TikTok Meets the Comstock Act: The Centrality of the Data-Protection Justification in TikTok Inc. v. Garland [UPDATED after filing of reply briefs]

Marty Lederman

[NOTE:  I have updated this post, as of January 4, to include a few points from the parties' reply briefs filed on January 3.  Unless otherwise noted, page references are to the parties' opening briefs.]

Two weeks ago, on December 18, the Supreme Court granted certiorari in TikTok, Inc. v. Garland and Firebaugh v. Garland, Nos. 24-656 and 24-657, to decide whether the Protecting Americans from Foreign Adversary Controlled Applications Act (the Act), which President Biden signed on April 24, 2024, violates the Free Speech Clause of the First Amendment as applied to any of the petitioners in the two consolidated cases.  Oral argument will be held a week from Friday, January 10.  The Court has established this unusually expedited calendar so that it can, if possible, resolve the case by Sunday, January 19, which is the date the operative provisions of the Act go into effect with respect to TikTok.

The parties’ opening briefs, and more than 20 amicus briefs, can be found here, and the parties will file their reply briefs this coming Friday, January 3.  Here are links to the Act, and to the parties’ opening and reply briefs: 

The Protecting Americans from Foreign Adversary Controlled Applications Act.

The brief filed by Solicitor General Prelogar on behalf the Attorney General.  [UPDATE:  Here's the SG's reply brief.]

The brief filed in No. 24-656 by Petitioners TikTok Inc. and ByteDance Ltd.  Their Counsel of Record is Noel Francisco.  [UPDATE:  Here's the TikTok Inc./ByteDance reply brief.]

The brief filed in No. 24-657 by the Firebaugh Petitioners, self-described “creators” who use TikTok to express themselves, or otherwise speak, to TikTok viewers.  Their Counsel of Record is Jeff Fisher.   [UPDATE:  Here's the Firebaugh creators' reply brief.]

The purpose of this post is to focus attention on one subject that ought to be at the heart of the case but that’s gotten somewhat lost in the mix, and widely misunderstood, particularly in public discussions—namely, the political branches’ objective to protect Americans’ private data from being collected and exploited by the People’s Republic of China (PRC). 

As I’ll explain, I think there’s a very good chance the Supreme Court will affirm the recent decision of the U.S. Court of Appeals for the District of Columbia Circuit, and hold that the Act is constitutional, based solely on that data-protection objective.  

(I should emphasize at the start that I don’t have a stake in the case; I haven’t filed an amicus brief; and I don’t have strong views, one way or the other, on whether Congress ought to have enacted the law—in particular, on whether the asserted national-security-related benefits of the law outweigh the costs to private expression, an assessment that I’m far from qualified to make.)

Setting the Stage

On the first page of their opening brief, petitioners TikTok Inc. and ByteDance LTD assert that “[s]tarting on January 19, 2025, the Act will ban Petitioners from operating TikTok in this country.”  That’s not quite right:  The Act doesn’t ban either TikTok Inc. or ByteDance from doing anything.  Instead, the Act provides that if there hasn’t been a “qualif[ying]” divestiture of TikTok from ByteDance by January 19, then third-party service providers, such as Google and Apple (who aren’t parties to the litigation and haven’t offered their views to the Court) may no longer distribute, maintain and/or update TikTok in the United States by providing critical services, such as offering TikTok in a mobile application store or providing internet hosting services for TikTok. 

Nevertheless, petitioners’ characterization of a “ban” is apt in a practical sense.  There’s no prospect of a ByteDance/TikTok divestiture on the horizon, and therefore once third-party providers begin to comply with the Act on January 19, that will, as a practical matter, almost certainly and quickly lead to the uselessness, and thus the demise, of TikTok within the United States—and it’s because of that effect of the Act that the petitioners have brought their constitutional challenges before the Court.

In order to assess the Government’s asserted justifications for the Act, it’s necessary to understand Congress’ (and the Executive Branch’s) understanding of the particular relationships between three actors:  Petitioners TikTok Inc. and ByteDance Ltd., and the PRC.

TikTok Inc., a company headquartered and incorporated in California, manages and makes available the TikTok platform in the United States.  TikTok is a social-media platform that lets individuals create, upload, and watch short video clips overlaid with text, voiceovers, and music.  TikTok Inc. is a wholly owned subsidiary of TikTok LLC, which is, in turn, a wholly owned subsidiary of TikTok Ltd.—which is, in turn, a wholly owned subsidiary of Petitioner ByteDance Ltd. (ByteDance).

ByteDance, in turn, is incorporated in the Cayman Islands, but (according to the federal Government) it is headquartered in Beijing and primarily operates out of offices in the People’s Republic of China.  In addition to having legal control over TikTok Inc. by virtue of its ownership, ByteDance plays at least one very important role in the operation of the TikTok platform in the U.S.:  Individuals view content on TikTok primarily through its “For You” feed, which presents each viewer with videos curated specifically for them by company content moderation decisions, video promotion and filtering decisions, and, especially, TikTok’s “recommendation engine.”  TikTok’s popularity is largely a function of the proprietary algorithm that drives the “recommendation engine,” and which largely determines what viewers see in their “For You” feeds.  ByteDance originally developed the source code for the recommendation engine and it remains responsible for developing code that runs the TikTok platform.  PRC law prohibits the export of that confidential algorithm from China.

