Cybersecurity & Tech Executive Branch

Will TikTok Win Its Lawsuit Against Trump?

Robert Chesney
Tuesday, August 25, 2020, 9:17 PM

Is TikTok’s suit against the government likely to succeed? Not in conventional terms—but maybe that’s not the right way to look at it.

A phone showing TikTok. (Flickr/Aaron Yoo, https://flic.kr/p/2e7Zx7B; CC BY-ND 2.0, https://creativecommons.org/licenses/by-nd/2.0/)

Published by The Lawfare Institute
in Cooperation With
Brookings

Does TikTok’s lawsuit against the U.S. government have a chance of success? That depends on how “success” is defined. It’s not likely to prevail on the merits, at least not ultimately. But maybe it does not need to do so.

Background

First, some context. I’ve written previously on TikTok several times:

  • here (anticipating possible presidential action against TikTok),
  • here (explaining the Aug. 6 IEEPA orders), and
  • here (explaining the Aug.14 CFIUS order).

But feel free to skip all that and just read the following summary.

On Aug. 6, the U.S. government imposed sanctions on TikTok and its parent company, ByteDance, under the International Emergency Economic Powers Act (IEEPA), barring all “transactions” with them effective 45 days later. The IEEPA order also directed the secretary of commerce to clarify, at that time, what exactly “transactions” should be understood to cover. Until then (and perhaps even then), it’s impossible to say with certainty just what the sanctions prohibit. Do they knock TikTok out of the App Store and Google Play? Surely so. Do they negate TikTok’s leases on its servers in Virginia? Maybe. How about the lease on TikTok’s offices? Its employee contracts? Contracts with lobbyists, bankers and lawyers? And what about users posting content and users downloading content? Some of this should become clear in mid-September. Maybe.

Meanwhile, there’s an additional directive from the government: Invoking his authority under the statutory framework for the Committee on Foreign Investment in the United States (CFIUS), President Trump separately ordered TikTok’s parent company, ByteDance, to divest itself of TikTok within 90 days (with the possibility of a one-month extension). This marked the culmination of a long process of CFIUS review of ByteDance’s earlier acquisition of the Musical.ly app, which the company later rebranded as TikTok.

Notably, the CFIUS order came with a 90-day deadline instead of one aligned with the earlier IEEPA order. This strongly suggests that the secretary of commerce’s forthcoming directive explaining the scope of the IEEPA sanctions will include a carve-out allowing TikTok and its bankers, lawyers and other professionals to continue to work to close the deal on the sale of the company to any of several possible U.S. companies interested in purchasing it. Microsoft and Oracle are two of the suitors that have been named publicly.

TikTok’s Suit: Identifying and Handicapping Their Causes of Action

On Aug. 24, TikTok and ByteDance filed a suit in the U.S. District Court for the Central District of California, arguing that the IEEPA order (not the CFIUS divestiture order, just the IEEPA sanctions order) violates the Constitution as well as IEEPA’s statutory limitations and, thus, should be enjoined. To repeat: This suit does not challenge the CFIUS order compelling divestment by the end of the year; it just tries to keep the company in regular operations until then.

Will it work? There are a host of distinct claims here, some more plausible than others. I count about eight separate arguments. Let’s kick the tires on each of them. I’m skeptical about the merits claims almost across the board—yet this suit still might serve to produce a win of sorts, as I’ll explain after going over each of the claims separately.

1. Lack of Due Process

TikTok and ByteDance argue that the government violated the Fifth Amendment Due Process Clause by failing to provide them with both adequate notice of the grounds for the IEEPA order and an adequate opportunity to rebut those grounds.

Does this argument hold water? There is no question that the Fifth Amendment applies here, and that it requires fair notice of the government’s grounds for concern and a fair opportunity for the companies to respond. The crux of the issue, instead, is whether they’ve had that notice and opportunity.

The companies are in a difficult position here because, by their own account, they had previously engaged with the government on these questions in the context of the CFIUS process. As the complaint spells out, they have submitted a great deal of information and documentation in hopes of persuading CFIUS not to order divestiture. That attempt ultimately failed, but the important point here is that the companies had at least some notice of the government’s concerns long before the Aug. 6 order, and they had a formal and extensive process whereby they did their best to alleviate those concerns.

The companies now contend that this process was itself insufficient at least in part because “CFIUS never articulated any reason why TikTok’s security measures were inadequate to address any national security concerns.” But what exactly does the Due Process Clause require in this setting? This is, perhaps, an open question, in the sense that there may not be a case that previously has confronted a scenario in which the sanctioned entity had notice, made voluminous filings in response, and then received a negative response from the government that did not include an accounting for why the government was unpersuaded. I am doubtful, however, that the courts will find these circumstances to be an unconstitutional deprivation of a fair chance to be heard.

