Chinese iCloud data moved to servers operated by state-owned telco

Posted:
in iCloud edited July 2018
Apple's Chinese iCloud partner has struck a deal with China Telecom to migrate all in-country customer data to the state-owned firm's Tianyi Cloud service, a move that seemingly flies in the face of Apple assurances against government snooping.

iCloud China


According to local publication Caixin, China Telecom's Tianyi Cloud in late June signed an "Infrastructure Agreement" with Apple partner Guizhou-Cloud Big Data Industry Co. Ltd. to provide iCloud storage services for mainland China. China Telecom representatives declined to offer details of the arrangement, but said GCBD migrated all Chinese iCloud customer data to Tianyi servers.

Apple confirmed the change to TechCrunch late Tuesday.

The development is likely to raise the hackles of privacy advocates who earlier this year warned of snooping risks associated with Apple's decision to move regional iCloud data to China-based servers.

Apple completed the transfer to GCBD cloud services in February after informing customers of the handover a month prior. To conform with Chinese cybersecurity laws, both user data and the cryptographic keys that protect it were transferred in the operation.

Like other cloud storage providers, Apple secures iCloud data using cryptographic keys. Prior to the mass data migration, all iCloud keys -- even those for Chinese accounts -- were located on U.S. servers, meaning governmental requests for access fell under the purview of U.S. law. Those protections vanished once user data hit Chinese soil.

For its part, Apple has repeatedly said the move is a requirement for operating iCloud and other cloud services in China. The company last year said its Chinese servers do not include backdoors, adding that it would be control of iCloud keys, not GCBD. Whether the situation has shifted with the Tianyi agreement is unclear.

The decision to continue iCloud services in light of China's record of censorship and snooping is seemingly at odds with Apple's consumer privacy dogma.

"While we advocated against iCloud being subject to these laws, we were ultimately unsuccessful," Apple said in February. It added that maintaining iCloud with its partner GCBD -- known to have close ties with the Chinese Communist Party -- is a better option than discontinuing the service, as doing so would not only lead to a negative user experience, but would also be detrimental to user privacy.

The GCBD-Tianyi tie-up is not the first time Apple leaned on China Telecom for help with its iCloud services. In 2014, the company confirmed it was storing customer data on localized servers to improve speed and reliability for customers. Unlike the current arrangement, however, iCloud security keys were kept offshore.
«1

Comments

  • Reply 1 of 30
    Rayz2016Rayz2016 Posts: 6,957member
    For its part, Apple has repeatedly said the move is a requirement for operating iCloud and other cloud services in China. The company last year said its Chinese servers do not include backdoors, adding that it would be control of iCloud keys, not GCBD. Whether the situation has shifted with the Tianyi agreement is unclear. 
    And this is the part that needs clarity: who has the damn keys?

    Alex1Nolscaladanian[Deleted User]ksec
  • Reply 2 of 30
    It's not really surprising. Why would China allow its citizens to have their data sitting in the US where the NSA can snoop on it. The EU has the same requirements.
    Alex1NzimmermannCiprol[Deleted User]mike54rob53dewme
  • Reply 3 of 30
    eriamjheriamjh Posts: 1,625member
    Well, assuming it existed but the first place, assume all security and privacy on iCloud in China is now lost and the government is actively scanning and searching one’s data.   
  • Reply 4 of 30
    gatorguygatorguy Posts: 24,153member
    Rayz2016 said:
    For its part, Apple has repeatedly said the move is a requirement for operating iCloud and other cloud services in China. The company last year said its Chinese servers do not include backdoors, adding that it would be control of iCloud keys, not GCBD. Whether the situation has shifted with the Tianyi agreement is unclear. 
    And this is the part that needs clarity: who has the damn keys?

    Apple has never stated that GCBD could not access iCloud data, and in fact acknowledges that GCBD can access a Chinese user's iCloud data.
    "...You understand and agree that Apple AND GCBD will have access to all data that you store on this service, including the right to share, exchange and disclose all user data, including Content, to and between each other under applicable law.

    Of note and something many here would not be aware of: There is no Apple iCloud service in China so they have nothing to operate. It's a GCBD operation under GCBD control and rules, with Apple as a junior partner who will sometimes be required to provide support. 