The PRC does not own ByteDance, let alone TikTok, Inc.  The U.S. Government argues, however—and the petitioners do not appear to contest this point—that by virtue of Chinese laws, companies operating in the PRC, such as ByteDance, “lack meaningful independence from the PRC’s agenda and objectives.”  The government points to three things in the unclassified portion of the record, in particular, to establish ByteDance’s potential subservience to the PRC:

First, PRC law requires Chinese citizens and organizations (including ByteDance) to comply with relevant PRC departments to assist PRC national security efforts, and prohibits those who comply with the PRC’s requests from disclosing their cooperation publicly.  In particular, according to the House Energy and Commerce Committee Report, PRC laws “require a company headquartered in the PRC to surrender all its data to the PRC” upon request, “making companies headquartered there an espionage tool of the CCP.”

Second, ByteDance has a “Chinese Communist Party committee” that, as of 2022, was headed by the company’s chief editor and includes at least 138 employees at its Beijing office, including senior company managers.  This “CCP committee” is, according to the U.S. Government, “responsible for advancing party priorities and ideology,” and can do so by becoming involved in a company’s business decisions.  For example, the House Committee Report reported that the Secretary of ByteDance Ltd.’s CCP committee, Zhang Fuping, who also serves as ByteDance Ltd.’s Editor-in-Chief and Vice President, has vowed that the CCP committee would “take the lead” across “all product lines and business lines” (which presumably includes TikTok).  

Third, the Government contends that ByteDance has “taken action in response to PRC demands to censor content outside of China” and has “a demonstrated history of manipulating the content on [TikTok], including at the direction of the PRC,” even though the record doesn’t reflect ByteDance yet having taken any such actions in the United States.

I don’t know whether and to what extent these Government characterizations about ByteDance’s relationship with the government of the PRC are accurate.  Best I can tell, however, ByteDance has not disputed any of them.

The Executive Branch and Congress jointly determined that, in light of these relationships among TikTok Inc., ByteDance and the PRC, the PRC has the capability of exploiting TikTok to inflict significant harms to U.S. persons and U.S. national security interests.  Most importantly for purposes of this post, the PRC has the capability of collecting vast amounts of data about U.S. users that TikTok regularly obtains—including their ages, phone numbers, precise locations, internet addresses, devices used, phone contacts, social network connections, and the content of private messages sent through the application—which could (in the words of the House Report) lead to “the theft of trade secrets, of intellectual property, and of other confidential business information; violations of U.S. export control laws; violations of U.S. privacy laws; breaches of contractual provisions and terms of service; security and privacy risks to customers and employees; risk of PRC surveillance and tracking of regime critics; and reputational harm to U.S. businesses,” among other things.  

These risks to U.S. persons’ data have been a longstanding concern of Administrations of both parties.  As then-President Trump warned in 2020, TikTok’s “data collection threatens to allow the Chinese Communist Party access to Americans’ personal and proprietary information—potentially allowing China to track the locations of Federal employees and contractors, build dossiers of personal information for blackmail, and conduct corporate espionage.”  

TikTok and ByteDance assert in their opening brief (pp. 9-12) that TikTok has established procedures in the United States, including an initiative known as “Project Texas,” to “provide assurance that the Chinese government can exercise no influence over the U.S. platform” and cannot “access … protected U.S. user data.”  The political branches concluded, however, that such processes are inadequate to ameliorate the risks from the PRC,[1] and I'd be surprised if any Supreme Court Justices harbor or express doubts about these data-security concerns involving the PRC.  

[UPDATE:  In its reply brief (p.22), in support of its argument that "the Government fails to prove TikTok is a 'severe' data-security risk at all," TikTok Inc. asserts that it has "already" agreed "to stop 'sending [U.S. user data] to Beijing to train the algorithm,'” and has "already" "done [so]" (which I take to mean: has already stopped sending such data to ByteDance).  In support of this assertion, TikTok cites only page 778 of the Joint Appendix.  I'm not exactly clear on how page 778 supports TikTok's claims, let alone demonstrates that TikTok would not share data with ByteDance if ByteDance insists upon it.  In its reply brief (pp. 15-16), the Government asserts that ByteDance’s proposed national security agreement "would not have prevented ByteDance (and thus the PRC) from accessing Americans’ sensitive data" and that the Government’s "lack of trust in ByteDance is well-founded"--referencing reporting of "leaked 'audio recordings' indicat[ing] that 'ByteDance retained considerable control and influence over' the entity that purported to provide independent safeguards for U.S. users’ data."  Perhaps the parties will offer further clarification of these factual questions at oral argument.]

Whether the Data-Protection Justification Is Sufficient to Sustain the Act’s Constitutionality

The parties devote a significant portion of their briefs to debating the proper standard of review.  

