Apple to move Chinese iCloud keys to China servers, opens door to government data requests...

Posted:
in General Discussion
In order to conform with Chinese cybersecurity laws, Apple will for the first time move cryptographic iCloud account keys out of the U.S. and into China when it migrates customer data to a local server farm in late February.




Apple notified users of the data transfer in January, saying stored information would be moved to servers operated by its in-country partner Guizhou-Cloud Big Data Industry Co. Ltd. At the time, Apple failed to detail what information would be included in the move.

On Friday, Reuters confirmed customer iCloud keys are part of the mass transfer, potentially making it easier for Chinese government agencies to obtain user texts, emails and other information.

Under Apple's security protocol, data stored in the cloud is encrypted, as are data transfers to and from user devices. Like other systems, cryptographic keys are required to access iCloud data. Currently, all iCloud keys -- even those for Chinese accounts -- are located on U.S. servers, meaning governmental requests for access fall under the purview of U.S. law.

Those protections will disappear as soon as Apple migrates the keys into China. Once on Chinese soil, government agencies will be able to request information through the Chinese legal system, which lacks the transparency, checks or oversight of its American counterpart.

Human rights activists have voiced concern that such change could be dangerous for users branded as political dissidents, whose communications and personal information might soon be open to surveillance.

For its part, Apple has repeatedly said the data migration is a requirement for operating iCloud and other cloud services in China, a lucrative region it cannot afford to overlook. Still, the decision to continue service in light of China's notorious record of censorship and government snooping is seemingly at odds with Apple's consumer privacy dogma.

"While we advocated against iCloud being subject to these laws, we were ultimately unsuccessful," Apple said in a statement. The company went on to argue that maintaining iCloud with its partner GCBD is better than discontinuing the service, as doing so would lead to a negative user experience and would be detrimental to user privacy, the report said.

Sensitive to the political climate, Apple last year said its Chinese servers do not include backdoors and that it would be control of iCloud keys, not GCBD. That might not matter, however, as those keys will be subject to the Chinese legal system, an entity legal experts note lacks mechanics by which warrants are reviewed by an independent court, the report said.

Apple said it will not switch Chinese customer data over to GCBD servers until they agree to new terms of service, but points out that more than 99.9 percent of iCloud users have already done so, according to the report.

In previous statements on the matter, Apple said users who do not wish to have their data transferred have until the end of February to terminate their account.
«13

Comments

  • Reply 1 of 46
    Use local iTunes backup Chinese users.
    Stop being complicit.I know most of you sold your souls to free services ,but try to use encryption when you can.
    shrave10PirateLifeemig647
  • Reply 2 of 46
    As only the well to do people in China have iPhones this could be a nice cherry picking exercise for the Chinese government to take advantage of. If US government wants to ban Huawei electronics from operating in the US, why doesn't China threaten to ban Apple from its own country, seems only fair?
    edited February 2018 [Deleted User]
  • Reply 3 of 46
    Does the US government —thru NSA, CIA; FBI, etc— data request? If yes, why is it so strange that China do the same? And do not tell me that for ‘privacy,’ because US agencies give a shit on citizen privacy.
    propodsuperklotonleavingthebiggmagman1979[Deleted User]Rebelwac
  • Reply 4 of 46
     I think we’re going to enter the spin zone.
    🤢
    muthuk_vanalingam[Deleted User]
  • Reply 5 of 46
    foggyhillfoggyhill Posts: 4,767member
    optik said:
     I think we’re going to enter the spin zone.
    🤢
    The one were the Chinese users and Apple have to follow Chinese laws, unless Apple becomes a foreign power, there is nothing else to do here.
    And yes, in the US, the government can ask the same, that's why Apple is trying to move away from actually owning those encryption keys even for Icloud storage although they do have to "know" some of the metadata cause well, Apple knows who you are obviously. So, they could match a origin apple ID with a destination one and yet not know or be able to retrieve the content of the message.
    optikshrave10wg45678watto_cobra
  • Reply 6 of 46
    Is there any chance U.S. users’ data could end up in the Chinese cloud?

