Amnesty International presses Apple to warn Chinese iCloud users of government snooping ri...

Posted:
in General Discussion edited March 2018
Amnesty International is calling on Apple to inform Chinese iCloud users that their data might be at risk of government prying after the company migrated regional accounts to China-based servers, a move designed to conform with local laws.




In a post to its official blog on Thursday, Amnesty announced a new social media initiative urging Apple to inform its Chinese customer base of potential unwarranted data access by government agencies. The campaign is timed to coincide with CEO Tim Cook's visit to China, where he is co-chairing the China Development Forum.

"Tim Cook is not being upfront with Apple's Chinese users when insisting that their private data will always be secure," said Nicholas Bequelin, East Asia Director at Amnesty International. "Apple's pursuit of profits has left Chinese iCloud users facing huge new privacy risks."

Apple in February moved Chinese iCloud keys to a local server farm run by in-country partner Guizhou-Cloud Big Data Industry Co. Ltd.

The Cupertino tech giant opened its first China-based data center in collaboration with GCBD in 2017, noting at the time that the facility would allow compliance with newly passed regulations. China last year passed cybersecurity laws requiring foreign internet companies to store customer data on domestic servers.

For its part, Apple said it advocated against iCloud being subject to the new rules, but was ultimately unsuccessful in its attempt at exclusion. Instead of discontinuing the service, a move Apple said would lead to negative user experiences and eroded customer privacy, the company conformed and migrated data to GCBD.

Of concern to privacy advocates is GCBD's close ties to the Chinese Communist Party, whose cybersecurity regulators are notorious for surveillance programs and operations to stifle free speech.

To allay fears, Apple promised consumers it would not allow backdoors into GCBD's servers, and that it would be control of iCloud's cryptographic keys. With those keys subject to China's legal system, which lacks a system for independently reviewed warrants or data requests, that detail might not matter.

"By handing over its China iCloud service to a local company without sufficient safeguards, the Chinese authorities now have potentially unfettered access to all Apple's Chinese customers' iCloud data. Apple knows it, yet has not warned its customers in China of the risks," Bequelin said. "Apple needs to be much more transparent about the risks to privacy posed by recent changes to the iCloud service in China."

Apple informed Chinese users of the data transfer in January, a month prior to the actual handover. In a message to existing customers, the company said its GCBD partnership will enable speed and reliability improvements and compliance with Chinese regulations. Further, a link to GCBD's terms and conditions was provided.

Apple in previous statements said it would not migrate customer data to Chinese servers without express customer consent, noting those who did not wish to have their data transferred were able to terminate their account. In February, shortly before the exchange was scheduled to take place, the company said more than 99.9 percent of current Chinese iCloud users had agreed to the terms.

Comments

  • Reply 1 of 20
    lkrupplkrupp Posts: 10,557member
    Apple didn’t have much choice did they? Either comply or pull out of China. Sure Google did it but they didn’t have factories on mainland China. From other reports on other news sites the fact that these actions pertain only to Chinese iCloud customers isn’t usually made perfectly clear. It’s left to the reader to figure that out and I’m sure some think their American data is now on Chinese servers. Yep, people are that dumb.
    watto_cobrad_2jony0
  • Reply 2 of 20
    gatorguygatorguy Posts: 24,176member
    lkrupp said:
    Apple didn’t have much choice did they? Either comply or pull out of China. Sure Google did it but they didn’t have factories on mainland China. From other reports on other news sites the fact that these actions pertain only to Chinese iCloud customers isn’t usually made perfectly clear. It’s left to the reader to figure that out and I’m sure some think their American data is now on Chinese servers. Yep, people are that dumb.
    There were still choices even if none of them were good. The Chinese Cybersecurity Law does require that data connected to Chinese citizens be stored within China, that's true. AFAIK it does not require that it be shared with a Chinese owned company. Apple could have operated their own servers rather than turn over the responsibility for safeguarding user data to GCBD, a company closely linked to Chinese government and unlikely to object to any Chinese inquiries.  
    edited March 2018 muthuk_vanalingam
  • Reply 3 of 20
    Amnesty International asks Apple to inform its users the sky is blue.
    cornchipracerhomie3watto_cobrauser9b
  • Reply 4 of 20
    racerhomie3racerhomie3 Posts: 1,264member
    I call Amnesty int. idiots.
    user9bSpamSandwichtallest skil
  • Reply 5 of 20
    radarthekatradarthekat Posts: 3,842moderator
    In related news, Amnesty Internationsl
    is demanding that makers of rope and fishing line add a warning to all packages sold in China.  We’ve obtained a copy of the demanded warning and translated it.  It reads, ‘Warning, this product could be confiscated by your government and used to hang you.’
    racerhomie3watto_cobraSpamSandwichjony0
  • Reply 6 of 20

