Chinese iCloud data moved to servers operated by state-owned telco
Apple's Chinese iCloud partner has struck a deal with China Telecom to migrate all in-country customer data to the state-owned firm's Tianyi Cloud service, a move that seemingly flies in the face of Apple assurances against government snooping.
According to local publication Caixin, China Telecom's Tianyi Cloud in late June signed an "Infrastructure Agreement" with Apple partner Guizhou-Cloud Big Data Industry Co. Ltd. to provide iCloud storage services for mainland China. China Telecom representatives declined to offer details of the arrangement, but said GCBD migrated all Chinese iCloud customer data to Tianyi servers.
Apple confirmed the change to TechCrunch late Tuesday.
The development is likely to raise the hackles of privacy advocates who earlier this year warned of snooping risks associated with Apple's decision to move regional iCloud data to China-based servers.
Apple completed the transfer to GCBD cloud services in February after informing customers of the handover a month prior. To conform with Chinese cybersecurity laws, both user data and the cryptographic keys that protect it were transferred in the operation.
Like other cloud storage providers, Apple secures iCloud data using cryptographic keys. Prior to the mass data migration, all iCloud keys -- even those for Chinese accounts -- were located on U.S. servers, meaning governmental requests for access fell under the purview of U.S. law. Those protections vanished once user data hit Chinese soil.
For its part, Apple has repeatedly said the move is a requirement for operating iCloud and other cloud services in China. The company last year said its Chinese servers do not include backdoors, adding that it would be control of iCloud keys, not GCBD. Whether the situation has shifted with the Tianyi agreement is unclear.
The decision to continue iCloud services in light of China's record of censorship and snooping is seemingly at odds with Apple's consumer privacy dogma.
"While we advocated against iCloud being subject to these laws, we were ultimately unsuccessful," Apple said in February. It added that maintaining iCloud with its partner GCBD -- known to have close ties with the Chinese Communist Party -- is a better option than discontinuing the service, as doing so would not only lead to a negative user experience, but would also be detrimental to user privacy.
The GCBD-Tianyi tie-up is not the first time Apple leaned on China Telecom for help with its iCloud services. In 2014, the company confirmed it was storing customer data on localized servers to improve speed and reliability for customers. Unlike the current arrangement, however, iCloud security keys were kept offshore.
According to local publication Caixin, China Telecom's Tianyi Cloud in late June signed an "Infrastructure Agreement" with Apple partner Guizhou-Cloud Big Data Industry Co. Ltd. to provide iCloud storage services for mainland China. China Telecom representatives declined to offer details of the arrangement, but said GCBD migrated all Chinese iCloud customer data to Tianyi servers.
Apple confirmed the change to TechCrunch late Tuesday.
The development is likely to raise the hackles of privacy advocates who earlier this year warned of snooping risks associated with Apple's decision to move regional iCloud data to China-based servers.
Apple completed the transfer to GCBD cloud services in February after informing customers of the handover a month prior. To conform with Chinese cybersecurity laws, both user data and the cryptographic keys that protect it were transferred in the operation.
Like other cloud storage providers, Apple secures iCloud data using cryptographic keys. Prior to the mass data migration, all iCloud keys -- even those for Chinese accounts -- were located on U.S. servers, meaning governmental requests for access fell under the purview of U.S. law. Those protections vanished once user data hit Chinese soil.
For its part, Apple has repeatedly said the move is a requirement for operating iCloud and other cloud services in China. The company last year said its Chinese servers do not include backdoors, adding that it would be control of iCloud keys, not GCBD. Whether the situation has shifted with the Tianyi agreement is unclear.
The decision to continue iCloud services in light of China's record of censorship and snooping is seemingly at odds with Apple's consumer privacy dogma.
"While we advocated against iCloud being subject to these laws, we were ultimately unsuccessful," Apple said in February. It added that maintaining iCloud with its partner GCBD -- known to have close ties with the Chinese Communist Party -- is a better option than discontinuing the service, as doing so would not only lead to a negative user experience, but would also be detrimental to user privacy.
The GCBD-Tianyi tie-up is not the first time Apple leaned on China Telecom for help with its iCloud services. In 2014, the company confirmed it was storing customer data on localized servers to improve speed and reliability for customers. Unlike the current arrangement, however, iCloud security keys were kept offshore.
Comments
"...You understand and agree that Apple AND GCBD will have access to all data that you store on this service, including the right to share, exchange and disclose all user data, including Content, to and between each other under applicable law.
Of note and something many here would not be aware of: There is no Apple iCloud service in China so they have nothing to operate. It's a GCBD operation under GCBD control and rules, with Apple as a junior partner who will sometimes be required to provide support.
Welcome to iCloud operated by GCBD
THIS LEGAL AGREEMENT BETWEEN YOU AND AIPO CLOUD (GUIZHOU) TECHNOLOGY CO., LTD. (“GCBD”) GOVERNS YOUR USE OF THE ICLOUD PRODUCT, SOFTWARE, SERVICES, AND WEBSITES (COLLECTIVELY REFERRED TO AS THE "SERVICE").
https://www.apple.com/legal/internet-services/icloud/en/gcbd-terms.htmlSimple logic will tell you that GCBD in order to run the service and ensure their interests are protected (!) must have control of the keys to do so, even if Apple also retains some control of their own. They are GCBD's partner, with GCBD in the driver's seat.
At least it will be a good day for Apple making sure this doesn't get much play on the web blogs or the news. There's a big money story coming in a few hours that will drag any attention away from this one.
This is exactly the thinking that hilariously got Bush Jr and now Trump your president. Believe it or not, it won't stop here.
Really? Witch hunt?
It's sorry to see a super power such as US gets pathetically dragged by the medieval-minded clowns, and it's a shame that it has to think of various hypocritcal excuses to rob all over the world, only to feed its ignorant bloodsuckers at home.
This is a classic case of trying to deal with a problem after the fact and when the costs associated with the corrective action are as large as possible. Governments must get directly involved and provide direction and guidance rather than placing the burden on individual companies like Apple to figure this mess out on a country by country basis. This problem is much larger than Apple. Blaming Apple for discrepancies in the implementation and adaptation of iCloud to meet foreign government's requirements is ridiculous, especially from politicians who are asking Apple to do the job that they, the government, should be doing is shameful and further reveals their incompetence.
how does China know which iCloud account is registered in which country?
Perhaps you can provide a cite to back up your claim?