On the menu today: Today is the last day of the Supreme Court’s term, which means that our Dan McLaughlin is busier than an accountant before Tax Day or John McClane around Christmas. Dan’s already written up summaries and analyses of the Court’s decisions on mail-in voting deadlines, the president’s authority to fire members of the executive branch, and independence of the Federal Reserve. Today should bring decisions on birthright citizenship, transgender athletes, and campaign spending rules. Go have that second cup of coffee, Dan.

I’m still out in Newport Beach, Calif., after yesterday’s National Review Institute regional seminar on American Leadership & National Security. You should attend events like these, because you never know what you’ll learn. During a conversation between Michael Lucci, the founder of State Armor, and Will Swaim of the California Policy Center, I learned a lot about Temu — a place at which I have never shopped, and I hope you never have, either.

Another National Security Threat

You’re probably familiar with Temu, the giant online Chinese retailer. It has come to be associated with second-rate, inferior products; thus, my assertion that “James Talarico is the Temu brand Beto O’Rourke.”

Temu’s website will tell you it was founded in Boston, Mass., in 2022. However, Temu is a subsidiary of PDD Holdings, which is based in Dublin, Ireland, but was founded by Chinese billionaire Colin Huang. As you probably know, there is really no such thing as a completely private company in China; “Since Xi Jinping came to power in 2012, the Chinese Communist Party (CCP) has methodically pursued a policy of expanded control and oversight of the private sector. Today, the party has a much greater ability to monitor and influence the decision-making of private Chinese firms.”

Temu’s prices are not just cheap; particularly in its formative years, the company was willing to sell at a loss to get you to download their app. Back in 2023, Wired wrote:

The reason that prices on Temu seem impossibly low is that they are. An analysis of the company’s supply chain costs by WIRED — confirmed by a company insider — shows that Temu is losing an average of $30 per order as it throws money at trying to break into the American market.

The financial company China Merchants Securities has calculated that Temu, which is also operating in Canada, Australia, and New Zealand, is losing between RMB 4.15 billion and RMB 6.73 billion ($588 million to $954 million) per year. At the same time, the company is squeezing small manufacturers in China, pressuring them to cut prices to levels that make it almost impossible to turn a profit.

“We are working for Temu for free so that Temu can attract more American customers,” says Sandy, who started selling pet products on the platform soon after it launched, speaking on condition of anonymity to avoid reprisals. Temu did not respond to a request for comment.

In 2023, an article in the U.K.’s The Guardian featured the observation, “The platform is laser-focused on capturing customer mindshare.” When a Chinese company says they want to “capture mindshare,” you should hear ominous chords playing in the background.

Temu is probably pretty pleased with the amount of American “mindshare” they have captured. Different app-tracking sites will give you different estimates of their users in the U.S.; one site calculates, “In the U.S., 133.6 million users access the Temu mobile app at least once a month.” That represents about 38 percent of Americans. Any way you slice it, the Temu app has a lot of American users.

Back in 2024, Diane Rinaldo, an expert in 5G, telecommunications supply chain security and privacy, wrote an unnerving assessment of the Temu app for the Center for Strategic and International Studies:

Temu’s app is designed to attract customers and keep them shopping via the gamification and glamification of commerce, offering incentives for longer use and more frequent purchases. These goods are “sourced” from the factory via a network of 80,000 third-party suppliers, cutting out retailers and storefronts, giving customers otherwise unfeasibly low prices. However, these prices conceal dodgy sourcing, the use of forced labor in violation of existing U.S. laws, poor-quality goods, and innumerable scams.

The app is coded at its most basic level to become the digital version of a tick or other parasite — extremely difficult to remove. Customers’ phones and devices become the app’s host, and the information contained therein is Temu’s lifeblood. While data is the lifeblood of any e-commerce or internet platform, Temu’s exceptional access means it could monitor all the user’s activity but also change settings and make it nearly impossible to remove. Deletion of the app is not the end of Temu.

Were the app’s invasiveness the end of the story, it would be concerning enough, but given that Temu has existing relationships with arms of the CCP involved in data oversight, control, and propaganda and is obligated to cooperate — under China’s National Intelligence Law — with CCP authorities, it is worth far more scrutiny than it currently receives. Temu, with its access to user devices, is an exceptionally powerful vehicle for covert surveillance and, potentially, a tool for distributed denial-of-service attacks.

