of like trying to nail jello to the wall in some ways. you know, in thinking about what we're-- the collection issues and pixelated surveillance and i'm reminded of pixelated viruses which hasn't been discussed for a while and we could go into that today. i think we're the old line of you know, capitalists will sell the rope to hang themselves. and in looking at these issues for this hearing, it seems that we are also creating the problem ourselves and by that, i mean, i looked at data brokers. so, here we have, again, you talked about tik tok and the ability through pixels to collect information, you know, without knowledge. we have data brokers who are

selling this data to the chinese and we also have now an entirely new threat vector that's rising which is autonomous vehicles, which, you know, some liken to, you know, you're sitting in a-- inside an iphone where your eye movements, all the-- whatever, whoever you're talking to, whatever you're collecting, et cetera, or communicating with is being collected. help us understand what acts of commission were engaged in. and i'll turn to you first, your work on the pixelated collection. where do data brokers and the actual sale or just transmission of the u.s. data, where does that come into this? health care or otherwise? >> thank you for the question.

you're correct, tik tok is one of the vendors, one of the ways data brokers industry broadly collects information and yes-- >> but we have u.s. data brokers that are collecting tens of thousands of data points on each of us and they're able to sell that to the chinese or anyone, correct? >> that is correct. and also, like you said, we are creating our own problem. we are here because of the previous 20 years of keeping up on that issue and keeping up in today's work where we're all tracked, we're all surveyed through data broker technologists. some of them are owned by tik tok, the collection points, collection pixels, but many others are not tik tok, but other companies that we've seen. we've seen other technologists on the executive orders list, embedded into websites as well. itself kind of created a

problem by ignoring it and not preventing it in the past. so my recommendation would be to --. >> and would a system-- let me also say, i'm speaking for myself and not for my colleagues, i'm asking questions to gather data not to impose anything on this commission. we, i think, appreciate the fact that most of our reports are unanimous and the recommendations usually reflect broad consensus. but we have, for example, i use a vpn and usually use, i don't know that i should divulge this, usually use european websites because then i know that i'm going to be covered by gdpr and so i get pop-ups to be able to stop all of the collection of, other than pure analytic data, anything else. what kind of system, is there a

systemic way that we can guard against what's happening with tik tok, but also, our own data brokers? should we be treating data as a greater intelligence, military security, economic security asset than we are today? >> i would say this there's two main parts to it. part one is the technology part and anything technology-wise can be solved. we have a lot of smart people, they can solve it over time sooner or later. the second part is accountability. when companies don't have consequences, they don't act. if they have a consequence, such as a hefty penalty like under gdpr or prison time like under sarbanes oxley act, ceo, cfo's and others, they read the financial statements, that's why enron didn't happen since enron happened because of the personal responsibility the

executives carry. >> okay. i see my time is lapsed. i hope we-- i think we have time for a second round so back to you. >> and since commissioner cleland just joined us, i want to give her the opportunity to speak. all right. so we can move onto second round of questions. does anyone have further questions? commissioner friedberg. >> thank you very much. i want to follow the line of questioning so i understand what you're saying. am i correct in understanding, first, that tik tok is not unique in the techniques it's using or the kinds of data that it's collecting on americans, is that right? >> it's very similar to others. there's some uniqueness that we observed is that it tends to -- it sometimes collects more information than other vendors or other data brokers do collect. >> so, but principally what seems to be different about it or concerning about it is the

volume you said, i don't know, 7.5%, i don't remember what the number was, are there other companies or platforms that are in the same league in terms of the volume of information? >> absolutely, yes. other companies collect are collected on even more websites and dominant players such as alphabet and meta and others and the concern with tik tok or bytedance specifically that everything that they collect is accessible to ccp and china. >> right, so it's more where it goes and who might exploit it at the other end than the fact that they're collecting mp mechanisms and who has been using it. >> and the impact of the data. >> and further if i understand correctly, what they're doing is not illegal under current laws, is that right? >> mostly -- that's why i'm pausing, that's like every industry has different regulations. mostly it is legal and often

companies and from our experience, when we're speaking with an organization that has to comply with hipaa, they tell me, and us, tell us if we have an analytics tool or if you have pixels on any of the pages, we have to get rid of them. they're paying attention. others are not paying attention to that issue at all. >> if tomorrow we wanted to get rid of this, it would have to either be sort of blanket regulations that would prohibit the collection of this information or specifically targeted at a company like tik tok that we have because it's linked to a country of concern? >> i think there are two very related issues, but they're separate. one is general information privacy and that applies to blanket all data brokers, and the second one is information, security when it comes to espionage and foreign parties,

