When Two Worlds Collide: Evaluating Free Speech and National Security Claims around Trump’s WeChat Ban

by Nalin Ranjan

Introduction

Immigrants have come a long way from hopelessly striving toward the 20th-century ideal of full assimilation into American society. Descendants of Jewish immigrants, whom many believed could not be trusted, can now proudly take credit for developments in the sciences, politics, medicine, and the arts; blossoming Chinatowns have replaced enclaves that once shied away from any expression of their heritage for fear of persecution; Mexicans whose ancestors worked under poor conditions and compensation in the fields founded the United Farm Workers to ensure their voices were heard. The stories of immigrants who refused to merely conform to the expectations placed upon them are endless. They have long known that the immigrant experience entails keeping close to — and not abandoning — their unique cultures and communities.

It was thus that President Trump’s August 2020 ban on Chinese messaging service WeChat was met with large-scale trepidation amongst the Chinese-American community. For the unfamiliar, WeChat is the world’s third-largest messaging service and by far the most popular means of communication amongst first-generation Chinese immigrants, with nearly three million active daily users in the US. For many, it is the primary — if not only — means of keeping in touch with fellow Chinese immigrants and families back home. However, given its Chinese ownership, the app has been subject to intense scrutiny amid escalating tensions between the two countries. 

Legal action against the ban was swiftly taken, resulting in a preliminary injunction of the original order. And before further arguments were made, the Biden administration walked back the Trump-era restrictions. However, they also made it clear that they would continue probing the issue and that a further ban was not entirely out of the question just yet. In this article, I examine relevant constitutional arguments that may have been made in favor of the ban had further litigation continued. Whether or not the ban stands to constitutional muster will ultimately determine whether it is a legal restriction with unfortunate consequences or a fundamental violation of certain Americans’ right to communicate freely.

Background

President Trump initially issued Executive Order 13943 in August 2020, prohibiting “any transaction that is related to WeChat by any person, or with respect to any property… with Tencent Holdings Ltd [the parent company of WeChat]… or any subsidiary of that entity.” The order outlined seven restrictions — each prohibiting a certain type of transaction with WeChat or its parent company —that together would have immediately rendered WeChat services both useless and illegal to use. In particular, restrictions 1-4 would have crippled WeChat’s technological infrastructure and content-distribution backbone, while restriction 6, which bars “any utilization of the WeChat mobile application’s constituent code, functions, or services,” would have been nothing short of an explicit ban on using WeChat’s services for then-users in the United States. 

Make no mistake: most of the restrictions of the order could only be reasonably challenged in court by Tencent itself.1 But restriction 6, whose target is the American populace rather than a service/network/other technology managed by Tencent, could reasonably be challenged by American WeChat users, as it places an explicit restriction on a place Americans may go to express speech. My analysis hereinafter will focus on restriction 6, because 1) resolving first amendment challenges to restriction 6 entails tackling issues that would arise in challenges to other portions of the ban, and 2) first amendment challenges to restriction 6 most closely echo the concerns of American WeChat users, who are the most important stakeholders in this issue. 

Constitutionally, time, place, or manner (TPM) restrictions are permissible, but they must 1) apply equally to all forms of speech subject to the TPM restriction (i.e. be content-neutral), and 2) pass the test of intermediate scrutiny.2 Given that the ban seeks to impose a broad and sweeping restriction on the use of WeChat, it is clear that it passes the content-neutrality criterion: no particular message substance would be favored over another since all communication on WeChat would be prohibited. Thus, the only — albeit substantial — remaining obstacle that the ban must overcome is the test of intermediate scrutiny, which requires that a TPM restriction 1) serve a significant governmental interest unrelated to speech content, 2) be narrowly tailored, and 3) leave open adequate channels for communication. 

Does there exist a significant government interest that would be served by the ban?

As stated in President Trump’s initial executive order, the central motivation for issuing the ban is to protect national security. (The executive order clarifies that other threats, such as those to foreign policy and the economy, derive from the primary threat to US national security.) The precise definition of “national security” is somewhat elusive, but most would agree with the National Law Review’s characterization, which says that it “encompasses safeguarding the nation’s borders against foreign threats and terrorism… [which, in particular, may include] cyber-crimes, cyber-attacks, and other internet-based crimes.” And like most, we will grant that national security is a significant governmental interest unrelated to the particular content of restricted speech in this case.