If the reviewing court is in a formalistic mood, then the companies might get further with an argument that a CFIUS-based process simply cannot count as fair process to support an IEEPA-based determination. The complaint does not read to me as if they are making this claim, though; rather, it reads as if they are focused on the idea that the government should have to explain why it was not persuaded by their CFIUS arguments, and then the companies should have a further chance to respond. But let’s say they do at some point make clear that they think the CFIUS filings don’t count for IEEPA purposes. That seems wrong to me where, as here, there is a complete identity of interests in the two settings. Still, I can imagine the argument working, so I would not rule that out entirely.

In that case, though, the question then becomes one of timing. In the foreign sanctions setting, no ex ante notice is required (for the obvious reason that this might facilitate circumvention of the attempted sanctions). Given this, and given that the sanctions in this case don’t even attach until around Sept. 20, I don’t think there can be a violation at the current time. And, for similar reasons, I don’t think the government can be enjoined from implementing the sanctions while any further process unfolds later this fall.

2. Insufficient Factual Basis for IEEPA Sanctions

The companies argue that the statutory standard for IEEPA sanctions is not met here, as a factual matter. As to this, I’ll simply note that I’m exceedingly doubtful that courts will second-guess the president’s merits assessment on whether the facts indeed warrant action under IEEPA. Courts may insist on further fact-finding procedures, as just noted, but they will not second-guess the executive branch’s policy-inflected prediction as to whether the range and degree of risks at issue warrant use of the authority Congress has delegated.

3. Insufficient Connection to the May 2019 National Emergency Proclamation

The companies argue that the sanctions order is not properly supported by a public proclamation of a national emergency, as IEEPA requires, notwithstanding Trump’s May 2019 invocation of a national emergency vis-à-vis adversarial foreign influence in the supply chain of communication and information technologies used in the United States. At bottom, the companies are raising a semantic dispute about the scope of the May 2019 order, suggesting that its language just isn’t capacious enough to encompass an entity like TikTok. It seems to me that the companies are parsing the language of the earlier order too closely, however. What matters for TikTok’s situation in that May 2019 order is the national emergency proclamation in the opening paragraph of the order, and it includes this language:

[U]se in the United States of information and communications technology or services designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of foreign adversaries augments the ability of foreign adversaries to create and exploit vulnerabilities in information and communications technology or services, with potentially catastrophic effects, and thereby constitutes an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States.

TikTok can fairly be described as an information and communications technology or service. Is it designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary? Well, ByteDance is headquartered in China and thus is subject to Chinese jurisdiction, including the domestic law frameworks that compel silent cooperation in national security matters. And TikTok is owned by ByteDance. TikTok may be correct in asserting that the steps it has taken to insulate itself from its parent company, and by extension from China, should be enough to assuage the U.S. governments’ fears—but that does not change the fact that the proclamation appears on its face to apply here.

4. Insufficient Tailoring of the IEEPA Sanctions as Applied to ByteDance

The companies argue that the grounds for the sanctions have no logical connection to other U.S.-based operations of ByteDance apart from TikTok, such as the apps Lark and CapCut. This is an interesting argument, for it certainly does seem as if little or no attention was paid to these other entities. And perhaps the secretary of commerce’s mid-September order clarifying the scope of the sanctions vis-à-vis ByteDance will result in those entities being carved out after all. But let’s assume they are not carved out, and that the proper reading of the sanctions is that no one in the United States can transact with ByteDance or any of its subsidiaries—in other words, not just TikTok. Is the sanctions order lawful if read in that way?

I think this provides more and better grist for the mill for the companies’ aforementioned Due Process argument, on the assumption that none of the CFIUS process had focused on the circumstances of those two subsidiaries, as far as I can tell. And there has been no public statement (or likely any other statement) conveying the nature of the government’s concerns (if there are any) about those subsidiaries in particular.

Then again, those arguments are beside the point if there is an adequate procedural record to simply sanction ByteDance itself. As to that: On the one hand, it’s just not clear to me from the complaint or from other public records whether and to what extent any exchanges between the companies and the U.S. government have focused on the issues at the level of ByteDance itself, as opposed to TikTok. On the other hand, the situation with respect to ByteDance is rather straightforward in one critical respect: The company is headquartered in China (notwithstanding a Cayman Islands incorporation) and thus is unquestionably subject to statutory obligations to cooperate with Chinese authorities (and not disclose that cooperation to the public). It’s not clear that more than this should be required for purposes of sanctions premised on the May 2019 national emergency proclamation.

