{"id":32513,"date":"2021-05-19T15:46:18","date_gmt":"2021-05-19T19:46:18","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=32513"},"modified":"2021-05-25T15:57:50","modified_gmt":"2021-05-25T19:57:50","slug":"a-hard-bargain-for-apple-in-china","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2021\/05\/19\/a-hard-bargain-for-apple-in-china\/","title":{"rendered":"A Hard Bargain for Apple in China"},"content":{"rendered":"

Jack Nicas, Raymond Zhong, and Daisuke Wakabayashi<\/a> (tweet<\/a>):<\/p>\n

Tim Cook, Apple’s chief executive, has said the data is safe. But at the data center in Guiyang, which Apple hoped would be completed by next month, and another in the Inner Mongolia region, Apple has largely ceded control to the Chinese government.<\/p>\n

Chinese state employees physically manage the computers. Apple abandoned the encryption technology it used elsewhere after China would not allow it. And the digital keys that unlock information on those computers are stored in the data centers they’re meant to secure.<\/p>\n

Internal Apple documents reviewed by The New York Times, interviews with 17 current and former Apple employees and four security experts, and new filings made in a court case in the United States last week provide rare insight into the compromises Mr. Cook has made to do business in China. They offer an extensive inside look — many aspects of which have never been reported before — at how Apple has given in to escalating demands from the Chinese authorities.<\/p>\n

[…]<\/p>\n

Mr. Cook often talks about Apple’s commitment to civil liberties and privacy. But to stay on the right side of Chinese regulators, his company has put the data of its Chinese customers at risk and has aided government censorship in the Chinese version of its App Store. After Chinese employees complained, it even dropped the “Designed by Apple in California” slogan from the backs of iPhones.<\/p><\/blockquote>\n\n

Francisco Tolmasky<\/a>:<\/p>\n

\n

The journey this slogan has taken under Tim Cook is incredible: from inheriting it as a subtle and classy message under box flaps, to clumsily pushing it to the forefront as tasteless over-branding, only to be sacrificed as a representation of complete capitulation to China.<\/p>\n<\/blockquote>\n\n

Nicas et al.<\/a>:<\/p>\n

\n

U.S. law has long prohibited American companies from turning over data to Chinese law enforcement.<\/p>\n

[…]<\/p>\n

In China, Apple has ceded legal ownership of its customers’ data to Guizhou-Cloud Big Data, or GCBD, a company owned by the government of Guizhou Province, whose capital is Guiyang. Apple recently required its Chinese customers to accept new iCloud terms and conditions that list GCBD as the service provider and Apple as “an additional party.”<\/p>\n

[…]<\/p>\n

The terms and conditions included a new provision that does not appear in other countries: “Apple and GCBD will have access to all data that you store on this service” and can share that data “between each other under applicable law.”<\/p>\n

Under the new setup, Chinese authorities ask GCBD — not Apple — for Apple customers’ data, Apple said. Apple believes that gives it a legal shield from American law[…]<\/p><\/blockquote>\n\n

Matthew Green<\/a>:<\/p>\n

Big parts of iCloud rely on special devices called Hardware Security Modules, or HSMs. These are specialized computers that store keys. In the US, Apple uses Thales HSMs.<\/p>\n

Not only is Apple being forced to move Chinese citizens’ HSMs to China, China specifically refused to certify the Thales HSMs. This is actually pretty fascinating.<\/p>\n

[…]<\/p>\n

It’s really hard to know what to make of this. There are two good theories:<\/p>\n

  1. China does not trust western HSM hardware to keep them safe.<\/li>\n
  2. China felt the Thales HSMs were too<\/em> safe, ie they would be difficult to for China to access.<\/li><\/ol>\n

    […]<\/p>\n

    What’s interesting about this change is that (to the best of my knowledge) your iCloud country registration can be changed by anyone who has your iCloud password.<\/p>\n

    What happens to my data if someone changes my registration to China?<\/p><\/blockquote>\n\n

    Jack Nicas<\/a>.<\/p>\n

    Here is Apple’s full statement on our story. <\/p><\/blockquote>\n\n

    Timothy Buck<\/a>:<\/p>\n

    FB\/Google: We would rather give up business in China than hand over your data to the totalitarian Chinese regime.<\/p>\n

    Apple: We would rather give your data to a totalitarian Chinese regime than give up our business there.<\/p><\/blockquote>\n\n

    John Gruber<\/a>:<\/p>\n

    Option A: Apple does what it did — store all Chinese users’ iCloud data on servers in China, under the ultimate control of the Chinese government.<\/p>\n

    Option B: Apple refuses to do so, and the Chinese government shuts down iCloud in China and probably bans the sale of Apple devices.<\/p>\n

    Is there an Option C? I don’t think there is.<\/p><\/blockquote>\n

    I suppose the argument for Option B is that if enough companies did this together that might put pressure on the Chinese government and eventually lead to positive change. Whereas, by bending to the demands, Apple is helping to keep the regime in power.<\/p>\n

    On the other hand, there’s no guarantee that Option B would “work.” It would have disastrous consequenes for Apple’s sales, and possibly for its supply chain, and, at least in the short term, for its Chinese customers:<\/p>\n

    What would I want Apple to do if I were a Chinese citizen who wants to use an iPhone and iCloud? (And if I were a Chinese citizen, I would very much want to use an iPhone and iCloud.) […] Even with the multiple significant compromises Apple has made to comply with Chinese law, it feels entirely possible that using Apple devices and iCloud is one of the most private things<\/em> anyone outside government leadership can do in China.<\/p><\/blockquote>\n\n

    Nick Heer<\/a>:<\/p>\n

    If Apple were not involved in hardware and<\/em> software and<\/em> services, it would have less complicity but, also, less potential influence. It looks like that balance is tipping in the direction of this combination being a liability in the country.<\/p><\/blockquote>\n\n

    Thomas Clement<\/a>:<\/p>\n

    \n

    When you wish iCloud was designed with end-to-end encryption.<\/p>\n<\/blockquote>\n\n

    Previously:<\/p>\n