Apple potential target of proposed bill that would limit flow of data to China
U.S. Sen. Josh Hawley (R-Mo.) on Monday introduced a bill that aims to protect American interests by prohibiting companies from transferring user data or encryption keys to China, legislation that could impact Apple's Chinese business strategy.
Hawley's National Security and Personal Data Protection Act "cuts off the flow" of sensitive data to China and other countries that pose a threat to national security, as well as the security of individual Americans, according to a one-page summary (PDF link) of the bill.
"As revealed last week, China could use images of our servicemen and women' obtained from sites like TikTok to train its autonomous weapons," the release reads. "U.S. officials currently are assessing TikTok for national security reasons. China also could build or steal massive profiles on Americans. And China could use aggregate location data from phones to identify bridges or roads to target for sabotage."
Language in the overview released today appears to take issue with app makers and other entities that store user data on servers operated on Chinese soil, a consideration granted in exchange for entrance into the Asian market, Hawley says. A second function of the legislation forbids the transfer of encryption keys, a stipulation that would threaten cloud services like Apple's iCloud business.
Specifically, the bill prohibits "American companies from transferring user data or encryption keys to China and other countries that similarly threaten America's national security" and likewise bans offsite storage of data in those same regions.
Hawley's bill applies many of those same data management regulations to Chinese companies operating in the U.S., while adding concessions for excessive data collection. A third stipulation conditions the merger or sale of American companies to Chinese entities on prior approval from the Committee on Foreign Investment in the United States (CFIUS).
Whether Hawley's proposed legislation would impact Apple's Chinese operation is unclear. The company currently operates iCloud services in China, but data stored on Chinese servers is solely that of Chinese citizens.
To conform to Chinese cybersecurity laws, Apple in 2018 migrated iCloud encryption keys to Chinese servers run by Guizhou-Cloud Big Data Industry Co. Ltd.
Apple says it maintains sole control over Chinese iCloud encryption keys and claims the solution contains no government backdoors. Critics, however, note Apple might be forced to hand over the keys at any time through an official warrant system underpinned by a regime-friendly judicial process.
Though Apple was not named in the brief released today, Hawley has in the past associated the tech giant with TikTok, saying both flout U.S. security interests as they pander to China's massive commercial market.
Earlier this month, Hawley, an outspoken critic of Big Tech, called Apple, TikTok and others to a congressional hearing on China's supposed influence on the U.S. tech industry and how that relationship impacts consumer data. Both companies declined to participate. In June, the senator sent a letter to CEO Tim Cook asking for additional "Do Not Track" privacy options in iOS.
Hawley's National Security and Personal Data Protection Act "cuts off the flow" of sensitive data to China and other countries that pose a threat to national security, as well as the security of individual Americans, according to a one-page summary (PDF link) of the bill.
"As revealed last week, China could use images of our servicemen and women' obtained from sites like TikTok to train its autonomous weapons," the release reads. "U.S. officials currently are assessing TikTok for national security reasons. China also could build or steal massive profiles on Americans. And China could use aggregate location data from phones to identify bridges or roads to target for sabotage."
Language in the overview released today appears to take issue with app makers and other entities that store user data on servers operated on Chinese soil, a consideration granted in exchange for entrance into the Asian market, Hawley says. A second function of the legislation forbids the transfer of encryption keys, a stipulation that would threaten cloud services like Apple's iCloud business.
Specifically, the bill prohibits "American companies from transferring user data or encryption keys to China and other countries that similarly threaten America's national security" and likewise bans offsite storage of data in those same regions.
Hawley's bill applies many of those same data management regulations to Chinese companies operating in the U.S., while adding concessions for excessive data collection. A third stipulation conditions the merger or sale of American companies to Chinese entities on prior approval from the Committee on Foreign Investment in the United States (CFIUS).
Whether Hawley's proposed legislation would impact Apple's Chinese operation is unclear. The company currently operates iCloud services in China, but data stored on Chinese servers is solely that of Chinese citizens.
To conform to Chinese cybersecurity laws, Apple in 2018 migrated iCloud encryption keys to Chinese servers run by Guizhou-Cloud Big Data Industry Co. Ltd.
Apple says it maintains sole control over Chinese iCloud encryption keys and claims the solution contains no government backdoors. Critics, however, note Apple might be forced to hand over the keys at any time through an official warrant system underpinned by a regime-friendly judicial process.
Though Apple was not named in the brief released today, Hawley has in the past associated the tech giant with TikTok, saying both flout U.S. security interests as they pander to China's massive commercial market.
Earlier this month, Hawley, an outspoken critic of Big Tech, called Apple, TikTok and others to a congressional hearing on China's supposed influence on the U.S. tech industry and how that relationship impacts consumer data. Both companies declined to participate. In June, the senator sent a letter to CEO Tim Cook asking for additional "Do Not Track" privacy options in iOS.
Comments
China is a great and powerful nation, with thousands of years of culture, hard-working people, brilliant people, massive resources and relationships with other countries all around the world. Why do we want to strain that and isolate ourselves from the largest market on earth?
Once we have the technology, we will try to use it.
While legislation is necessary, it will definitely not have any impact on the situation 'on the ground'. Governments will simply try to access the information anyway. Any way they can and wherever it is.
The digital age means data collection and mining. Sprinkle in some AI and a bit of quantum computing and you have a fair amount of digital power at your disposal and yes, it can be 'weaponised' to a point but that will be the goal of all governments with access to the technology.
I didn't understand the reference to bridges and sabotage. Since bridges have existed they have been the target of sabotage and destruction, just like with all infrastructure and key installations. That's why the Bailey Bridge was successful in the 40s.
If there is ever a conflict at superpower level, you can kiss 'humanitarian' rules goodbye and I mean on all sides.
This first part of your statement was a fair question however when you ended it with insults it lost validity.
A Bailey bridge is a type of portable, pre-fabricated, truss bridge. It was developed in 1940-1941 by the British for military use during the Second World War and saw extensive use by British, Canadian and US military engineering units.
A number of scenes in the film "A Bridge Too Far" show Bailey Bridge(s) being assembled.
I work for a small (< $1B market cap) company that had all our technology stolen by a chinese firm (that one of our former coworkers worked for and assisted in stealing our technology). We sued them and won, but only because they had a US subsidiary; if they were china only there would have been nothing we could have done.
I just can't believe Americans would rather see china destroy us than have to agree with a conservative. Truly mind boggling.
https://thehill.com/policy/cybersecurity/261313-ig-chinese-hackers-hit-interior-department-in-2013
Their incompetence represent more of a threat to Americans’ data than Apple.