Amnesty International presses Apple to warn Chinese iCloud users of government snooping ri...
Amnesty International is calling on Apple to inform Chinese iCloud users that their data might be at risk of government prying after the company migrated regional accounts to China-based servers, a move designed to conform with local laws.
In a post to its official blog on Thursday, Amnesty announced a new social media initiative urging Apple to inform its Chinese customer base of potential unwarranted data access by government agencies. The campaign is timed to coincide with CEO Tim Cook's visit to China, where he is co-chairing the China Development Forum.
"Tim Cook is not being upfront with Apple's Chinese users when insisting that their private data will always be secure," said Nicholas Bequelin, East Asia Director at Amnesty International. "Apple's pursuit of profits has left Chinese iCloud users facing huge new privacy risks."
Apple in February moved Chinese iCloud keys to a local server farm run by in-country partner Guizhou-Cloud Big Data Industry Co. Ltd.
The Cupertino tech giant opened its first China-based data center in collaboration with GCBD in 2017, noting at the time that the facility would allow compliance with newly passed regulations. China last year passed cybersecurity laws requiring foreign internet companies to store customer data on domestic servers.
For its part, Apple said it advocated against iCloud being subject to the new rules, but was ultimately unsuccessful in its attempt at exclusion. Instead of discontinuing the service, a move Apple said would lead to negative user experiences and eroded customer privacy, the company conformed and migrated data to GCBD.
Of concern to privacy advocates is GCBD's close ties to the Chinese Communist Party, whose cybersecurity regulators are notorious for surveillance programs and operations to stifle free speech.
To allay fears, Apple promised consumers it would not allow backdoors into GCBD's servers, and that it would be control of iCloud's cryptographic keys. With those keys subject to China's legal system, which lacks a system for independently reviewed warrants or data requests, that detail might not matter.
"By handing over its China iCloud service to a local company without sufficient safeguards, the Chinese authorities now have potentially unfettered access to all Apple's Chinese customers' iCloud data. Apple knows it, yet has not warned its customers in China of the risks," Bequelin said. "Apple needs to be much more transparent about the risks to privacy posed by recent changes to the iCloud service in China."
Apple informed Chinese users of the data transfer in January, a month prior to the actual handover. In a message to existing customers, the company said its GCBD partnership will enable speed and reliability improvements and compliance with Chinese regulations. Further, a link to GCBD's terms and conditions was provided.
Apple in previous statements said it would not migrate customer data to Chinese servers without express customer consent, noting those who did not wish to have their data transferred were able to terminate their account. In February, shortly before the exchange was scheduled to take place, the company said more than 99.9 percent of current Chinese iCloud users had agreed to the terms.
In a post to its official blog on Thursday, Amnesty announced a new social media initiative urging Apple to inform its Chinese customer base of potential unwarranted data access by government agencies. The campaign is timed to coincide with CEO Tim Cook's visit to China, where he is co-chairing the China Development Forum.
"Tim Cook is not being upfront with Apple's Chinese users when insisting that their private data will always be secure," said Nicholas Bequelin, East Asia Director at Amnesty International. "Apple's pursuit of profits has left Chinese iCloud users facing huge new privacy risks."
Apple in February moved Chinese iCloud keys to a local server farm run by in-country partner Guizhou-Cloud Big Data Industry Co. Ltd.
The Cupertino tech giant opened its first China-based data center in collaboration with GCBD in 2017, noting at the time that the facility would allow compliance with newly passed regulations. China last year passed cybersecurity laws requiring foreign internet companies to store customer data on domestic servers.
For its part, Apple said it advocated against iCloud being subject to the new rules, but was ultimately unsuccessful in its attempt at exclusion. Instead of discontinuing the service, a move Apple said would lead to negative user experiences and eroded customer privacy, the company conformed and migrated data to GCBD.
Of concern to privacy advocates is GCBD's close ties to the Chinese Communist Party, whose cybersecurity regulators are notorious for surveillance programs and operations to stifle free speech.
To allay fears, Apple promised consumers it would not allow backdoors into GCBD's servers, and that it would be control of iCloud's cryptographic keys. With those keys subject to China's legal system, which lacks a system for independently reviewed warrants or data requests, that detail might not matter.
"By handing over its China iCloud service to a local company without sufficient safeguards, the Chinese authorities now have potentially unfettered access to all Apple's Chinese customers' iCloud data. Apple knows it, yet has not warned its customers in China of the risks," Bequelin said. "Apple needs to be much more transparent about the risks to privacy posed by recent changes to the iCloud service in China."
