Monday, January 15, 2018

Chinese Firm to Operate China iCloud Accounts

BBC (Hacker News):

Apple’s iCloud services in mainland China will be operated by a Chinese company from next month, the tech giant has confirmed.

[…]

They include a clause that both Apple and the Chinese firm will have access to all data stored on iCloud.

Apple said it had made the move to comply with the country’s cloud computing regulations.

Jon Russell:

However, after talking to a number of users, we found that Apple has included iCloud accounts that were opened in the U.S., are paid for using U.S. dollars and/or are connected to U.S.-based App Store accounts in the data that will be handled by local partner Guizhou-Cloud Big Data (GCBD) from February 28.

[…]

One user did find an apparent opt-out. That requires the user switching their iCloud account back to China, then signing out of all devices. They then switch their phone and iCloud settings to the U.S. and then, upon signing back into iCloud, their account will (seemingly) not be part of the migration.

Apple:

If you move to a new country or region, go to your Apple ID account page, Account Info, or Settings to change your Apple ID information.

Ben Lovejoy:

The company issued a reassuring-sounding statement that the same encryption standards would be applied, and that ‘no backdoors will be created into any of our systems.’ However, Apple’s revised iCloud terms and conditions for the country make it clear that GCBD will have full access to the data.

You understand and agree that Apple and GCBD will have access to all data that you store on this service, including the right to share, exchange and disclose all user data, including Content, to and between each other under applicable law.

The benign interpretation of this would be that GCBD only has access to the encrypted data, which it needs in order to operate the servers, and would have no more access to the data than the U.S. government. The more cynical one would be that the Chinese government will have free access to all your data, provided only that it comes up with a legal justification for this. And cynics would argue that this is the reason the government changed the law in the first place.

It’s also possible the government would be in a position to man-in-the-middle, without needing a backdoor.

See also: Lloyd Chambers.

Previously: Apple Pulls VPN Apps From China App Store.

Update (2018-01-17): Matthew Green:

If Apple needs to fundamentally rearchitect iCloud to comply with Chinese regulations, that’s certainly an option. But they should say explicitly and unambiguously what they’ve done. If they don’t make things explicit, then it raises the possibility that they could make the same changes for any other portion of the iCloud infrastructure without announcing it.

It seems like it would be a good idea for Apple just to clear this up a bit.

Update (2018-02-20): John Gruber:

This whole situation reeks to high hell, but I don’t know what Apple could do other than pull out of the Chinese market entirely.

Update (2018-02-22): Josh Centers:

Google pulled out of China rather than give information to the Communist regime. Apple is literally handing that info over. Who cares more about your privacy?

See also: Microsoft.

2 Comments RSS · Twitter

It’s a state-owned company fully funded by The Dept of National Security. Go figure :)

[…] Chinese Firm to Operate China iCloud Accounts, Apple Starts Using Google Cloud Platform, iOS 5 and iCloud, Apple Is Trying to Make iMessages More […]

Leave a Comment