Apple begins storing Russian iCloud data within country, complying with new law - report

Posted:
in General Discussion edited September 2015
Apple is said to have partnered with a Russian data center to host iCloud data for users in that country, responding to a new law that went into effect on Sept. 1.


Apple Maiden NC Data Center


Racks of Apple's iCloud servers in Maiden, NC


Apple reportedly brokered a deal with Moscow's IXcellerate to host Russian user data locally, according to local newspaper Kommersant, as discovered by The Moscow Times. Apple's compliance ensures that its online services won't be blocked in Russia.

With the new law now in effect, Russia's government-run communications regulator Roskomnadzor has warned that it will begin conducting compliance inspections this year. The law is said to affect some 2.6 million companies.

If a company refuses to host its user data within Russia, Roskomnadzor can restrict access to websites and services for Russian users. Most companies have agreed to the new rules, but some --?including Facebook --?are said to be reluctant to comply.

Russia's new laws governing the Internet were one of the chief reasons cited by Spotify earlier this year, when the music streaming service abandoned its plans to launch in the country. And last year, Google also closed its engineering operations in Moscow, as criticism over the government's Internet policies began to grow.

The move to store data locally isn't unprecedented for Apple --?the company began storing Chinese users' account data on servers owned by China Telecom last year. At the time, the iPhone maker noted it takes "user security and privacy very seriously," and that all data stored on the servers is encrypted and could not be accessed by outside parties.
«1

Comments

  • Reply 1 of 21
    rob53rob53 Posts: 2,046member
    Now the NSA and CIA can't demand access to that data, just like Microsoft.
  • Reply 2 of 21
    gatorguygatorguy Posts: 20,715member
    This is a turnabout. Google and Facebook hesitant to agree to Russian access, but Apple deciding the money makes it worthwhile? A bit of a surprise.
  • Reply 3 of 21
    In a way it makes sense. Remember Google exiting China years ago. Apple on the other side thinks it's beneficial to play with the rules. Perhaps non idealistic short term but once you are out you are out...
  • Reply 4 of 21
    Quote:

    Originally Posted by Gatorguy View Post



    This is a turnabout. Google and Facebook hesitant to agree to Russian access, but Apple deciding the money is worth it? A bit of a surprise.



    It's worth it until it's not. Apple has enough confidence in their encryption that if Russia wants to spy on the data they'll have to make a demand, and Apple can decide what to do at that time: comply, compromise, or pull out, and Russia will be the one that risks looking unreasonable.

  • Reply 5 of 21
    lkrupplkrupp Posts: 7,149member
    Quote:

    Originally Posted by Magic_Al View Post

     



    It's worth it until it's not. Apple has enough confidence in their encryption that if Russia wants to spy on the data they'll have to make a demand, and Apple can decide what to do at that time: comply, compromise, or pull out, and Russia will be the one that risks looking unreasonable.




    Isn’t the reason Apple has not complied with a recent request by the U.S. government because it said it couldn’t comply as the data is encrypted and Apple does not have the encryption key? If that’s the case and Russian law does not mandate backdoor access then Apple couldn’t comply with a Russian request either. So I suspect those Russian servers are wide open to Putin’s KGB (or whatever they call it these days.)

  • Reply 6 of 21
    And the war between America and Russia moves one step closer...
  • Reply 7 of 21

    I suppose it's comforting to have all my data stored where all my porn comes from<img class=" src="http://forums-files.appleinsider.com/images/smilies//lol.gif" />

  • Reply 8 of 21
    Quote:

    Originally Posted by lkrupp View Post

     



    Isn’t the reason Apple has not complied with a recent request by the U.S. government because it said it couldn’t comply as the data is encrypted and Apple does not have the encryption key? If that’s the case and Russian law does not mandate backdoor access then Apple couldn’t comply with a Russian request either. So I suspect those Russian servers are wide open to Putin’s KGB (or whatever they call it these days.)


    In Russia, Systems Backdoor YOU!

     

    remember there is metadata that you can track when the storage is in country (IP addresses creating files, etc).  So even if not 'wide open' access logs may be enough to prove you guilty enough to put you in the Gulags, without the content of any message.

