Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple iCloud Data in China is Being Stored By a State-Run Telco (engadget.com)

Posted by msmash on from the double-standard dept.

Six months ago Apple caused controversy by announcing its intentions to move Chinese users' iCloud keys out of the US and into China, in order to comply with Chinese law. From a report: Now, that data, which includes emails, text messages and pictures, is being looked after by government-owned mobile operator China Telecom. And users and human rights activists alike have big concerns. The move has unsurprisingly been praised by state media, with Chinese consumers being told they can now expect faster speeds and greater connectivity. But as comments on Weibo (China's equivalent of Twitter) reveal, users have major privacy worries, claiming the government -- known for its extreme citizen surveillance methods -- will now be able to check personal data whenever it wishes.

84 comments

  1. Everything in China is a JV with the state by kriston · · Score: 3, Insightful

    Don't we all now know that every non-domestic company in China is a joint venture with the state?

    --

    Kriston

    1. Re: Everything in China is a JV with the state by Anonymous Coward · · Score: 0

      Not to mention the Chinese Communist party owns all the information, not Apple and by extension the USA government.

    2. Re:Everything in China is a JV with the state by Anonymous Coward · · Score: 0

      China requires a member of the Party and the government to be on every corporate board. It would be like a member of DHS having a say on every US company's board, and that any ventures on domestic soil be 51% owned by local companies.

    3. Re:Everything in China is a JV with the state by ShanghaiBill · · Score: 3, Informative

      China requires a member of the Party and the government to be on every corporate board.

      This is only true for public companies. Most Chinese corps have no such requirement. My spouse is a director on the board of a Shanghai based private corporation, and they have no board members from the government, and no party member, although my spouse is an ex-member, who lost her membership when she became a US citizen.

      Also, being a "member of the party" does not imply any loyalty or ideology. Most members joined to advance their careers. The application process is fairly rigorous, but there are still tens of millions of members.

      In America, we have many political parties (although only two with real power), so you can join the one that is most aligned with your beliefs and interests. In China, there is only one party, so it encompasses every possible ideology. Some members are hardcore Marxists, others are free market libertarians, along with everything in between.

    4. Re:Everything in China is a JV with the state by Obfuscant · · Score: 1

      In China, there is only one party, so it encompasses every possible ideology.

      That's like saying if there were only one model of car, everyone would like that model of car.

      While the PEOPLE who join the party for non-political purposes may have any number of philosophical ideals, the party itself does not. It does not "encompass" every ideology, but it may barely tolerate members who do.

      That's the problem. How far do they go in tolerating them?

    5. Re:Everything in China is a JV with the state by cfalcon · · Score: 1

      > In China, there is only one party, so it encompasses every possible ideology. Some members are hardcore Marxists, others are free market libertarians, along with everything in between

      So the selling point is that a libertarian has to join the communist party? Super duper...

    6. Re:Everything in China is a JV with the state by giggleloop · · Score: 2

      Far better to have two models of car. Then the drivers don't need to care about their own car, they just have to hate everyone driving the other model.

    7. Re:Everything in China is a JV with the state by Obfuscant · · Score: 1
      There are many more than two models of cars. The only reason you rarely see anything but those two is because there aren't enough people buying the others to create a significant presence.

      This system is infinitely better than a one-car system where you must drive that model and if you complain about it you go to prison. Note that you are quite free to complain because you think there are only two models here and yet you have no fear of being abducted in the middle of the night and taken to political prison. Or maybe you do have that fear, but the actual likelyhood of it happening is still zilch.

    8. Re: Everything in China is a JV with the state by Anonymous Coward · · Score: 0

      " In America, we have many political parties (although only two with real power), so you can join the one that is most aligned with your beliefs and interests. In China, there is only one party, so it encompasses every possible ideology. Some members are hardcore Marxists, others are free market libertarians, along with everything in between. "

      Bullshit. While their may be members who hold those beliefs, expressing anything other than the party line (allowing Xi Jinping unlimited power) will get you dispelled and jailed for" corruption" (they're all corrupt, so they can choose to "discover" a corrupt official once he disagrees with Xi and his cronies)

    9. Re:Everything in China is a JV with the state by ShanghaiBill · · Score: 1

      So the selling point is that a libertarian has to join the communist party?