that, like, for example, the tik tok example. but the collection of information, for example, that you mentioned, pass words or bank account numbers regardless of who is doing it, whether it's tik tok or another company. that's not illegal? >> depending on the industry and depending on which law or which jurisdiction company operates in, for example, in the u.s. i think 17 straits brought up their private regulations because there's no single blanket regulations, and sometimes it is illegal, sometimes it is legal. and sometimes organizations are not even aware of what is happening and that their information is being collected without their permission. >> one last question on this to make sure i understand. you said that there are things that tik tok is doing that are different than others. >> yes. >> can you say a little more about that? >> yes, what we've seen is, for

example, not to put meta on the spot. i'll just compare the two. meta or a company like that will collect information related to marketing campaigns, broadly, did you see the ad and did you visit the page. what we've seen tik tok do, is do the same, plus, also send a copy of everything that is presented to you on a page, including whatever companies are-- or whatever pages are saying, maybe it's your sensitive information, it could be your purchasing history or transactions or anything else and they send that copy back to themselves. >> okay. time is short, but i wanted to ask another question about hardware and -- the obstacles to making the kinds of changes that you've described, we've talked about cost, we're talked about possible legal obstacles, but seems there's another i guess it's related to cost and

that's alternative sources of supply, the lack of capacity to produce the things that are now being purchased in such volumes from china. is that correct? i mean, how big a part of the problem is this? >> i think it's a huge part of the problem, i think that's why the costs are so high. when you don't have an alternative source that's within 50% of the price, like that's where the cost comes from. >> so we're just not making a lot of the stuff. >> yeah, yeah, yeah and i think that this is, again, a bit outside of my area of expertise, but i think it varies a lot when you look at different product categories. so i in many so of the research i've done look at vision and security cameras and there is nothing within-- as comparable performance within the same price range. >> thank you. >> may i quickly add, this is a chicken or egg problem. the more we allow the chinese goods in the united states, the less-- we're preventing innovation, and preventing companies from

getting into the marketplace, that's part of the problem and also quickly on the data transfer, the legal aspect of it, everybody knows expert control laws, data doesn't have legs, it's transferred through software, we can use expert controls to prevent the export of sensitive information, and privacy laws are all mainly consent-based and so, people don't know what they're consenting to. the average, that's why it depends on the lawmakers to protect them and so, i'm not a fan of consent based national security measures. we should be using export controls, thank you. >> thank you. >> commissioner, did you have something to share? >> thank you. now that i've recovered from traffic. i gather, commissioner asked about the pixel tracker, but i'd like to follow up if i could just to understand it a little better.

i ga this-- gather it's something embedded on an e-mail page or an ad. could you explain the process how tik tok would have access to a nontik tok platform? and that's the piece that i'm lost on. >> so how tik tok gets onto the websites. here is an example. company x wants to buy advertising campaign on tik tok. they pay money to tik tok and tik tok and company like them, tells them, tells company x, you will install this little pixel to and that will track effectiveness of the marketing campaign or advertising campaign to tell you if your actually dollars are worth spent. and the company installs that pixel and that pixel usually remains on the website for way

beyond the end of the campaign. and because it's still there it still collects all of the information that is accessible, that it has access to. so that's how pixels usually get through a legitimate way and we often have seen where it gets there by accident or through other unintended consequences such as somebody loads a tool called a tag manager that loads many, many other tools and that's a dynamic nature of the website we all use today that they're not coded by the developers, they're almost like assembled in real-time from pieces of code that are loaded from any country in the world. so from multiple countries so that's the reality of internet we live in today. it's not coded or prepared, it's loaded dynamically at the moment you load the page into your browser. >> okay. my experience in marketing is virtually every company does

the same thing as you point out it's where it's going in the end. which raises the commission's looked at temu and shan, and the way they approach the market and i'm curious if you're looked at other marketing platforms that sell products other than tik tok? i think that tik tok is the problem of the day, but i think there are other ones on the horizon. but i'd be interested in all of your perspectives on while we're obsessed with tik tok and what it does or doesn't do, what other companies do you see as emerging as similar kinds of risks? >> outside of risks, national security risks and security data, privacy risks, this is public information, google or alphabet technologists, meta or