The Government argues (opening brief p.19) that the Act doesn’t trigger First Amendment scrutiny at all “because it does not burden any First Amendment rights of ByteDance, its U.S. subsidiary, or TikTok’s users.”  I think the Government is wrong about that, at least with respect to TikTok Inc. and those who create content on it.  (The SG is right that ByteDance is a foreign company acting overseas, and therefore has no First Amendment rights.)  The Act does, at a minimum, burden the First Amendment rights of TikTok and its "creators."  Moreover, by its terms the Act is limited to TikTok and to other websites and applications that “permit[] a user to create an account or profile to generate, share, and view text, images, videos, real-time communications, or similar content.”  The Act does not regulate all other websites and applications, nor any other companies that don’t run websites and applications.  And many decisions of the Court—especially Turner Broadcasting I (1994) (TBS I), Minneapolis Star & Tribune (1983) and Arkansas Writers’ Project (1987)—establish that where, as here, a law singles out a class of persons “engaged in expressive activity,” some form of heightened First Amendment scrutiny applies.  

[UPDATE:  In its reply brief (p.6), the Government claims that "the Court explained in Minneapolis Star" that “'differential treatment' of media entities does not warrant heightened scrutiny where, as here, it is justified by 'some special characteristic' of the regulated entities" (citing 460 U.S. at 585).  That's not right.  In Minneapolis Star, the Court explained that unless "differential treatment" treatment of expressive entities is "justified by some special characteristic," that differential treatment "suggests that the goal of the regulation is not unrelated to suppression of expression, and such a goal is presumptively unconstitutional" (emphasis added).  In other words, absent "some special characteristic," strict scrutiny applies.  As the Court later explained in Turner Broadcasting, however, 512 U.S. at 659-61, where there is such a "special characteristic" that explains the line-drawing among expressive entities (as there was in Turner Broadcasting itself and as there is here when it comes to data-protection), but where the statute nonetheless applies only to expressive entities, that simply means that intermediate scrutiny applies rather than strict scrutiny--which is why the Court applied intermediate scrutiny in Turner Broadcasting and why intermediate scrutiny is apt in this case, too.]  

By contrast, the petitioners argue that “strict” First Amendment scrutiny applies and that the Government cannot satisfy that demanding standard of review.  I think that’s wrong, too, and that Chief Judge Srinivasan was right in concluding, in his concurring opinion below, that the Act should at most be subject to “intermediate” scrutiny of the sort described in TBS I, which is derived from Ward v. Rock Against Racism (1989) and United States v. O’Brien (1968), at least when it comes to the Government's data-protection justification.  

Indeed, if the data-protection rationale I describe above were the only justification the Government offered in support of the Act's constitutionality, then I think it would be fairly uncontroverted that intermediate scrutiny applies because, as Chief Judge Srinivasan noted, that rationale “has nothing to do with the expressive activity taking place on the TikTok platform.”  The PRC's ability to harvest and exploit U.S.-person data collected on TikTok (and other applications potentially subject to the Act) is, instead, a “special characteristic of the particular medium being regulated” (TBS I) that is unrelated to how TikTok Inc. chooses to curate its application, let alone the content or viewpoint of expression that appears on TikTok.

* * * *

Not surprisingly, then, the petitioners do not argue that the data-protection rationale, standing alone, would warrant application of strict scrutiny.  Instead, as I read their briefs, they make three different arguments:

(i)  Petitioners argue that a second Government justification for the Act—to prevent the PRC from engaging in “covert content manipulation” on TikTok and similar applications—requires the Court to apply strict scrutiny, regardless of whether the data-protection rationale does so, and that the Act is unconstitutional because Government can’t satisfy strict scrutiny as to that second rationale, regardless of whether the data-protection justification would have been an adequate justification had it been Congress' only objective.

(ii)  The TikTok Inc. and ByteDance petitioners argue, in a brief footnote, that the data-protection rationale cannot survive even intermediate scrutiny.

(iii)  Both sets of petitioners also suggest that the Court should apply strict scrutiny because the Act singles out TikTok for treatment to which no other applications are subject.

I’ll address each of these three arguments in turn.

1.  Is the Act is Subject to, and Does It Fail to Survive, Strict Scrutiny Because of the Government’s Second, “Covert Content Manipulation” Justification?

In addition to addressing the concerns about China’s ability to collect and exploit data from TikTok about U.S. persons, the Government also argues that the Act responds to a second problem, namely, “that the PRC could covertly manipulate the platform to advance its geopolitical interests and harm the United States—by, for example, sowing discord and disinformation during a crisis.”  (SG Br. at 2).  Here’s how the SG describes this second concern (p.5; emphasis added):

