Stephen Nellis and Cate Cadell, Reuters:
When Apple Inc begins hosting Chinese users’ iCloud accounts in a new Chinese data center at the end of this month to comply with new laws there, Chinese authorities will have far easier access to text messages, email and other data stored in the cloud.
That’s because of a change to how the company handles the cryptographic keys needed to unlock an iCloud account. Until now, such keys have always been stored in the United States, meaning that any government or law enforcement authority seeking access to a Chinese iCloud account needed to go through the U.S. legal system.
Now, according to Apple, for the first time the company will store the keys for Chinese iCloud accounts in China itself. That means Chinese authorities will no longer have to use the U.S. courts to seek information on iCloud users and can instead use their own legal system to ask Apple to hand over iCloud data for Chinese users, legal experts said.
Nothing about this is good news, but it’s very hard to see what alternatives there are in this case. They could threaten to pull out of the Chinese market unless the law is changed, but that would do more damage to Apple than it would the Chinese government, with likely little effect. Also, it’s likely that iCloud not being offered in China would motivate people there to switch to a less secure alternative.
It’s difficult to reconcile this forced hand with Apple’s overall commitment to user privacy:
In a statement, Apple said it had to comply with recently introduced Chinese laws that require cloud services offered to Chinese citizens be operated by Chinese companies and that the data be stored in China. It said that while the company’s values don’t change in different parts of the world, it is subject to each country’s laws.
I’ve written several times previously about my discomfort with a handful of predominantly Californian companies controlling the flow and storage of much of the world’s data. For Chinese citizens, though, it was potentially beneficial to have the American legal system as a barrier for information requests.