TikTok has dominated the headlines, but has Congress missed an even bigger threat?
While Congress has been focused on banning TikTok, a far more concerning data security threat has been overlooked. If lawmakers really want to protect Americans’ data from the Chinese Communist Party, the real target should be Temu. Temu is a lesser-known brand than TikTok but a much greater threat. Here’s why:
Temu is owned by PDD Holdings, a Communist Party-controlled company based in China. Virtually all its employees live in China, and PDD Holdings is listed on Nasdaq. It also owns the Pinduoduo shopping app, which has over 800 million users in China.
China’s National Intelligence Law of 2017 mandates that all Chinese companies are legally obligated to share all collected data with the Communist Party regardless of whether it is collected in China or overseas. This means the party does not require permission to access data collected by Temu from its users in the U.S. According to an article in The Wall Street Journal, the Temu app has been downloaded more than 123 million times and has over 50 million active monthly users in the United States.
China’s National Intelligence Law of 2017 mandates that all Chinese companies are legally obligated to share all collected data with the Communist Party regardless of whether it is collected in China or overseas. This means the party does not require permission to access data collected by Temu from its users in the U.S. According to an article in The Wall Street Journal, the Temu app has been downloaded more than 123 million times and has over 50 million active monthly users in the United States.
Unlike TikTok, which has less than 20% Chinese ownership of its parent company and U.S.-based operations, including an elaborate, $1.5 billion investment in an Oracle-managed data security shield dubbed Project Texas, Temu does not employ any data security personnel in the United States. Everything related to its data is handled by its Shanghai-based “engineers.” In fact, these “engineers” were involved in a malware scandal that resulted in a suspension from the Google Play Store in 2023.
Less than a year ago, the Pinduoduo app was suspended from Google Play after Google discovered malware in some of its versions. Experts concluded that the Pinduoduo app exploited vulnerabilities in Android operating systems and that such exploits were used to spy on users and competitors. The Chinese Communist Party did not penalize Temu for this blatant data security violation. Independent research found that the same group of engineers who built the Pinduoduo malware were later assigned to work on the Temu app.
This past February, Temu faced class-action lawsuits filed by over a dozen U.S. users in states including Illinois and Massachusetts. The plaintiffs alleged that the Temu app had access to “literally everything” on their mobile phones and “purposefully and intentionally” loaded its app with malware and spyware to deceive customers about how it uses their data.
Given Temu’s extraordinary growth in the United States and Temu’s intention to increase investment here even further this year, these data breach incidents are extremely troubling, and Congress should immediately investigate further.
At a minimum, the relevant committees of jurisdiction should send written demands for documentation from Temu’s corporate office. While this will likely go ignored, it will put a foreign company that does substantial data collection of Americans (quite possibly illegally on behalf of the Chinese Communist Party) on notice.
Furthermore, Congress should use its compulsory process powers to acquire banking information and transaction details to ascertain what entities and individuals are involved with Temu. As I said when I ran the “Russiagate” investigation for Congress, money doesn’t lie.
Curiously, despite reports of significant financial resources (including over $8 billion net profit in 2023), PDD Holdings is heavily subsidized by the Chinese government. In 2023, it received over $400 million in government subsidies (recorded as “other income” in financial filings), adding credence to speculation that PDD sells or voluntarily gives its data to unknown entities within the Chinese Communist Party.
Temu is clearly a major data security threat and deserves the same intense scrutiny as TikTok. It’s well past time for Congress to start asking questions and letting Americans know they are paying a much higher cost than the prices listed on the Temu app.
This article was originally published on The Washington Times on April 8th, 2024.
