Elle Reeve of Vice sat down with Tim Cook at Apple’s Grand Central Terminal store to discuss privacy, regulation, and the company’s decision to kick Alex Jones’ extremist fact-free fairy tales off its platforms. There’s one exchange I’d like to highlight, regarding Apple in China:
Reeve: In terms of privacy as a human right, does that apply to how you do business in China?
Cook: It absolutely does. Encryption, for us, is the same in every country in the world. We don’t design encryption […] for the U.S., and do it differently everywhere else. It’s the same. [So] if you send a message in China, it’s encrypted, [and] I can’t produce the content. I can’t produce it in the United States either. If you lock your phone in China, I can’t open it.
The thing in China that some people have confused is certain countries — and China is one of them — has a requirement that data from local citizens has to be kept in China. We worked with a Chinese company to provide iCloud. But the keys, which is the “key”, so to speak — pardon the pun — are ours.
Reeve: But haven’t they moved to China? Meaning: it’s much easier for the Chinese government to get to them.
Cook: Now, I wouldn’t get caught up in where’s the location of it?. I mean, we have servers located in many different countries in the world. They’re not easier to get data from being in one country versus the next. The key question is [sic]: how does the encryption process work? and who owns the keys, if anyone?. In most cases, for us, you and the receiver own the keys.
Apple’s executives are generally plainspoken and direct. Cook injects more corporate speak into his interview responses than, for example, Steve Jobs or Phil Schiller, but he still generally says what he means and avoids obfuscating. So it’s noticeable — and notable — when any Apple executive is cagey, as is the case here.
Cook’s response to Reeve’s second question sidesteps the comparative ease with which Chinese authorities can now demand access to users’ data because they no longer have to go through the stricter legal system of the United States. That appears to be a pretty significant concern to simply gloss over. Of similar concern is that the Chinese company that Apple partnered with to offer iCloud in the country is owned and operated by the Guizhou provincial government.
I don’t think it’s fair to say that Chinese users’ privacy is not subject to compromise. The actual method of encryption may not be any different or weaker than in other countries, but the requirement to store keys in the country behind weaker legal protections for users makes it, in practice, less strong. It is not a product of Apple’s own doing, and the only way they would be able to wipe their hands clean is to entirely discontinue iCloud and other internet services in China. I don’t know that it would be right — it’s likely that the replacement services chosen by users would be far worse for privacy — but it would mean that the company has no implicit connection to complying with a regime that has a piss-poor track record on human rights.