Apple Agrees To Store Chinese iCloud Data In China, Making It Much Easier For The Chinese Gov't To Access It

from the joining-the-Big-Brothers-program dept

In a time when law enforcement officials are calling Apple "evil" and demanding access to encrypted communications, it doesn't make much sense for the company to be doing this.

When Apple Inc begins hosting Chinese users’ iCloud accounts in a new Chinese data center at the end of this month to comply with new laws there, Chinese authorities will have far easier access to text messages, email and other data stored in the cloud. That’s because of a change to how the company handles the cryptographic keys needed to unlock an iCloud account. Until now, such keys have always been stored in the United States, meaning that any government or law enforcement authority seeking access to a Chinese iCloud account needed to go through the U.S. legal system. Now, according to Apple, for the first time the company will store the keys for Chinese iCloud accounts in China itself. That means Chinese authorities will no longer have to use the U.S. courts to seek information on iCloud users and can instead use their own legal system to ask Apple to hand over iCloud data for Chinese users, legal experts said.

This will allow the Chinese government to quell dissent and hunt down wrong-thinkers much more efficiently. It also shows the company is willing to drastically change the way it does business in order to maintain a large foreign customer base. This move will prompt questions from Congressional reps and FBI officials about Apple's refusal to work with the US government to provide access to locked devices and encrypted communications. Thanks to its acquiescence to the Chinese government, these questions won't be so easy to answer.

This change in policy won't budge the needle much in terms of US lawful access. US authorities will now have to route requests for Chinese data through the Chinese government, but it's unlikely there's much of that going on now. Requests for domestic data and communications stored in Apple's iCloud will be handled the way they always have been. Apple's always held keys domestically for iCloud accounts, which makes the cries of "going dark" a bit melodramatic.

But it does indicate Apple is willing to change policies for governments far less freedom-friendly than ours. And if it's willing to do that, why won't it stash encryption keys for locked devices where US law enforcement can access them?

Apple's defense of this move is interesting. It claims denying the Chinese government access would have meant shutting down the service in China. According to Apple's statements, this would make Chinese users less safe than the company decrypting iCloud data on demand.

“While we advocated against iCloud being subject to these laws, we were ultimately unsuccessful,” it said. Apple said it decided it was better to offer iCloud under the new system because discontinuing it would lead to a bad user experience and actually lead to less data privacy and security for its Chinese customers.

Presumably, data would have migrated to smaller cloud services offering even less protection to Chinese citizens. But that's hard to square with the fact that Apple's Chinese iCloud infrastructure is reliant on state-owned cloud firm Guizhou -- a company with close ties to the Chinese government.

Apple says the government won't have access to keys. It will still hold the keys, but the data's location means there won't be any prolonged battles over jurisdiction. Its "contractual arrangement" with Guizhou possibly makes Apple's decision to hold the keys inconsequential. The government may be able to approach Apple's partner and obtain direct access, bypassing the very minimal legal requirements Chinese law enforcement needs to meet before demanding user data.

Apple used to resist the Chinese government's demand for cloud data. Now it's pretty much engaged in a partnership with a state-owned business. If it's willing to do this, its resistance to US government overtures seems hypocritical at best. I don't want Apple to lower its defenses against US government intrusion, but I'd rather it took a consistent stance on these issues. Right now, it appears to be willing to submit to authoritarian governments rather than sacrifice part of its user base. It punches holes in its defenses of its actions on the domestic side and makes it easier for US law enforcement officials to sell encryption-damaging legislation to Congress and the White House.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: china, human rights, icloud, privacy, security, surveillance

Companies: apple