Tuesday, February 12, 2019 [Tweets] [Favorites]

Apple Storing Russian Users’ Data on Local Servers

Amy MacKinnon:

Roskomnadzor, the Russian government agency that oversees media and telecommunications, has confirmed for the first time that Apple Russia is to adhere to a 2014 law that requires any company handling the digital data of Russian citizens to process and store it on servers physically located in Russia. Under Russian counterterrorism laws, Apple could be compelled to decrypt and hand over user data to security services on request.

[…]

Russian law takes a broad interpretation of personal data and applies it to anything that could be used to identify individuals or their behavior. Photos, music, and e-book downloads would all indirectly be defined as personal data, said Medvedev, who specializes in internet and e-commerce law.

Via Nick Heer:

It isn’t clear to me how Russia could expect to decrypt any user data with the exception of email, as it’s end-to-end encrypted in Russia the same way as it is anywhere else.

So far, it seems that Apple has been happy to move data to local servers so long as they get to maintain control over encryption and privacy practices. But what happens when a country passes a law that requires them to relinquish their ability to secure user data?

However, I disagree about most user data being end-to-end encrypted.

Previously: iCloud in China and on Google’s Cloud.

6 Comments

There is confusion about end-to-end encrypted, and stored encrypted. But while most user data is not end-to-end encrypted, for the remaining data, only Apple can access them.
And it remain to be seen what append if the government try to force them to give up some data.

Device backups are not end to end encrypted and have everything important in them. Neither are photos.

If Apple _can_ access this data they can be compelled to.

Yeah, Nick Heer makes a common mistake. People hear so much from Apple about end to end encryption and how Apple could not possibly decrypt data if they wanted to because the key is derived from the device(s) itself(ves). Yet, that list @Michael Tsai links to proves how much data Apple can and will give to a government agency if presented with a court order.

@Thomas,
Exactly. Don't forget such valuable data as contacts, calendars, and even iMessages!!!! They don't have to break encryption on iMessages if you have already enabled Messages in iCloud!!!! Court order and now the data is in their hands.

So weird, Apple cares about user privacy but pretty big hole to be accessed. Ideally, Apple wouldn't have the keys to any of your data.

@Nathan I don’t think “Messages in iCloud” actually changes anything. If iCloud Backup is on, with MiC it will store the key to the messages and without MiC it will store the messages themselves. If iCloud Backup is off, the messages are end-to-end encrypted (but probably still stored in the backups of the people you correspond with).

[…] Apple Storing Russian Users’ Data on Local Servers […]

Stay up-to-date by subscribing to the Comments RSS Feed for this post.

Leave a Comment