[B]ecause TikTok is integrated with ByteDance and relies on the proprietary engine developed and maintained in China, its corporate structure creates the risk that the Chinese government could covertly “control the recommendation algorithm, which could be used for influence operations.”  J.A. 217 (House Report 8) (citation omitted); see J.A. 647-649 (Blackburn Decl. ¶¶ 68-69, 71, 73, 76, 78).  The PRC already has used social media to conduct “a campaign of harassment against pro-democracy dissidents in the United States.”  J.A. 633 (Blackburn Decl. ¶ 28).  ByteDance also has “taken action in response to PRC demands to censor content outside of China” and has “a demonstrated history of manipulating the content on [TikTok], including at the direction of the PRC,” J.A. 641, 644 (Blackburn Decl. ¶¶ 54, 58).  Although the record does not reflect ByteDance’s having taken such actions on TikTok in the United States, the Executive Branch determined that “ByteDance and TikTok similarly would try to comply if the PRC asked for specific actions to be taken to manipulate content for censorship, propaganda, or other malign purposes on TikTok” in the United States.  J.A. 647 (Blackburn Decl. ¶ 69).  The PRC could use such covert content manipulation and distortion on TikTok to, among other things, “sow doubts about U.S. leadership,” “undermine democracy,” “counter other countries’ policies that threaten the PRC’s interests,” and “magnify U.S. societal divisions in ways favorable to the PRC.”

The parties’ opening and reply briefs are consumed with arguments about whether this risk-of-PRC-covert-manipulation rationale is “content-based” in a way that ought to trigger strict scrutiny, and whether that rationale can survive such scrutiny.  Similarly, public discourse about the statute and the case has been inordinately focused on the reasonableness, legitimacy and constitutionality of this “second” Government interest.  

For what it’s worth, I doubt that most of the Justices will think that serious First Amendment concerns are implicated by Government efforts to prevent a foreign adversary nation from covertly manipulating content being pushed to U.S. audiences, even when the adversary nation does so in coordination with a U.S. speaker.  (It’s worth noting, in this regard, the concerns the Chief Justice expressed about this very problem in his Year-End Report released last night:  “[M]uch more is needed,” he wrote, “and on a coordinated, national scale—not only to counter traditional disinformation, but also to confront a new and growing concern from abroad.  In recent years, hostile foreign state actors have accelerated their efforts to attack all branches of our government, including the judiciary.  In some instances, these outside agents feed false information into the marketplace of ideas.  For example, bots distort judicial decisions, using fake or exaggerated narratives to foment discord within our democracy. …. [B]ecause these actors distort our judicial system in ways that compromise the public’s confidence in our processes and outcomes, we must as a Nation publicize the risks and take all appropriate measures to stop them.”)   

Even so, this “second” rationale raises some very tricky questions about the constitutional limits of congressional efforts to restrict U.S. persons (such as TikTok Inc.) from speaking in coordination with, or subject to the direction or control of, foreign entities, including foreign nations, and I have to imagine that the Justices will be disinclined to opine on those questions on such a short timeline unless it's absolutely necessary for them to do so.  [UPDATE:  I think this is even more true after the filing of the reply briefs, which only confirm how difficult and unresolved these questions are.]

That’s why I think it’s likely the Court will uphold the constitutionality of the Act based solely on the Government’s interest in protecting U.S. persons from the risks that the PRC might collect and exploit their personal data—an interest that the Court could easily find to satisfy intermediate scrutiny. 

The petitioners argue, however, that because the Government cannot prove that Congress would have enacted the Act based upon the data-protection concerns standing alone, the Court has no choice but to decide whether the second, covert-content-manipulation justification also satisfies heightened First Amendment scrutiny—and to declare the Act to be invalid if the Government cannot satisfy its heavy burden as to both justifications.  As TikTok Inc. puts the argument at page 41 of its opening brief, “[t]he legislative record makes clear that both the content-based and data-protection interests were before Congress, and it contains no indication that the Act would have passed without the former. …  Accordingly, even if Congress partly relied on a data-protection interest, the Act cannot survive absent proof Congress would have passed it ‘even in the absence of’ the improper motive” (quoting Mt. Healthy City Sch. Dist. Bd. of Educ. v. Doyle (1977)),” and “the Government never tried to prove Congress would have passed the Act for data-protection reasons alone.”

I think there’s a significant likelihood the Court won’t agree with the petitioners that it must apply this sort of Mt. Healthy analysis in in a case of this sort, for several reasons. 

First, such a test would establish an unrealistic burden on the Government.  The hundreds of members of Congress often have multiple reasons for voting in favor of a bill that becomes law, and in such cases it’s virtually impossible to prove with any degree of certitude whether or not majorities in both houses and the President would have approved the bill had one of the considerations been absent from the debate.

