Table of Contents
As Guizhou-Cloud Big Data and telco China Telecom agreed to a deal in July 2018, the latter’s servers were expected to hold the Apple iCloud data. The data that belongs to its China-based customers, which raised concerns that the move would make user data vulnerable for state surveillance.
An in-depth report from The New York Times indicates that Apple’s privacy and security concessions have made it “nearly impossible for Apple to prevent the Chinese government from accessing millions of Chinese residents’ emails, photos, documents, contacts, and locations.”
These findings contrast sharply with Apple’s commitment to privacy, while also highlighting a pattern of giving in to the demands of the Chinese government to conduct business in that country.
GCBD and Apple partnership:
As part of a partnership with GCBD, Apple announced in 2018 that the mainland Chinese company would move its iCloud data to a new data center in Guizhou province as part of a 2017 policy requiring all “personal data” collected on Chinese users to be stored in the territory. “
iCloud in China mainland is operated by GCBD (AIPO Cloud (Guizhou) Technology Co. Ltd). This allows us to continue to improve iCloud services in China mainland and comply with Chinese regulations,” the iPhone maker’s support document states.
While iCloud data is encrypted from end to end, Apple is said to be storing the encryption keys on its servers, while previously all iCloud encryption keys were stored on U.S. servers, which were subject to U.S. laws regarding government access.
While U.S. law forbids American companies from turning over data to Chinese law enforcement, a New York Times report reveals that Apple and China entered into an “unusual arrangement” to sidestep U.S. legislation.
As a consequence, the company ceded legal ownership of its customers’ data to GCBD, allowing GCBD also physical access to the servers and complete access to the information stored in iCloud, thereby allowing Chinese authorities to request Apple customers’ data through GCBD.
As a result of the law’s passing, Apple iCloud data has provided the contents of an unspecified number of iCloud accounts to the government in nine cases and challenged three requests for information from the government.
The Chinese government, on the other hand, cannot be ruled out from accessing users’ data using digital keys. Additionally, Apple built its own hardware security modules (HSMs) based on the hardware security modules developed by Thales after the Chinese authorities refused to certify the devices for use.
HSMs are designed to house one or more secure crypto processors, perform encryption and decryption functions, and store cryptographic keys in a truly secure environment.
According to The New York Times, the company has never compromised security against its users or user data in “China or anywhere we operate,” adding that its Chinese data centers “feature the latest and most sophisticated protections,” that will be rolled out to other countries. “Apple asked a lot of people to back them against the FBI in 2015,”
security researcher and Johns Hopkins professor Matthew Green said in a series of tweets. “They used every tool in the legal arsenal to prevent the U.S. from gaining access to their phones. Do they think anyone is going to give them the benefit of the doubt now?”