      No. No one "has" to join the CCP. The vast majority do not.

    10. Re:Everything in China is a JV with the state by ShanghaiBill · · Score: 1

      That's like saying if there were only one model of car, everyone would like that model of car.

      No. It's like saying if there were only one model of car, everyone would drive it, whether they like it or not.

    11. Re:Everything in China is a JV with the state by ShanghaiBill · · Score: 2

      the party itself does not. It does not "encompass" every ideology

      Have you ever been to China? There are HUGE differences in how different regions are governed. Shanghai, which is more prosperous than much of Europe, is governed very differently than Harbin (China's Detroit).

      but it may barely tolerate members who do.

      Bo Xilai was dismissed from the communist party for advocating ... communism.

    12. Re:Everything in China is a JV with the state by Obfuscant · · Score: 1

      No. It's like saying if there were only one model of car, everyone would drive it, whether they like it or not.

      The PARTY does not change because people joining it believe something else. The PARTY is not driven by the people, it is driven by the leaders of the party. The Chinese Communist Party is not a democracy, nor is it egalitarian. E.g., if a Falung Gong believer joined the Chinese Communist Party, the Chinese Communist Party would not encompass Falung Gong, it would still try to eliminate it, and would kick him out as fast as he is identified. This is clearly NOT a party that encompasses a wide range of member's ideologies, even if it tolerates many of them for as long as it takes to eliminate the ones it really doesn't like.

      Now, perhaps you are confused because in the US the political parties ARE member-driven in large part, because the parties are seeking VOTES from those members -- which provides a great deal of democracy in the direction the party goes. Not completely, but a hell of a lot more than the members of the Chinese Communist Party get to vote for their leadership. Tell me, when was the last time party members told Xi Jinping that he must change the beliefs of the party or they'd vote for his competitor? I don't mean party leaders telling him, I mean rank and file. And which competitor?

    13. Re:Everything in China is a JV with the state by Obfuscant · · Score: 1

      There are HUGE differences in how different regions are governed.

      There is a big difference between how regions are governed and the communist party encompassing all ideologies.

      Bo Xilai was dismissed from the communist party for advocating ... communism.

      Proving my point for me. They did not tolerate his version of communism so they threw him out. Tell me again how the communist party encompasses all ideologies. Ask Bo if he thinks his ideology was "encompassed".

    14. Re:Everything in China is a JV with the state by Obfuscant · · Score: 1

      No. No one "has" to join the CCP. The vast majority do not.

      Why would a libertarian not join a party that encompasses his ideology? Unless, of course, the party actually doesn't.

      Now, the only way I know that one party can encompass contradicting ideologies is if the ideologies aren't important to the party. It's like a US political party encompassing people who have blond hair as well as redheads and brunettes. Hair color is not important. But to say that the Chinese Communist Party would find the principles of libertarianism to be unimportant in its role as the only political party in the state, well, I have to question that claim.

    15. Re:Everything in China is a JV with the state by buravirgil · · Score: 2

      That's like saying if there were only one model of car,...

      Slashdot would have less than zero analogies?
       

      --
      Would were! Should is! Could be! And live a hundred times three.
    16. Re:Everything in China is a JV with the state by crimson+tsunami · · Score: 1

      Now, perhaps you are confused because in the US the political parties ARE member-driven in large part, because the parties are seeking VOTES from those members -- which provides a great deal of democracy in the direction the party goes.

      Hillary...

  2. Next up by ruddk · · Score: 1

    How long before we see:”US customers had their iCloud data stored in China by mistake” :D

    --
    L'Idiot
    1. Re:Next up by 110010001000 · · Score: 1

      Exactly. As RMS said: the only way to secure data is not to collect it in the first place.