Second, in this particular case there’s eery reason to believe Congress would have approved the Act based on the data-protection rationale alone.  When the House first passed the legislation by a 352-65 vote on March 13, 2024, the House Energy and Commerce Committee report, filed two days earlier, was overwhelmingly focused on the prospects and harms of PRC data-collection.  I include some examples in a footnote.[2]. And that same focus on data-collection characterized the House floor debate just before the March 13 vote.[3]  

The Senate debate occurred a few weeks later, on April 23, 2024, when the Act was incorporated within a foreign aid bill.  Three days earlier, the House had approved the aid bill by a 366-58 vote.  Several Senators discussed the TikTok provisions just before the Senate vote.  Senator Cantwell explained that by passing the Act Congress would be “acting to prevent foreign adversaries from conducting espionage, surveillance, and malign operations harming vulnerable Americans, our servicemen and women, and our U.S. Government personnel.”  Id. S2963 (Apr. 23, 2024).  She then placed in the record House Resolution 1051, which began with the “Whereas” proclamation that “TikTok collects vast amounts of data on Americans, though the total extent of its collection is unknown.”  H.R. 1051 then proceeded to list most of the data-collection-focused evidence that had also appeared in the March House Report (described above).   Id. at S2964-66.  Other Senators also emphasized the data-protection need for the legislation.  See id. at S2966 (Sen. Warner) (explaining why TikTok’s proposed “Project Texas” would not adequately “address concerns related to TikTok’s handling of America’s data”); id. at S2954 (Sen. Thune) (“Currently, the Chinese Communist Party is able to gain unlimited access to the account information of TikTok users if it so chooses.”).

The Senate then approved the bill by a 79-18 vote.  

It’s very unlikely, to say the least, that more than 30 Senators who voted for the bill, or more than 150 members of the House who did likewise, would have refused to vote for the legislation but for the alternative, “covert-content-manipulation” justification, which was discussed to a lesser extent than the data-protection rationale.  The data-protection concerns almost certainly would have been sufficient for House and Senate majorities.  [UPDATE:  See also p.13 of the Government's reply brief (explaining why "[t]here is... every reason to think that Congress would have adopted the Act based on the data-protection interest alone").][4]

Third, at least one Supreme Court free speech precedent suggests that even where a rationale on which Congress relied would be inadequate to sustain the constitutionality of a speech restriction, the existence of an alternative justification—even one (unlike the data-protection concern here) that the legislature itself did not consider!—can be sufficient to sustain the law.  

In Bolger v. Youngs Prods. Corp. (1983), the Court considered a First Amendment challenge to a provision of the 1873 Comstock Act prohibiting the mailing of unsolicited advertisements for contraceptives.  (Yes, that’s the same Comstock Act that includes a restriction on mailing drugs for the purpose of producing abortions, which has been the subject of recent challenges to the FDA’s approval of the use of mifepristone for abortions.)  The Solicitor General disclaimed any reliance on Congress’ original “anti-vice” justification for the restriction—namely, Anthony Comstock’s view that “anything remotely touching upon sex was . . . obscene,” 463 U.S. at 70 n.19—because such a justification would have been plainly inadequate 100 years later, when the Court considered the question in 1983.  Instead, the Government “advance[d] interests that concededly were not asserted when the prohibition was enacted into law.”  Id. at 71.  

Although the Court eventually held that the Government’s asserted interests were constitutionally insufficient to satisfy the intermediate scrutiny that applies to commercial speech, the Court first specifically decided that the Government’s reliance on those interests—never invoked by Congress itself—was “permissible since the insufficiency of the original motivation does not diminish other interests that the restriction may now serve.”  Id.  Justice Rehnquist, concurring in the judgment and joined by Justice O’Connor, agreed.  Id. at 77 n.1 (“The Postal Service is entitled to rely on legitimate interests that the statute now serves, even if the original reasons for enacting the statute would not suffice to support it against a First Amendment challenge.”).

If it was permissible for the Court in Bolger to consider whether the Government’s alternative justifications there could have been independently sufficient to sustain the law, it follows a fortiori that the Court can rely solely on the data-protection rationale in the TikTok case (assuming it is independently sufficient to withstand heightened scrutiny).  Here, unlike in Bolger, Congress actually did rely upon that justification—indeed, it was the predominant concern voiced in both political branches, rather than (as in Bolger) a rationale conjured by the Executive Branch a century after-the-fact.  

Accordingly, if the Court is persuaded that that data-protection rationale would be sufficient to sustain the Act as applied to TikTok, Bolger offers at least some support for the Court to reason that it doesn’t matter whether the Government’s alternative, “covert-content-manipulation” justification also satisfies some form of heightened scrutiny.

In support of their Mt. Healthy argument, petitioners might invoke Hunter v. Underwood (1985), a race discrimination case the Court decided two years after Bolger.  [UPDATE:  In their reply briefs, petitioners do, indeed, rely upon Hunter.]  In Hunter, the Court held that a 1901 provision of the Alabama Constitution disenfranchising persons convicted of crimes against “moral turpitude” violated the Equal Protection Clause because the delegates to the state constitutional convention “were not secretive about their purpose,” which was “‘to establish white supremacy in this State.’”  471 U.S. at 229 (quoting the statement of the president of the Convention in his opening address); see also id. (“neither the District Court nor appellants seriously dispute the claim that this zeal for white supremacy ran rampant at the convention”).  Alabama tried to defend the law based upon an additional, arguably more benign legislative motivation—to discriminate against poor whites—that it claimed was also discussed at the 1901 convention.  Writing for the Court, Justice Rehnquist turned aside that argument because “an additional purpose to discriminate against poor whites would not render nugatory the purpose to discriminate against all blacks, and it is beyond peradventure that the latter was a ‘but-for’ motivation for the enactment of § 182.”  Id. at 232 (emphasis added); see also id. at 231 (“§ 182 certainly would not have been adopted by the convention or ratified by the electorate in the absence of the racially discriminatory motivation”) (emphasis added).  

