Apple has moved encryption keys for iCloud users from mainland China to the country itself, in a move that is potentially worrying for human rights advocates.
The move was required by recent Chinese legislation which mandates that cloud services available to Chinese citizens are run by Chinese companies operating locally, Apple said, according to Reuters.
However, Chinese authorities can access data much easier through this move, industry experts say. The encryption keys were stored in the US before. This meant that if anyone wanted to access iCloud data without the assistance of the user, they would have to go through the US legal system.
Chinese authorities will now be able to run requests directly through their own legal system.
Apple has also moved to establish a data center for Chinese users in a joint venture with state-owned firm Guizhou-Cloud Big Data Industry Co Ltd. Apple and not its Chinese partner will be in possession of the encryption keys, according to Reuters.
The authorities and Apple itself will be unable to access the data locked locally on an iPhone. However, the Chinese legal system operates much differently than in the US. Chinese police can force users to give them access without a warrant and there are wide exceptions to data privacy laws.
Chinese legal process more intrusive
Apple said it will only respond to valid legal requests in China, but China’s domestic legal process is very different than that of the US. A warrant reviewed by an independent court is not required in China, like it is in the US. Chinese police can issue and execute warrants.
“Even very early in a criminal investigation, police have broad powers to collect evidence,” said Jeremy Daum, an attorney and research fellow at Yale Law School’s Paul Tsai China Center in Beijing. “(They are) authorized by internal police procedures rather than independent court review, and the public has an obligation to cooperate.”
Users in Hong Kong and Macau have not been affected by the move.
Desire to maintain market
While iMessage communications are encrypted on the sender’s phone and decrypted on the recipient’s, Apple uploads a backup of your phone data to iCloud if you activate iCloud during the iPhone on-boarding process, TechCrunch said.
That means iMessages which have not been deleted can also be stored on Apple’s iCloud servers and can potentially be reached by authorities.
Apple has not given customer account information to Chinese authorities despite receiving 176 requests from 2013 to mid-2017. However, this was before the new cybersecurity laws took effect.
Apple says it will not allow any data to be processed by its new Chinese partner until 99.9 percent of the customers agree to the new terms of service.
Apple CEO Tim Cook last year explained the company’s decision to take all major VPN apps from its Apps Store by saying that Apple had to comply with the authorities.
However, experts say that the desire to maintain market access lies behind Apple’s willingness to go along with the requests of the authorities.
Google, which has left China in 2010 after it refused to censor search results, has also relaunched a Chinese version of Maps. Google seems to be laying the groundwork for a larger presence in coming years, according to industry experts.