    Somehow I don't think the Chinese population are that dumb as to not know. There has been a long history of restricted Internet access in China.

    The smarter ones will maintain local iCloud backups. The rest of the people will really not care enough.


    It's no different from the millions of people using FaceBook or Google.

    edited March 2018 watto_cobrad_2user9bcornchip
  • Reply 7 of 20
    gatorguy said:
    lkrupp said:
    Apple didn’t have much choice did they? Either comply or pull out of China. Sure Google did it but they didn’t have factories on mainland China. From other reports on other news sites the fact that these actions pertain only to Chinese iCloud customers isn’t usually made perfectly clear. It’s left to the reader to figure that out and I’m sure some think their American data is now on Chinese servers. Yep, people are that dumb.
    There were still choices even if none of them were good. The Chinese Cybersecurity Law does require that data connected to Chinese citizens be stored within China, that's true. AFAIK it does not require that it be shared with a Chinese owned company. Apple could have operated their own servers rather than turn over the responsibility for safeguarding user data to GCBD, a company closely linked to Chinese government and unlikely to object to any Chinese inquiries.  
    Give it a rest man. Seriously.

    watto_cobra
  • Reply 8 of 20
    Rayz2016Rayz2016 Posts: 6,957member
    gatorguy said:
    lkrupp said:
    Apple didn’t have much choice did they? Either comply or pull out of China. Sure Google did it but they didn’t have factories on mainland China. From other reports on other news sites the fact that these actions pertain only to Chinese iCloud customers isn’t usually made perfectly clear. It’s left to the reader to figure that out and I’m sure some think their American data is now on Chinese servers. Yep, people are that dumb.
    There were still choices even if none of them were good. The Chinese Cybersecurity Law does require that data connected to Chinese citizens be stored within China, that's true. AFAIK it does not require that it be shared with a Chinese owned company. Apple could have operated their own servers rather than turn over the responsibility for safeguarding user data to GCBD, a company closely linked to Chinese government and unlikely to object to any Chinese inquiries.  

    Which is why I suspect this less to do with gaining access to Chinese user accounts  and more to do with the Chinese government pressuring Apple to support to a Chinese company that was set up the provide jobs in a very poor area. 

    Apple still owns the servers and are building more in mainland China. Furthermore, Apple will still be holders of encryption keys, not the Chinese company. However, the Chinese will no longer have to request the US courts to get access to the keys because Apple now has them in China. 

    https://www.nytimes.com/2017/07/12/business/apple-china-data-center-cybersecurity.html
    Apple said, however, that it would retain the encryption keys for the data stored at its center and that Guizhou-Cloud Big Data would not have access, meaning it would not be able to see what photos or documents were stored in iCloud without Apple’s permission.
    Smart move. If the Chinese government wants access then they still have come to Apple. So I will retract a previous statement where I accused Apple of using another company to shield them from the responsibility. 