To be sure, Rehnquist’s opinion in Hunter might be seen as being in some tension with his own (and the Court’s) reasoning in Bolger.  And I'm fairly confident that the Court today would not credit a justification created from whole cloth by Government attorneys that had not informed Congress' actual decision-making.  That does not describe the circumstances in the TikTok case, however, which are nothing like those in Hunter.  For one thing, TikTok, like Bolger, is a Free Speech, not an Equal Protection, case.  More importantly, whether or not Congress’ secondary “potential for covert Chinese manipulation of platform speech” rationale would survive heightened scrutiny, it is not a facially pernicious and illegitimate rationale, the way that “we want to establish white supremacy in this State” is.  Moreover, it’s not “beyond peradventure,” or “certain[],” that Congress would have enacted the Act based solely on that covert-content-manipulation rationale, i.e., even in the absence of its overwhelming data-collection concerns.  To the contrary, as I explain above, both of the political branches appear to have been predominantly concerned about the data-collection risks.  For these reasons, I think the Court wouldn’t have any trouble distinguishing Hunter.    

2.  Does the Data-Protection Rationale Satisfy Intermediate Scrutiny?

Under intermediate First Amendment scrutiny, the Court will sustain a statute “if it advances important governmental interests unrelated to the suppression of free speech and does not burden substantially more speech than necessary to further those interests.”  See TBS I and TBS II (both citing O’Brien).  Substantially for the reasons articulated by Chief Judge Srinivasan in the decision below, I think it’s likely the Court will find that the Act survives such scrutiny on the basis of the data-protection justification.

In their opening brief, the Firebaugh petitioners don’t specifically address whether the Act is constitutional if the Court applies the intermediate-scrutiny test.  The TikTok/ByteDance petitioners, by contrast, do devote one footnote to the question (p. 32 n.9), in which they invoke two reasons why the data-protection justification fails to satisfy the intermediate scrutiny test.

First, the TikTok footnote suggests, without elaboration, that the Act burdens substantially more speech than necessary to further the Government’s interests because “‘a variety of approaches … appear capable of serving [the Government’s] interests’ through less-burdensome means” (quoting McCullen v. Coakley, 573 U.S. at 494 (2014)).  With respect to the data-protection interest, in particular, the only other “approach” TikTok offers—in the “strict scrutiny” part of its brief (p.46)—is that Congress could instead have simply prohibited platforms from sharing personally identifiable sensitive data of U.S. persons with certain countries and entities, as Congress has done with data brokers.  The Knight First Amendment Institute offers a more elaborate version of this argument at pages 33-35 of its amicus brief.  

I expect that the Solicitor General will respond, in her reply brief, that in light of the sheer volume of data in TikTok’s possession and the relationships between TikTok, ByteDance and the PRC, it would be virtually impossible for the Executive Branch to enforce such a data-sharing ban.  [UPDATE:  In her reply brief, the SG writes (p.15):  "[I]t is naïve to suggest that Congress could trust ByteDance to comply in good faith with such a restriction.  ByteDance is subject to laws that allow the PRC to demand 'full access to [its] data' and prohibit ByteDance from revealing such access.  And the Chinese government has a documented history of collecting data through hacking operations that violate U.S. laws; there is little reason to think the PRC would be deterred by a prohibition on accessing data held by a company subject to its control."]  If the Court agrees, then it could readily conclude that the Act’s divestment requirement does not burden “substantially more speech than necessary to further the Government’s interests.”

Second, TikTok Inc.’s footnote 9 states that “even under intermediate scrutiny, ‘underinclusiveness raises serious doubts about whether the government is in fact pursuing the interest it invokes, rather than disfavoring a particular speaker or viewpoint’” (quoting Nat’l Inst. of Fam. & Life Advocs. v. Becerra (2018)).  Footnote 9 itself does not identify the nature of the relevant “underinclusiveness” of the Act, but presumably TikTok is referring to an argument it makes later in its brief (p.43) as to why certain carve-outs in the Act prevent the Government from satisfying strict scrutiny on the basis of the data-protection justification.  [UPDATE:  In its reply brief, TikTok elaborates (p.20) that "the Act’s gross underinclusivity defeats the data-protection interest under any form of heightened scrutiny," referring in particular (p.21) to the Act's failure to cover "e-commerce apps like Shein and Temu with significant connections to China."]

In order to assess TikTok’s underinclusiveness argument, it’s necessary first to understand the breadth of the Act’s operation.  The Act is unusual in that its restrictions apply by name to one particular speech platform Congress specifically studied—TikTok.  See Section 2(g)(3)(A).  The adjoining subsection of the Act, however, Section 2(g)(3)(B), extends its scope to certain other social media websites and applications run by a company controlled by a “foreign adversary” (defined to include China, Iran, North Korea and Russia), as well, if and when the President determines that they, like TikTok, “present a significant threat to the national security of the United States.”  When the President makes such a determination of a particular application’s significant national security risk, third-party service providers must cease to distribute, maintain or update the identified application—just as they must do with respect to TikTok come January 19 by virtue of the congressional determination in the Act itself.  

