As only the well to do people in China have iPhones this could be a nice cherry picking exercise for the Chinese government to take advantage of. If US government wants to ban Huawei electronics from operating in the US, why doesn't China threaten to ban Apple from its own country, seems only fair?
There is such an easy work-around to this that it's not even funny.
Don't buy an iPhone from the Chinese market. Don't enter a Chinese address for iCloud. If you can't avoid the former, then certainly do not enter a Chinese address.
More to the point however, journalists would be insane to have any products purchased or registered in China.
Is there any chance U.S. users’ data could end up in the Chinese cloud?
Can a Chinese user travel to the U.S., buy their devices here, set up their accounts here, then go back to China and access the U.S. iCloud from there? I realize that they’d have to pay a lot for roaming data from a U.S. carrier, but for their wealthy it could be a way to avoid government snooping.
that would just swap the China snooping for US snooping. the data is encrypted so for now there isn't much either government can do with it anyway. just political scaremongering as usual.
Is there any chance U.S. users’ data could end up in the Chinese cloud?
Can a Chinese user travel to the U.S., buy their devices here, set up their accounts here, then go back to China and access the U.S. iCloud from there? I realize that they’d have to pay a lot for roaming data from a U.S. carrier, but for their wealthy it could be a way to avoid government snooping.
that would just swap the China snooping for US snooping. the data is encrypted so for now there isn't much either government can do with it anyway. just political scaremongering as usual.
This is why we have discussions like this on AI since even you don't really understand what encrypting you data means as far as Apple iCloud service. In China it can be de-encrypted for the asking since Apple has agreed to share the keys to do so with GCBD their Chinese server partner which means by extension the Chinese government. Apple themselves have said that GCBD has the same cryptographic key access to "your" data (I believe Apple used "no more than") as Apple themselves. That's a first.
In the US it requires Apple's approval and a vetted legal demand, and Apple will sometimes fight those orders, but all your iCloud data including device backups can be turned over to authorities as long as Apple agrees, and Apple says they will do so and somewhat recently began reporting general numbers on the times they've complied and the type of requests.... and yes decrypted. Apple doesn't make it as clear as it should IMO, and as proof I would point to your post as a good example, that by using iCloud users otherwise "unreadable" iMessages and other personal data become very much readable to the company as well as to anyone Apple chooses to legally share it with. https://images.apple.com/legal/privacy/transparency/requests-2017-H1-en.pdf
But nowhere else in the world outside of China does Apple allow access to those cryptographic keys by any private or governmental agency AFAIK. I don't think you understand that just because you encrypted when you sent it to Apple servers does not mean they cannot undo the process, so no it's not scare-mongering to make you and others aware of that.
In China in particular there can be no encryption service for that country where the Chinese government does not also have a de-encryption key supplied to them by the vendor. That means there is NO Apple, Microsoft or any other secure encryption service in a commercial product in mainland China. Keys to every one of them have been made available to the Chinese authorities.
Apple is the last large company to do this. Microsoft did this years ago. Google did this years ago. There is no escaping Chinese law if you want to do business in China. Obviously, encrypting your backups helps maintain your privacy even in China.
Comments
There is such an easy work-around to this that it's not even funny.
Don't buy an iPhone from the Chinese market. Don't enter a Chinese address for iCloud. If you can't avoid the former, then certainly do not enter a Chinese address.
More to the point however, journalists would be insane to have any products purchased or registered in China.
You're full of shit and you know it.
In the US it requires Apple's approval and a vetted legal demand, and Apple will sometimes fight those orders, but all your iCloud data including device backups can be turned over to authorities as long as Apple agrees, and Apple says they will do so and somewhat recently began reporting general numbers on the times they've complied and the type of requests.... and yes decrypted. Apple doesn't make it as clear as it should IMO, and as proof I would point to your post as a good example, that by using iCloud users otherwise "unreadable" iMessages and other personal data become very much readable to the company as well as to anyone Apple chooses to legally share it with.
https://images.apple.com/legal/privacy/transparency/requests-2017-H1-en.pdf
But nowhere else in the world outside of China does Apple allow access to those cryptographic keys by any private or governmental agency AFAIK. I don't think you understand that just because you encrypted when you sent it to Apple servers does not mean they cannot undo the process, so no it's not scare-mongering to make you and others aware of that.
In China in particular there can be no encryption service for that country where the Chinese government does not also have a de-encryption key supplied to them by the vendor. That means there is NO Apple, Microsoft or any other secure encryption service in a commercial product in mainland China. Keys to every one of them have been made available to the Chinese authorities.