I was wondering what 'dopers thought of this. It’s not something that’s really new, it’s been in the pipe line for a year now. Basically, for Chinese users of the iPhone the Chinese government is requiring Apple to host it’s iCloud storage (and the encryption keys) on Chinese (state run) servers in China. Here is a CNN article talking about it a bit.
On the one hand, it’s clearly a violation of Apple’s own user policies. I was a bit freaked out by this when I first read about it since it was unclear if it would be all Apple users, all Chinese users (world wide) or just Chinese users in China (it’s the latter). Thinking about it, however, I’m not sure about this, to be honest. The Chinese are already used to this, after all…all of their own home grown cellular data companies already do this, so every Chinese smart phone made in China along with every provider does this already (plus more…a lot of the phones come preloaded with apps that allow the government to record pretty much anything they would want to from chat to social media posts to even voice data based on key words). So why shouldn’t Apple? Or should they make a stand against China’s invasive policies and simply not play in that market? (Full disclosure…I don’t think they should, but not for this reason. If it were me, I’d avoid the Chinese market for the simple reason that China steals every bit of tech they can, and have essentially allowed home grown companies to steal Apples technology in the past, even locally patenting it and suing Apple for copyright violations :p).
It sounds like a logical business decision, to me, purely on the practical merits: Store data where it’s going to be used, so you don’t have to transmit as much around the globe. It sounds like you’re anticipating some dire consequences from it, but I’m not sure what they would be.
It’s only logical because the Chinese government has it’s Great Firewall of Doom and, of course, is forcing Apple to comply…other than that, it doesn’t make any more sense to house the data on Chinese servers or Chinese infrastructure than anywhere else.
I’m not anticipating any ‘dire consequences’ from putting Apple Chinese user data on government run servers than any other Chinese user data…their government already uses it’s access to that data to keep an eye on them, uses it to make arrests or even modify their credit ratings based on conformity or non-conformity with CCP policy and censorship, so no real change except Apple will be playing along as well. The only ‘dire consequences’ are nothing new…the CCP will use this to drag out anything that might be left wrt proprietary Apple information and give that to Chinese companies to use for themselves, assuming there is much left at this point. This has been a recurring theme with Apple, and basically if they haven’t learned this lesson then they never will, so I’m not losing a lot of sleep over it. Just asking what folks think about it, if they think about it at all.
This is not about the latency. The issue is that if my data is stored in a US/Canadian/EU data center and the government wants access, they need a court approved warrant to compel Apple to release the the key and data. If my data is stored in a Chinese data center, the government has full access to the keys and data with no oversite.
On its face, a country requiring that its citizens’ data be stored within its borders isn’t unreasonable.
Obviously, I think the Chinese government is likely to use this for further oppressive control over the Chinese people, which is not good.
On the other hand, if, say, France were to have such a requirement, it would likely be to protect its citizens from US espionage and law enforcement overreach.
Chronos, I think you’re incorrect. It’s probably not a practical business decision, or Apple would have already made it without the requirement of the Chinese government. There are many factors that go into where to store data, and costs of transmission are a relatively small part of that decision.
Logical in the sense that they don’t want to piss off the dictator, I mean president for life, of a very powerful one party state. You honestly think Apple is going to keep Chinese citizens’ data secure from the hands of the people who run the Chinese government? Lol.
I agree pretty much with your post, but this part is…odd. We know the US government doesn’t, in fact, have access (at least through the vendor) to this sort of data, any more than they have access to French companies encrypted data (which is to say, they might have access that they gained through covert means), so not sure how forcing Apple, say, to comply with a French mandate to do this would ‘citizens from US espionage and law enforcement overreach’. The French requiring a CHINESE company to do so would, since no Chinese company is free from CCP direct over reach and infiltration, but US (or EU) companies don’t really work that way.
We don’t know that they do have access, but that’s not the same as knowing that they don’t have access.
But, even assuming that Apple’s iCloud Data is secure against the NSA while it is on Apple’s servers, it is known that the NSA slurps up lots of traffic between the US and other countries as it enters the US and that there are few to no legal barrier to them reading as much as they can about non-US Citizens. So it would be a reasonable protection measure for France to make sure that its citizens’ data didn’t touch US networks at all when possible.
US Government: Apple, we want to read the data stored on a murderer’s iPhone, and want you to help us.
Apple: Go pound sand, fascists.
Chinese Government: Apple, we want you to store all Chinese users’ data on servers here, because… uh, reasons.
Apple: Where would you like the data center built?
Well, we do sort of know this…as Ravenman alluded to, when the US government asked Apple for their encryption codes (or to even have Apple use it’s codes to access encrypted user data), Apple told them to go pound sand. Unless you think this was some sort of show to reassure the public or something it demonstrates that officially the US government doesn’t have such front door access nor any way to coerce US companies to give it. Whether they have backdoor covert access or some sort of encryption breaking algorithm is another matter.
