Image generated by ChatGPT
On January 18, 2025, the social media app TikTok went dark for a few hours, complying with the Supreme Court’s upholding of a law requiring TikTok to be sold to a US-based company or be banned for national security reasons. President Trump has since granted TikTok a 90-day reprieve to find a U.S.-based buyer. Senators Tom Cotton and Pete Ricketts issued a joint statement that there is no legal basis for President Trump to grant a reprieve because the law took effect on January 19, 2025. The Supreme Court’s decision is based on the potential for the Chinese government to access US individuals’ personal data that is collected by TikTok. As stated in the 2023 Annual Threat Assessment, large-scale access to U.S. data is increasingly viewed as a strategic resource by our adversaries. With the rise of smarter AI systems, these risks are amplified. This piece will explore the threats that AI poses to U.S. national security related to personal data collection and countries of concern.
Concerns about Chinese Access to US Personal Data
In their decision to uphold the TikTok ban, The Supreme Court cited “well-supported national security concerns” in regard to the app’s data collection and the laws that would allow the Chinese Communist Party (CCP) access to this data. Under Chinese law, “the Chinese government can require a China-based company to ‘surrender all its data to the [government], making companies headquartered there an espionage tool of the [Chinese Communist Party].’” (TikTok v. Garland). TikTok collects “age, phone number, precise location, internet address, device used, phone contacts, social network connections, the content of private messages sent through the application, and videos watched.”
In Why We Need a National Data Protection Strategy, Alex Joel emphasizes the need to protect Americans’ personal data from China and how AI can play a big role in weaponizing data. According to the 2024 National Threat Assessment, China poses the most prevalent threat in terms of cybersecurity to the U.S. government and the private sector. The National Security Memorandum on Advancing the United States’ Leadership in Artificial Intelligence, published in October of 2024, states that “foreign states almost certainly aim to obtain and repurpose the fruits of AI innovation in the United States to serve their national security goals. Historically, such competitors have employed techniques including research collaborations, investment schemes, insider threats, and advanced cyber espionage to collect and exploit United States scientific insights.”
Other potential national security threats that the government has mentioned include:
- Cyber operations to “impede US decision-making” and induce social panic.
- Targeting US citizens through social media platforms to access their data – as seen in the TikTok case.
- Aggressive cyber operations against US critical infrastructure.
- Using AI systems to more easily build profiles on U.S. individuals for illicit purposes such as blackmailing and espionage.
- If China were to access U.S. persons’ bulk sensitive personal data, they could “collect information on activists, academics, journalists, or political figures to intimidate them, curb political opposition, limit freedoms of expression, peaceful assembly or association, or enable other forms of suppression of civil liberties” (DOJ ANPRM).
- Tracking location data on individual military or government targets can “reveal sensitive locations—such as visits to a place of worship, a gambling venue, a health clinic, or a gay bar—which again could be used for profiling, coercion, blackmail, or other purposes,” or could reveal “reputationally damaging lifestyle characteristics” that could be exploited, such as “infidelity” (DOJ ANPRM).
- Spear phishing campaigns that target individual users and cause them to download malware onto their devices. Malware facilitates access to devices and can be used to damage or disrupt systems.
Concerns About AI and Access to Personal Data
The threats listed above are not new; humans using traditional computerized tools can examine and weaponize personal data to cause harm. The rise of AI systems, however, can dramatically amplify these threats by intelligently processing massive amounts of data with unprecedented speed and insight. According to the AI NSM, if AI is misused, it “could threaten United States national security, bolster authoritarianism worldwide, undermine democratic institutions and processes, facilitate human rights abuses, and weaken the rules-based international order.” The bipartisan Joint Economic Committee published a statement about how AI has been used in financial scams to create voice cloning technology and trick US consumers. The use of AI in these scams has become so prevalent that a group of Democratic senators sent a letter to the CFPB, urging them to put protections in place to protect American consumers. In 2014, Elon Musk, the new head of the DOGE Committee, compared AI technology to nuclear weapons and went as far in saying that AI could be even more dangerous.
When President Biden signed his executive order on Advancing United States Leadership in Artificial Intelligence Infrastructure (EO 14141) on January 14, 2025, he issued a statement that the US needs to be a leader in the technology that “will define our future” and that “cutting-edge AI will have profound implications for national security”. On January 22, 2025, President Trump announced a new venture by OpenAI and Oracle to invest up to $500 billion for infrastructure tied to AI. On January 27, 2025, news broke that a new, low-cost, Chinese-based AI company had caused US tech stocks to tank when DeepSeek AI’s new model launched. In response, President Trump said this should be a wakeup call for US tech companies to be “laser-focused on competing to win”. President Trump also signed a new EO, focusing on US dominance in AI to promote “human flourishing, economic competitiveness, and national security.”
A major concern with China leading the way in AI is the manipulation of information shared with users. The Wall Street Journal recently published a piece in which it asked DeepSeek and ChatGPT about Tiananmen Square, Tibet, and Taiwan. When asked about Tiananmen Square, DeepSeek displayed “Sorry, that’s beyond my current scope. Let’s talk about something else.” But, ChatGPT gave a summary of the pro-democracy protests that occurred. According to the article, DeepSeek seemed to pull information from Chinese state media, which is known to filter electronic material.
Further, DeepSeek’s privacy policy states that it collects location information, device and network information, cookies and tracking technology, and payment information. This data is stored “for as long as necessary” and in “secure servers within the People’s Republic of China”. Applying the same logic as the Supreme Court in the TikTok case, DeepSeek risks providing the Chinese government the “means to undermine U.S. national security” through “data collection and covert content manipulation”. Information collected on Americans who use DeepSeek’s platform, which is stored in China, potentially enables the Chinese government to gain access to and exploit American information. The Court ruled that this could undermine U.S. national security and be exploited to develop and recruit intelligence assets, identify American covert intelligence officers and assets, and blackmail or coerce Americans [TikTok v. Garland]. Similarly, the government argues that TikTok is dangerous because the algorithm is vulnerable to manipulation by the Chinese government to mold the content that Americans receive. Already, DeepSeek has proven to provide different information than U.S.-based platforms in regard to Tiananmen Square, Taiwan, and Tibet.
Another potential threat that the U.S. faces is “Adversarial AI”, which is a subset of AI “focused on understanding how AI systems behave in the presence of a malicious adversary.” Researchers are worried that Adversarial AI could potentially be used to “manipulate autonomous vehicles, medical diagnosis systems, facial recognition systems, and other AI-powered applications, leading to disastrous outcomes.”
AI is dramatically changing the speed and intensity at which personal data is processed, magnifying the threats posed by adversaries that develop and deploy AI for malicious purposes. To counter these threats, the U.S. government has taken initial steps to protect Americans’ private information from being collected and used by countries of concern. In future articles, the PAB team will explore the dual challenges of protecting personal data and national security in the age of AI.