Editor’s Note: Alex Stamos is a founding partner of the Krebs Stamos Group as well as the founder and director of the Stanford Internet Observatory. Prior to launching KSG and the SIO, Alex served as the chief security officer of Facebook and as the chief information security officer at Yahoo. The views expressed here are his own. Read more opinion on CNN.

CNN  — 

The multi-year saga of TikTok’s struggles in Washington is approaching a dramatic climax. As the company’s CEO testifies in front of the House Energy and Commerce Committee on Thursday, two widely different visions of the company will be on display.

Alex Stamos

To the young people around the world who spend hours per day watching the pithy, entertaining short videos, TikTok is the product that won their attention with an almost creepily smart discovery algorithm and a carefully cultivated community of top creators.

To the western world’s national security establishment, however, TikTok is a Trojan horse, bringing the long arm of China into the homes and workplaces of their citizens via its China-based parent company, ByteDance.

From my seat, as somebody who dealt with continuous state-sponsored attacks from countries around the world as the chief security officer at Facebook, and now running a research group at Stanford focused on online harms, there are indeed many legitimate concerns about TikTok. But those concerns are bigger than one company, and the Biden administration is missing an opportunity to lead the free world in addressing the big picture.

TikTok is only one chess piece in the global struggle to gather and control information. An important one, to be sure, but Washington’s laser-focus on capturing this one piece has blinded it to the bigger game.

We are clearly at the start of a long struggle between the world’s democracies and a new coalition of autocracies, led by a Chinese Communist Party that is emerging from the Covid-19 crisis with its most autocratic leader since Mao Zedong and a burning desire to demonstrate the power of the People’s Republic domestically and abroad.

Chinese President Xi Jinping’s visit this week to a battered, beleaguered Vladimir Putin only highlighted its new role, as the Chinese leader publicly legitimized a Russian president who was indicted by the International Criminal Court for war crimes only last week. In the South China Sea, Taiwan Strait and disputed Japanese waters, China’s rapidly growing military continues to push boundaries and prepare for conflicts with its neighbors and the West.

A similar battle plays out online, as China’s numerous intelligence and information warfare units support the country’s long-term economic and strategic goals. This includes frequent attacks to gain access to the West’s key companies and their trade secrets, as well as rapidly improving its capability to shape the world’s narratives via both overt and covert means.

Unrest in Hong Kong and the embarrassing emergence of Covid-19 from Wuhan has motivated China to rapidly improve its surveillance, influence and control around the world. This investment has paid off, and many observers, including our team at Stanford, consider China to be the world’s leader in this area.

Against this backdrop, national security concerns about TikTok are justified. ByteDance, like any other Chinese company, is subject to laws that compel extreme compliance with the interests and dictums of the state. There is no First Amendment or independent judiciary to protect ByteDance executives if they decided to deny China’s requests. President Xi has made that clear by taking direct action against China’s richest and most powerful CEOs.

So there is no question that China could quietly force TikTok to bend to its will. It could downrank voices deemed undesirable, and subtly manipulate what users see to create the illusion that pro-Chinese voices are ascendent and critics are unpopular and isolated.

The biggest risk, however, is access to all the data that is gathered in the normal operation of such a large product. TikTok does not carry much private conversation, although that could certainly change as the product and its userbase mature. It does, however, know a huge amount about the demographics, interests, location, contacts and devices of its 1.5 billion users.

China’s intelligence services have a long history of being accused of stealing massive databases from companies including Equifax, Anthem and Marriott, and even the clearance records of millions of government employees from the Office of Personnel Management. These famous cyberattacks demonstrate that Chinese intelligence services think big when they gather surveillance data on Americans, and TikTok’s data warehouse is very, very big.

TikTok’s CEO, Shou Chew, told Congress in his written testimony that “ByteDance is not an agent of China or any other country.” He laid out TikTok’s new data security model, where American users’ data is being stored by American tech company Oracle. In my experience, these kind of internal data controls are extremely hard to build and trust, and I agree with the Biden administration’s rejection of the move.

Regardless of how the US decides to move forward with TikTok (whether it’s requiring ByteDance to sell it, banning it completely or something else), it will do little to stop the growth of Chinese surveillance and influence, and the Biden administration and Congress need to take the wider view.

It turns out that there is no US law clearly governing the access that Beijing or Moscow-based employees of any tech or social media company have to the personal data of US citizens that use their services. And, there is currently no federal law discouraging the overcollection of critical data or personally identifiable information.

It’s time for Congress to finally pass a comprehensive privacy law. With state privacy laws popping up across the US, creating chaos for American companies without addressing some fundamental issues, now is the time for Congress and President Biden to create predictable rules and take back leadership in tech regulation. And in doing so, Congress can explicitly define the kinds of critical data that can be stored or accessed in the US, in our democratic allies, in neutral countries and in our adversaries.

A federal privacy law would also discourage mobile phone networks, adtech companies and data brokers from selling the exact kinds of data that TikTok could provide to the Chinese authorities. And any fair mechanism addressing TikTok’s risks should also apply to American companies selling data internationally or to US intelligence services.

Congress can also set a legal floor to the transparency social networks provide to civil society and academic researchers around the public content they are carrying. These groups work with key American social media companies to find and analyze campaigns to manipulate both American and global politics, playing an important role in informing citizens and journalists of the kinds of campaigns that may target them.

Get our free weekly newsletter

  • Sign up for CNN Opinion’s newsletter.
  • Join us on Twitter and Facebook

    TikTok has traditionally made it difficult for researchers to monitor its platform for this kind of manipulation, although in the past several months it has started to address the need for transparency. While US companies are often more transparent than TikTok, that is based only upon their own voluntary decisions. Twitter, long a leader in transparency, recently announced a plan to eliminate the external access that is critical to finding botnets and influence campaigns. The proposed Platform Accountability and Transparency Act would create a fair baseline for all companies and would remove this national security issue from the whims of individual tech billionaires.

    The US and our allies also need to seriously engage in the information war, both by protecting and supporting journalists who are able to operate independently of any government, and by building civil society coalitions that create public resiliency against the Chinese-style censorship that is invading countries such as India and Turkey.

    Washington is correct to deal with the immediate risks posed by the single chess piece of TikTok, but it should also see the whole board and plan for the next 20 moves. The history of the rest of the 21st century depends on it.

    As a growing number of lawmakers raise national security concerns about TikTok’s ties to China, and some experts worry about the app’s impact on young people’s mental health, CNN is hosting a special to dig into these issues. Watch “CNN Primetime: Is time up for TikTok?” Thursday, March 23 at 9 p.m. ET.