  • Reply 9 of 21
    gatorguygatorguy Posts: 20,715member
    lkrupp wrote: »

    Isn’t the reason Apple has not complied with a recent request by the U.S. government because it said it couldn’t comply as the data is encrypted and Apple does not have the encryption key? If that’s the case and Russian law does not mandate backdoor access then Apple couldn’t comply with a Russian request either. So I suspect those Russian servers are wide open to Putin’s KGB (or whatever they call it these days.)
    Google Cloud is encrypted too, yet they reportedly aren't comfortable with storing data on Russian systems. I'm guessing Facebook data is too but not entirely certain. So it's obviously not as simple as "it's encrypted so it's OK". Seems to me the issue is likely Russian demands for access to the data if needed.
  • Reply 10 of 21
    gatorguygatorguy Posts: 20,715member
    magic_al wrote: »

    It's worth it until it's not. Apple has enough confidence in their encryption that if Russia wants to spy on the data they'll have to make a demand, and Apple can decide what to do at that time: comply, compromise, or pull out, and Russia will be the one that risks looking unreasonable.
    If they are going to offer services there then they've already committed to whatever agreement the Russians required and know exactly what the details of compliance are. It's not going to be something to decide later on. It's signed and accepted.
  • Reply 11 of 21
    Quote:

    Originally Posted by Gatorguy View Post



    This is a turnabout. Google and Facebook hesitant to agree to Russian access, but Apple deciding the money makes it worthwhile? A bit of a surprise.

    Indeed.

  • Reply 12 of 21
    Quote:

    Originally Posted by Gatorguy View Post



    This is a turnabout. Google and Facebook hesitant to agree to Russian access, but Apple deciding the money makes it worthwhile? A bit of a surprise.

     

    With the Apple data encrypted, does it really matter? They are not giving Russia access, just storing the encrypted data in a datacenter in Russia.

  • Reply 13 of 21
    Post Snowden everyone knows your data isn't safe just because it is in the U.S. So the argument against locating data in a given country carries less weight.

    Not certain, but wasn't the Google/China issue as much over access as data location? This appears to be only about location... For the moment
  • Reply 14 of 21
    I thought the problem was the universal spying by U.S. intelligence agencies. It makes sense, given open knowledge of this practice, that countries would not want data stored in a hostile imperialist police state hell bent on subduing them. Americans can no longer self righteously claim the mantle of liberty. It was always about power. I mean sheesh - it [B]literally[/B] had a slave class as the origin of its initial capital accumulation. And it pontificates on liberty.
  • Reply 15 of 21
    gatorguygatorguy Posts: 20,715member
    With the Apple data encrypted, does it really matter? They are not giving Russia access, just storing the encrypted data in a datacenter in Russia.
    My guess is yes it DOES matter. Google's Cloud data is encrypted too, yet they don't wish to put their data on Russian-controlled servers. Reading between the lines Apple may well be giving the Russian government some access to Apple owners data, which is why Google And Facebook currently take issue with doing business there if that's what it requires.

    This is what the Chinese draft rules require of companies providing internet access, which by definition would include Apple. Russian rules may or may not be similar:

    -Provide “Backdoors” to Government Authorities: Article 15 requires ISPs to install “technical interfaces in the design, construction, and operation of telecommunication and Internet [services].” These technical “interfaces” would act as backdoors for government access. China’s law enforcement authorities may use these backdoors to “prevent” or “investigate” terrorist activities.

    -Provide Encryption Keys to Government Authorities: Article 15 requires ISPs to “report their encryption scheme” to the “departments responsible for encryption [likely the State Commercial Cryptography Administration] for examination.” No further details are given regarding the scope of this “examination.”

    -Article 16 requires ISPs that provide “encrypted transmission services” to file their encryption scheme with “network communication departments [likely the Ministry of Industry and Information Technology] and public security organs,” and to assist such organs in any subsequent investigative work. Essentially, this requires ISPs to provide the encryption keys to relevant government departments for use during any later investigation.