    2. Re: Next up by saloomy · · Score: 3, Informative

      My understanding with apple's ecosystem, especially around messages and account details, is that the company doesn't hold the decryption keys. Each device creates a public/private key pair, the private keys are stored on device, the public keys are in an API you draw from to send a message to each of the recicioente devices. The downside to this form of communication is each outbound message has to be encrypted and transmitted multiple times (matching the device count of the recipient).

      Therefore, it doesn't matter who has the data, as long as the government hasn't secretly cracked the form of encryption Apple uses, and they really never receive the private keys, which would otherwise be subject to subpoena.

    3. Re: Next up by 110010001000 · · Score: 2

      The problem with that is: you don't know. The system is closed to you. They could have open access to anyone who pays for it (or government). Maybe it can be decrypted. Maybe it can be decrypted in the future when flaws are discovered. The best idea is not to collect it in the first place.

    4. Re: Next up by DogDude · · Score: 1

      How did you come about this "understanding"? My understanding is that Apple sells all of your data to anybody and everybody. As per their privacy policy:
      Apple shares personal information with companies who provide services such as information processing, extending credit, fulfilling customer orders, delivering products to you, managing and enhancing customer data, providing customer service, assessing your interest in our products and services, and conducting customer research or satisfaction surveys. These companies are obligated to protect your information and may be located wherever Apple operates.

      --
      I don't respond to AC's.
    5. Re: Next up by saloomy · · Score: 1

      You are incorrect sir. The data they specify is stuff like your shipping address (which they need if you buy something like a picture book). To learn about Messages security: read from the horses mouth: iOS Security .

    6. Re: Next up by 110010001000 · · Score: 1

      How do you know this? You are taking their word for it. You can't be that naive.

    7. Re: Next up by saloomy · · Score: 3, Informative

      I agree that would be the best idea, if data security was your end goal. But that is not the end goal. The end goal is to provide a service that has to work even when your phone is off. They need to store/forward those messages. Any semi-competant techie will tell you the same thing. So, given as to how they need to store your messages to deliver to your devices that come online later, they have IMHO come up with a pretty clever solution: iOS Security . This states the level of encryption, the storing of private keys, and the methods and processes.

      Can this be cracked in the future? Yes. Should you then just destroy all services that require online storage of sensitive data? No. You implement the best techniques you know how, and improve when life teaches you.

    8. Re: Next up by saloomy · · Score: 2, Interesting

      You can stand up a device and wire-shark it. In fact many in the security industry probe solutions like this all the time to try and make a name for themselves. If/when someone finds something untrue, they publish it to become famous, collect bounties, and become expert consultants at ridiculously high rates. Also, this is a document sighted in many court cases and if Apple lied about it, it would ruin their business and expose them to untold levels of liability. Plus, you can look into their financials and understand that if they had any financial incentive to implement their own backdoors, it certainly isn't for the money. Their money comes from device sales.

      Besides, do you run NO software that isn't open source and you haven't read through the source? Thought so. At some level, you have to take the documentation and contracts at face value, and if you can prove them wrong, you have a strong case on your hands.

    9. Re: Next up by Anonymous Coward · · Score: 0

      How do we know this? Apple is pretty tight-lipped about their ecosystem, and with the recovery mechanisms in place, even though it is encrypted, the keys are escrowed somewhere. We have no clue. It might be that everything is AES encrypted with the key being all zeroes.

      Want security? Get something made in Europe like Boxcryptor as an overlay over cloud providers.

    10. Re: Next up by ShanghaiBill · · Score: 1

      The problem with that is: you don't know.

      Do you believe that corporations are run by greedy bastards? If yes, then most likely your data is safe. If Apple was secretly collecting the keys and passing them on to the government, many people, both at Apple and in the government, would know about it. This knowledge would eventually leak. It would be a HUGE PR disaster for Apple, and cost them billions and billions in lost customers and lawsuits.

