Wednesday, May 19, 2021

A Hard Bargain for Apple in China

Jack Nicas, Raymond Zhong, and Daisuke Wakabayashi (tweet):

Tim Cook, Apple’s chief executive, has said the data is safe. But at the data center in Guiyang, which Apple hoped would be completed by next month, and another in the Inner Mongolia region, Apple has largely ceded control to the Chinese government.

Chinese state employees physically manage the computers. Apple abandoned the encryption technology it used elsewhere after China would not allow it. And the digital keys that unlock information on those computers are stored in the data centers they’re meant to secure.

Internal Apple documents reviewed by The New York Times, interviews with 17 current and former Apple employees and four security experts, and new filings made in a court case in the United States last week provide rare insight into the compromises Mr. Cook has made to do business in China. They offer an extensive inside look — many aspects of which have never been reported before — at how Apple has given in to escalating demands from the Chinese authorities.

[…]

Mr. Cook often talks about Apple’s commitment to civil liberties and privacy. But to stay on the right side of Chinese regulators, his company has put the data of its Chinese customers at risk and has aided government censorship in the Chinese version of its App Store. After Chinese employees complained, it even dropped the “Designed by Apple in California” slogan from the backs of iPhones.

Francisco Tolmasky:

The journey this slogan has taken under Tim Cook is incredible: from inheriting it as a subtle and classy message under box flaps, to clumsily pushing it to the forefront as tasteless over-branding, only to be sacrificed as a representation of complete capitulation to China.

Nicas et al.:

U.S. law has long prohibited American companies from turning over data to Chinese law enforcement.

[…]

In China, Apple has ceded legal ownership of its customers’ data to Guizhou-Cloud Big Data, or GCBD, a company owned by the government of Guizhou Province, whose capital is Guiyang. Apple recently required its Chinese customers to accept new iCloud terms and conditions that list GCBD as the service provider and Apple as “an additional party.”

[…]

The terms and conditions included a new provision that does not appear in other countries: “Apple and GCBD will have access to all data that you store on this service” and can share that data “between each other under applicable law.”

Under the new setup, Chinese authorities ask GCBD — not Apple — for Apple customers’ data, Apple said. Apple believes that gives it a legal shield from American law[…]

Matthew Green:

Big parts of iCloud rely on special devices called Hardware Security Modules, or HSMs. These are specialized computers that store keys. In the US, Apple uses Thales HSMs.

Not only is Apple being forced to move Chinese citizens’ HSMs to China, China specifically refused to certify the Thales HSMs. This is actually pretty fascinating.

[…]

It’s really hard to know what to make of this. There are two good theories:

  1. China does not trust western HSM hardware to keep them safe.
  2. China felt the Thales HSMs were too safe, ie they would be difficult to for China to access.

[…]

What’s interesting about this change is that (to the best of my knowledge) your iCloud country registration can be changed by anyone who has your iCloud password.

What happens to my data if someone changes my registration to China?

Jack Nicas.

Here is Apple’s full statement on our story.

Timothy Buck:

FB/Google: We would rather give up business in China than hand over your data to the totalitarian Chinese regime.

Apple: We would rather give your data to a totalitarian Chinese regime than give up our business there.

John Gruber:

Option A: Apple does what it did — store all Chinese users’ iCloud data on servers in China, under the ultimate control of the Chinese government.

Option B: Apple refuses to do so, and the Chinese government shuts down iCloud in China and probably bans the sale of Apple devices.

Is there an Option C? I don’t think there is.

I suppose the argument for Option B is that if enough companies did this together that might put pressure on the Chinese government and eventually lead to positive change. Whereas, by bending to the demands, Apple is helping to keep the regime in power.

On the other hand, there’s no guarantee that Option B would “work.” It would have disastrous consequenes for Apple’s sales, and possibly for its supply chain, and, at least in the short term, for its Chinese customers:

What would I want Apple to do if I were a Chinese citizen who wants to use an iPhone and iCloud? (And if I were a Chinese citizen, I would very much want to use an iPhone and iCloud.) […] Even with the multiple significant compromises Apple has made to comply with Chinese law, it feels entirely possible that using Apple devices and iCloud is one of the most private things anyone outside government leadership can do in China.

Nick Heer:

If Apple were not involved in hardware and software and services, it would have less complicity but, also, less potential influence. It looks like that balance is tipping in the direction of this combination being a liability in the country.

