What do you think of Apple moving (Chinese) user data to Chinese servers?

[SamuelA]

iamthewalrus_3:

I’m not saying that the NSA does specifically have the ability to snoop on iMessages. I’m just saying that there’s little actual evidence to support a claim to the contrary. If they had it, we probably wouldn’t know about it. Even if they don’t have this specific capability, there are still plenty of reasons for a non-US nation to limit the attack surface against their citizens by keeping their data out of our networks. Those reasons are valid for China, even if China probably also has some other (bad) motives here.

That’s almost certainly not the reason. Apple definitely has access to all of the data that isn’t encrypted by the phones themselves, whether the data is stored in a data center physically in China, the USA, or Bangladesh. VPNs are no doubt set up bridging the networks.

By default, the phones don’t encrypt the data in a way that Apple cannot access. In the case of the San Bernardino shooter, the phone was set to a special extra-private mode where the phone used an encryption key generated from and stored in a chip on the phone to lock the data.

So no, if Apple physically has the data in China, the Chinese government plans to just demand access at their whim to the parts that Apple can access. I suppose they could enable the harder encryption but if you do that, you cannot recover the data that was on the phone if the phone itself was lost. For most users, that’s not a worthy tradeoff. I feel that my personal data would more likely exonerate me than condemn me if law enforcement ever got access to it, so am not particularly concerned.

[nightshadea]

well for starters by the time anything that the nsa does gets to the public its all ready at least 3 or 4 generations obsolete electronically I mean by now there on appleslicer 10.1 while were just finding out about 1 or 2.0

in samuela’s case he doesn’t need to worry since he doesn’t live in a country where innocence is subjective to the current mood of the investigator whos trained that no ones innocent in the first place

[China_Guy]

M’kay, let me share a tidbit about working in China circa 1990. For you kids, back then fax was still a very important method of communication and for signing agreements and such not. I mean, there was email, but not everyone had email back in the dark ages, and PDF scans (or just a photo from your cell phone) were not yet ubiquitous. We had a very important fax come in that was effectively a signed contract, and it was mislaid. And the customer was trying to back out of the contract a week later, and we couldn’t find the damned thing. One of our staff went in person to the “Bureau of Faxes” or whatever it was called in our village of about 20 million inhabitants. A little cash exchanged hands. Lo, and behold, the “Bureau of Faxes” was able to find that specific fax based on our corporate fax number, and gave us a copy.

Nearly 20 years later, with almost everything digitized and China is at minimum a leader if not THE leader in big data. Well, I don’t want to jump to hasty conclusions for which I have no proof, but will let you connect the necessary dots as required.

[SamuelA]

China_Guy:

One of our staff went in person to the “Bureau of Faxes” or whatever it was called in our village of about 20 million inhabitants. A little cash exchanged hands. Lo, and behold, the “Bureau of Faxes” was able to find that specific fax based on our corporate fax number, and gave us a copy.

The frustrating thing is that a society that surveils everyone wouldn’t be that bad if you could use that to fight corruption. If the officials in power were vulnerable to having their wrongful and bad decisions reviewed, with everything faithfully recorded so they can’t lie, we’d have a far more efficient and just society.

[asahi]

Chronos:

It sounds like a logical business decision, to me, purely on the practical merits: Store data where it’s going to be used, so you don’t have to transmit as much around the globe.

This is what it is and nothing more. The realities of doing business in China are different from the realities of doing business elsewhere. Don’t like it? Don’t do business in China. Google found that out the hard way.

Just know that it doesn’t necessarily end there. When a company agrees to do business in China, it’s agreeing to do business the Chinese way. That means storing user data on government servers, but it means other things, too, like tolerating corruption and hardball politics that may have to be played in order to maintain the privilege of having access to this market. This is true of doing business in many other countries as well, of course.

[XT]

This story was featured on China Uncensored this week, but I won’t post the video here as it has a bunch of other stuff in it. They used this article though so figured I’d post some of the stuff from that.

Apple officially moves its Chinese iCloud operations and encryption keys to China

Today Apple formally transferred its Chinese iCloud operations to a local firm in southern China. It also began hosting its iCloud encryption keys in China, instead of the US, for the first time. The move has been expected since last year when Apple announced its partnership with Guizhou-Cloud Big Data (GCBD), a Chinese firm supervised by a board ran by government-owned businesses, with close ties to the government and Chinese Communist Party.

Apple users with iCloud accounts registered in China will now have their data hosted by the GCBD center. Users who don’t want their data handed over can choose to delete their Chinese iCloud accounts. Apple has told Reuters that it won’t transfer accounts over to the new data center unless users first agree to the updated terms of service.

Since the news was first announced, security experts, lawyers, activists like China’s Chen Guangcheng, and multiple nonprofit organizations have all weighed in to point out the potential security risks. Experts say the move could force Apple to obey various government requests to access Chinese iCloud data.