They can slurp up all they want (and so can and does most other nations), but if it’s encrypted they won’t be able to look at it unless they either have a backdoor or they have the codes or some encryption breaking algorithm and the hardware to run it. So, again, I’m not seeing how France would think this measure was necessary for US companies…while it certainly would be for Chinese. YMMV of course but I’m not seeing it.
The difference is that the US government isn’t behaving as if it’s an existential threat to Apple’s presence in the US market. On the other hand, Apple either complies with the Chinese government or it can kiss that market goodbye. Apple may institutionally value privacy (at the very least as a distinguishing factor relative to other tech companies), but it’s still a business.
We know nothing of the sort. The EU does have mandates that PII on EU citizens be stored only on EU servers (that mandate has gotten me a lot of work over the last few years), and it’s specifically BECAUSE the NSA and other intelligence agencies like to snoop on things they shouldn’t, and because they have the power to gag vendors so they can’t tell us about it.
This article is a few years old, but we’re still seeing the fallout from it. Other countries no longer trust us with their data, and there’s significant evidence that they are right not to do so.
I take it based on this response that you know literally nothing about either situation? Because both of these read like a Bill O’Reilly conspiracy theory.
I agree. Apple arguably appeals to some Western consumers by prioritizing privacy over requests to unlock phones at the request of police to investigate mass murderers, drug dealers, and so on. It’s probably a slight financial plus for them.
Apple unquestionably benefits financially from allowing the Chinese government to carry out a pervasive information gathering network on many aspects of the lives of Chinese people who haven’t done anything wrong, but are viewed with suspicion by the Chinese Government. Can’t let a little 24/7 monitoring of everything a Chinese iPhone user does get in the way of access to the market, after all!
Cite that this has ever happened? (Apple refusing to unlock a phone that they were technically able to, when presented with a properly executed warrant?)
Cite that this has ever happened (Apple providing personal information on Chinese citizens to the Chines government)?
And while you’re at it, are you equally upset when Apple stores EU citizens information on servers in the EU? If not, why not?
Here, though it’s amazing you haven’t heard of this.
Um…did you not read the article linked in the OP? This is exactly what Apple is doing right now.
The EU doesn’t require either it’s own or foreign companies to give them their encryption keys and facilitate their access to their citizens personal data. It’s kind of a key difference.
I’ve heard of this plenty. It just doesn’t say what you think it says. Apple did not in that case just have a “key” lying around that would unencrypt the data; the FBI was asking them to write backdoor software that would allow ANYONE with the software to unlock any device. They were not “refusing to unlock a specific device” as the headline of that article implies, and in fact did not have the technical means to do so. Under current law, that request was and still is illegal, although Congress could change that.
In addition, many Apple services are end-to-end encrypted; the “keys” aren’t stored in the cloud at all; they’re made on-demand on each user’s device.
Which means that for the Chinese government to get access to the keys, they’ll have to make their country’s equivalent of a properly executed request, and in many cases, data won’t be accessible at all, even with those keys.
Further, Apple’s still fighting even that, which means that the “Apple won’t do it for the US government, but is happy to do it for the Chinese government” isn’t true, either.
According to Apple, the US Government asked Apple to create a modified iOS and sign it so that it could be installed on the device, making it easier to bypass the phone’s security measures. Apple did not claim it was impossible to do what the Government was asking. Apple did say that it was bad policy, and also went to court to argue that the Government was ordering Apple to do something that was beyond the power of the Government to compel.
IIRC, the Government contracted with another country (can’t remember if it was the Israeli company that frequently comes up in these debates) and withdrew the order before a judge could rule on Apple’s claims. To be clear, Apple raises a perfectly good point about whether the Government should be able to compel companies to write software. But I don’t recall any judge finding that the Government’s request was illegal, as I remember, the issue became moot. Can you cite the case where the Government’s order was found illegal?
You should go tell Amnesty International that they shouldn’t be so worried about the privacy of Chinese citizens, then, on the basis that you trust the the Chinese government will have to go through the burden of “a properly executed request” among other matters.
I agree that this is a data point that supports that theory, but it’s far from proof. Important distinctions:
The FBI asked Apple for something through the courts publicly, and Apple told them to pound sand, legally. The FBI then found a method that was cheaper than fighting Apple’s attorneys.
The NSA likely has technical capabilities far greater than the FBI, most of which are unknown, and few of which are ever used through the normal public legal process.
Every few years a leak demonstrates that the NSA has infiltrated a surprising amount of the technical systems the internet is based on, using legal theory that is somewhat questionable, and everyone wrings their hands for a few weeks and then mostly goes back to ignoring it.
I’m not saying that the NSA does specifically have the ability to snoop on iMessages. I’m just saying that there’s little actual evidence to support a claim to the contrary. If they had it, we probably wouldn’t know about it. Even if they don’t have this specific capability, there are still plenty of reasons for a non-US nation to limit the attack surface against their citizens by keeping their data out of our networks. Those reasons are valid for China, even if China probably also has some other (bad) motives here.