Since January Patently Apple has posted three reports (one, two & three) on the topic of Apple's iCloud Service in China being opened up by the government to gain easy access to Apple's customer private data such as text messages, email and more. Now Amnesty International is weighing in on the issue with a new online posting titled "When Profits Threaten Privacy – 5 Things You Need to Know about Apple in China."
The post in-part states that today "Apple will be making some significant changes to how data is stored for users of its iCloud service in China – raising major concerns that the Chinese authorities will now be able to freely monitor Apple's users in China.
Apple has a reputation for being a powerful advocate for privacy and security. The company uses strong encryption by default in its services and grabbed headlines when it appealed a US court order that would allow the FBI to get around the phone's security. Apple CEO Tim Cook even sent all Apple consumers a personal letter explaining the importance of privacy.
With China, however, a different story has emerged. Apple has been criticized for blocking Chinese users' access to the Apple News app and for removing VPN apps from the App Store in China. The changes being made to iCloud are the latest indication that China's repressive legal environment is making it difficult for Apple to uphold its commitments to user privacy and security. What do these changes mean and what options do Apple's customers have to protect themselves?
It all depends on the circumstances under which the company will allow Guizhou-Cloud Big Data Industry Development Co., Ltd ('GCBD') and the Chinese authorities – access to intelligible decrypted data on iCloud users. When users accept the terms of service for iCloud in China, they agree to allow their information and content to be turned over to law enforcement 'if legally required to do so.' Significantly, from now on Apple will store the encryption keys for Chinese users in China, not in the US – making it all but inevitable that the company will be forced to hand over decrypted data so long as the request complies with Chinese law.
Given that many provisions of Chinese law offer inadequate protection to privacy, freedom of expression and other rights, simply checking whether government information requests comply with Chinese law doesn't address whether complying with the request might contribute to human rights violations. Apple hasn't confirmed whether or how it will assess whether government information requests might violate users' human rights. We won't really know how Apple will respond until it's put to the test, and unfortunately that's probably just a matter of time.
As for 'backdoors,' or technical measures that would allow law enforcement or other government agencies to access unencrypted user data without having to ask for it, Apple's commitment to prevent their use is admirable. But the commitment is meaningless if law enforcement can get the companies to decrypt user information simply by saying that it is for a criminal investigation." You could read more of this report here.
On this very topic, Sophie Richardson, China director for Human Rights Watch weighed in by asking CNNtech: "Will Apple challenge laws adopted by the Chinese government that give authorities vast access to that data, especially with respect to encrypted keys that authorities will likely demand?"
Ronald Deibert, Director of the University of Toronto's Citizen Lab, which studies the intersection of digital policy and human rights commented that "In the past, if Chinese authorities wanted to access Apple's user data, they had to go through an international legal process and comply with U.S. laws on user rights. They will no longer have to do so if iCloud and cryptographic keys are located in China's jurisdiction."
Deibert added that "The problem with Chinese cybersecurity laws is that they also require companies operating in China to turn over user data to state authorities on demand -- Apple now included.
China is an authoritarian country with a long track record of problematic human rights abuses, and extensive censorship and surveillance practices. Apple users in China should take 'extra and possibly inconvenient precautions not to store sensitive data on Apple's iCloud."
An Apple spokesman told CNN that "Most of those users have already accepted the new status quo. So far, more than 99.9% of iCloud users in China have chosen to continue using the service. Read the full CNN Report for more.
Apple's CEO loves to be in the limelight about human rights and sensitive social issues such as gay marriages, transgender washrooms, DACA and privacy in the U.S., even if it means offending a large portion of Apple's customers. Just take a look at the comment section of a recent MacDailyNews news report on Apple's gay marriage ads to see how being overly vocal on sensitive issues is deeply dividing the Apple community.
On the all-important position of privacy that Apple has taken against the U.S. Governement and FBI, it seems hypocritical at the very least to cave into the demands of the Chinese Government.
While it was a "cancer" for the FBI to want access to Apple customer data, according to Cook, it's just fine to allow the Chinese government to gain easy access on demand. In the blink of an eye, it went from standing up for customer's privacy rights to being "business is business" when put to the test.
Senator Marco Rubio back in December slammed Cook for celebrating China's Vision of the Internet as noted in the video below.
On the issue of privacy, Apple's one-time holier-than-thou stance that Apple fans so loved has quickly vanished like a mirage. Well, at least in China today with the EU next in line.
About Making Comments on our Site: Patently Apple reserves the right to post, dismiss or edit any comments. Those using abusive language or negative behavior will result in being blacklisted on Disqus.