A Washington-based think tank’s recent report warned that Temu is ‘an information-gathering spyware program masquerading as an e-commerce site.’
The incoming administration and the new Congress must take action to address the threats posed by Chinese budget online retailer Temu, according to a recent report published by the Washington-based Center for Strategic and International Studies (CSIS).
Diane Rinaldo, a nonresident senior associate at the CSIS’s Strategic Technologies Program, stated in her Oct. 24 report that a new law regarding TikTok “failed to address the broader problem that goes beyond any single app.” The new law, which passed with huge majorities in the House and Senate earlier this year, requires TikTok’s China-based parent company to divest the app or face a U.S. ban.
“Unfortunately, this legislation does not protect against other nefarious apps, as it focuses solely on TikTok,” Rinaldo wrote.
“Rather than adopt an app-by-app approach, the next Congress should look to expand this legislation to target any applications that are [Chinese Communist Party] owned, operated, or affiliated and which are determined to represent a clear danger to American data security.”
President Joe Biden signed the Protecting Americans from Foreign Adversary Controlled Applications Act in April, requiring China’s ByteDance to sell TikTok by Jan. 19 next year. TikTok has been accused of exploiting the minds of American youth and suppressing content critical of the Chinese Communist Party (CCP).
The top concern now is Temu, which Rinaldo called “an information-gathering spyware program masquerading as an e-commerce site.”
She referenced findings published by Grizzly Research last year that Temu “has hidden functions that allow for extensive data exfiltration unbeknown to users.”
Rinaldo also pointed to a class-action lawsuit filed in November last year in Illinois. The complaint states that Temu is “purposefully and intentionally loaded with tools to execute virulent and dangerous malware and spyware activities on user devices.”
“With its deep access, it can log user activity beyond that which takes place in the app, monitor emails and messages, activate the microphone and camera, and log user movements through GPS data and Wi-Fi-connectivity,” Rinaldo wrote.
Any data that Temu may collect could end up in the hands of China’s communist regime. So far, there is “no evidence” that Temu has handed over its user data to the CCP, Rinaldo said, but she warned that the retailer could be forced to comply under “legal obligations.”
Chinese laws, such as the National Intelligence Law of 2017 and the 2021 Data Security Law, authorize the communist regime to harvest data from China-based commercial entities.
The CCP could also compel Temu to turn over data via its parent company, PDD Holdings, since the latter is linked to China’s state-owned People’s Data Management, Rinaldo said.
The regime could combine Temu’s data with other hacked data, such as the stolen data from the 2015 breach of the U.S. Office of Personnel Management, to “develop targeting matrices for human intelligence or influence operations,” according to Rinaldo.
The 2015 cyber attacks compromised data belonging to more than 21 million current, former, and prospective federal employees and members of their families.
The next administration “would do well to continue” Biden’s executive order issued in February, Rinaldo wrote. Biden’s order is aimed at restricting adversarial countries, such as China and Russia, from buying Americans’ data by creating a new regulatory regime led by the Department of Justice.
On Oct. 21, the U.S. Department of Justice issued a notice of proposed new rules implementing Biden’s order.
In September, the Biden administration announced new steps to crack down on the de minimis loophole, which has allowed Temu and another Chinese company, Shein, a fast fashion retailer, to ship packages valued at less than $800 into the United States with relatively little scrutiny.
Another policy recommendation from Rinaldo’s report is that the Federal Trade Commission (FTC) should investigate Temu for false advertising, scams, and privacy violations.
In April, Rep. Brian Mast (R-Fla.) wrote a letter to FTC Chair Lina Khan asking the agency to investigate PDD Holdings for its links to the CCP and questionable business practices.
“Like TikTok, Temu represents another front in strategic competition with China and should be taken just as seriously,” Rinaldo wrote.
The Epoch Times has contacted Temu for comment.