to continue efforts to establish norms to decrease suspicion between countries and avoid the unnecessary escalation of crises in cyberspace. Despite the growing prevalence of great power competition, it is still possible for countries to build confidence in each other. No country benefits from suffering a large-scale cyber attack, the effects of which always spill over from their intended targets. In some instances, the attackers themselves may even suffer adverse effects from their own actions.

What are the broader implications of the U.S.-China high-tech dispute?

Lyu Jinghua: More broadly, the controversies over Huawei, and now TikTok and WeChat, have been influenced by, but have also exerted influence on, the deteriorating U.S.-China bilateral relationship. Most Chinese experts now believe that U.S. policies toward China are ultimately aimed at suppressing Beijing’s rise. They think that the West will never welcome a nondemocratic, politically distinct China into the international community. The current freefall in bilateral relations will thus speed up with the erosion of basic trust, as well as the dialing back of trade and other economic exchanges.

Relations between the United States and China have never been purely bilateral. The current tensions in cyberspace are now expanding and are influencing other parts of the world at an unprecedented scale. Aside from eliminating the possibility of cooperating to tackle the cybersecurity risks that every country faces, the Trump administration’s policies of building a “clean network” without China will splinter the internet. Its continued growth will be gravely threatened by the decisions made because of political concerns rather than technical considerations.

Jon Bateman: TikTok and WeChat are only the latest chapters in a large, complicated story. Since the second term of former U.S. president Barack Obama, Washington has grown increasingly concerned with China in general and Chinese technology in particular. The Trump administration has dramatically intensified and broadened U.S. efforts to reduce U.S. dependence on Chinese technology, limit China’s access to U.S. tech resources, and thwart China’s global tech ambitions.

But “technological decoupling,” as some call it, is not solely the result of U.S. government policy. Beijing has long restricted U.S. tech companies’ access to and operations in China. Its Great Firewall is a virtual monument to digital sovereignty. Initiatives like Made in China 2025 explicitly aim to promote technological self-sufficiency. As both governments act to secure their technological futures, private companies are scrambling to stay ahead of new rules. This state of play has chilled partnerships and helped make decoupling a self-fulfilling prophecy.

The question is no longer whether the United States and China will technologically decouple, but rather how far they will go and what shape decoupling will take. Today, the United States lacks a clear vision or strategy. Its most significant actions—like those against TikTok, WeChat, and Huawei—have been ad hoc. This approach can only continue for so long. In the next few years, Washington will need to better define tolerable and intolerable technology-related risks. It must also develop a compelling pitch to international partners and do more to energize American innovation. These are long-term challenges that require serious national debate.