Today, Apple formally transferred its Chinese iCloud operations to a local company in southern China. It also began hosting its iCloud encryption keys in China, rather than in the US. UU., For the first time. The measure was expected from last year when Apple announced its partnership with Guizhou-Cloud Big Data (GCBD), a Chinese firm overseen by a board of directors run by government-owned companies, with close ties to the government and the Chinese Communist Party.
Apple users with iCloud accounts registered in China will now have their data hosted in the GCBD center. Users who do not want their data delivered may choose to remove their Chinese accounts from iCloud. Apple told Reuters it will not transfer accounts to the new data center unless users first accept the updated terms of service.
Since the news was first announced, security experts, lawyers, activists such as Chen Guangcheng of China and several non-profit organizations have insisted on pointing out potential security risks. Experts say the move could force Apple to comply with several government requests to access the iCloud data in China.
Meanwhile, Apple has said that the close ties of GCBD with the government are actually an advantage. In emails to customers in mainland China last month, Apple said the move allows us to "continue to improve the speed and reliability of iCloud and comply with Chinese regulations."
It is the latest development in an Apple pattern that accepts Beijing's demands. Last July, Apple eliminated the VPN applications from the App Store that allow Internet users in mainland China to evade censorship. Apple's lawyers have also added a clause in China's terms of service that states that both Apple and GCBD can access all user data. Apple has not responded to requests for comments.
Meanwhile, Chinese laws do not protect the privacy of Internet users from government intrusion. In 2015, China passed a National Security Law, which included a provision to grant police the authority to require companies to allow them to circumvent encryption or other security tools to access personal data. The National Popular Assembly was not available to comment.
The Cybersecurity Act 2017, which requires companies operating in mainland China to host all data within the country, was probably what led Apple to partner with the new data center. Apple's supporters say that accepting the Chinese government is just the cost of doing business in China. Both Tencent and Alibaba host their data in China.
There may be a small setback to the movement for mainland Apple users. "I think that the Chinese operations of iCloud could become faster in China, since they do not have to go through the firewall," says Nir B. Kshetri, professor of administration at the University of North Carolina at Greensboro.
Chinese users are supposed to enjoy faster download times and a more stable network by connecting to the GCBD.
According to the Global Times, administered by the state, Chinese users will supposedly enjoy faster download times and a more stable network. Global Times published an article earlier this month entitled "Reasons to be happy with Apple's local data agreement."
"Some users seem to be concerned that the new data center in Guizhou province in southwestern China will be operated by Apple's local partner, the government company Guizhou-Cloud Big Data Industry Co (GCBD). , for fear that their personal data will be analyzed, "he wrote," But such fears should in no way mask the positive effects of the company. "
The GT opinion document says that the Chinese government will "effectively guarantee the security of the data" and that "Chinese companies and institutions may not have to worry about the possible loss of Chinese data stored in data centers abroad and could increase the use of iCloud ". services."
"I do not doubt that the Chinese authorities can maintain the security of the data, but that is not the problem."
Charlie Smith, co-founder of the anti-greenhouse sites GreatFire.org and FreeWeibo.com, says there is some truth behind the data security claim that the Global Times article makes, but it is not the main problem. "I do not doubt that the Chinese authorities can maintain the security of the data, Baidu could keep the data safe from the prying eyes of the NSA, but that is not the problem," he said. "The problem is that the Chinese authorities can and will have access to this data whenever they consider it necessary, and the fundamental reason for accessing this information is wide".
Apple's iCloud data is encrypted end-to-end and many experts point out that the concern is not the intrusion of others, but the full access of the government. According to Apple's own transparency reports, between 2013 and mid-2017, the company shared a small amount of data with the Chinese authorities, but warned that it was only subscribers and transactional data, and not photos, emails or contacts. . The percentage of data access requests that Apple has approved has increased over time. Apple provided data in response to 96 percent of the requests during the first half of last year. It is not clear how much data Apple will give now that the Cybersecurity Act of 2017 came into effect.
Amie Stepanovich, US Policy Manager UU For Access Now, a defense group dedicated to protecting the digital rights of users, argues that Apple's use of data location, especially encryption keys, is incorrect. "Encryption remains our best defense against unauthorized access to data, and policies that place the keys in one place provide a tempting goal for bad actors," he told The Verge.
Many Apple users in China may not notice the transition. Meanwhile, Apple tells its customers that their data will remain secure and private. "Apple has strong privacy and data security protections and no backdoors will be created in any of our systems," he said in a statement. Private, that is, until the Chinese government requests to see it.