5. Violation of IEEPA’s Carve-Out to Protect Certain Communications

The companies next contend that the sanctions run afoul of restrictions in IEEPA designed to prevent sanctions from applying to personal communications or to the transmission of informational materials.

There is no question that sanctions under IEEPA cannot be used to preclude a personal communication between a sanctioned foreign entity and a U.S. person. Similarly, even otherwise-sanctioned foreign entities remain free to send U.S. persons informational materials. But it hardly follows that such a foreign entity also therefore cannot be stopped from opening up a place of business in California, leasing servers in Virginia, contracting with Apple and Google to allow distribution of their business’s app through their stores, raising money in the U.S. market by accepting advertising contracts, collecting data about the habits of U.S. customers and otherwise operating a for-profit enterprise from within the United States.

Simply put: IEEPA can indeed be used to knock TikTok out of the U.S. market as a practical matter, even though one can’t be charged with an IEEPA violation merely for communicating with TikTok or even somehow managing to access its Singapore server so that you can view the latest content.

6. Violation of the Nondelegation Doctrine

The companies argue that IEPPA itself is unconstitutional, as an insufficiently constrained delegation of Congress’s Article I authority over foreign commerce.

To this, the short answer is United States v. Curtiss-Wright Export Corporation, the core holding of which was that the then-vibrant nondelegation doctrine was no obstacle in the context of international affairs (in a case involving a congressional delegation of authority to impose, well, sanctions) even back in the days when the Supreme Court routinely enforced the nondelegation principle.

7. Takings

The companies argue that the president’s suggestion that the U.S. Treasury should be paid as part of divestiture amounts to a taking of private property without just compensation in violation of the Firth Amendment Takings Clause.

The president’s comments about key money and the like were, in fact, outrageous. There’s zero basis in law for such a demand, and in fact the law forbids such extortion. And if the companies can get a court to enjoin the executive branch from demanding such a payment, well, great. But there’s a CFIUS order in place now, requiring divestiture within the next three to four months, and it does not attempt to enforce the president’s outrageous demand. The issue appears moot or, perhaps more accurately, not yet ripe.

8. Code as Speech

The companies assert that code is First Amendment-protected expression, that their companies run on code (including content-moderation policies that might be implemented via code), that the sanctions thus can be viewed as a content-based regulation of speech, that overbreadth analysis applies, and that a proper application of that analysis shows that the sanctions are overbroad. It seems obvious to me, however, that this proves far too much. Could not a foreign-owned bank make the same argument, citing both its reliance on code in its operations and perhaps also all the, well, spoken and written language of a more conventional sort that makes the company run? It is very hard to see how this argument will gain serious traction.

The Big Picture

So far I’ve given a very pessimistic account of the merits of the various arguments the companies have advanced. But what if the ultimate merits don’t determine whether they will truly win in this situation? In fact, I don’t think the ultimate merits are the main issue here. Here’s why:

There is a considerable difference between a prediction about the ultimate fate of each claim, accounting for appellate review, and a prediction about what might happen in the early stages of the litigation. It is certainly possible the district court will view at least some of these claims more favorably than I do, and even if not it is quite possible that the district court might still be amenable to preliminary procedural steps (such as issuing a stay, granting a preliminary injunction, denying a motion to dismiss) that will help the companies fend off the mid-September imposition of sanctions at least for a time. That prospect has real value for the companies. They are in the thick of negotiating with potential purchasers who know the companies must sell, which is a terrible place from which to bargain. And the situation for the companies gets much worse if and when the sanctions kick in, for depending on their scope they likely will cause TikTok to lose customers to competitors—rapidly so if the site cannot operate at all.

There is great value to be had, in short, simply by fending off the sanctions as far into the divestiture period as possible. Indeed, if TikTok and ByteDance can keep this plate spinning throughout the pending 90/120-day period, that’s a considerable victory—even if the claims ultimately would all fail if the litigation were to continue.


Robert (Bobby) Chesney is the Dean of the University of Texas School of Law, where he also holds the James A. Baker III Chair in the Rule of Law and World Affairs at UT. He is known internationally for his scholarship relating both to cybersecurity and national security. He is a co-founder of Lawfare, the nation’s leading online source for analysis of national security legal issues, and he co-hosts the popular show The National Security Law Podcast.

Subscribe to Lawfare