    The question is how will Apple handle requests from now on:

    https://uk.reuters.com/article/us-china-apple-icloud-insight/apple-moves-to-store-icloud-keys-in-china-raising-human-rights-fears-idUKKCN1G8060
    Until now, Apple appears to have handed over very little data about Chinese users. From mid-2013 to mid-2017, Apple said it did not give customer account content to Chinese authorities, despite having received 176 requests, according to transparency reports published by the company. By contrast, Apple has given the United States customer account content in response to 2,366 out of 8,475 government requests. 
    Those figures are from before the Chinese cyber security laws took effect and also don’t include special national security requests in which U.S. officials might have requested data about Chinese nationals. Apple, along with other companies, is prevented by law from disclosing the targets of those requests. 
    Apple said requests for data from the new Chinese datacenter will be reflected in its transparency reports and that it won’t respond to “bulk” data requests.

    It looks like the Americans have a lot more to worry about than the Chinese.

    I would also disagree with Amnesty (who aren’t the most tech savvy organisation) when they say that Apple hasn’t done enough to warn their Chinese users. The Chinese aren’t stupid. They have been receiving bing alerts and emails from Apple, and 99% didn’t have a problem, because those that have something to be concerned about wouldn’t be using Apple Services anyway. 

    It remains to be seen how Apple with this.  But the Big Data handover isn’t really an issue. The servers still belong to Apple, and Big Data doesn’t have the keys. 

    watto_cobrauser9b
  • Reply 9 of 20
    gatorguygatorguy Posts: 24,176member
    Rayz2016 said:
    gatorguy said:
    lkrupp said:
    Apple didn’t have much choice did they? Either comply or pull out of China. Sure Google did it but they didn’t have factories on mainland China. From other reports on other news sites the fact that these actions pertain only to Chinese iCloud customers isn’t usually made perfectly clear. It’s left to the reader to figure that out and I’m sure some think their American data is now on Chinese servers. Yep, people are that dumb.
    There were still choices even if none of them were good. The Chinese Cybersecurity Law does require that data connected to Chinese citizens be stored within China, that's true. AFAIK it does not require that it be shared with a Chinese owned company. Apple could have operated their own servers rather than turn over the responsibility for safeguarding user data to GCBD, a company closely linked to Chinese government and unlikely to object to any Chinese inquiries.  

    Which is why I suspect this less to do with gaining access to Chinese user accounts  and more to do with the Chinese government pressuring Apple to support to a Chinese company that was set up the provide jobs in a very poor area. 

    Apple still owns the servers and are building more in mainland China. Furthermore, Apple will still be holders of encryption keys, not the Chinese company. However, the Chinese will no longer have to request the US courts to get access to the keys because Apple now has them in China. 

    https://www.nytimes.com/2017/07/12/business/apple-china-data-center-cybersecurity.html
    Apple said, however, that it would retain the encryption keys for the data stored at its center and that Guizhou-Cloud Big Data would not have access, meaning it would not be able to see what photos or documents were stored in iCloud without Apple’s permission.


    . The servers still belong to Apple, and Big Data doesn’t have the keys. 

    That's not the legal statement they made to Chinese users...
    “If you understand and agree, Apple and GCBD have the right to access your data stored on its servers. This includes permission sharing, exchange, and disclosure of all user data (including content) according to the application of the law.” So rather than ask Apple for anything the authorities needing information that may be stored there can instead deal directly with GCBD. 

    And according to China news the server in question is managed and operated by Guizhou-Cloud Big Data (GCBD), a company owned by the provincial Chinese government, and not Apple. As far as employees that's not even a blip. A few dozen eimployees is all that's required for even huge data centers. 
    https://www.hongkongfp.com/2018/02/17/apple-paving-way-cloud-dictatorship-china/
    edited March 2018
  • Reply 10 of 20
    user9buser9b Posts: 1member
    In related news, Amnesty Internationsl
    is demanding that makers of rope and fishing line add a warning to all packages sold in China.  We’ve obtained a copy of the demanded warning and translated it.  It reads, ‘Warning, this product could be confiscated by your government and used to hang you.’
    What prompted you to say something so offensive? It was an Ill considered jap at another culter, people.  It is boarderline racist and demeaning. Commends like yours is how people perpetuate  stereotyping and racism in our century and you dont even know it!
     
