This week, U.S. Sen. Marco Rubio, R-Fla., sent a letter to Jamie Dimon, the Chief Executive Officer of JPMorgan Chase, questioning his company’s concerning decision to enhance CCP access to users’ sensitive personal data.
“JPMorgan Chase and Co. (JPMorgan Chase) is partnering with ByteDance, TikTok’s Chinese Communist Party-controlled (CCP) parent company, to develop in-app payment technology for its products. With JPMorgan Chase’s help, Bytedance will be given additional tools to track, trace, view, and monitor Americans’ payments — all data that could be shared directly with the CCP,” Rubio’s office insisted.
The letter is as follows:
Dear Mr. Dimon:
I write to convey my strong concern regarding JPMorgan Chase and Co.’s (JPMorgan Chase) reported partnership with ByteDance, a Chinese internet company and TikTok parent, in developing payments technology. As you are no doubt aware, ByteDance is controlled and directed by the Chinese Communist Party (CCP), meaning that data, including private information belonging to Americans and other foreigners, available to ByteDance is also accessible to Beijing. It is outrageous that JPMorgan Chase would elect to join ByteDance in a partnership geared toward broadening and deepening the company’s, and as a result, the CCP’s, access to countless volumes of user data.
Beijing’s Data Security Law obligates any technology company in China to hand over user information and other data to the government if prompted. Moreover, the CCP’s 2017 National Intelligence Law dictates that nominally private firms must “support, assist, and cooperate with the state intelligence network.” However, CCP control over ByteDance is overt and unambiguous. For years, ByteDance has engaged in joint ventures and strategic partnerships with People’s Republic of China (PRC) government organs. It has repeatedly worked with the PRC’s internet regulator and censor, the Cyberspace Administration of China, to share algorithms and disseminate Beijing’s propaganda domestically and abroad. The CCP has exerted hiring and personnel decisions over the company, notably ousting ByteDance chair Zhang Yiming as it consolidated control over the Chinese tech market. As if to formalize the long-running arrangement, in August 2021, the PRC took an outright ownership stake and one of three board seats at ByteDance’s key domestic subsidiary.
Senior intelligence officials have sounded the alarm about the threat posed to U.S. national security, as well as to millions of American users’ data security, by TikTok and ByteDance. In December 2022, President Biden’s Federal Bureau of Investigations Director Chris Wray warned that CCP control over ByteDance and TikTok “allows [Beijing] to manipulate content and if they want to, to use it for influence operations which are a lot more worrisome in the hands of the Chinese Communist Party… They also have the ability to collect data through it on users which can be used for traditional espionage operations, for example… All of these things are in the hands of a government that doesn’t share our values and that has a mission that’s very much at odds with what’s in the best interests of the United States.” Two weeks later, Central Intelligence Agency Director William Burns echoed the concern, noting that Beijing can “insist upon extracting the private data of a lot of TikTok users in this country… those are real challenges and a source of real concern.”
Just days after Director Burns’s statement, reporting confirmed that ByteDance was using private data from TikTok to track and surveil American journalists who had been critical of the company and the CCP. It was a perfect example of exactly the kind of behavior that I have repeatedly warned of: ByteDance abusing its access to an extraordinary repository of user data to steal Americans’ personal identifying information, spy on them and, had it not been exposed, likely attempt to coerce or manipulate them.
With this in mind, you can imagine my alarm when reports recently emerged that JPMorgan Chase has partnered with ByteDance to produce “‘a real-time payments infrastructure’ for ByteDance that now allows its users ‘to be paid instantaneously and directly into their bank accounts at any day or time.’” It is concerning enough for JPMorgan Chase to carry water for Beijing and falsely characterize ByteDance’s “mission [as] to inspire creativity and enrich life,” rather than disseminate CCP propaganda and censor references to the Uyghur genocide. Even more alarming, however, is that JPMorgan Chase is now actively working with ByteDance to enlarge its capacity for “real-time data exchange, track and trace” and to “see and monitor payments” in light of its repeated gross abuses of user information.
As JPMorgan Chase is uniquely aware, fintech is an exceptionally fast-developing space, and ByteDance’s child companies, chief among them TikTok, have seen explosive growth in online and in-app transactions over the last year alone. Assisting online companies to build out real-time payments systems, centralize banking structures, and streamline access to millions of users’ financial information is no doubt lucrative. However, by partnering with ByteDance to develop a treasure trove of private data, including that of millions of Americans, JPMorgan Chase has effectively handed the combination to the vault to the CCP, as well.
In order to better understand this arrangement, I request answers to the following questions, in writing, within 30 days:
1. Is JPMorgan Chase’s partnership with ByteDance “to develop a comprehensive payment solution” still ongoing?
2. Whether ongoing or concluded, please describe the extent of JPMorgan Chase’s participation in this partnership.
1. Does JPMorgan Chase have any other active partnerships with ByteDance? If so, please list them.
3. When did JPMorgan Chase’s payments technology partnership with ByteDance begin?
4. Was JPMorgan Chase aware of the relationship between ByteDance and the CCP, including the level of control exerted by the latter over the former, when it initiated this partnership?
5. Was JPMorgan Chase fully aware of the Data Security Law of the People’s Republic of China, or any other similar laws of the PRC, when it initiated the partnership?
1. If so, what steps did it take to protect the data of affected individuals, including non-Chinese nationals, in this partnership?
2. In developing this technology with ByteDance, what steps did JPMorgan Chase take to protect the personal or private data belonging to users, especially Americans, involved?
3. In developing this technology with ByteDance, what steps did JPMorgan Chase take to ensure that no such personal or private data was accessible to the CCP or the PRC?
4. Does this partnership affect the data security of any JPMorgan Chase account-holders?
6. What categories of data does the real-time payments infrastructure that ByteDance and JPMorgan Chase collect from users?
1. How does this data collection occur?
2. Who has access to data available as a result of this collection?
7. What national security concerns surrounding ByteDance, including regarding TikTok and other company subsidiaries, has JPMorgan Chase taken into consideration in dealing with ByteDance?
8. To what degree were any China-located branches of JPMorgan Chase involved in this partnership?
1. Do any of these branches have a Chinese Communist Party cell or committee present in their corporate structures?
9. What considerations does JPMorgan Chase’s relationship with ByteDance have in both companies’ hiring strategies?
Thank you for your attention to this matter. I look forward to your timely response.