    11. Re: Next up by dgatwood · · Score: 1

      My understanding with apple's ecosystem, especially around messages and account details, is that the company doesn't hold the decryption keys. Each device creates a public/private key pair, the private keys are stored on device, the public keys are in an API you draw from to send a message to each of the recicioente devices. The downside to this form of communication is each outbound message has to be encrypted and transmitted multiple times (matching the device count of the recipient).

      Therefore, it doesn't matter who has the data, as long as the government hasn't secretly cracked the form of encryption Apple uses, and they really never receive the private keys, which would otherwise be subject to subpoena.

      That depends on whether "the data" includes the set of authorized keys. Otherwise, it could matter a great deal, at least for future communication.

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

    12. Re: Next up by 110010001000 · · Score: 1

      You can't wireshark encrypted communications. Plus you have no idea what they are doing on the server side. Ridiculous.

      "Besides, do you run NO software that isn't open source and you haven't read through the source?"

      Correct. I don't. You shouldn't either. I trust Open Source much more than I trust Apple. You should too.

    13. Re: Next up by 110010001000 · · Score: 1

      No the end goal is provide a service so they can sell the data they are sucking in when they store your information. You are so naive. They aren't providing these cloud services for free for no reason!

    14. Re: Next up by omfglearntoplay · · Score: 1

      Do you also believe that at least one techie at Apple could have backdoored/stolen/worked with a foreign government secretly? Just how many Chinese born workers are at Apple, by the way? Now maybe Apple has so many layers of checks this wouldn't happen for a long time. Or maybe not, I don't know.

      Reality is, I'm not sure there is anybody to trust over Apple with phone data. I hope they aren't screwing everybody over. And you are right, it would be a PR nightmare if they were and got caught.

    15. Re: Next up by bursch-X · · Score: 1

      Apple is providing services and tools to sell their hardware. If you haven't noticed, that's their main business. They don't need to make any money on their messages platform as l long as it keeps users tied to their platform and makes new users buy and enjoy their hardware. It's a marketing tool to sell Apple devices, not to sell ads, you tool.

      --
      There are two rules for success:
      1. Never tell everything you know.
    16. Re: Next up by Bing+Tsher+E · · Score: 1

      It's marketing hype to sell gadgets with a huge markup, sukkas. Apple doesn't care about your privacy any more than Microsoft or Oracle do.

    17. Re: Next up by Bing+Tsher+E · · Score: 1

      The firmware in your keyboard is open source? The firmware in the multiple processors in your hard drive is all open source? The firmware in all your wi-fi devices and interfaces is all open source?

    18. Re: Next up by Anonymous Coward · · Score: 0

      Gullible much. apple is pure greed. They will sell you a phone and make money off your data too.

    19. Re: Next up by AHuxley · · Score: 1

      That would make a PRISM hard. PRISM was not hard and no police are now calling for the ban on the use of an entire brand of devices.
      Security forces are happy. Police are happy. The beard is selling without questions by governments.
      Also consider how many governments around the world do that "subject to subpoena." part.
      To be allowed in the brand has to assure that nations security services that the product is subpoena supporting.

      --
      Domestic spying is now "Benign Information Gathering"
    20. Re: Next up by tsa · · Score: 1

      And you checked all of that for errors and back doors? If so, where do you find the time to earn a living?

      --

      -- Cheers!

    21. Re:Next up by SeaFox · · Score: 1

      How long before we see:”US customers had their iCloud data stored in China by mistake” :D

      Uh, that already happened.

    22. Re:Next up by ayesnymous · · Score: 1

      Maybe better there than on servers NSA can access?

    23. Re: Next up by Anonymous Coward · · Score: 0

      You can wire shark encrypted communications if you have the key. Also, yeah you don't audit all your software, and I was being sarcastic. Your cars software is OS? Yeah... right. You know nothing, Jon Snow

  3. Well? by DontBeAMoran · · Score: 3, Interesting

    What did you expect? This is China.