    Amnesty is an idiot here. IMHO. No need to recap the comments already posted.  
  • Reply 11 of 20
    SpamSandwichSpamSandwich Posts: 33,407member
    Good luck with that request, Amnesty. LOL!
  • Reply 12 of 20
    Rayz2016Rayz2016 Posts: 6,957member
    gatorguy said:
    Rayz2016 said:
    gatorguy said:
    lkrupp said:
    Apple didn’t have much choice did they? Either comply or pull out of China. Sure Google did it but they didn’t have factories on mainland China. From other reports on other news sites the fact that these actions pertain only to Chinese iCloud customers isn’t usually made perfectly clear. It’s left to the reader to figure that out and I’m sure some think their American data is now on Chinese servers. Yep, people are that dumb.
    There were still choices even if none of them were good. The Chinese Cybersecurity Law does require that data connected to Chinese citizens be stored within China, that's true. AFAIK it does not require that it be shared with a Chinese owned company. Apple could have operated their own servers rather than turn over the responsibility for safeguarding user data to GCBD, a company closely linked to Chinese government and unlikely to object to any Chinese inquiries.  

    Which is why I suspect this less to do with gaining access to Chinese user accounts  and more to do with the Chinese government pressuring Apple to support to a Chinese company that was set up the provide jobs in a very poor area. 

    Apple still owns the servers and are building more in mainland China. Furthermore, Apple will still be holders of encryption keys, not the Chinese company. However, the Chinese will no longer have to request the US courts to get access to the keys because Apple now has them in China. 

    https://www.nytimes.com/2017/07/12/business/apple-china-data-center-cybersecurity.html
    Apple said, however, that it would retain the encryption keys for the data stored at its center and that Guizhou-Cloud Big Data would not have access, meaning it would not be able to see what photos or documents were stored in iCloud without Apple’s permission.


    . The servers still belong to Apple, and Big Data doesn’t have the keys. 

    That's not the legal statement they made to Chinese users...
    “If you understand and agree, Apple and GCBD have the right to access your data stored on its servers. This includes permission sharing, exchange, and disclosure of all user data (including content) according to the application of the law.” So rather than ask Apple for anything the authorities needing information that may be stored there can instead deal directly with GCBD. 

    And according to China news the server in question is managed and operated by Guizhou-Cloud Big Data (GCBD), a company owned by the provincial Chinese government, and not Apple. As far as employees that's not even a blip. A few dozen eimployees is all that's required for even huge data centers. 
    https://www.hongkongfp.com/2018/02/17/apple-paving-way-cloud-dictatorship-china/

    What they told Chinese users is prudent, should the situation change in the future (which it could). What is actually happening, according to Apple is sliiiightly different:

    https://www.wsj.com/articles/apple-to-start-putting-sensitive-encryption-keys-in-china-1519497574

    Apple said it will store the keys in a secure location, retain control over them and hasn’t created any backdoors to customers’ data

    And even Apple knows this is not enough, which is why they have warned their customers about the impending change (and will not make the transfer without consent). 

    Still, the situation is not ideal. Apple is caught between its principles and its responsibility to its shareholders. 

    It would nice if the could pull out of China, like Google did. But since Google was having its ass handed to them by local search providers (with the help of the government) along with China’s reluctance to allow them to harvest personal data of its citizens then they didn’t have that much to lose.

    Apple between the rock and the hard place, as usual. 

  • Reply 13 of 20
    Rayz2016Rayz2016 Posts: 6,957member

    user9b said:
    In related news, Amnesty Internationsl
    is demanding that makers of rope and fishing line add a warning to all packages sold in China.  We’ve obtained a copy of the demanded warning and translated it.  It reads, ‘Warning, this product could be confiscated by your government and used to hang you.’
    What prompted you to say something so offensive? It was an Ill considered jap at another culter, people.  It is boarderline racist and demeaning. Commends like yours is how people perpetuate  stereotyping and racism in our century and you dont even know it!
     