It is the latest development in a pattern of Apple acquiescing to Beijing’s demands. Last July, Apple deleted VPN apps from the App Store that let mainland Chinese internet users evade censorship. Apple’s lawyers have also added a clause in the Chinese terms of service that states both Apple and GCBD may access all user data. Apple has not responded to requests for comment.

Jeremy Daum, a lawyer and research fellow at Yale Law School’s Paul Tsai China Center in Beijing, explained, “Search warrants in China are issued by police to police following internal review, not by an independent court.” He added that since police are expected to maintain confidentiality of information, issues like personal privacy or commercial secrets are not considered barriers to police collecting information.

Meanwhile, Chinese laws do not protect internet users’ privacy from government intrusion. In 2015, China passed a National Security Law, which included a provision to give police the authority to demand companies let them bypass encryption or other security tools to access personal data. The National People’s Congress was not available to comment.

The 2017 Cybersecurity Law, which requires companies operating in mainland China to host all data within the country, was likely what led Apple to partner with the new data center. Those defending Apple say that acquiescing to the Chinese government is just the cost of doing business in China. Both Tencent and Alibaba host their data in China.

This part is funny…it’s the Global Times take on all of this (always good for a laugh):

“Some users seem to be concerned about the fact that the new data center in Southwest China’s Guizhou Province will be operated by Apple’s local partner - the government-owned Guizhou-Cloud Big Data Industry Co (GCBD) - fearing their personal data might be scrutinized,” it wrote, “But such fears should by no means mask the positive effects of the venture.”

The GT opinion piece says the Chinese government will “effectively ensure data security,” and that, “Chinese businesses and institutions might no longer have to worry about the possible loss of Chinese data stored in overseas data centers and may accordingly increase their use of iCloud services.”

Charlie Smith, a co-founder of anti-censorship sites GreatFire.org and FreeWeibo.com, says there’s truth behind the data security claim the Global Times piece makes, but it’s not the main issue. “I do not doubt that the Chinese authorities can keep data secure. Baidu could likely keep data secure from the prying eyes of the NSA—but that is not the problem,” he said. “The problem is that the Chinese authorities can and will access this data whenever they deem it to be necessary. And the rationale for accessing this data is broad.”

Apple’s iCloud data is end-to-end encrypted and many experts point out that the concern isn’t outsider hacking, but rather full government access. According to Apple’s own transparency reports, between 2013 to mid-2017, the company shared a small amount of data with Chinese authorities, but caveated that it was only subscriber and transactional data and not photos, emails, or contacts. The percentage of data access requests Apple has approved has gone up over time. Apple provided data in response to 96 percent of requests during the first half of last year. It’s unclear how much data Apple will give out now that the Cybersecurity Law of 2017 has taken effect.

[Ravenman]

SamuelA:

The frustrating thing is that a society that surveils everyone wouldn’t be that bad if you could use that to fight corruption. If the officials in power were vulnerable to having their wrongful and bad decisions reviewed, with everything faithfully recorded so they can’t lie, we’d have a far more efficient and just society.

I was going to say that you have to be joking, but I’m sure you’re not. Surveilling everyone in hopes of cracking down on the very small percentage of people who are both in positions of power and are corrupt is the very definition of a dragnet.

[Chronos]

So, when user data is stored on servers in the US, Apple is still able to protect that user data from snooping by US authorities. Why would the same not also be true of Apple in China?

[XT]

Chronos:

So, when user data is stored on servers in the US, Apple is still able to protect that user data from snooping by US authorities. Why would the same not also be true of Apple in China?

Well, if you read the article I linked to you’d see that they WILL be able to keep US authorities from snooping on Chinese data in China, just like they do back in the states. So…win!

[Ravenman]

China_Guy:

M’kay, let me share a tidbit about working in China circa 1990. For you kids, back then fax was still a very important method of communication and for signing agreements and such not. I mean, there was email, but not everyone had email back in the dark ages, and PDF scans (or just a photo from your cell phone) were not yet ubiquitous. We had a very important fax come in that was effectively a signed contract, and it was mislaid. And the customer was trying to back out of the contract a week later, and we couldn’t find the damned thing. One of our staff went in person to the “Bureau of Faxes” or whatever it was called in our village of about 20 million inhabitants. A little cash exchanged hands. Lo, and behold, the “Bureau of Faxes” was able to find that specific fax based on our corporate fax number, and gave us a copy.

I don’t want to sound incredulous, but this story amazes me.

You got a response out of a Chinese bureaucracy in a short period of time? That’s crazy talk!

[Chronos]

Well, he did mention a bribe.

Did the guy at the bureau ask you what you wanted the fax to say?