Would the ban — as outlined in the original executive order and implemented in the Commerce Secretary’s addendum — prevent some action that gravely endangers US national security? The executive order would answer affirmatively, holding that the relevant action it prevents is the capture of “vast swaths of information from its users, which threatens to allow the Chinese Communist Party access to Americans’ personal and proprietary information.” This conclusion, however, is based on multiple unsound foundations.

First, the characterization of the information WeChat collects as “personal and proprietary” is misleading, if not plainly incorrect. Upon registering, users must agree to a privacy policy that explicitly describes how one’s information will be shared with other subdivisions of Tencent, service providers (middlemen providing services that enable the functioning of the app), third parties with whom the user interacts, advertising partners, and notably, governments/regulatory agencies that request it.  Of course, this finding is wholly unsurprising to the average WeChat user. In addition to the common knowledge that using an online service will expose one’s information to its administrator, there is also a common cultural element at play: many WeChat users, as first-generation Chinese immigrants, are familiar with the authoritative role the CCP takes in regulating the flow of information and communication. A sentiment of an anonymous user on tech forum SlashDot sums up the typical WeChat user’s attitudes on this issue: “WeChat is a great app, and I use it all the time. But I have never considered it to be private.” Ultimately, users are knowingly consenting to share their data with WeChat and its wide range of affiliates, so the suggestion that users’ “personal and proprietary” information will land into the hands of an actor that shouldn’t have access to it — including the CCP — is both legally and empirically incorrect. 

Second, the mere collection of “vast swaths of data” on consenting American users is not in itself a threat to national security, even if this data lands into the hands of presumed US adversaries like the CCP. It is certainly true that WeChat follows the typical social media company strategy of collecting a wide range of identifying information and day-to-day activity data from users that may compromise their individual privacy, but it is difficult to see how such perfunctory data could be used to threaten US national security as a whole. Knowledge of what certain consenting individuals are doing, where they are going, and what some of their preferences are seldom, if ever, provides the edge needed to engineer large-scale attacks on US citizens or institutions. And the US government has implicitly recognized this fact: the combined revenue of the data analytics and online advertising market — both heavily reliant on collection and exchange of highly specific personalized data — totaled almost $100 billion in 2020 with no indication of slowing down. These markets, which feature thousands of companies of varying sizes, are officially sanctioned — and even participated in — by the US government. Were the possession of terabytes of perfunctory data truly a prospect with imminent national security concerns, history suggests governmental oversight would be swift and uncompromising — or at the very least, more stringent than the lax attitude currently adopted that treats personal data as little more than an arbitrary, freely exchangeable good.3 

In short, there is little evidence to suggest that a blanket ban on the use of WeChat would significantly remedy any existing national security vulnerability.

Would the WeChat ban leave open adequate channels for communication?

As established in Ward v. Rock of Racism, “the basic test for gauging the sufficiency of alternative channels is whether the speaker is afforded a forum that is accessible and where the intended audience is expected to pass.” In other words, the subject of a TPM speech restriction must be afforded another venue in which the intended audience may reasonably participate in a similar capacity. Appellate court precedent has established this requirement as one admitting a strict interpretation. For example, refusal to grant a permit to the Million Youth March sufficiently close to the movement’s desired location in Harlem was ruled in 1998 to be a First Amendment violation, because the city’s proposed relocation to Randall’s Island would have “adversely affect[ed] plaintiff’s ability to reach its target audience” by “limit[ing] [the movement’s] reach to [only] those who make an affirmative decision to travel to [Randall’s Island].” 

The alternatives afforded to WeChat users, unfortunately, are quite worse than a two-mile walk eastward to Randall’s Island. As Peng notes in her testimony, the only available alternatives to contact relatives abroad are costly and provide vastly inferior functionality:

“Without WeChat, I will have to go back to the old way of buying calling cards and making expensive international calls. I will also not be able to reach all of my family members with one click. I will not be able to look at them through video calls with my own eyes. Nor can they see that I am well with their own eyes.” 

For the unfamiliar, the reason that Peng would have to go back to calling cards is that most apps that seem like viable alternatives (WhatsApp, Snapchat, Messenger, Line, etc.) are blocked by the Great Chinese Firewall

And for those whose only proficient language is Mandarin (or another dialect spoken in China),4 the lack of other Chinese-friendly messaging apps would all but require attaining sufficient proficiency in another language. Even if we discount the many cases where this is effectively impossible (e.g., for senior citizens), such a requirement would fundamentally run contrary to the American notion of free expression. Learning a particular language should never be an explicit prerequisite to communicate, nor is the government within its right to revoke access to platforms so as to implicitly institute this as a requirement.