This coverage of additional applications beyond TikTok, however, does not extend to any and all foreign-adversary-controlled internet sites that raise the same sorts of data-protection concerns.  By its terms (see § 2(g)(2)(A)(iii)), the Act applies only to applications and websites of a foreign-adversary-controlled company if that company operates what’s colloquially known as a social-media website (in the words of the Act, a site or application that “enables 1 or more users to generate or distribute content that can be viewed by other users”).  Moreover, even within that limited category, § 2(g)(2)(B) “exclu[des]” from the Act’s coverage any websites and applications “whose primary purpose is to allow users to post product reviews, business reviews, or travel information and reviews.”  Accordingly, such websites and applications can’t be subject to the Act—even if the President determines that they “present a significant threat to the national security of the United States.”

TikTok Inc. and ByteDance argue (p.43) that the Government can't survive strict scrutiny on the basis of the data-protection rationale because the “exempted” adversary-controlled applications and websites “are as capable as TikTok of collecting Americans’ data.”  “Nothing about an adversary’s ability to collect data,” they note, “turns on whether the content is user-generated or user-shared and does not primarily include reviews.  E-commerce platforms, for example, lack such content but collect massive amounts of sensitive user data.  In fact, the record confirms that ‘the type and amount of data that TikTok collects from U.S. users’ is ‘comparable’ to that collected by exempted e-commerce applications with equivalent alleged China connections.”  (Emphasis added.)  [UPDATE:  I'm not certain whether the petitioners ever identify any e-commerce companies that would actually be covered by the Act if the law were not limited to apps and websites with primarily user-generated content.  TikTok asserts (reply brief p.21) that "e-commerce apps like Shein and Temu" have "significant connections to China."  The brief conspicuously does not address, however, whether Shein or Temu is domiciled in, is headquartered in, has its principal place of business in, or is organized under the laws of, the PRC--at least one of which would have to be true if those companies would be covered by the Act but for its exclusion of e-commerce apps.]

The Act is “so wildly underinclusive as to data protection,” argue the TikTok petitioners (p.42), “that it cannot be sustained on that basis.”  (The Firebaugh petitioners likewise argue (p.18) that “the Act is woefully underinclusive from any data-security standpoint; it makes no sense to single out TikTok while excluding e-commerce and review platforms that raise the same concerns.”). 

Indeed, the TikTok petitioners go so far as to argue (p.42) that the gaps in Section 2(g)(2) “raise[] serious doubts about whether the government is in fact pursuing the interest it invokes, rather than disfavoring a particular speaker or viewpoint.”  This is precisely the same claim they make with respect to intermediate scrutiny in footnote 9 of their brief.

I would be very surprised if any of the Justices were to conclude that the limited scope of the Act raises any doubts, let alone serious doubts, about whether the political branches were in fact trying to address data-protection concerns.  Of course they were—as amply reflected in the numerous alarms raised by then-President Trump, high-level Biden Administration officials, the House Report, etc.  The notion that the data-protection concerns are pretextual simply isn’t going to fly. 

That said, the Government’s opening brief doesn’t do much to explain or justify the Act’s conspicuous carve-outs. 

As to the product/business/travel “review” site exclusion, the SG merely suggests (p.43) that it “‘display[s] a careful balancing of interests in creating limited exceptions’” and “show[s] that ‘Congress has been conscious of its own responsibility to consider how its actions may implicate constitutional concerns’” (quoting Holder v. Humanitarian Law Project (2010)).  Yet the brief doesn’t identify what “interests” product/business/travel review sites and applications might have that aren’t shared by user-generated sites not primarily devoted to reviews, nor why Congress might have thought there are different “constitutional concerns” when it comes to review sites and applications subject to "foreign-adversary" control.  See 170 Cong. Rec. at H1164 (Rep. Massie) (“Why is this exception in the bill?  Why did somebody feel like they needed this exception if the bill itself only covers social media applications that foreign adversaries are running?”)

More importantly, the Government’s opening brief doesn’t offer any reasons at all why Congress chose to limit the Act to “user-generated” applications and websites—and why, in particular, Congress crafted the Act to exclude E-commerce applications under the influence of foreign-adversary-controlled companies, which are excluded even if the President were to determine that data-collection concerns related to such applications pose significant national security threats.  

One thing to look for in the SG’s reply brief, therefore, is whether it identifies any “good reason[s],” Williams-Yulee v. Florida Bar, 575 U.S. at 451, Congress might have had for limiting the Act to user-generated sites and applications.  I don’t mean to suggest the Court would declare the Act unconstitutional if there aren’t any such "good reasons"—particularly not if the Court decides to apply intermediate scrutiny.  Nevertheless, I think at least some Justices will be troubled by the statutory distinctions, and will be expecting the Government to explain them.