    Welcome to iCloud operated by GCBD

    THIS LEGAL AGREEMENT BETWEEN YOU AND AIPO CLOUD (GUIZHOU) TECHNOLOGY CO., LTD. (“GCBD”) GOVERNS YOUR USE OF THE ICLOUD PRODUCT, SOFTWARE, SERVICES, AND WEBSITES (COLLECTIVELY REFERRED TO AS THE "SERVICE").

    https://www.apple.com/legal/internet-services/icloud/en/gcbd-terms.html

    Simple logic will tell you that GCBD in order to run the service and ensure their interests are protected (!) must have control of the keys to do so, even if Apple also retains some control of their own. They are GCBD's partner, with GCBD in the driver's seat.  

    At least it will be a good day for Apple making sure this doesn't get much play on the web blogs or the news. There's a big money story coming in a few hours that will drag any attention away from this one. 
    edited July 2018 revenantcaladanianmuthuk_vanalingamksecjony0
  • Reply 5 of 30
    CiprolCiprol Posts: 53member
    China caught on early and has blocked the US govt intelligence agencies from mining their country's social media data for ulterior motives cf. Regime changes and cyber warfare. Of course, this pissed the US off. Seriously and through Wikileaks and other disclosures, the intelligence community/govt in the US have far more access to network data than most people know. It's all about the PR and spin.
    edited July 2018
  • Reply 6 of 30
    Is anyone really naive enough to think having data stored in the US is any more safe or secure than data stored in China or Holland or Ukraine for example? If anything the US' security services are more technologically advanced and have been for long enough that the backdoors already exist at hardware level in many of these servers around the world and the US already has the keys.
  • Reply 7 of 30
    gatorguygatorguy Posts: 24,153member
    mike54 said:
    The NSA snoops on data/products in the US, that's a fact. Cisco products come with NSA approved backdoors. Microsoft also works closely with the NSA, hence China has asked to see the source code for it and there a special edition for the Chinese gov. No one should be complaining because another country does the same. China does not make US laws, nor should US make Chinese laws.
    Apple didn't have to turn over any of their services to the US government to run. That's what's unique about this. 
    Jay_B_Terclinger
  • Reply 8 of 30
    croprcropr Posts: 1,120member
    It's not really surprising. Why would China allow its citizens to have their data sitting in the US where the NSA can snoop on it. The EU has the same requirements.
      The EU demands that a European end-user has full control over his own data.  In China it is the government that wants full control over the data.  Fundamentally different
    edited July 2018 SoliJay_B_Terclinger
  • Reply 9 of 30
    lkrupplkrupp Posts: 10,557member
    mike54 said:
    The NSA snoops on data/products in the US, that's a fact. Cisco products come with NSA approved backdoors. Microsoft also works closely with the NSA, hence China has asked to see the source code for it and there a special edition for the Chinese gov. No one should be complaining because another country does the same. China does not make US laws, nor should US make Chinese laws.
    Ah, the good old “everybody does it” argument. When’s the last time a U.S. or EU citizen was executed for writing something critical about their government?
    ivanhanantksundaramminicoffee
  • Reply 10 of 30
    AI_liasAI_lias Posts: 434member
    lkrupp said:
    mike54 said:
    The NSA snoops on data/products in the US, that's a fact. Cisco products come with NSA approved backdoors. Microsoft also works closely with the NSA, hence China has asked to see the source code for it and there a special edition for the Chinese gov. No one should be complaining because another country does the same. China does not make US laws, nor should US make Chinese laws.
    Ah, the good old “everybody does it” argument. When’s the last time a U.S. or EU citizen was executed for writing something critical about their government?
    Exactly what I was thinking. Snooping by the US (which should also be assumed) is not the same as snooping by China or Russia.
    watto_cobra
  • Reply 11 of 30
    ivanhivanh Posts: 597member
    Forget the back door. Now China Communist Party holds the front door key. Apple should seriously consider renaming the China iCloud as ChiCloud in order to set up a gateway from iCloud, in order to protect iCloud users in the world.
  • Reply 12 of 30
    ivanhivanh Posts: 597member
    mike54 said:
    The NSA snoops on data/products in the US, that's a fact. Cisco products come with NSA approved backdoors. Microsoft also works closely with the NSA, hence China has asked to see the source code for it and there a special edition for the Chinese gov. No one should be complaining because another country does the same. China does not make US laws, nor should US make Chinese laws.
    Mike54, are you in or from mainland China?
  • Reply 13 of 30
    ffmoffmo Posts: 1member
    lkrupp said:
    mike54 said:
    The NSA snoops on data/products in the US, that's a fact. Cisco products come with NSA approved backdoors. Microsoft also works closely with the NSA, hence China has asked to see the source code for it and there a special edition for the Chinese gov. No one should be complaining because another country does the same. China does not make US laws, nor should US make Chinese laws.
    Ah, the good old “everybody does it” argument. When’s the last time a U.S. or EU citizen was executed for writing something critical about their government?
    And when's the last time a Chinese citizen was executed for writing something critical about their government? Mind sharing some credible sources?

