{"id":231092,"date":"2021-05-18T16:18:39","date_gmt":"2021-05-18T23:18:39","guid":{"rendered":"https:\/\/chinadigitaltimes.net\/?p=231092"},"modified":"2021-05-21T16:16:43","modified_gmt":"2021-05-21T23:16:43","slug":"despite-rhetoric-apple-compromises-on-data-security-human-rights-in-china","status":"publish","type":"post","link":"https:\/\/chinadigitaltimes.net\/2021\/05\/despite-rhetoric-apple-compromises-on-data-security-human-rights-in-china\/","title":{"rendered":"Despite Rhetoric, Apple Compromises on Data Security, Human Rights in China"},"content":{"rendered":"

Recent investigations by The New York Times and The Information have highlighted how Apple handed access to Chinese users’ iCloud data to a state-owned enterprise, while its suppliers are suspected to have participated in forced labor programs in Xinjiang. The two reports, especially the NYT investigation into Apple’s data storage practices, have attracted particular attention in light of Apple’s high profile efforts to present itself as an industry leader in privacy protection<\/a>. The New York Times’ Jack Nicas, Raymond Zhong, and Daisuke Wakabayashi reported on Apple’s “hard bargain” in China:<\/strong><\/a><\/p>\n

In China, Apple has ceded legal ownership of its customers\u2019 data to Guizhou-Cloud Big Data, or GCBD, a company owned by the government of Guizhou Province, whose capital is Guiyang. Apple recently required its Chinese customers to accept new iCloud terms and conditions that list GCBD as the service provider and Apple as \u201can additional party.\u201d Apple told customers the change was to \u201cimprove iCloud services in China mainland and comply with Chinese regulations.\u201d<\/p>\n

The terms and conditions included a new provision that does not appear in other countries: \u201cApple and GCBD will have access to all data that you store on this service\u201d and can share that data \u201cbetween each other under applicable law.\u201d<\/p>\n

[\u2026] But the iCloud data in China is vulnerable to the Chinese government because Apple made a series of compromises to meet the authorities\u2019 demands, according to dozens of pages of internal Apple documents on the planned design and security of the Chinese iCloud system, which were reviewed for The Times by an Apple engineer and four independent security researchers.<\/p>\n

The documents show that GCBD employees would have physical control over the servers, while Apple employees would largely monitor the operation from outside the country. The security experts said that arrangement alone represented a threat that no engineer could solve. [Source<\/strong><\/a>]<\/p><\/blockquote>\n

In 2017, China’s cybersecurity law imposed new requirements for data localization<\/a>, forcing many non-Chinese tech firms to shift their Chinese users’ data into domestic data centers. Apple complied, and its decision to store encryption keys protecting user accounts inside China<\/a> was subsequently reported in 2018<\/a>. The Times’ report sheds new light on the extent to which Apple has apparently ceded control of its data to its Chinese state-owned counterparts. It also includes the revelation that the Chinese government rejected specialized hardware security modules used elsewhere, forcing Apple to create different devices specifically for China.<\/p>\n

\n

Not only is Apple being forced to move Chinese citizens\u2019 HSMs to China, China specifically refused to certify the Thales HSMs. This is actually pretty fascinating. pic.twitter.com\/p91qEvADp9<\/a><\/p>\n

— Matthew Green (@matthew_d_green) May 17, 2021<\/a><\/p><\/blockquote>\n