Grindr, the world’s largest social networking app for gay, bi, trans and queer people, recently became the center of attention in the U.S. – China “trade war.” In late March, a panel of U.S. governmental agencies titled the Committee on Foreign Investment in the United States (CFIUS), informed the owner of the app that its ownership constituted a “national security risk.” CFIUS stated that Beijing Kunlun Tech Co.’s ownership was a national security risk because Kunlun is a Chinese corporation.1 As a result of CFIUS’s intervention, Kunlun is now forced to divest its stake in Grindr, and instead of its original plan of pursuing an Initial Public Offering (IPO), Kunlun is looking for sellers in the private market.2 It is uncommon for CFIUS to block a transaction not related to “critical technologies,” namely military, nuclear or telecommunication technologies.3 It is even less common for CFIUS to essentially ask for a divestment on a deal more than a year after its closing.4 Although CFIUS was aware of the acquisition when Kunlun completed the transaction back in January 2018, it did not block it at the time. CFIUS is now able to force a divestment because the buyer, Kunlun, did not voluntarily file for review by the CFIUS when Kunlun acquired the remaining 60% of Grindr’s shares. To put the abruptness of such ad hoc CFIUS attention on an U.S. based dating app in context, we will look take a brief look at the origins and historical focus of CFIUS.
CFIUS is a U.S. federal interagency committee, chaired by the Secretary of the Treasury with additional members of the Secretaries of Homeland Security, Commerce, Defense, State, Energy, and Labor, as well as the Attorney General, the Director of National Intelligence, the US Trade Representative, and the Director of the Office of Science and Technology Policy.5 The Committee is authorized to review certain transactions involving foreign investment in the United States (“covered transactions”), in order to determine the effect of such transactions on the national security of the United States.6
Historically, the panel targeted mergers and acquisitions transactions of U.S. high-tech companies by Japanese and British investors.7 It institutes a voluntary filing process initiated and first-assessed by foreign parties.8 Because of its focus and the nature of voluntary filing, CFIUS historically only reviews transactions involving U.S. companies in critical technological fields.9 For example, a classic deal reviewed by CFIUS involved Fujitsu’s prospective acquisition of Fairchild Semiconductor, an American chip maker, when the Ford administration was fearful of Japan winning the electronics technology race.10
Given this background, CFIUS’s recent attention on a dating app is unanticipated. How has foreign ownership of a West Hollywood-based dating app become a question of national security to the U.S.? While CFIUS refuses to publicly provide any basis to its determination, the unexpected review is widely believed to have arisen from the sensitive user data Grindr collects from its users.11 Several major media outlets that reported on the issue surmised that Grindr’s data could be used by the Chinese government to blackmail American government and military officials who use the app.12
On one hand, this train of thought has some merit. At minimum, it is hard, if not impossible, to definitively rule out the possibility that Chinese ownership of Grindr may facilitate transfer of sensitive data related to high-level government officials on the app, posing a threat to U.S. national security. After all, it is almost impossible to definitively rule out the possibility of any security threat for any kind of foreign investment. On the other hand, this justification is based on many assumptions that require a closer look. This post does not intend to “prove the impossible” by arguing that there is absolutely no risk associated with the Chinese ownership of Grindr. Instead, this post attempts to challenge the assumptions made in the inference of such threat.
Firstly, supporters of CFIUS’s action against Kunlun question why the U.S. government or general public should trust a foreign corporation with protecting their sensitive data. This question makes the assumption that Chinese ownership of Grindr makes it a Chinese company. In fact, Grindr is still an American corporation, one based in West Hollywood, California, with barely any operations in China. Its recent acquisition by a Chinese company did not change its procedure on data processing. According to Grindr’s Privacy Policy, user data is securely protected and stored in the U.S., through Amazon Cloud, a service also provided by a U.S. company. As a wholly owned foreign subsidiary of a Chinese companies, Grindr is still subject to the jurisdiction of U.S. laws. Similarly, Grindr’s managers and directors are subject to U.S. laws and regulations.
