It’s been almost three years since India banned TikTok amid a heated political dispute with China, where the app’s parent company is based. To judge by the joyous TikTok videos of Indian teens flaunting their presence on the forbidden app and commenting on their workarounds, the ban has not exactly eradicated TikTok in India.
Now, as the Biden administration threatens to ban TikTok because of its ownership by China’s ByteDance, experts are pointing out that Americans—like their peers in India—would not actually be entirely locked out of the popular social media platform if the app were declared off limits.
“You can never completely ban a product,” says Darrell West, a senior fellow in the Center for Technology Innovation at the Brookings Institution, a public policy think tank in Washington, D.C. “There’s just so many ways to gain access that are beyond the control of the government.”
The availability, and ease, of the workarounds would depend on the particular mechanism the U.S. government chooses to ban the app, assuming it were to go through with it. For many users, any workaround would be one too many, and a ban would almost certainly mean a sharp decline in the number of Americans (currently 150 million, according to TikTok) using the app.
But how far the U.S. government is willing to go in trying to stop the more committed TikTok users from accessing their favorite app is a tricky proposition with inherent risks — lock things down too tightly and the ban could infringe on broader personal freedoms; an overly porous blockade, on the other hand, could be so ineffectual that it erodes the government’s credibility.
“If we do something impulsive…and it’s not very effective, then it’s going to be actually more ammunition for the Chinese Communist Party to use to show how the U.S. is not able to enact policy,” says Nick Merrill at the Center for Long-Term Cybersecurity at the University of California, Berkeley.
Much of the debate over TikTok’s Chinese ownership has centered around the complexity of separating TikTok from its Chinese parent company, ByteDance, be it through a divestiture, as the Biden administration is calling for, or a structural change, as TikTok has proposed with its so-called Project Texas plan. Among the thorny and unresolved issues in a break-up are the way American user data would be stored and who has access to the algorithms that power the service.
But as several policy and security experts told Fortune, carrying out the threat of a ban is freighted with its own set of complexities.
It’s hard to block things on the internet in the U.S.
Unlike in China, where the so-called Great Firewall blocks citizens from accessing unwelcome apps like Facebook and YouTube, the U.S. does not have the kind infrastructure that allows the government to block something at the flip of a switch. That means the many telecommunication providers in the U.S. would have to be told to block the web app, which is “uncharted waters,” Merrill said. “There isn’t a really great policy framework in place for the government to instruct telcos what to do,” he added.
In another approach, data from SIM cards and IP addresses could be used to geofence U.S. users, preventing them from accessing TikTok, but this would likely require cooperation from TikTok. And as users in other parts of the word, including India and Hong Kong, have shown, such barriers are easily surmounted by simply removing the phone’s SIM card, turning on a virtual private network, and connecting to Wi-Fi.
VPNs allow users to access a secure server by pushing internet traffic through an encrypted tunnel that governments and internet service providers can’t access. It’s how some people in China, including foreign journalists, are able to bypass the Great Firewall and access the broader internet. In the U.S., VPN software is fairly easy to find online, sometimes free or for monthly paid subscriptions, and easy to use.
While VPNs are illegal or heavily restricted in a few countries that have internet censorship laws, the U.S. is unlikely to join them. VPNs have many uses like security from hackers and safeguarding confidential information. And it would be legally challenging since proposals to ban TikTok have already been met with arguments that such a move would infringe on First Amendment rights.
Eliminating the supply is another approach the U.S. government could take, by pressuring Google, Apple, and others to remove TikTok from their app stores. That would prevent new users from accessing the app, and stop current users from updating the version of the app they’ve already downloaded, limiting TikTok’s long-term functionality in the U.S. But even then, users could “jailbreak,” or modify the operating system to load unapproved apps. And it’s unclear if app stores would comply with a request to remove TikTok. Fortune contacted Google and Apple about whether they would and didn’t hear back by publication.
The government could also ask content distribution networks like Cloudflare, which identify and block malicious traffic, to add TikTok to the mix. But even then, “it’s not bulletproof,” Merrill says, and people could likely still use a VPN to circumvent attempts to stop their use.
The slippery slope of a harsh crackdown
From TikTok’s perspective, a ban is unlikely in the first place. At a recent all-hands meeting, the company’s top lawyer reportedly laughed when he was asked what the contingency plan was if a ban were to happen, and explained that it would fight it in court. But many industry observers believe TikTok’s days are numbered in the U.S., at least if it remains part of China’s ByteDance.
“We believe a ban of TikTok within the US are likely sealed at this point with the odds of a ban 90%+ in our opinion,” tech analyst Dan Ives tweeted last month, following TikTok CEO Shou Zi Chew’s appearance at Congressional hearing.
While the multiagency Committee on Foreign Investment in the United States, or CFIUS, has issued the divest-or-be-banned ultimatum to ByteDance, Congress is also working on legislation. The RESTRICT Act would enable the US commerce secretary to ban TikTok and any other tech from nations considered a national security threat.
The bill has currently only been introduced in the Senate and endorsed by the White House, but some of the language has raised alarms among some observers, particularly a clause that says those convicted of breaking it could be penalized with prison time or massive fines. Lauren Hendry Parsons, the global head of communications of VPN company ExpressVPN, says the company has received numerous questions from users worried about whether they could be identified and persecuted for using VPNs to access an app like TikTok if it were outlawed.
Virginia Senator Mark Warner proposed the legislation, and his office has clarified that it is aimed at companies like Kaspersky, Huawei and TikTok, not at individual users. Still, Parsons thinks it could be a slippery slope “with serious long-term implications on privacy rights.”
Digital rights groups like the Electronic Frontier Foundation agree, saying that a person could potentially be punished under the law for using a VPN to access TikTok. “Even if the bills’ sponsors do not intend it, giving the Commerce Department broad authority to impose crushing criminal penalties on any person trying to evade a ‘mitigation measure’ is dangerous,” EFF wrote in a recent post.
Whether or not the U.S. follows through on its threats of a ban, some security industry experts are frustrated that higher priority areas for data privacy aren’t being addressed as lawmakers turn their attention to TikTok. Parsons says data protection laws need strengthening and there should be greater transparency from tech companies about their data practices. University of California’s Merrill agrees: “The karmic irony here is that the U.S. is so suspicious of the influence of these out-of-jurisdiction, algorithmic tools, which is exactly what the rest of the U.S.’ allies should be feeling about things like Facebook. So the U.S. is sort of getting a taste of its own medicine.”