    Amnesty is an idiot here. IMHO. No need to recap the comments already posted.  
    I have absolutely no idea how you found anything racist in what he said. 
    lostkiwi
  • Reply 14 of 20
    gatorguygatorguy Posts: 24,176member
    Rayz2016 said:
    gatorguy said:
    Rayz2016 said:
    gatorguy said:
    lkrupp said:
    Apple didn’t have much choice did they? Either comply or pull out of China. Sure Google did it but they didn’t have factories on mainland China. From other reports on other news sites the fact that these actions pertain only to Chinese iCloud customers isn’t usually made perfectly clear. It’s left to the reader to figure that out and I’m sure some think their American data is now on Chinese servers. Yep, people are that dumb.
    There were still choices even if none of them were good. The Chinese Cybersecurity Law does require that data connected to Chinese citizens be stored within China, that's true. AFAIK it does not require that it be shared with a Chinese owned company. Apple could have operated their own servers rather than turn over the responsibility for safeguarding user data to GCBD, a company closely linked to Chinese government and unlikely to object to any Chinese inquiries.  

    Which is why I suspect this less to do with gaining access to Chinese user accounts  and more to do with the Chinese government pressuring Apple to support to a Chinese company that was set up the provide jobs in a very poor area. 

    Apple still owns the servers and are building more in mainland China. Furthermore, Apple will still be holders of encryption keys, not the Chinese company. However, the Chinese will no longer have to request the US courts to get access to the keys because Apple now has them in China. 

    https://www.nytimes.com/2017/07/12/business/apple-china-data-center-cybersecurity.html
    Apple said, however, that it would retain the encryption keys for the data stored at its center and that Guizhou-Cloud Big Data would not have access, meaning it would not be able to see what photos or documents were stored in iCloud without Apple’s permission.


    . The servers still belong to Apple, and Big Data doesn’t have the keys. 

    That's not the legal statement they made to Chinese users...
    “If you understand and agree, Apple and GCBD have the right to access your data stored on its servers. This includes permission sharing, exchange, and disclosure of all user data (including content) according to the application of the law.” So rather than ask Apple for anything the authorities needing information that may be stored there can instead deal directly with GCBD. 

    And according to China news the server in question is managed and operated by Guizhou-Cloud Big Data (GCBD), a company owned by the provincial Chinese government, and not Apple. As far as employees that's not even a blip. A few dozen eimployees is all that's required for even huge data centers. 
    https://www.hongkongfp.com/2018/02/17/apple-paving-way-cloud-dictatorship-china/

    What they told Chinese users is prudent, should the situation change in the future (which it could). What is actually happening, according to Apple is sliiiightly different:

    https://www.wsj.com/articles/apple-to-start-putting-sensitive-encryption-keys-in-china-1519497574

    Apple said it will store the keys in a secure location, retain control over them and hasn’t created any backdoors to customers’ data

    And even Apple knows this is not enough, which is why they have warned their customers about the impending change (and will not make the transfer without consent). 

    Still, the situation is not ideal. Apple is caught between its principles and its responsibility to its shareholders. 

    It would nice if the could pull out of China, like Google did. But since Google was having its ass handed to them by local search providers (with the help of the government) along with China’s reluctance to allow them to harvest personal data of its citizens then they didn’t have that much to lose.

    Apple between the rock and the hard place, as usual. 

    No one claims that Apple created a backdoor. The Chinese can come in thru the front one. They own the place. I also have no doubt Apple has retained ownership of the encryption keys too, but it's a shared ownership with GCBD who has equal access.