    AI_lias said:
    lkrupp said:
    mike54 said:
    The NSA snoops on data/products in the US, that's a fact. Cisco products come with NSA approved backdoors. Microsoft also works closely with the NSA, hence China has asked to see the source code for it and there a special edition for the Chinese gov. No one should be complaining because another country does the same. China does not make US laws, nor should US make Chinese laws.
    Ah, the good old “everybody does it” argument. When’s the last time a U.S. or EU citizen was executed for writing something critical about their government?
    Exactly what I was thinking. Snooping by the US (which should also be assumed) is not the same as snooping by China or Russia.
    This is exactly the thinking that hilariously got Bush Jr and now Trump your president. Believe it or not, it won't stop here.

    ivanh said:
    mike54 said:
    The NSA snoops on data/products in the US, that's a fact. Cisco products come with NSA approved backdoors. Microsoft also works closely with the NSA, hence China has asked to see the source code for it and there a special edition for the Chinese gov. No one should be complaining because another country does the same. China does not make US laws, nor should US make Chinese laws.
    Mike54, are you in or from mainland China?
    Really? Witch hunt?
    It's sorry to see a super power such as US gets pathetically dragged by the medieval-minded clowns, and it's a shame that it has to think of various hypocritcal excuses to rob all over the world, only to feed its ignorant bloodsuckers at home. 
  • Reply 14 of 30
    gatorguygatorguy Posts: 24,153member
    ivanh said:
    Forget the back door. Now China Communist Party holds the front door key. Apple should seriously consider renaming the China iCloud as ChiCloud in order to set up a gateway from iCloud, in order to protect iCloud users in the world.
    It's no longer Apple's and has been renamed, tho it's being treated as a first party service anyway even if provided by a third party. 
  • Reply 15 of 30
    GHammerGHammer Posts: 52member
    adm1 said:
    Is anyone really naive enough to think having data stored in the US is any more safe or secure than data stored in China or Holland or Ukraine for example? If anything the US' security services are more technologically advanced and have been for long enough that the backdoors already exist at hardware level in many of these servers around the world and the US already has the keys.
    Is anyone silly enough to think they will be jailed for say Trump is an idiot in the US? Therein lies the difference.
  • Reply 16 of 30
    dewmedewme Posts: 5,312member
    One of the biggest nontechnical concerns about cloud computing since its earliest inception has been Data Sovereignty. The problem was recognized well before the first cloud implementations ever went live. Unfortunately, the technology, adoption, and massive volumes of data residing in the cloud has gotten far ahead of the legal systems and international agreements that should have been put in place to manage it from the start. Billions of horses have already left their barns and now every country that has a barn is trying to reel them all back in and prevent any more from getting out.

    This is a classic case of trying to deal with a problem after the fact and when the costs associated with the corrective action are as large as possible. Governments must get directly involved and provide direction and guidance rather than placing the burden on individual companies like Apple to figure this mess out on a country by country basis. This problem is much larger than Apple. Blaming Apple for discrepancies in the implementation and adaptation of iCloud to meet foreign government's requirements is ridiculous, especially from politicians who are asking Apple to do the job that they, the government, should be doing is shameful and further reveals their incompetence.
  • Reply 17 of 30
    nijiniji Posts: 288member
    if a USA iCloud account holder travels to China, uses public WiFi and China Telecom access points, is that person's data also stored in China?
    how does China know which iCloud account is registered in which country?

  • Reply 18 of 30
    gatorguygatorguy Posts: 24,153member
    It's now being clarified as not necessarily anything "new" about Apple using Tianyi servers according to Apple themselves. Says they've always stored some encrypted data on other servers and Tianyi is one of them. 
    edited July 2018 muthuk_vanalingam
  • Reply 19 of 30
    anantksundaramanantksundaram Posts: 20,402member
    Pathetic. Absolutely, cravenly pathetic.
    muthuk_vanalingam
  • Reply 20 of 30
    anantksundaramanantksundaram Posts: 20,402member
    It's not really surprising. Why would China allow its citizens to have their data sitting in the US where the NSA can snoop on it. The EU has the same requirements.
    AFAIK, the NSA can't. Not on Apple's servers without a warrant.

    Perhaps you can provide a cite to back up your claim?
    watto_cobra
Sign In or Register to comment.