[UPDATE:  Here's how the Solicitor addresses this question in her reply brief (p.10):

[S]ocial-media sites ... present unique data-collection concerns.  For example, although e-commerce and travel-review sites may also collect some user data, cf. ByteDance Br. 43, petitioners do not suggest that they pose the same risks as a social-media platform that occupies users for hours at a time and uses that intensive engagement to collect “keystroke patterns,” “activity across devices,” “browsing and search history,” “location data,” “image and audio information” such as “faceprints and voiceprints,” and dataabout a user’s contacts, social network, and private messages. J.A. 38-39.  Having focused specifically on the acute threat posed by the PRC’s control of TikTok, Congress covered other social-media sites as the class of applications most likely to present a similar threat in the future.  That choice does not render the Act’s presidential-designation provision impermissibly content-based.]

3.  Does the Act’s Special Treatment of TikTok Trigger Heightened Scrutiny?

One other feature of the Act might cause at least some Justices to consider whether the Court should apply strict scrutiny, even with respect to the data-protection rationale—namely, that Congress singled out one identified “speaker,” TikTok, for special treatment.  Precedents such as Arkansas Writers’ Project suggest that such “targeting” of a speech restriction can raise concerns about a “potential for abuse” (Minneapolis Star) that might warrant strict scrutiny.  As the Court put the point in United States v. Playboy (2000), “[l]aws designed or intended to suppress or restrict the expression of specific speakers contradict basic First Amendment principles.”  

Despite the Court’s historic concern with laws that single out particular speakers, the Justices t might not be especially troubled by the distinctive way in which the Act treats TikTok.  For one thing, there was an obvious reason for Congress to legislate about TikTok specifically—a reason unrelated to any legislators’ possible hostility to the content appearing on that platform.  As the SG explains (at page 44), “Congress had ample evidence of the national security dangers posed by TikTok in particular and addressed those dangers directly, while authorizing the President to designate other applications that might pose similar national-security concerns in the future.”  Thus, as the court of appeals wrote, “the Act singled out TikTok because of its known characteristics and history,” and thereby “ensured TikTok-related risks were addressed promptly.”

More significantly, the Act doesn’t treat TikTok appreciably worse than it treats similarly situated social-media platforms.  To be sure, subsection 2(g)(3)(A) provides that the Act’s regulations will automatically apply to TikTok and ByteDance, in particular, come January 19.  As I explained above, however, subsection 2(g)(3)(B) more broadly prohibits third-party support (e.g., hosting) for covered platforms of any qualifying social media companies controlled by China, Iran, North Korea or Russia if the President makes a determination that the company “present[s] a significant threat to the national security of the United States” and reports that determination to Congress.  

The TikTok petitioners suggest that this subsection 2(g)(3)(B) process offers protections to other companies that TikTok does not enjoy.  But those protections basically amount to the requirement of a presidential determination (and notice to Congress) of the “significant threat”—and that’s something that has already happened in the case of TikTok.  Indeed, as the court of appeals noted, “in certain respects TikTok received more process than would a company coming under the generally applicable provisions.  TikTok participated in a prolonged negotiation with the Executive that featured numerous meetings and several proposals.  It also received individualized consideration by the Congress prior to being required to divest.  In contrast, under the generally applicable provisions the Executive need only provide ‘public notice’ and issue a ‘public report’ to the Congress prior to requiring a company to sever its ties to an adversary nation.”

To be sure, the Act does include one additional protection for a company subject to a § 2(g)(3)(B) presidential determination that’s unavailable to TikTok.  Section 3 of the Act, entitled “Right of Action,” provides that “a petition for review challenging this division or any action, finding, or determination under this division may be filed only in the United States Court of Appeals for the District of Columbia Circuit.”  Assuming for the sake of argument that this provision creates a cause of action to challenge a presidential “determination” that a company “present[s] a significant threat to the national security of the United States,” there’s no analogous provision of law that authorizes TikTok Inc. to go to court to challenge the statutory determination that its platform presents such a threat.

Even Section 3, however, doesn’t create much of an advantage for other companies subject to a § 2(g)(3)(B) divestiture requirement.  That provision doesn’t identify the standard of review the court of appeals should apply in reviewing a presidential determination of a “significant national security threat,” and it’s hard to imagine the court would ever hold that the President’s determination was unlawful, given the level of deference that courts ordinarily apply to presidential determinations on matters of national security.

For these reasons, I doubt the Court will conclude that the Act’s “singling out” of TikTok ought to trigger strict scrutiny.  Nevertheless, that speaker-specific treatment is sufficiently unusual that it might prompt the Court to assume arguendo that strict scrutiny applies, at least if a Court majority is prepared to hold that the Act withstands such scrutiny.  The Chief Justice has penned opinions upholding speech restrictions pursuant to strict scrutiny twice in the past 15 years—see Holder v. Humanitarian Law Project (2010); Williams-Yulee v. Florida Bar (2015)—and I wouldn’t put it past him to do so again if he can persuade four or more other Justices to go along.  That’s not what I would do, not only because I think intermediate scrutiny is appropriate here but also because I worry about the “watering down” of strict scrutiny—but I’m not the Chief Justice.