Thomas Clement:

When you wish iCloud was designed with end-to-end encryption.

Previously:

Update (2021-05-25): Mike Rockwell:

There’s a very clear and obvious Option C — build Apple products that are less reliant on iCloud.

If access to the physical servers is the biggest privacy issue, then give users the tools to effectively opt-out of it entirely and take control of their own data.

[…]

iCloud Photos, iCloud Drive, Notes, and any other service that syncs or stores data in iCloud could be stored locally on a Time Capsule. Apple’s servers would just be there to tell the device I’m using how to connect to the Time Capsule on my home network. In other words, Apple facilitates the connection and then my devices talk directly with the Time Capsule using end-to-end encryption.

15 Comments RSS · Twitter


Option C would be Time Capsule for iOS. Except Apple wanted to push their Services Revenue.


Another option C is just sell iPhones not sell iCloud in China? it’s not glamorous but usb computer phone backups are still a thing right?

Option Cs abound, but they’re hard to see when blinded by greed.


That Timothy Buck quote is, as far as I know, false. Facebook for example has been trying to enter China for years, but been rebuffed by the government.


@Ed @Anonymous So many apps depend on iCloud that I don’t think removing it, or providing an alternative to the backup portion, really solves the problem. That said, there should be a Time Capsule for iOS devices. And wirelessly backing them up to Macs and PCs should work better. There’s so much more Apple could do even short of providing its own end-to-end encrypted service.


Old Unix Geek

In California, Apple is so hip, "progressive", woke and supportive of diversity. It's even got an LGBTQ rainbow in its garden.

Apple's boss has been vocal about being gay.

In China, Apple is happy to provide everyone's data to a government ethnically cleansing its diversity. The Apple App-Store prefers to host Apps of the local Gestapo-equivalent, rather than provide an alternative installation mechanism. And, the ethnic-cleansing is not theoretical: between 2017 and 2019, the birth rate in Xinjiang fell by 49% according to UN stats, mostly in areas populated by Uyghurs, Kazakhs, and other Muslim populations. Sterilizations and IUD implants are up (17x increase of sterilizations and 80% of IUD implants occur in Xinjiang).

Oddly, the guy who moved manufacturing to China, grew that market and wants Apple to provide software, services & hardware is that very same Apple boss. And he shows no sign of changing tack.

It's almost as if the love of Mammon could bring out the Dr Jekyll and Mr Hyde in people, and as if professed principles are less valuable than the all mighty buck.

I think Apple should bring its manufacturing back to the West, and get rid of its short-focused accountancy mania. They'll have to anyway when a hot war breaks out between the US and China over Taiwan. The US is not going to let Taiwan's silicon manufacturing expertise on which the Pentagon relies fall into enemy hands. Xi Jinping says Taiwan is a problem he will solve during his tenure... and by "solve" he means "reunification with the motherland" by force if necessary. There's a war in the making there.

I wonder how Apple's external network of pet "independent" commentators will cover for Apple when war breaks out. No doubt the first words will sound like "no one could have foreseen..."

Once Apple has moved production back to the West, it could export iPhones to China, and license them to a local partner, say "White Elephant" ( a purveyor of alkaline batteries I remember from the 1970s... amazingly still in business https://guide.alibaba.com/t-shop/shanghai-white-elephant-battery-type-c-batteries-no-2-iron-elephant-blue-elephant-r14s-batteries-2-installed-genuine_65525346.html ), let them rebrand them, run equivalent services, etc. Apple might lose a little money, a little brand recognition, but it'd maintain some moral credibility and some independence.

I think there's good reason to think that AAPL is destined for a large fall, and it'll be their own fault. It's just odd that so few people notice the stench of hypocrisy.


Jean-Daniel

> FB/Google: We would rather give up business in China than hand over your data to the totalitarian Chinese regime.

It easier to give up business when you would marginally make 0 profit because of big Chineses companies that already have a monopoly in China.


I do understand why Apple is willing to provide surveillance tools to a totalitarian government, so it can be more effective at ethnically cleansing its population. There's a long tradition of tech companies being a-ok with genocide and fascism, starting at the dawn of the computing industry, when IBM was more than happy to help Nazi Germany murder Jews as efficiently as possible.

What I don't understand is why the Apple media has taken this opportunity to once again do their best to cover for Apple's virulently poisonous behavior. "Won't somebody think of the poor Chinese citizens who just want to use an iPhone and iCloud?"