    Can a Chinese user travel to the U.S., buy their devices here, set up their accounts here, then go back to China and access the U.S. iCloud from there? I realize that they’d have to pay a lot for roaming data from a U.S. carrier, but for their wealthy it could be a way to avoid government snooping. 
    watto_cobra
  • Reply 7 of 46
    foggyhill said:
    optik said:
     I think we’re going to enter the spin zone.
    ߤ⦬t;/div>
    🤮🤭🤔Yup it’s this [email protected] worries me.🤯

    Apple is trying to move away from actually owning those encryption keys even for Icloud storage although they do have to "know" some of the metadata cause well, Apple knows who you are obviously. So, they could match a origin apple ID with a destination one and yet not know or be able to retrieve the content of the message
    edited February 2018
  • Reply 8 of 46
    Apple is the last large company to do this.
    Microsoft did this years ago.
    Google did this years ago.
    There is no escaping Chinese law if you want to do business in China.
    Obviously, encrypting your backups helps maintain your privacy even in China.

    chabigwg45678magman1979
  • Reply 9 of 46
    Thatʼs why i say apple should provide an ios app called “ibackup” that could provide a complete encrypted backup for our iOS devices without the need to use iTunes or iCloud , transferable with a dongle ;)  to a USB key.

    danh
  • Reply 10 of 46
    radarthekatradarthekat Posts: 3,405moderator
    It is what it is.  Gonna stop selling rope because a dissident might be hanged with it?  
    SpamSandwichpeterhart2old4funchabigmagman1979jony0christophbbshank
  • Reply 11 of 46
    It’s a bit of a “devil’s bargain” doing business in China, but then if anyone thinks the US is actually THE shining light for “transparency, checks or oversight”... well, they have failed to pay attention for the last 50 years.
    magman1979
  • Reply 12 of 46
    ivanhivanh Posts: 597member
    iCloud in China should be renamed as ChiCloud. iMassage should be called ChiMessage.  The current iCloud user accounts, once migrated into the mainland China, should change to @ChiCloud.com.cn.  If Apple is not going to do so, all other @iCloud.com users will have no idea if their messages and emails are intercepted in a Chinese server.
    so, ChiCloud, please, Tim Cook!
    bshank
  • Reply 13 of 46
    gatorguygatorguy Posts: 23,303member
    Apple is the last large company to do this.
    Microsoft did this years ago.
    Google did this years ago.
    There is no escaping Chinese law if you want to do business in China.
    Obviously, encrypting your backups helps maintain your privacy even in China.

    Microsoft began moving user data under Chinese control last year. Google NEVER has done so, and I would be a bit surprised if they would no matter how much much money they could make there. 
    bigmushroom
  • Reply 14 of 46
    gatorguygatorguy Posts: 23,303member
    foggyhill said:
    optik said:
     I think we’re going to enter the spin zone.
    ߤ⦬t;/div>
    The one were the Chinese users and Apple have to follow Chinese laws, unless Apple becomes a foreign power, there is nothing else to do here.
    And yes, in the US, the government can ask the same, that's why Apple is trying to move away from actually owning those encryption keys even for Icloud storage although they do have to "know" some of the metadata cause well, Apple knows who you are obviously. So, they could match a origin apple ID with a destination one and yet not know or be able to retrieve the content of the message.
    Foggy, where did you get the idea Apple doesn't want to control the keys to Apple's encryption of user data? I'd be shocked if Apple really was trying to give the keys away, so no I don't believe that to be the case at all.

    As for the difference between accessing user data in China compared to the US or Europe or anywhere else in the world:
    Policing or government agencies have to submit requests to Apple that are then judged for their legality. Some get tossed to the side almost immediately. Others may be complied with in a very limited way while others go thru a legal vetting process. For example the FBI wants access to your user data during an "investigation". Apple says no, too broad a request. FBI narrows it. Apple still says no, they still don't believe the request to be a legal on. The FBI goes to a judge and gets an order for it. Apple still says no, it's not a legal order because <> and they appeal it.  A higher court agrees with Apple and the FBI is stymied. That's how it's supposed to work and the way Apple has always said it does work. 