Conclusion

For now, Chinese-American WeChat users can breathe a sigh of relief. Yet it is clear that the issue is far from resolved, as the Biden Administration has indicated that a subsequent restriction is well within the realm of possibility. However, amid ever-changing political headwinds, American WeChat users can cling steadfastly to the legal rock that is intermediate scrutiny. Indeed, striking down the Trump-era ban would have only required that one intermediate scrutiny criterion be unmet. That the ban spectacularly fails multiple criteria is a serious indication that subsequent administrations will need to dedicate genuine, good-faith effort to crafting a more measured response that does not irreparably sever certain Americans’ access to their most significant outlet of communication.

1 Foreign entities may bring suit in US courts; see Servicios Azucareros v. John Deere.

2 First developed in Craig v. Boren.

3 See this article, for example. Most data exchanged over US networks is unregulated. That is, most companies are not under any obligation not to share your data with third parties, who can in turn do as they wish with that data (including selling it again). And none of them are obligated to tell you what they do with your data.

4 No publicly available sources have an estimate on the true number of English-deficient WeChat users in the United States. But an extremely conservative estimate would likely lie in the hundred-thousands.

It’s Not Just Me, It’s Also You: How Shared DNA Complicates Consent

by Ethan Magistro

With just a sample of your DNA, you, your immediate family members, and many other distant relatives can be identified. Your genetic information can be used to determine you and your families’ insurance policies, expose medical conditions you didn’t even know you had, and, in the worst case, be used to identify and arrest someone you may be distantly related to. The deoxyribose nucleic acid (DNA) contained within every cell of our bodies holds intimate details about each of us. Yet when users send sample DNA to direct-to-consumer (DTC) testing kit companies, only their consent is needed to share information that belongs to many of their family members. Because of this, I argue we should drastically rethink our understanding of DNA. Rather than conceptualizing DNA as analogous to other types of private property that can be traded with individual consent, DNA trade should require the shared consent of family members. The difficulty in obtaining that consent points to a colossal need for the development of genetic privacy laws.

To understand why DNA should be understood as a form of shared property, it will be helpful to outline the economic and legal landscape of consumer genetic testing. The past few years saw a spike in interest for DNA testing and an explosion in the DTC testing kit market, which is dominated by AncestryDNA and 23andMe. Although the market has died down since then, worries about political and enforcement abuses of genetic information and medical privacy concerns are still in focus. 

Concerns about enforcement abuses of genetic information usually involve the Fourth Amendment, which protects citizens from unreasonable searches and seizures. This was exemplified in Maryland v. King, a U.S. Supreme Court case which held that genetic testing is similar to fingerprinting, and is therefore a reasonable search under the Fourth Amendment, to the chagrin of privacy advocates. The latter issue of medical privacy deals with Title I and II of the Genetic Information Nondiscrimination Act Of 2008 (GINA) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA), both of which are notoriously lackluster in protecting privacy, especially regarding DTC testing, which neither law protects. Beyond this, some states have genetic privacy laws with varying levels of consent required by companies. Many of them provide little extra protection. This lack of privacy protection has caused the DTC industry to mostly self-regulate, which has been spotty at best: in their privacy policies, some genetic-testing companies wrongly claim they comply with HIPAA, while some companies have no privacy policies at all.

A lack of strong DNA privacy laws presents an imminent threat to genetic privacy because of how valuable a sample of DNA can be. Genetic information’s longevity, immutability (you cannot change your DNA like you can a lost password) and predictive ability about future health make it extremely valuable. Yet DNA is unique in that it is able to identify an individual as well as their family members, since people share large portions of DNA with their relatives. This is why it has been so often used to gain leads in criminal cases

Being so valuable, it makes sense why shoddy privacy policies exploit a lack of laws to gain control of DNA. Deceptive policies mislead individuals to give away most of the control over genetic information, and, therefore, their family’s genetic information, without ever knowing it. With that control, companies can trade or exchange this data, often selling it to unknown third-party companies who can use it as they wish. Bigger companies like AncestryDNA or 23andMe are no safer. They may truthfully claim they do not sell your genetic data to third party companies, but the independent labs they send the sample to for analysis make no such guarantees