Gruber: “What would I want Apple to do if I were a Chinese citizen who wants to use an iPhone and iCloud?”

Overall I think Gruber’s piece is fine, but this question rubs me the wrong way.

It is basically saying that the end justifies the means, but the end goal here is what? to provide the upper middle class in China with high-end products to keep them happy so they let Xi Jinping and his repressive regime stay in control?

Because looking at it this way makes Apple complicit in keeping the system that has completely removed people’s right to privacy, and at the same time, keep telling us how they think that privacy is a human right. This does not compute.

And back to his question. people have made enormous sacrifices for regime change in China, take a person like Jimmy Lai, a 73 year old billionaire who was warned to leave while he could, but stayed to protest, and is now risking to end his days in prison.

Try ask him if he is happy that he is allowed to buy an iPhone… it comes off as a little tone-deaf.


@Old Unix Geek

Exactly as you said, Apple is willing to send one message to California and said it was their principle while completely abandoning it in China. Hypocrisy from Tim Cook Apple is unreal. Had they not been playing the same message in the west, I would at least have given them benefits of doubt.


Engagement is better than confrontation. As long as China is so integrated with world markets, there are constraints on its behavior. You don't go to war with your biggest customers. I also think being part of the modern world makes political change in China inevitable, in the long run, and the iPhone is a significant piece of global culture.


Ex-Apple Enthusiast

> Gruber: “What would I want Apple to do if I were a Chinese citizen who wants to use an iPhone and iCloud?”

Aside from Gruber's increasing penchant for posting non-tech/non-Apple related political crap takes over the years (seriously, I don't care what you think about Donald Trump or Republicans, you're an Apple commentator), this sort of garbage take is yet another reason why I'm glad I stopped reading Daring Fireball several years ago.


Ex-Apple Enthusiast

@Norm

> As long as China is so integrated with world markets, there are constraints on its behavior.

I'm not sure the Uyghur population would agree with your definition of "constraints."

> You don't go to war with your biggest customers.

Sure. But stop going on stage at every keynote and walking back and forth as you talk about Apple's "values," "privacy," blah, blah, blah. It rings hollow when you're selling out to a government that operates ethnic "re-education" camps and performs forced sterilization.

> I also think being part of the modern world makes political change in China inevitable, in the long run, and the iPhone is a significant piece of global culture.

People have been saying this since the Nixon administration. I'm still waiting for that "change."


Old Unix Geek

@Norm,

People thought World War I was unthinkable because the world was so globalized. Men went to the front for what they thought would only last the summer. They were wrong. Not only that, but the elites of, for instance, the UK and Germany were interbred and had strong relations. War seemed unthinkable.

Both the UK and Germany were incredibly well integrated into world markets. Indeed the British Empire constituted most of the world market (24% of the world's area). Germany was the new upstart, which had benefited from copying the technology the UK had created. There are lots of parallels with China and the US.

The argument that China will change because of "being part of the modern world" has been proven wrong. AI helps surveillance: who watches the watchers is no longer an issue. The arc of history only bends towards freedom as long as bellies are full. The rise of ISIS coincided with a fall of food production in Syria due to drought. With the continued destabilization of the climate, full bellies are no longer guaranteed. Unfortunately that implies a rise in tribalism and authoritarianism.

Don't think for a moment that we've reached the end of history. We've just been having a nice nap between crises.


@ Michael

> So many apps depend on iCloud that I don’t think removing it, or providing an alternative to the backup portion, really solves the problem.

While a fairly big task, nothing iCloud does is fundamentally tied to a specific set of servers. Just like you can (with a suitably expensive enterprise license) install something like GitHub on your own server, you could do the same with iCloud: heavily expand the Server app again like it used to be, and add stuff like a Photos Server, a CloudKit Server, etc. They could then let you create a .mobileconfig that tells all apps system-wide that "iCloud" now instead points to your own servre.

It's a lot of work, it's a kind of business Apple isn't interested in (difficult to support, and a pain no matter how you set the price points), and it's not a great choice for the vast majority of users, but impossible it is not.


> looking at it this way makes Apple complicit in keeping the system that has completely removed people’s right to privacy, and at the same time, keep telling us how they think that privacy is a human right

Yup. They _are_ complicit. I don't think they like to me, and I believe that they genuinely feel strongly about privacy, but they've also decided that giving up the manufacturing prowess and sales revenue of China is not a tenable choice for them.

Leave a Comment