Euro Security Watch with Mathew J. Schwartz

Cyberwarfare / Nation-State Attacks , Endpoint Security , Fraud Management & Cybercrime

TikTok's Response to Trump? Let's Make a Deal

Tapping President's Pick of Oracle - Not as Buyer but 'Partner' - May End Standoff
TikTok's Response to Trump? Let's Make a Deal

Whatever happens with TikTok following President Donald Trump pressuring the company to sell its U.S. operations to an American buyer, don't neglect to read the fine print.

See Also: 5 Requirements for Modern DLP

"I heard they are very close to a deal," Trump said at the White House on Tuesday of a proposal involving TikTok - maker of the wildly popular video-sharing app - and American technology giant Oracle, which specializes in databases and cloud-based systems.

Define deal.

On Aug. 14, Trump issued an executive order giving TikTok's parent company, Beijing-based ByteDance, 90 days to find a buyer for its U.S. operations.

Multiple firms, including Walmart and Microsoft, made offers to buy TikTok's U.S. operations.

On Sunday, Microsoft said in a statement that its bid had been rejected by ByteDance and also signaled what its version of a deal would have looked like. "We would have made significant changes to ensure the service met the highest standards for security, privacy, online safety and combating disinformation," it said.

On Monday, Oracle announced that it had been selected by ByteDance to serve as its "trusted technology provider" in the U.S.

Eagle-eyed viewers may have noticed that while "buyer" and "trusted provider" rhyme, they obviously are not the same.

Indeed, reports from Chinese state media say that Beijing would never allow TikTok to be sold, and the company would never share access to its source code. Notably absent from Oracle's statement was any mention of what Microsoft had been keen to emphasize - "security, privacy, online safety and combating disinformation."

Under Review

The proposed deal has been submitted for approval to the Committee on Foreign Investment in the U.S., known as CFIUS, an interagency group that includes officials from the departments of Treasury, State and Commerce.

The committee reviewed the proposal on Tuesday afternoon but has yet to comment on it, The Wall Street Journal reports. But citing an unnamed source, it reports that the proposal calls for Oracle to take a minority stake in TikTok's U.S. operations, with ByteDance retaining a majority share.

That follows ByteDance last month filing suit against the Trump administration and the executive order, alleging that, despite the U.S. government suggesting the company's operations pose a national security concern, a review by CFIUS had found no evidence to support that claim.

Domestic Technology Partner

Security watchers say TikTok's move to sign up Oracle as a technology partner appears akin to what the Chinese government demands of firms that want to work within its borders. Namely, foreign technology firms need to designate a domestic business to serve as a technology partner.

In the case of Oracle, TikTok appears to be positioning itself to do the same.

"The White House may feel that this is a proportional response," says veteran researcher Dino Dai Zovi, who's head of security for mobile payment service Square's Cash app.

But Alex Stamos, the former CSO of Facebook, notes that the current proposal seems to fall far short of addressing "legitimate concerns about TikTok" or including the safeguards that Microsoft suggested it would demand before agreeing to acquire any aspect of the Chinese firm's operations.

Technology Exports: Veto Power

There are other signs that TikTok is seeking an agreement that both the Chinese and U.S. governments would consider to be proportional. Last month, China passed a new law giving the government veto power on attempts to export technology. Thus, Beijing must also approve any proposal involving TikTok's U.S. operations.

If this maneuver sounds familiar, it's because that's the mechanism being used by the White House to try to disrupt the operations of Beijing-based technology giant Huawei. The Trump administration says Huawei - as well as ZTE - have close ties with the Chinese government and must comply with domestic laws requiring them to assist domestic intelligence agencies in any manner.

In 2019, the U.S. Commerce Department added Huawei and ZTE to its so-called "entity list," which requires all exports to those firms to first receive White House approval - a move that has effectively blacklisted both companies from doing business in the U.S. The federal government has also restricted Huawei's access to U.S. chip technology, including software used to design chips.

'Really a Terrific Guy'

If all of that tit-for-tat doesn't sound politically nuanced enough, ByteDance's choice of Oracle looks designed, at least in part, to downplay national security concerns and instead play to ego. President Trump previously said he thinks Oracle would be the perfect fit for acquiring TikTok's U.S. operations.

TikTok knows that Oracle CEO Larry Ellison hosted a fundraiser for Trump. And the Wall Street Journal reports that on Tuesday, Ellison's co-CEO, Safra Catz, who backed Trump's transition team four years ago, was seen at the White House at an event focused on a Middle East peace agreement between Israel and two Arab states - Bahrain and United Arab Emirates.

"I have a high respect for Larry Ellison," Trump said on Tuesday at the White House, when he reported that the TikTok-Oracle deal was "very close" without offering additional details. "He's somebody I know; he's been really a terrific guy for a long time."

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.