iCloud in China and on Google’s Cloud
Stephen Nellis and Cate Cadell (Hacker News):
Until now, such keys have always been stored in the United States, meaning that any government or law enforcement authority seeking access to a Chinese iCloud account needed to go through the U.S. legal system.
Now, according to Apple, for the first time the company will store the keys for Chinese iCloud accounts in China itself. That means Chinese authorities will no longer have to use the U.S. courts to seek information on iCloud users and can instead use their own legal system to ask Apple to hand over iCloud data for Chinese users, legal experts said.
In a statement, Apple said it had to comply with recently introduced Chinese laws that require cloud services offered to Chinese citizens be operated by Chinese companies and that the data be stored in China. It said that while the company’s values don’t change in different parts of the world, it is subject to each country’s laws.
“While we advocated against iCloud being subject to these laws, we were ultimately unsuccessful,” it said. Apple said it decided it was better to offer iCloud under the new system because discontinuing it would lead to a bad user experience and actually lead to less data privacy and security for its Chinese customers.
[…]
It’s now clear that this is the route that any foreign government could take in the future in order to break Apple’s holier than thou stance on handing private data. China has shown them all the way. Pandora’s Box has now been opened and other foreign governments with any clout are likely to adopt China’s policy on privacy over time and that’s the sad reality of the day.
Or even the U.S. government. How long before there’s a law requiring man-in-the-middle access to iMessage?
Nothing about this is good news, but it’s very hard to see what alternatives there are in this case. They could threaten to pull out of the Chinese market unless the law is changed, but that would do more damage to Apple than it would the Chinese government, with likely little effect. Also, it’s likely that iCloud not being offered in China would motivate people there to switch to a less secure alternative.
Apple periodically publishes new versions of a PDF called the iOS Security Guide. For years the document contained language indicating that iCloud services were relying on remote data storage systems from Amazon Web Services, as well as Microsoft’s Azure.
But in the latest version, the Microsoft Azure reference is gone, and in its place is Google Cloud Platform.
Presumably, if Apple was only using Amazon and Google’s cloud services, the millions of square feet of data centres they own themselves would be entirely superfluous…
It doesn’t bother me one bit that Apple buys cloud services from Google. Cloud services are such a commodity that there can be competitive advantage in buying on the open market.
I don’t think that iCloud users expect their data to be stored in ways not entirely controlled by Apple, especially given the company’s emphasis on privacy.
Apple needs to think long and hard about privacy and their messaging around it or they’ll (deservedly) look like constant hypocrites.
Previously: Chinese Firm to Operate China iCloud Accounts, Apple Starts Using Google Cloud Platform, iOS 5 and iCloud, Apple Is Trying to Make iMessages More Private, Apple’s iMessage Metadata Logs, Can Apple Read Your iMessages?.
Update (2018-02-27): See also: Rene Ritchie, Nick Heer, John Gruber, Eric Young, Lloyd Chambers.
Nicholas Weaver (via Dan Masters):
iMessage and FaceTime have a cryptographic architecture that enables prospective wiretapping, yet there is reason to believe that Apple not is fully complying with lawful court orders to exercise this capability. There is also evidence that, although Apple is supposedly complying with pen register orders, the company is actually providing something substantially less than what the law is able to compel them to provide in response to a pen-register or trap-and-trace (PR/TT) order.
[…]
Such monitoring works because Apple, unlike Signal and other end-to-end encrypted platforms, does not provide transparency to its users when keys are added or changed. If Bob uses Signal or WhatsApp, he is notified whenever Alice’s key changes. This prevents Signal from silently replacing Alice’s key with the FBI’s. Likewise, when Alice makes a call with Signal, it shows two “random” words that aren’t actually random but a function of the key used to encrypt the message. If Alice and Bob agree that they see the same words, they will then know that their key is the same, preventing a man-in-the-middle. Apple could have implemented similar features, perhaps hidden behind options, years ago; they have not.
Since Apple now seems to pride itself that “[they] follow the law wherever [they] do business,” I think it is reasonable for the U.S. government to demand that Apple do so in the U.S. Because it seems to me they haven’t.
Update (2018-02-28): Bruce Schneier:
While I would prefer it if it would take a stand against China, I really can’t blame it for putting its business model ahead of its desires for customer privacy.
Apple retains all encryption keys and Chinese gov still has to make requests to Apple only on an individual level.
Update (2018-03-12): See also: The Talk Show.
5 Comments RSS · Twitter
To add to your list: Reuters reports that “Europe seeks power to seize overseas data in challenge to tech giants”.
On the flip side of all this, as a non-US national and non-US resident, I am not so conformable with Apple hosting my data in the US – I make thus only very limited use of iCloud. The same goes for any other similar service.
>I make thus only very limited use of iCloud. The same goes for any other similar service.
Use zero-knowledge systems that encrypt data locally. For example, instead of Dropbox, use SpiderOak.
[…] Previously: iCloud in China and on Google’s Cloud. […]
SpiderOak is definitely a nice alternative. Glad you mentioned it Lukas.
Apple’s storing of keys for the user is a critical area where, ironically, they are not as privacy-focused as Google. For Chrome Sync, you have the option to encrypt your sync data locally with a passphrase that Google doesn’t know. Then for each new device, you just enter in the passphrase after you sign in, and all your data syncs (settings, extensions, bookmarks, history, open tabs, etc).