Apple created quite a stir a few months back when they pulled 60+ major VPN applications from their App Store in China. This move came at the request of the Chinese government and left many shaking their heads at Apple’s willingness to not only condone but comply with stringent and censorious requirements imposed by China.
And now, Apple has done it again. News recently broke that Apple will move iCloud data for Chinese users, and the encryption keys used to protect that data, from the United States into China.
All encrypted data related to iCloud accounts (for example messages, emails, photos) will be stored in China, with the cryptographic keys used to protect this data migrated over eventually, as well.
The implications of this change are huge. Data stored locally in China is subject to China’s data regulations – meaning the Chinese government will be able to access and view this data much more readily than if it were stored on US soil. This circumvents the entire process of having to go through a US court to get data, and also means that China could (and likely will) access or monitor the data at will, even when a specific investigation is not underway. China currently engages in a variety of other surveillance practices, so it’s likely they will apply similar behaviors here, too.
This is concerning for a variety of reasons, from privacy to surveillance to human rights. As cited by Reuters, some activists even fear Chinese authorities could use their access to information to track down dissidents. This is not far off, given the country’s planned “social credit score” and the recent and increasing jailing of dissidents or those who speak out. China has been impinging upon privacy and rights for a long time now, and unfortunately, this latest move by Apple only leaves us asking – “what next?” It also upholds a concerning precedent the massively-powerful company is setting, which in many ways seems to condone censorship and oppressive regimes.
Apple will be “partnering” with a local company to store data, and this company will presumably have ties to the Chinese government. This data migration is set to begin as early as April, although it’s not yet stated when the encryption keys will be moved over. Apple maintains that all data and keys will remain secure but given past occurrences, it seems unlikely.
China’s latest cybersecurity law dictates that all data must be stored locally, on servers located within China at a Chinese data storage center, which is the law Apple is complying with. Amazon and Microsoft have been partnering with local companies in order to comply for quite some time, as well.
For users concerned about the security of their data, Apple is reportedly allowing them to opt out of iCloud to avoid local storage in China.