Additionally, some argue that data collected by Grindr is less secure because it is now under the control of a Chinese company. But why is data under the control of a Chinese corporation is less protected? On one hand, such concerns focus on China’s lack of strong legal infrastructure to protect consumers and prevent Grindr’s Chinese parent company from violating the privacy of its users. This assumption is not well-founded. In fact, according to many legal scholars, the New China Data Privacy Standard is more far-reaching than the GDPR in Europe and U.S. law governing data protection.13
Skeptics of Kunlun’s ownership of Grindr entirely disregard the formal rule of law in China, and instead focus on the blurry line between state and corporation. These people fear the likelihood of the Chinese government forcefully taking data from a private corporation, against the rule of law. To a certain extent, Huawei’s obstacles in the U.S. market illustrates that such fears are common. Nevertheless, security analysts were split on whether Huawei investment would facilitate cyber-espionage or otherwise compromise U.S. national security. In 2012, the House Intelligence Committee released a very damning report about Huawei and ZTE. The report uses strong language to describe the threat to the national security that these two companies supposedly pose. Yet, in the publicly released version, the report cites no evidence of spying by either Huawei or ZTE.14
Huawei’s problems with the U.S. government allude to a widespread concern regarding the independence of Chinese private corporations from government interference. However, several legal experts have submitted declarations to the Federal Communications Commission in support of private Chinese companies’ position that they could not be compelled by the Chinese authorities to engage in espionage activities against U.S. interests. These include declarations submitted by Jihong Chen and Jiangwei Fang from Zhong Lun, a Chinese law firm, Clifford Chance, a UK law firm, an expert declaration submitted by Jacques deLisle, a Professor of Law at the University of Pennsylvania.15
It is true that none of the evidence is conclusive of absolutely no national security risk. However, as Timothy Webster, an Assistant Professor of Law at Case Western Reserve University, carefully points out, the fact that “after forty years, no conclusive evidence has yet emerged to support the claim that a foreign investment has endangered U.S. national security” should prompt the U.S. to review its recent decisions on national security concerns.16 He states, “of course, this does not mean that no foreign investment could ever harm U.S. national security or its national interests . . . but the absence of such an investment is significant” means something.17 Given the lack of evidence, perhaps skeptics should reconsider their concerns, before rejected much needed venture capital as a national threat.
Beijing Kunlun Reportedly Seeks to Sell Grindr, Bloomberg’s Grindr LLC Key Development (March 27, 2019), https://www.bloomberg.com/research/stocks/private/snapshot.asp?privcapid=244520896. ↩
Id. ↩
Latham & Watkins, LLP, Overview of the CFIUS Process, https://www.lw.com/thoughtLeadership/overview-CFIUS-process (last visited May 1, 2019). ↩
Ingrid Lunden, Report: Grindr’s Chinese Owner Kunlun is Selling the Dating App After CFIUS Raised Personal Data Concerns, TechCrunch (April, 2019), https://techcrunch.com/2019/03/27/report-grindrs-chinese-owner-kunlun-is-selling-the-dating-app-after-cfius-raised-personal-data-concerns/. ↩
Latham & Watkins, LLP, Overview of the CFIUS Process, https://www.lw.com/thoughtLeadership/overview-CFIUS-process (last visited May 1, 2019). ↩
Id. ↩
Id. ↩
Id. ↩
Id. ↩
Kevin Granville, CFIUS, Powerful and Unseen, Is a Gatekeeper on Major Deals, The New York Times (March 5, 2018), https://www.nytimes.com/2018/03/05/business/what-is-cfius.html. ↩
Georgia Wells and Kate O’Keeffe, U.S. Orders Chinese Firms to sell Dating App Grindr Over Blackmail Risk: Beijing Could Exploit the App’s Personal Data for Espionage, US Officials Believe , Wall Street Journal (March 27, 2019), https://www.wsj.com/articles/u-s-orders-chinese-company-to-sell-grindr-app-11553717942. ↩
Id. ↩
Samma Sacks, New China Data Privacy Standard Looks More Far-Reaching than GDPR, Center for Strategic & International Studies, (January 29, 2018), https://www.csis.org/analysis/new-china-data-privacy-standard-looks-more-far-reaching-gdpr. ↩
Joseph Menn, White-House Ordered Review Found No Evidence of Huawei Spying, Reuters (Oct. 18, 2012), https://www.reuters.com/article/us-huawei-spying/exclusive-white-house-review-finds-no-evidence-of-spying-by-huawei-sources-idUSBRE89G1Q920121017. ↩
Jihong Chen and Jianwei Fang, Declaration of Jihong Chen and Jianwei Fang Before the Federal Communications Commision (May 27, 2018), https://thechinacollection.org/wp-content/uploads/2019/03/Huawei-Declaration.pdf; Jacques deLisle, Expert Report Prepared by Jacques deLisle Before the Federal Communications Commission (August 8, 2018), https://thechinacollection.org/wp-content/uploads/2019/03/DeLisle-declaration.pdf. ↩
Timothy Webster, Why Does the United States Oppose Asian Investment, 37 NW. J. Inte’l L. & Bus. 212, at 250. ↩
Id. ↩