     And yes I agree that Apple is making the best they can of a bad position. Zero need for Chinese authorities to ask Apple to unlock anything as they can deal directly with GCBD, and Apple gets to avoid the whole sticky "transparency" thing if they don't have to know about it. Being able to honestly claim they did not turn over any user data to the Chinese has benefits. Deniability...
    edited March 2018
  • Reply 15 of 20
    SpamSandwichSpamSandwich Posts: 33,407member
    gatorguy said:
    Rayz2016 said:
    gatorguy said:
    Rayz2016 said:
    gatorguy said:
    lkrupp said:
    Apple didn’t have much choice did they? Either comply or pull out of China. Sure Google did it but they didn’t have factories on mainland China. From other reports on other news sites the fact that these actions pertain only to Chinese iCloud customers isn’t usually made perfectly clear. It’s left to the reader to figure that out and I’m sure some think their American data is now on Chinese servers. Yep, people are that dumb.
    There were still choices even if none of them were good. The Chinese Cybersecurity Law does require that data connected to Chinese citizens be stored within China, that's true. AFAIK it does not require that it be shared with a Chinese owned company. Apple could have operated their own servers rather than turn over the responsibility for safeguarding user data to GCBD, a company closely linked to Chinese government and unlikely to object to any Chinese inquiries.  

    Which is why I suspect this less to do with gaining access to Chinese user accounts  and more to do with the Chinese government pressuring Apple to support to a Chinese company that was set up the provide jobs in a very poor area. 

    Apple still owns the servers and are building more in mainland China. Furthermore, Apple will still be holders of encryption keys, not the Chinese company. However, the Chinese will no longer have to request the US courts to get access to the keys because Apple now has them in China. 

    https://www.nytimes.com/2017/07/12/business/apple-china-data-center-cybersecurity.html
    Apple said, however, that it would retain the encryption keys for the data stored at its center and that Guizhou-Cloud Big Data would not have access, meaning it would not be able to see what photos or documents were stored in iCloud without Apple’s permission.


    . The servers still belong to Apple, and Big Data doesn’t have the keys. 

    That's not the legal statement they made to Chinese users...
    “If you understand and agree, Apple and GCBD have the right to access your data stored on its servers. This includes permission sharing, exchange, and disclosure of all user data (including content) according to the application of the law.” So rather than ask Apple for anything the authorities needing information that may be stored there can instead deal directly with GCBD. 

    And according to China news the server in question is managed and operated by Guizhou-Cloud Big Data (GCBD), a company owned by the provincial Chinese government, and not Apple. As far as employees that's not even a blip. A few dozen eimployees is all that's required for even huge data centers. 
    https://www.hongkongfp.com/2018/02/17/apple-paving-way-cloud-dictatorship-china/

    What they told Chinese users is prudent, should the situation change in the future (which it could). What is actually happening, according to Apple is sliiiightly different:

    https://www.wsj.com/articles/apple-to-start-putting-sensitive-encryption-keys-in-china-1519497574

    Apple said it will store the keys in a secure location, retain control over them and hasn’t created any backdoors to customers’ data

    And even Apple knows this is not enough, which is why they have warned their customers about the impending change (and will not make the transfer without consent). 

    Still, the situation is not ideal. Apple is caught between its principles and its responsibility to its shareholders. 

    It would nice if the could pull out of China, like Google did. But since Google was having its ass handed to them by local search providers (with the help of the government) along with China’s reluctance to allow them to harvest personal data of its citizens then they didn’t have that much to lose.

    Apple between the rock and the hard place, as usual. 

    No one claims that Apple created a backdoor. The Chinese can come in thru the front one. They own the place. I also have no doubt Apple has retained ownership of the encryption keys too, but it's a shared ownership with GCBD who has equal access.

     And yes I agree that Apple is making the best they can of a bad position. Zero need for Chinese authorities to ask Apple to unlock anything as they can deal directly with GCBD, and Apple gets to avoid the whole sticky "transparency" thing if they don't have to know about it. Being able to honestly claim they did not turn over any user data to the Chinese has benefits. Deniability...
    I think it's really only a matter of time until the PRC requires that they control all aspects of any phone that is in their country. They will own complete access to the device because their "dictator for life" leader will insist on it. At that point, Apple will probably give up on China.
    edited March 2018
  • Reply 16 of 20
    gatorguygatorguy Posts: 24,176member
    gatorguy said:
    Rayz2016 said:
    gatorguy said:
    Rayz2016 said:
    gatorguy said:
    lkrupp said:
    Apple didn’t have much choice did they? Either comply or pull out of China. Sure Google did it but they didn’t have factories on mainland China. From other reports on other news sites the fact that these actions pertain only to Chinese iCloud customers isn’t usually made perfectly clear. It’s left to the reader to figure that out and I’m sure some think their American data is now on Chinese servers. Yep, people are that dumb.
    There were still choices even if none of them were good. The Chinese Cybersecurity Law does require that data connected to Chinese citizens be stored within China, that's true. AFAIK it does not require that it be shared with a Chinese owned company. Apple could have operated their own servers rather than turn over the responsibility for safeguarding user data to GCBD, a company closely linked to Chinese government and unlikely to object to any Chinese inquiries.  

