Apple iCloud security change in China raises privacy questions

Apple is moving encryption keys for China-based users’ data from the US to the Asian country. Some say that’s bad for dissidents. Apple says the keys are safe.

Apple has privacy advocates worried over a change in how it protects the data of iCloud users in China, according to a pair of reports.

The data, such as messages, emails and photos, is shielded from prying eyes by encryption, which means it’s coded. But Apple will begin storing the keys for the code not in the US, as it’s done till now, but in China, say reports this week by Reuters and The Wall Street Journal.

That means Chinese authorities won’t have to go through US courts to compel Apple to give them access to data. The move is a response to new laws in China, which say cloud services offered to citizens there must store data in the country and be operated by Chinese companies.

At the end of the month, Apple will begin shifting the data to China and partner with a local company with ties to the Chinese government. Apple hasn’t said when the encryption keys themselves will be moved overseas.

Privacy advocates say the switch could mean trouble for political dissidents and others.

“Given that Apple’s China operations will be managed by a Chinese company, it seems implausible that the government will not have access to Apple data through the local company,” a University of Toronto professor who’s studied Chinese government hacking told the Journal.

Apple says, though, that the keys will be kept in a safe location and that Apple itself will maintain control of them. The company says it will hand over data only in response to valid legal requests from Chinese authorities and that it hasn’t built in any backdoors for access.

An Apple representative told the news outlets that the company advocated against iCloud being subject to the new laws but was unsuccessful. The rep also said Apple decided that discontinuing the iCloud service in China would make for a bad user experience and “less data security and privacy for our Chinese customers.”

Amazon and Microsoft also partner with China-based companies to offer cloud storage services there and tap in to the huge Chinese market. The two US-based tech giants declined to tell the Journal where encryption keys will be stored for those businesses.

Apple told the news outlets that it’s sending warning of the switch-over to iCloud users in China. Users there can opt out of iCloud to avoid having their data stored in the country. The company also said it won’t move anyone’s data until they accept the new China terms of service. Users whose settings are configured for a different country, or for Hong Kong or Macau, won’t have their data stored on Chinese servers. Reuters includes Taiwan on that list; The Journal doesn’t.

Neither Apple nor Amazon immediately responded to CNET’s request for additional comment. Microsoft declined to provide added comment.

Security: Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.

Leave a Reply

*