    In China Apple has relinquished all responsibility for protecting customers from intrusions that Apple might otherwise properly deem illegal. Apple does not even need to be advised as China doesn't need their approval. At all. They are no longer part of the process, they're just the ones gathering it all up in one place to make it easier to get to.

    But you want to make believe it's all about nothing? If this isn't enough to give you pause to consider what really drives Apple to do what they do and say what they say...

    It doesn't make Apple evil, immoral or anything of that sort. They're a business. They chase PROFIT! just like other companies do. Corporate declarations, events organized by public relations, statements of principal and the like are all coordinated and crafted to support PROFIT!

    Like any other company Apple too will modify policies and procedures if they negatively affect revenues. That's business and why Apple exists: To make the greatest amount of profit they can. "Making the world a better place" is along for the ride and helps Apple market their products, framing their public persona quite nicely in giving buyers a social reason on top of a hardware one for Apple products to be worth a premium. If there comes a time it does not they'll modify as needed. Standing up for customer privacy goes only so far and is not what drives Apple to do what they do. 
    edited February 2018 muthuk_vanalingam
  • Reply 15 of 46
    gatorguygatorguy Posts: 23,303member
    In order to conform with Chinese cybersecurity laws, Apple will for the first time move cryptographic iCloud account keys out of the U.S. and into China when it migrates customer data to a local server farm in late February.


    Sensitive to the political climate, Apple last year said its Chinese servers do not include backdoors and that it would be control of iCloud keys, not GCBD. 
    I don't believe Apple EVER said that GCBD would not have access to the same iCloud encryption keys as they themselves do. Yes they said there was no back door built in but they don't need to do it. Go back and look at the actual statement Apple made and you can see for yourself that Apple is admitting they've given GCBD, and by extension the Chinese government,  the same access as Apple has by offering up the keys. Apple does not control them in China as of the end of the month. 
    edited February 2018 bigmushroom
  • Reply 16 of 46
    It is what it is.  Gonna stop selling rope because a dissident might be hanged with it?  
    Only if Apple is selling the rope. If some other company was selling the rope, hardly anyone would give a damn. One would think that it's only China in the spy game or trying to snoop on their own citizens. Wait until American government starts banning VPNs. I'm certain it could happen. I'd always thought our top government agencies had plenty of eavesdropping equipment and spy satellites. They always claimed it was for protecting American citizens. All I know is if you're going to operate a business in another country, it's likely you would follow its rules. Why Apple is always being singled out as the lone offender is something I don't quite understand. You'd think there was no human right's abuse going on in the U.S.

    How can any company do a global business without changing some policies? Not every country in the world is some democracy. These activist watchdogs so worried about Apple allowing stuff in China yet the American government doesn't even try to slow down the manufacturing of guns in the U.S. Let's worry about what's going on in our own country and less about what's going on in China. It's up to the citizens in China to change their own government policies. If they don't like Apple's decision forced by their own government, then those citizens will simply have to find another way to hide what they're doing online.
    edited February 2018 radarthekatchabig
  • Reply 17 of 46
    If Apple didn’t make such a bid deal about privacy and human rights then maybe people wouldn’t care.
    muthuk_vanalingam
  • Reply 18 of 46
    So I've been thinking, the could be a viable solution for this. So imagine this, Apple Samsung Microsoft and entire Tech community comes together to build  "Magi" a closed end supper computer system with near human speech and critical analysis.

    The Magi will collect insane amounts of data about every one using a computer in a particular region then analyze and store that info. Built with no feasible way of remote hacking or remote access of the system. To access information you have to be physically in the building, engaging with the computer in person, but there is no clicking on a keyboard and mouse accessing unlimited, unrelated and personal information about any one, to get information you have to talk or interrogate Magi e.g

    Agent: Hello "M" I am officer KD6-3.7, authenticate.

     Magi: good morning officer K  what can I do for you this morning ? 

     K: a Robert Dear of Charleston, South Carolina and Louisville, Kentucky has been flagged, community members have reported N1 behavioral patterns triggering this "look see" any thing note worthy ?