    -Data Localization: Article 15 states that any ISP “providing telecommunications or Internet service within the borders of the People’s Republic of China must locate its related servers and domestic user data within the borders of [China].This data localization requirement follows on the heels of a similar measure in Russia, and appears aimed at ensuring that the Chinese government has full access to all information transmitted within its borders. This requirement is in keeping with China’s recent embrace of the principle of “cyber-sovereignty,” which holds, in part, that States, rather than a multi-lateral coalition of stakeholders, should be free to regulate all content transmitted within their physical, geographical borders. By requiring international companies to place their servers in China, the draft law would ensure that international companies fall under Chinese jurisdiction.

    Now this in no guarantee that Apple is 100% complying with all the demands but IMHO they will have little choice if they wish to have unfettered access to Chinese and Russian customers.
  • Reply 16 of 21
    Remember our private information is not necessarily apples product (even Tim Cook claimed so) where as google and Facebook. A majority of there business and product people... Consider it like sandboxing... If you put Russian information in Russia and Chinese information in China.... Arnt you cutting down on distance between info and device.
  • Reply 17 of 21
    rcfarcfa Posts: 772member
    gatorguy wrote: »
    This is a turnabout. Google and Facebook hesitant to agree to Russian access, but Apple deciding the money makes it worthwhile? A bit of a surprise.

    With the Apple data encrypted, does it really matter? They are not giving Russia access, just storing the encrypted data in a datacenter in Russia.

    Sorry to say, that's naïve.
    Encryption is only as reliable as the implementation is bug free, the algorithms and corresponding parameters are wisely chosen.
    E.g. there is well founded suspicion that widely used encryption used parameters chosen by the NSA to make things vulnerable to their attack, which goes to prove "encrypted = safe" is much too simple a view, particularly when you try to protect yourself not against some random small time criminals but against big criminals such as governments.
    Anything that can be viewed on a web client without being decrypted locally in the browser by passwords entered by the user or stored in a locally present, well encrypted keychain, you have to consider potentially compromised, because even though the data may be stored encrypted and is transferred encrypted, it first was decrypted on the server to render the content into a description of a viewable web page. This means the server, and thus anyone with a search warrant and some technical savvy, can potentially render that information into the clear; one of many reasons why cloud solutions simply suck.
  • Reply 18 of 21
    mstonemstone Posts: 11,510member
    Quote:

    Originally Posted by lkrupp View Post

     



    Isn’t the reason Apple has not complied with a recent request by the U.S. government because it said it couldn’t comply as the data is encrypted and Apple does not have the encryption key? If that’s the case and Russian law does not mandate backdoor access then Apple couldn’t comply with a Russian request either. So I suspect those Russian servers are wide open to Putin’s KGB (or whatever they call it these days.)




    Two different things. Apple doesn't have the encryption key to a user's phone but they definitely have the encryption key to the files on the server otherwise they would not be able to serve any of your files such as iCloud documents, iTunes, email, or anything else you might view in a browser.

  • Reply 19 of 21
    jfc1138jfc1138 Posts: 3,090member
    Quote:
    Originally Posted by lkrupp View Post

     



    Isn’t the reason Apple has not complied with a recent request by the U.S. government because it said it couldn’t comply as the data is encrypted and Apple does not have the encryption key? If that’s the case and Russian law does not mandate backdoor access then Apple couldn’t comply with a Russian request either. So I suspect those Russian servers are wide open to Putin’s KGB (or whatever they call it these days.)




    For the real-time transmission acquisition I'm still unsure why they couldn't "comply" by delivering, when properly served, that encrypted stream. It's what they're in possession of after all. Same to FBI etc.

  • Reply 20 of 21
    roakeroake Posts: 642member
    Quote:

    Originally Posted by CustomTB View Post



    Post Snowden everyone knows your data isn't safe just because it is in the U.S. So the argument against locating data in a given country carries less weight.



    Not certain, but wasn't the Google/China issue as much over access as data location? This appears to be only about location... For the moment

    Let me fix that first sentence...



    Post Snowden, everyone knows your data isn't safe because it is in the U.S.

Sign In or Register to comment.