Indeed, the app and its parent company should be seen as a demonstrable front in strategic competition with China.

Does that sound familiar? The U.S. government and general public did a lot of worrying, debate, and action regarding the security risks posed by TikTok. The American public has done almost nothing along those lines for Temu.

The U.S. government has at least taken a first step to rein in Temu.

Back in 2024, President Biden directed the U.S. Department of Justice to develop a “Data Security Program” to prevent access to Americans’ bulk sensitive personal data by “countries of concern” including China. In 2025, DOJ established “bulk thresholds for certain sensitive personal data, including human biometric identifiers, precise geolocation data, personal health data, personal financial data, and certain covered personal identifiers. The Final Rule also prescribes processes to obtain licenses authorizing otherwise prohibited or restricted transactions; protocols for the designation of covered persons; and provides advisory opinions, and recordkeeping, reporting, and other due diligence obligations for covered transactions.”

Several state attorneys general are suing Temu; in July, Kentucky Attorney General Russell Coleman filed a lawsuit against the company, declaring his office’s investigation found that Temu illegally collects users’ data without their knowledge and consent; allows unfettered access of that data to the Chinese government; steals the intellectual property of U.S.-owned companies, “including some of Kentucky’s most iconic brands including the University of Kentucky, University of Louisville, Buffalo Trace Distillery and Churchill Downs,” and uses forced labor from Chinese ethnic minorities in clear violation of U.S. trade policies.

The complaint also contends, “The Temu app is designed to collect sensitive user data without the user’s knowledge or consent and is purposely designed so that it can evade detection of this type of data collection by third-party security researchers.”

A broken clock can be right twice a day, and President Trump’s trade wars did some damage to Temu’s ambitions. In May 2025, Trump signed an executive order eliminating duty-free de minimis treatment for low-value imports from China and Hong Kong, ending the longstanding rule that allowed packages valued under $800 to enter the U.S. virtually tariff-free. What’s more, this change was codified by Congress — go figure, Congress can do that! — in the Big Beautiful Bill. This makes it much harder for someone to successfully argue in court that Trump is abusing his powers by making this change.

(Note that the European Union just made a comparable step, imposing a new tax on small imports that had previously been exempt from customs duties.)

So, the implementation of tariffs on the sorts of smaller packages that Temu delivers makes their goods more expensive, which probably makes Americans less likely to buy things through the company. But it doesn’t really address the issue of the app stealing Americans’ data.

Back at the end of March, the FBI issued a public warning: “Many of the most downloaded and top-grossing apps in the United States are developed and maintained by foreign companies, particularly those based in China. The apps that maintain digital infrastructure in China are subject to China’s extensive national security laws, enabling the Chinese government to potentially access mobile app users’ data.”

While that warning didn’t name Temu specifically . . . Temu is exactly the kind of company they mean.

But . . . did you hear much about this FBI warning back in March? No, me neither.

ADDENDUM: Another unusual and unnoticed fact I learned yesterday, this one shared by former national security adviser H. R. McMaster: One of the largest Russian embassies in the world is in . . . Mexico City:

Russia’s embassy in Mexico City is one of its largest around the world, with 85 diplomats listed there even though Mexico and Russia have few cultural, military or economic ties. In contrast, Mexico has 16 diplomats at its Moscow embassy, according to its Foreign Ministry.

What’s more, it’s grown quite a bit, quite rapidly:

The Kremlin added 37 diplomatic workers — an increase of about 75 percent — to its existing Mexican embassy staff of 49 after the invasion of Ukraine, though Russia is not even among Mexico’s top 25 trade partners. A larger staff allows Moscow to widen its anti-U.S. intelligence operations, promote its disinformation and propaganda throughout Latin America, and portray itself as an ally.

Mexico is a non-NATO member and U.S.-bordering country in which quite a few Americans take their vacations . . . which makes it a prime location for intelligence gathering, as well as for stirring up and enhancing anti-American sentiment. The U.S. has known this for years.

The U.S. has been trying to get the Mexican government to do something about Russia’s unusually large spy presence in their country, but it sounds like cooperation is infrequent.