     Magi: let me see.... Ok I found this C2 level rhetoric on a marijuana Internet forum: "Turn to JESUS or burn in hell [...] WAKE UP SINNERS U CANT SAVE YOURSELF U WILL DIE AN WORMS SHALL EAT YOUR FLESH, NOW YOUR SOUL IS GOING SOMEWHERE." 
     
    Magi: He also posted notes on the same forum describing his own marijuana usage and stating that he was looking for women to "party" with.

     K: any group links ?

     Magi: none at this point

     K: what's you're Determination ?

     Magi: I recommend a (grade: 5 hate sentiment) reprimand, 10m radius prohibition zone and (level: 2 pri-monitor) serve. 

     K: I see, print the papper work, I'll petition a Judge's signature and pay Mr Dear a visit.

     Yes I know very cute but, this way the police can have reasonable access to information they migh need but they have to ask for specific information related to suspicion or connection to probable cause or infliction of criminality or unlawfull pattens of behavior and or activity. 

     The government uses computer to sieve through these large data sets any way, it's not like supper computers aren't doing a lot of this already.  What I think in undesirable is any group of people having this kind of power, people are corruptible and greedy and nasty even at their most noblest of causes and not to be trusted under the best circumstances.   I believe this might be the greatest calling for computing, and who better positions to get them there than Apple. The system could rapidly get so sophisticated that it could flag people itself and warn of imminent danger. Could be cool, no ?   Disagree ? 
  • Reply 19 of 46
    holyone said:
    So I've been thinking, the could be a viable solution for this. So imagine this, Apple Samsung Microsoft and entire Tech community comes together to build  "Magi" a closed end supper computer system with near human speech and critical analysis.

    The Magi will collect insane amounts of data about every one using a computer in a particular region then analyze and store that info. Built with no feasible way of remote hacking or remote access of the system. To access information you have to be physically in the building, engaging with the computer in person, but there is no clicking on a keyboard and mouse accessing unlimited, unrelated and personal information about any one, to get information you have to talk or interrogate Magi e.g

    Agent: Hello "M" I am officer KD6-3.7, authenticate.

     Magi: good morning officer K  what can I do for you this morning ? 

     K: a Robert Dear of Charleston, South Carolina and Louisville, Kentucky has been flagged, community members have reported N1 behavioral patterns triggering this "look see" any thing note worthy ?

     Magi: let me see.... Ok I found this C2 level rhetoric on a marijuana Internet forum: "Turn to JESUS or burn in hell [...] WAKE UP SINNERS U CANT SAVE YOURSELF U WILL DIE AN WORMS SHALL EAT YOUR FLESH, NOW YOUR SOUL IS GOING SOMEWHERE." 
     
    Magi: He also posted notes on the same forum describing his own marijuana usage and stating that he was looking for women to "party" with.

     K: any group links ?

     Magi: none at this point

     K: what's you're Determination ?

     Magi: I recommend a (grade: 5 hate sentiment) reprimand, 10m radius prohibition zone and (level: 2 pri-monitor) serve. 

     K: I see, print the papper work, I'll petition a Judge's signature and pay Mr Dear a visit.

     Yes I know very cute but, this way the police can have reasonable access to information they migh need but they have to ask for specific information related to suspicion or connection to probable cause or infliction of criminality or unlawfull pattens of behavior and or activity. 

     The government uses computer to sieve through these large data sets any way, it's not like supper computers aren't doing a lot of this already.  What I think in undesirable is any group of people having this kind of power, people are corruptible and greedy and nasty even at their most noblest of causes and not to be trusted under the best circumstances.   I believe this might be the greatest calling for computing, and who better positions to get them there than Apple. The system could rapidly get so sophisticated that it could flag people itself and warn of imminent danger. Could be cool, no ?   Disagree ? 
    Any system that collects data from other computers must be connected to them via a network of some type, therefore it will be “hackable”. 
  • Reply 20 of 46
    Complicity in the name of capitalism. Tim Cook and Apple are just another multinational corporation kneeling at the altar of profit.
    kent909lkruppmuthuk_vanalingam
Sign In or Register to comment.