It is hard for consumers to notice that. A large company’s connection to third parties is often inconspicuously snuck into their privacy policies. Before it was shut down in late 2020, AncestryHealth, the division of AncestryDNA designed to identify genetic health risks, sent DNA samples to a third-party group called PWNHealth for analysis. A link to PWN’s privacy policy is at the very end of AncestryDNA’s terms and conditions, which itself is in small print at the bottom of the AncestryDNA webpage. PWNHealth’s privacy policy is far less robust than Ancestry’s. Two points stick out:

You have the right to request in writing that we restrict how your health information is used or disclosed. For most requests, under the law, we are not required to agree to your request.

and

“If you request that Ancestry delete your information held by Ancestry, such request will not result in the deletion of information held by PWNHealth. Such information will be retained by PWNHealth in accordance with applicable law and this Privacy Policy.”

It is clear that PWNHealth has no intention of removing or restricting its use of submitted genetic data. Even if PWNHealth claims that they will only trade “non-identifiable data,” the shocking ease with which genetic data can be re-identified makes this claim essentially worthless. So while AncestryDNA will not sell your genetic data, PWNHealth can and will.

Despite all of these concerns, PWNHealth is still acting within the law so long as a user consents to its terms of use and, therefore, how it uses your genetic data. But is an individual’s consent enough considering that their DNA sample contains information about their relatives? It should not be. DNA contains valuable, identifiable information about a user’s family and distant relatives that should not be shared without their knowledge. Instead, companies who offer DTC genetic testing should require consent from those with whom an individual shares the majority of their DNA.

Already that idea sounds burdensome. Should someone really have to call their parents, grandparents, and siblings if they want to understand more about their own medical information? What about those who are estranged from their families, or people who are adopted and do not know their biological relatives? Here, a middle path exists between individual consent and shared consent. Perhaps for medical information, relevant to an individual who may want to alter their lifestyle to decrease the risk of a condition manifesting, an individual should use a DTC without providing shared consent. A kit designed to find unknown relatives who may wish to remain private, on the other hand, should require companies to ask for consent from those relatives.

Yet this argument ignores the threat that third-party actors pose. The importance of genetic privacy is less about keeping individual issues private from the family and more about keeping familial DNA out of the hands of third parties like PWNHealth who can trade that genetic information and other groups who could de-identify it or sell it. If you must get a genetic test for medical reasons, it would be wiser to do so in a clinical setting, where HIPAA and GINA offer comprehensive privacy and protection. Without that same protection, DTC tests put many of your relatives’ information at risk.

What could a stronger form of shared consent look like in the DTC arena? One analogy that provides some insight comes from a complaint filed by the Federal Trade Commission (FTC) against Facebook in which the FTC challenged Facebook’s misleading privacy policies and deceptive practices. The complaint alleged that Facebook “told its users that they could limit those who could see their posts to just ‘Friends,’ when in reality—and without warning to the user—doing so would also allow developers of third-party applications used by their ‘Friends’ to access the post.” In other words, “third party applications” of a user’s Facebook friends could look at that user’s posts even if the user did not consent to that action.

This is not a perfect analogy. A post shared with a friend, which is then unwittingly shared with a third-party application, is not the same as DNA, which is physically shared by multiple people. Nonetheless, the FTC acted when Facebook gave third parties access to a user’s post, even when that user had no option to consent to this. In a case involving genetic data, it’s feasible that the FTC could challenge DTC companies for not adequately informing users that their familial genetic data, which they provided without their family’s consent, was now in third-party companies’ hands.

Like those users who had a reasonable expectation that only their friends would see their posts, people who have never taken a DNA test or given away a DNA sample would not expect their genetic information to be in the hands of a group such as PWNHealth. There is a reasonable expectation that genetic information is private. If someone wants to give away valuable information about you — even if it is partly their information too — they ought to seek out your consent.   

Ultimately, the easiest remedy for the lack of genetic familial privacy and the need for shared consent would be stronger genetic privacy laws. The lack of robust genetic privacy laws already leaves consumers unprotected against bad actors looking to profit from their DNA. As genetic testing technology improves and we become able to gain more information from smaller samples of someone’s genome, not having ownership over your DNA could pose a threat to your descendants in the future. Technology that fails to respect these repercussions and ignores the need for consent from multiple parties cannot continue to outpace legislation. Although the complexity of shared consent and its complication of privacy policies leave room for the FTC to police weaker terms and conditions, it would be far more beneficial for all parties if strict regulation, created through legislation, protected the blueprint of life.