> just buy the data from a broker

A surprising (and funny) example of this is how the open-source intelligence community and sites like Bellingcat used purchased or leaked data from private Russian commercial data brokers to identify and track the detailed movements of elite Russian assassination squads inside Russia as well as in various other countries. They learned the exact buildings where they go to work every day as well as who they met with and their home addresses. https://www.newyorker.com/news/dispatch/how-bellingcat-unmas...

Volunteer open-source researchers also used these readily available data sources to identify and publicly out several previously unknown Russian sleeper agents who'd spent years hiding in Western countries while building cover identities and making contacts. https://www.bellingcat.com/news/2022/08/25/socialite-widow-j...

To your point, if volunteer internet hobbyists can use commercial broker data to identify and track elite Russian assassins and undercover sleeper agents, in Russia and around the world, China having direct access to US Tiktok data, which Tiktok sells to anyone through brokers anyway, doesn't seem like an existential intelligence threat to our national security. Forcing TikTok to divest Chinese ownership would, at most, make Chinese intelligence go through an extra step and pay a little for the data.

If politicians were really worried about foreign adversaries aggregating comprehensive data profiles on everyone, just addressing China's access to TikTok is a side show distraction. Why didn't they pass legislation banning all major social media services from selling or sharing certain kinds of data and requiring the anonymization of other kinds of data to prevent anyone aggregating composite profiles across multiple social platforms or data brokers? That would actually reduce the threat profile somewhat.

Obviously, they aren't doing that because the FBI, CIA, NSA, TSA, INS, IRS, Homeland Security and their Five Eyes international partners are aggressively buying data broker info on all US residents at massive scale every day and aggregating it into comprehensive profiles - all with no warrants, probable cause or oversight. The US Constitution doesn't apply because it's just private commercial data, not government data. Any such law would have to explicitly carve out exceptions allowing US and allied intelligence agencies to continue doing this. Alternatively, they could put such use under the secret FISA intelligence court. US intelligence has thoroughly co-opted FISA oversight but jumping through the FISA hoop is extra work and filling out the paperwork to be rubber-stamped is annoying. They much prefer remaining completely unregulated and unsupervised like they are now, collecting everything on everyone all the time without limit. They've certainly already automated collecting all the data they want from every broker.

So yeah... let's very publicly make a big show of slapping just China and only about TikTok - and loudly proclaim we really did something to protect citizen privacy and reduce our national data aggregation attack surface. This is the intelligence community cleverly offering a fig leaf of plausible deniability to politicians who can now claim they "did something", while leaving the US intelligence community free to pillage every last shred of citizen privacy in secret.