Apple informed Chinese users of the data transfer in January, a month prior to the actual handover. In a message to existing customers, the company said its GCBD partnership will enable speed and reliability improvements and compliance with Chinese regulations. Further, a link to GCBD's terms and conditions was provided.
Apple in previous statements said it would not migrate customer data to Chinese servers without express customer consent, noting those who did not wish to have their data transferred were able to terminate their account. In February, shortly before the exchange was scheduled to take place, the company said more than 99.9 percent of current Chinese iCloud users had agreed to the terms.
Comments
is demanding that makers of rope and fishing line add a warning to all packages sold in China. We’ve obtained a copy of the demanded warning and translated it. It reads, ‘Warning, this product could be confiscated by your government and used to hang you.’
Somehow I don't think the Chinese population are that dumb as to not know. There has been a long history of restricted Internet access in China.
The smarter ones will maintain local iCloud backups. The rest of the people will really not care enough.
It's no different from the millions of people using FaceBook or Google.
Which is why I suspect this less to do with gaining access to Chinese user accounts and more to do with the Chinese government pressuring Apple to support to a Chinese company that was set up the provide jobs in a very poor area.
Apple still owns the servers and are building more in mainland China. Furthermore, Apple will still be holders of encryption keys, not the Chinese company. However, the Chinese will no longer have to request the US courts to get access to the keys because Apple now has them in China.
https://www.nytimes.com/2017/07/12/business/apple-china-data-center-cybersecurity.html
Smart move. If the Chinese government wants access then they still have come to Apple. So I will retract a previous statement where I accused Apple of using another company to shield them from the responsibility.
The question is how will Apple handle requests from now on:
https://uk.reuters.com/article/us-china-apple-icloud-insight/apple-moves-to-store-icloud-keys-in-china-raising-human-rights-fears-idUKKCN1G8060
It looks like the Americans have a lot more to worry about than the Chinese.
I would also disagree with Amnesty (who aren’t the most tech savvy organisation) when they say that Apple hasn’t done enough to warn their Chinese users. The Chinese aren’t stupid. They have been receiving bing alerts and emails from Apple, and 99% didn’t have a problem, because those that have something to be concerned about wouldn’t be using Apple Services anyway.
It remains to be seen how Apple with this. But the Big Data handover isn’t really an issue. The servers still belong to Apple, and Big Data doesn’t have the keys.
“If you understand and agree, Apple and GCBD have the right to access your data stored on its servers. This includes permission sharing, exchange, and disclosure of all user data (including content) according to the application of the law.” So rather than ask Apple for anything the authorities needing information that may be stored there can instead deal directly with GCBD.
And according to China news the server in question is managed and operated by Guizhou-Cloud Big Data (GCBD), a company owned by the provincial Chinese government, and not Apple. As far as employees that's not even a blip. A few dozen eimployees is all that's required for even huge data centers.
https://www.hongkongfp.com/2018/02/17/apple-paving-way-cloud-dictatorship-china/
Amnesty is an idiot here. IMHO. No need to recap the comments already posted.
What they told Chinese users is prudent, should the situation change in the future (which it could). What is actually happening, according to Apple is sliiiightly different:
https://www.wsj.com/articles/apple-to-start-putting-sensitive-encryption-keys-in-china-1519497574
And even Apple knows this is not enough, which is why they have warned their customers about the impending change (and will not make the transfer without consent).
Still, the situation is not ideal. Apple is caught between its principles and its responsibility to its shareholders.
It would nice if the could pull out of China, like Google did. But since Google was having its ass handed to them by local search providers (with the help of the government) along with China’s reluctance to allow them to harvest personal data of its citizens then they didn’t have that much to lose.
Apple between the rock and the hard place, as usual.
I have absolutely no idea how you found anything racist in what he said.
And yes I agree that Apple is making the best they can of a bad position. Zero need for Chinese authorities to ask Apple to unlock anything as they can deal directly with GCBD, and Apple gets to avoid the whole sticky "transparency" thing if they don't have to know about it. Being able to honestly claim they did not turn over any user data to the Chinese has benefits. Deniability...
You’re kidding, right? Apple will do exactly what China says, and then western governments will just use the Chinese software, too. It’s not a happy thought, but there aren’t any happy political thoughts these days.
https://www.nytimes.com/2018/03/24/us/politics/unlock-phones-encryption.html?hp&action=click&pgtype=Homepage&clickSource=story-heading&module=first-column-region®ion=top-news&WT.nav=top-news
I think our own government has been coopted by the Chinese government. Both parties.