facebook technologists are the top two, amongst with microsoft with other advertising platforms. snap chat, adobe, marketing technologies are very common. that's the norm, this is how internet works today. do they collect a lot of information? absolutely. they do collect a lot of information and do they collect more information in the u.s. or from americans than, for example, of when you compare to europe? yes, they collect more information on americans than in europe because europe has more stricter regulations and laws around it. >> well, the united states is also a bigger market so that makes sense, but i think i was interested in chinese companies that are potentially the same kind of-- they provide a consumer product like tik tok does, have you looked at any other company or

have any of you looked at other companies to present similar data risks in terms of the u.s. consumer? >> yes. we've seen other companies that are chinese or are associated with china. tik tok specifically just the giant amongst them in terms of the volume of data they collect, but, yes, other companies are also present. >> and what might those other companies face. >> to be honest, i'm-- the names are skipping me, specific brand names, pretty hard to pronounce and remember them. >> perhaps you could provide it for the record. >> yes. >> that would be helpful. >> may i? >> we're behind the curve on tik tok, right? it was already-- it had massively infiltrated whatever age demographic and market so it's a question of closing the barn door after the horse is out. as it were. i'm just curious what is on the

horizon in terms of the next company that's a problem. >> may i just add that though it's the apps, it's the photo editing apps, right, it's the video games app. every time see them i look at the ownership and clothing. let me say it goes beyond what the apps do, the apps can drop code into your phone and that code can then extend to all of the activities of your phone. your microphone, your camera and it's in your phone and that code can also transfer malicious additional codes beyond your phone into the router into your home, and then that router connects to the telecom infrastructure and it spreads. so by just one app being able to drop code in your phone, the malicious code can spread across the system like cancer. >> and who's assessed the risk that's very, very helpful that sort of chain or sequence of

events. who has assessed the risk of say the top 10 chinese companies that are engaged in this kind of marketing and then obviously respond to the ccp's guidance? has anybody looked at? >> i would also flag ali pay. >> that's a problem and you have that app on your phone, and it works beyond a payments app, with all of the other threats that i mentioned, so it's certainly these dominant ones that, man, there are little ones, ali pay is one to look at. >> i can add a few companies name, actually i realize i have some of them. ali baba, ali pay, and news republicans, right games, we chat, mobile and many, many other apps that are doing that. >> when we looked at ali pay

two years ago and we did a paper on this, at the time the administration assessed that it was a problem largely contained to chinese citizens that were here studying, travelling and therefore, using ali pay because like you, i had that reaction when i walked into cvs. has it changed, do you think, in terms of who is -- who's actually using ali pay or any of the other, all the ones you listed i don't think of having access to the american market the way tik tok does. >> i'll just say from the legal standpoint and i haven't done the forensics to see if it's happening, but of course, one would say of course it is one ccp mandates, right, the laws that we know about, there's no legal prohibitions. if there's no legal prohibitions and china has the motivation and laws to do that, let's make our lives easier, assume it's happening, right, and get on with it and trying

to address the problem through solutions. >> thank you for those excellent comments. i have a follow-up question for our witnesses. isn't it true that bytedance has an internal ccp committee and isn't it also true that the tik tok ceo reports to the bytedance ceo and therefore, is also accountable to that bytedance ccp committee? >> yes. >> is there a single other large social media platform in this country that's internally governed by a ccp committee? >> we chat is going to be one of them. alibaba, alipay is certainly one of them and in fact, any company that has any relevance to the ccp is going to have ccp board members, that's part of the chinese laws, the mandate. >> and is the bytedance ccp committee there to maximize

shareholder value or advance the ccp's political ab objectives. >> 100% objectives. ccp doesn't care about money. it cares about power and influence. >> so there's a substantive difference between the corporate incentives at american companies like alphabet, snap chat and the like and chinese companies which have a duel mandate to also advance the ccp's political objectives? >> american's motivation is money. china's motivation is to infiltrate and cripple our system and gain the upper hand, without question. >> and do you think the ccp committee is instructing the executive management of tik tok to make it to-- to make sure that it's fully compliant with the unfair and deceptive practices clause of the act? >> absolutely. and i should say that they know they'reulat in large part from legal recourse.

one, we don't have the will to do much about it, but, two, it's the chinese individuals that are there. they know that we can't bring them to justice here. >> some of you said earlier that, i think it was you that mentioned earlier, there's a contradiction on our laws on privacy and free speech with the laws of the chinese communist party. the expectations they have on extra territorial applications of their censorship norms, can you elaborate on that? ... and could you walk us through a potential scenario, if you are a tiktok operating in the u.s. but accountable to a foreign government? i would love to hear your thoughts as well. if you have thoughts, feel free to weigh in. >> thank you for the question. i will share from personal experience fir