The Trump administration is expanding its efforts to block Chinese acquisitions in the United States, moving to force a Chinese firm that owns Grindr, the gay dating app, to relinquish control over concerns that Beijing could use personal information to blackmail or influence US officials, according to people familiar with the situation.
The action, which is being driven by the Committee on Foreign Investment in the United States, is unusual given that the panel typically investigates mergers that could result in control of a US business by a foreign individual or company, judging whether deals could threaten national security.
This appears to be the first case in which the United States has asserted that foreign control of a social media app could have national security implications.
The administration has not announced the move, which will require that Grindr be sold, or explained it. But officials familiar with the case, which was first reported by Reuters, say the concern focused on the potential for the blackmail of US officials or contractors, if China threatened to disclose their sexual orientation, or track their movements or dating habits.
Three years ago, a Chinese firm that owns both gaming and credit services businesses, Beijing Kunlun Tech Co. Ltd, a public company listed on the Shenzhen stock exchange, bought a 60 percent stake in Grindr, which is based in West Hollywood, California, for $93 million.
The Chinese-owned dating app Grindr has been declared a national security risk by a US panel. Source: The New York Times
Early last year it bought the remaining shares for a little over $150 million.
While there were news reports about both transactions, the United States did not take action to block the acquisitions. Since then, the United States’ definition of national security threats has expanded, in part over concerns by the Trump administration and lawmakers about China’s ability to gain access to critical U.S. technology.
It is unclear why the panel, known as CFIUS, acted now, more than three years after control of the company switched to Chinese hands. And so far, there is no public evidence that any information on the app has been used by the Chinese government.
But Senator Ron Wyden, said he, along with several other senators, asked CFIUS to conduct a review.
“Last year, my office met with a top official from the Treasury Department to express my serious concerns about the national security risks associated with a Chinese company buying Grindr,” he said in a statement.
While he said he could not “confirm specific actions by CFIUS,” a highly secretive panel, “it is high time for the administration and CFIUS to consider the national security impact of foreign companies acquiring large, sensitive troves of Americans’ private data.”
Congress handed more power to the panel last year, allowing it to examine transactions that fell short of majority control of a company and involved just minority stakes. The expansion was an effort to counter Chinese minority investments in Silicon Valley companies that gave investors an early look at emerging technologies.
The Kunlun purchases had never been submitted to CFIUS, giving the government the leverage to go back in after the sale to try to force a divestment. Calls to Kunlun’s office number were not answered, and emails seeking comment were not returned.
Grindr has already faced questions about its control and use of personal data. The company faced a huge backlash for sharing users’ HIV status, sexual tastes and other intimate personal details with outside software vendors. After the data sharing was made public by European researchers in 2018, the company said it would stop sharing HIV data with outside companies.
Last year was the first time CFIUS appeared to be concerned about the purchase of companies that contained sensitive data. The government killed a proposed merger last year between MoneyGram, the money transfer firm, and Ant Financial, a payments company related to Chinese e-commerce giant Alibaba.
The United States has also embarked on a global campaign to block a big Chinese telecom equipment giant, Huawei, from building the next generation of wireless networks, known as 5G, over concerns that it could divert critical data through China, or be forced to turn over data running through its networks to Beijing. The White House has essentially accused Huawei of being an arm of the Chinese government that can be used for spying or to sabotage communications networks, a charge that Huawei has vehemently denied.
But the administration’s efforts to control what kind of personal data is available to China’s intelligence services may have come too late. China’s ministry of state security and other Chinese groups have already been accused of successfully stealing personal data from US databases.
The Grindr app in use on a Samsung smartphone. Source: Jonathan Brady/PA Wire
The theft of 22 million security clearance files from the Office of Personnel Management in 2014, along with similar theft of data from the Anthem insurance networks and Marriott hotels, have all been attributed to Chinese actors by US intelligence officials, who say they were most likely operating on behalf of the government.
The files stolen in the 2014 government breach contain far more personal data than the Chinese could probably find on any individual social media site: They include work history on sensitive US projects, information about bankruptcies, medical conditions, relationship histories, and any contacts with foreigners.
The loss of the information forced the CIA to reassign personnel headed to China, and was considered among the largest losses of sensitive security information in decades. The Obama administration declined to publicly concede that the breach was committed by Chinese intelligence services.
China has taken steps of its own to limit foreign companies’ access to its citizens’ personal information. A recently enacted cyber security law mandates that user data be stored in the country, where it can be kept under the government’s control. In response to the law, Apple said it would open its first data center in China, and formed a partnership with a Chinese company to run the center and handle data requests from the government.
Before the law even came into effect, the Chinese government had pressured foreign technology companies to operate servers only within its borders - meaning the data is available to Chinese authorities under Chinese law. Amazon and Microsoft have partnered with Chinese firms to offer cloud computing services to Chinese customers.
The United States has also pressed China to allow insurance companies and other US firms that control personal data to enter the Chinese market, a demand that goes back nearly two decades. China has agreed to do so, and that agreement is expected to be part of the larger trade deal being negotiated between US and Chinese negotiators.
But the Grindr case could give the Chinese government an excuse to make its own national security claims if US firms sought to purchase a Chinese insurance company, or any of its social media firms.
By David E. Sanger © 2019 The New York Times
