The March 27 news that a Chinese company that owns Grindr is preparing to sell the popular gay dating app under pressure from the Committee on Foreign Investment in the United States (CFIUS) rapidly created perhaps the most discussed CFIUS issue since the 2006 Dubai Ports World case that first propelled CFIUS to national attention. Media reports that CFIUS considered Chinese ownership of Grindr to be a risk to U.S. national security have not received any official confirmation or explanation, leaving room for speculation on CFIUS’s reasoning. Legal analysis may explain part of it, but significant elements may be in the classified realm, not to be discussed publicly until their declassification many years in the future. The many possible dimensions of CFIUS’s reasoning should remind business and legal professionals that the scope of national security issues is rapidly expanding and will affect foreign investments increasingly widely.

Grindr and Personal Data

Grindr’s collection of personal data makes privacy and personal security into significant concerns even in the absence of any national security issues. Personal data including sexual orientation and HIV status are central to use of the app, along with photos of the user and geolocation of the user’s mobile device. Furthermore, like any dating app for people of any orientation, messaging by users can reveal statements and behavior that would be embarrassing and compromising if revealed publicly.

The app’s market success may make it a tempting target for foreign intelligence. Since its launch in 2009, Grindr has become an instantly recognized pop culture reference and the largest social networking app for LGBTQ people, with over 3 million users. That cohort is likely to include public office holders, members of the military, U.S. intelligence service employees, or in other government agencies with security clearances. Access to information collected and retained by Grindr could be a gold mine for foreign intelligence agencies searching for compromising information on them. Moreover, the very purpose of dating apps makes them ideal for establishing contact with persons to compromise them—“honey trap” by app—or to discover whether they are disaffected and vulnerable. A dating app may become where foreign intelligence finds the next Edward Snowden-like leaker of U.S. classified information.

Chinese Ownership and Grindr

In the absence of any official statements from CFIUS, the Department of the Treasury, or any of the other government agencies that are members of CFIUS, useful insights into how CFIUS may have assessed ownership of Grindr by Beijing Kunlun Tech Co., Ltd. have emerged as slowly and in tiny amounts as the flow of water in a Chinese water torture. Media reports on the first day of the story addressed the privacy issues and the general idea of using social media apps to collect information for blackmail or to reach out to Americans to persuade them to spy for foreign intelligence, quoting “former senior U.S. intelligence officials” as if such sourcing of obvious ideas is necessary. An entire week passed before NBC News pointed out in an April 2 report that Beijing Kunlun Tech Co.’s acquisition in 2016 soon resulted in Grindr moving its communications to WeChat, the ubiquitous Chinese messaging app that for years has been widely considered to be readily accessible by Chinese government agencies.

A surprising ensuing source of insight was Mother Jones, a publication normally not associated with concern for U.S. military and intelligence secrets but certainly concerned with civil liberties. An April 4 article pointed out the switch to using WeChat at Grindr and added observations from a lecturer at a U.K. university about the supremacy of state security over privacy in Chinese law. It pointed out that a 2017 Chinese law requires companies to “assist and cooperate with the state intelligence work,” a consideration widely discussed in the context of Huawei and U.S. accusations that the Chinese telecom giant aids Chinese government espionage.

Numerous other news and opinion articles have addressed the subject in April, some discussing the nature of the potential threat more specifically. An April 9 Washington Post opinion piece noted that Grindr data has been used against U.S. officials as early as 2015, when a user outed a Republican member of the North Dakota House of Representatives, Randy Boehning, after he voted against a bill expanding gay rights, by leaking photos that Boehning sent to the user on Grindr. Foreign intelligence gaining insider access to large volumes of Grindr data and mining it for potentially useful information could multiply such incidents, many if not most of them occurring in the shadows.

Evolving U.S. Policy on Chinese Ownership and U.S. National Security

The reasoning of CFIUS on Grindr’s case may not be clearly ascertainable, but the trend that it fits into is readily apparent. CFIUS scrutiny of Chinese acquisitions has increased in the 2010s, under both the Obama Administration and the Trump Administration, and over a year ago the security of U.S. data became a concern significant enough for CFIUS to block a widely publicized acquisition touted as having significant potential economic benefits for the United States.

In September 2012, a Presidential Order ordered Ralls Corp. to divest its interests in four wind turbine projects in Oregon, which were within or in the vicinity of restricted air space at Naval Weapons Systems Training Facility Boardman. Ralls Corp. was a Delaware corporation owned by the Sany Group, a Chinese conglomerate. Control of the wind farms may have allowed Chinese intelligence to spy on U.S. Navy aircraft using the bombing range.

In January 2018, MoneyGram and Ant Financial announced the termination of a planned acquisition of MoneyGram by Ant Financial, the Chinese financial services company controlled by Jack Ma, the celebrity businessman who co-founded Alibaba. Ma had met President-elect Donald Trump in person and talked of creating a million U.S. jobs. CFIUS disapproved of the acquisition, with sources stating that the security of Americans’ financial data was a major concern, and two House of Representatives members saying that acquisition could allow “malicious actors” to obtain data on U.S. military personnel and their families.

The Foreign Investment Risk Review Modernization Act (FIRRMA), enacted in August 2018, updated the governing laws of CFIUS for the first time since the Foreign Investment and National Security Act of 2007 and codifies into law numerous concerns created primarily by Chinese investments, especially in U.S. technology. FIRRMA expanded covered transactions under the jurisdiction of CFIUS to include investment in a U.S. business that “maintains or collects sensitive personal data of United States citizens that may be exploited in a manner that threatens national security.”

The application of this new statutory mandate to cases such as that of the pre-FIRRMA acquisition of Grindr will reflect a wide spectrum of possible threats to U.S. national security. The membership of CFIUS is intended to ensure that the committee considers a wide variety of conceivable threats. Chaired by the Secretary of the Treasury, the committee includes the Department of Defense and the Department of Homeland Security, along with the Departments of Justice, Commerce, State, and Energy, the Office of the U.S. Trade Representative, and the Office of Science & Technology Policy. The Director of National Intelligence participates as a non-voting member, which should ensure that counterintelligence concerns such as foreign intelligence exploitation of U.S. social media data receives consideration. Business and legal professionals must expect that there will be an expansive view of potential threats created by Chinese ownership of U.S. companies, with Grindr only one especially colorful early case.