Posted on

Apple moves iCloud encryption keys to China, raises privacy concerns

Photo: Gizmodo

Apple has moved encryption keys of Chinese iCloud users to China. This may allow the government to have access to consumer data, which has raised concerns from privacy advocates.

As reported by Reuters , Apple says the move was a requirement of the country’s new legislation on cloud services operating in China and serving local users. Previously, encryption keys were stored in the United States.

To access iCloud data without users providing the password, it was only possible through a lawsuit in the United States. Now, Chinese officials will be able to petition the local courts, and Apple “established a data center for Chinese users through a joint venture with Guizhou-Cloud Big Data Industry Co. Ltd.”.

Apple informs that its Chinese partner will not have possession of the encryption keys. In addition, the company and the authorities will still not have access to data from a locked iPhone. This type of activity has already been an issue in US courts, as authorities have already asked the company to have a backdoor to access the phone numbers of defendants.

However, the Chinese legal system operates differently from the United States because the police have the power to force users to provide access without requiring a court order and with wide exceptions to privacy laws.

It tells Reuters :

“Apple said it will only respond to valid legal requests in China, but China’s domestic legal process is very different than that in the US, lacking anything quite like an American “warrant” reviewed by an independent court, Chinese legal experts said. Court approval isn’t required under Chinese law and police can issue and execute warrants.
“Even very early in a criminal investigation, police have broad powers to collect evidence,” said Jeremy Daum, an attorney and research fellow at Yale Law School’s Paul Tsai China Center in Beijing. “(They are) authorized by internal police procedures rather than independent court review, and the public has an obligation to cooperate.”

Despite the move, Hong Kong and Macao users will not be affected, Reuters reports.

As TechCrunch notes, although communications via iMessage are encrypted on the phone of those who send the message and decrypted the recipient, “Apple uploads the iPhone data backup in iCloud if this option is enabled on the device.” iMessages that have not been deleted are also stored on iCloud servers in a way that can potentially be accessed by authorities.

According to Reuters , Apple said it did not provide user data to Chinese officials despite having received 176 applications between 2013 and the middle of 2017 – the period prior to new cybersecurity legislation. In addition, the company says it will not allow access to data processed by its new Chinese partner until 99.9% of consumers agree to the new terms of service.

Last year Tim Cook, Apple’s CEO, justified the company’s decision to take VPN apps from the App Store explaining that the company has to comply with local law – however, behind the claim is the company’s desire to to remain in one of the largest consumer markets in the world.

Google, which left China in 2010 after refusing to censor search results, has relaunched a Chinese version of its map service and appears to be preparing to increase its presence in the country in the coming years.