    Which is why I suspect this less to do with gaining access to Chinese user accounts  and more to do with the Chinese government pressuring Apple to support to a Chinese company that was set up the provide jobs in a very poor area. 

    Apple still owns the servers and are building more in mainland China. Furthermore, Apple will still be holders of encryption keys, not the Chinese company. However, the Chinese will no longer have to request the US courts to get access to the keys because Apple now has them in China. 

    https://www.nytimes.com/2017/07/12/business/apple-china-data-center-cybersecurity.html
    Apple said, however, that it would retain the encryption keys for the data stored at its center and that Guizhou-Cloud Big Data would not have access, meaning it would not be able to see what photos or documents were stored in iCloud without Apple’s permission.


    . The servers still belong to Apple, and Big Data doesn’t have the keys. 

    That's not the legal statement they made to Chinese users...
    “If you understand and agree, Apple and GCBD have the right to access your data stored on its servers. This includes permission sharing, exchange, and disclosure of all user data (including content) according to the application of the law.” So rather than ask Apple for anything the authorities needing information that may be stored there can instead deal directly with GCBD. 

    And according to China news the server in question is managed and operated by Guizhou-Cloud Big Data (GCBD), a company owned by the provincial Chinese government, and not Apple. As far as employees that's not even a blip. A few dozen eimployees is all that's required for even huge data centers. 
    https://www.hongkongfp.com/2018/02/17/apple-paving-way-cloud-dictatorship-china/

    What they told Chinese users is prudent, should the situation change in the future (which it could). What is actually happening, according to Apple is sliiiightly different:

    https://www.wsj.com/articles/apple-to-start-putting-sensitive-encryption-keys-in-china-1519497574

    Apple said it will store the keys in a secure location, retain control over them and hasn’t created any backdoors to customers’ data

    And even Apple knows this is not enough, which is why they have warned their customers about the impending change (and will not make the transfer without consent). 

    Still, the situation is not ideal. Apple is caught between its principles and its responsibility to its shareholders. 

    It would nice if the could pull out of China, like Google did. But since Google was having its ass handed to them by local search providers (with the help of the government) along with China’s reluctance to allow them to harvest personal data of its citizens then they didn’t have that much to lose.

    Apple between the rock and the hard place, as usual. 

    No one claims that Apple created a backdoor. The Chinese can come in thru the front one. They own the place. I also have no doubt Apple has retained ownership of the encryption keys too, but it's a shared ownership with GCBD who has equal access.

     And yes I agree that Apple is making the best they can of a bad position. Zero need for Chinese authorities to ask Apple to unlock anything as they can deal directly with GCBD, and Apple gets to avoid the whole sticky "transparency" thing if they don't have to know about it. Being able to honestly claim they did not turn over any user data to the Chinese has benefits. Deniability...
    I think it's really only a matter of time until the PRC requires that they control all aspects of any phone that is in their country. They will own complete access to the device because their "dictator for life" leader will insist on it. At that point, Apple will probably give up on China.
    There was an odd under-the-radar mention a few weeks ago that chipsets for China market iPhones may be produced separately from those bound for Western markets from now on. That would open a few different possibilities. 
  • Reply 17 of 20
    tallest skiltallest skil Posts: 43,388member
    gatorguy said:
    That's not the legal statement they made to Chinese users...
    Government would never break a law designed to stop them from having power. That would never happen. Ever.
    SpamSandwich said:
    I think it's really only a matter of time until the PRC requires that they control all aspects of any phone that is in their country. They will own complete access to the device because their "dictator for life" leader will insist on it. At that point, Apple will probably give up on China.
    You’re kidding, right? Apple will do exactly what China says, and then western governments will just use the Chinese software, too. It’s not a happy thought, but there aren’t any happy political thoughts these days.
  • Reply 18 of 20
    SpamSandwichSpamSandwich Posts: 33,407member
    Incidentally, Amnesty International should be "as concerned" about this:

    https://www.nytimes.com/2018/03/24/us/politics/unlock-phones-encryption.html?hp&action=click&pgtype=Homepage&clickSource=story-heading&module=first-column-region&region=top-news&WT.nav=top-news

    Justice Dept. Revives Push to Mandate a Way to Unlock Phones
    WASHINGTON — Federal law enforcement officials are renewing a push for a legal mandate that tech companies build tools into smartphones and other devices that would allow access to encrypted data in criminal investigations.

    F.B.I. and Justice Department officials have been quietly meeting with security researchers who have been working on approaches to provide such “extraordinary access” to encrypted devices, according to people familiar with the talks.

    Based on that research, Justice Department officials are convinced that mechanisms allowing access to the data can be engineered without intolerably weakening the devices’ security against hacking.

    I think our own government has been coopted by the Chinese government. Both parties.

    edited March 2018 tallest skillostkiwi
  • Reply 19 of 20
    gatorguygatorguy Posts: 24,176member
    Incidentally, Amnesty International should be "as concerned" about this:

    https://www.nytimes.com/2018/03/24/us/politics/unlock-phones-encryption.html?hp&action=click&pgtype=Homepage&clickSource=story-heading&module=first-column-region&region=top-news&WT.nav=top-news

    Justice Dept. Revives Push to Mandate a Way to Unlock Phones
    WASHINGTON — Federal law enforcement officials are renewing a push for a legal mandate that tech companies build tools into smartphones and other devices that would allow access to encrypted data in criminal investigations.

    F.B.I. and Justice Department officials have been quietly meeting with security researchers who have been working on approaches to provide such “extraordinary access” to encrypted devices, according to people familiar with the talks.

    Based on that research, Justice Department officials are convinced that mechanisms allowing access to the data can be engineered without intolerably weakening the devices’ security against hacking.

    I think our own government has been coopted by the Chinese government. Both parties.

    The Russians have done the same. No encrypted services allowed there either without a key supplied to the government as Telegram now knows having lost their last legal bid to keep their service private. Does Apple have encrypted services in Russia? Apparently not without a key supplied to the Russian government. 
  • Reply 20 of 20
    SpamSandwichSpamSandwich Posts: 33,407member
    gatorguy said:
    Incidentally, Amnesty International should be "as concerned" about this:

    https://www.nytimes.com/2018/03/24/us/politics/unlock-phones-encryption.html?hp&action=click&pgtype=Homepage&clickSource=story-heading&module=first-column-region&region=top-news&WT.nav=top-news

    Justice Dept. Revives Push to Mandate a Way to Unlock Phones
    WASHINGTON — Federal law enforcement officials are renewing a push for a legal mandate that tech companies build tools into smartphones and other devices that would allow access to encrypted data in criminal investigations.

    F.B.I. and Justice Department officials have been quietly meeting with security researchers who have been working on approaches to provide such “extraordinary access” to encrypted devices, according to people familiar with the talks.

    Based on that research, Justice Department officials are convinced that mechanisms allowing access to the data can be engineered without intolerably weakening the devices’ security against hacking.

    I think our own government has been coopted by the Chinese government. Both parties.

    The Russians have done the same. No encrypted services allowed there either without a key supplied to the government as Telegram now knows having lost their last legal bid to keep their service private. Does Apple have encrypted services in Russia? Apparently not without a key supplied to the Russian government. 
    Soon nations may consider individuals using encryption for their own security to be enemies of the state.
    edited March 2018
Sign In or Register to comment.