    Imagine companies had all their servers somewhere in Europe instead of the U.S.A. It's easy to imagine that the FBI, CIA, NSA and other three-letters-agencies would demand companies to have servers in the U.S.A. "for the security of its citizens".

    Same thing here, different point of view.

    --
    #DeleteFacebook
    1. Re: Well? by Anonymous Coward · · Score: 0

      The difference is the USA still (mostly) allows for political speech. You won't go to Arbor camp for criticizing the president in th E West. Yet.

    2. Re: Well? by the_B0fh · · Score: 1

      That has nothing to do with the government copying and monitoring all your traffic. *peeks over at that yellow room door*

    3. Re: Well? by Anonymous Coward · · Score: 0

      While it doesn't give them an excuse to spy on me, it's still much better knowing that I won't get in trouble for expressing my beliefs

    4. Re:Well? by Anonymous Coward · · Score: 0

      False equivalency, meet reality.

      https://www.washingtonpost.com/opinions/chinas-vast-internet-prison/2016/11/09/aee94536-a52c-11e6-8042-f4d111c862d1_story.html?utm_term=.64f378e1d4b0

      https://www.theguardian.com/world/2013/sep/10/china-social-media-jail-rumours

      https://www.scmp.com/news/china/article/1307266/jail-threat-mainland-internet-users-who-spread-rumours

    5. Re: Well? by Anonymous Coward · · Score: 0

      Yet. Remember, they keep all the information to incriminate you later.

  4. Just like the USA ... by PPH · · Score: 4, Insightful

    ... threw a hissy-fit when e-mail stored overseas wasn't made available to law enforcement.

    China, welcome to the club.

    --
    Have gnu, will travel.
    1. Re:Just like the USA ... by Anonymous Coward · · Score: 0

      e-mail

      You aint on CompuServe no more.

      Email dont need no hyphen.

    2. Re:Just like the USA ... by PPH · · Score: 1

      You aint on CompuServe no more.

      That's Compu-Serv.

      --
      Have gnu, will travel.
  5. Money talks by Anonymous Coward · · Score: 0

    Apple only cares about the bottom. Line. They only put a facade of caring about privacy I USA because they think it will sell more phones. But they would sell your privacy the minute they thought it would be more profitable. So for yall steeple buying iPhone in USA, you are idiots too.

    1. Re:Money talks by Desler · · Score: 1

      So what you're saying is Apple is no different than pretty much all corporations? How insightful!

    2. Re:Money talks by Anonymous Coward · · Score: 0

      Yet apple drones on and on about how much better they are.

    3. Re: Money talks by Anonymous Coward · · Score: 0

      Yes, but a lot of people praised apple for protecting privacy after the cases I the USA where they wouldn't unlock or decrypt iPhone , saying that Apple cared about users privacy etc. Just goes to show you that was bullshit.

      Then again, Google, Microsoft, etc. Would sell you out too. Surprised Google hasn't agreed to china's restrictions to enter the China market again for search engines lol

    4. Re:Money talks by Anonymous Coward · · Score: 0

      At least they feign to care. Better than Goog who just outright cucks Android users.

  6. iMistake by Rick+Schumann · · Score: 1

    So in other words if you have an iPhone in China, whether anyone can beat the unlock password out of you or not is a moot point because the State already has all your data in it's posession?

    1. Re:iMistake by Arkham · · Score: 1

      So in other words if you have an iPhone in China, whether anyone can beat the unlock password out of you or not is a moot point because the State already has all your data in it's posession?

      They have the data, but it's encrypted by the phone. Unless they somehow learned to crack modern encryption, then they cannot look at the data.

      I guess it's possible that in China they've added another encryption key to the mix, but I doubt it.

      --
      - Vincit qui patitur.
    2. Re:iMistake by Rick+Schumann · · Score: 2

      Do you really think the Chinese government would stand for being locked out of anything within it's borders? They've either made a hush-hush deal with Apple to 'allow' them to operate in China under those conditions, or they've cracked it already. Or maybe they just do beat the shit out of anyone whose iPhone they want unlocked, beat them daily, threaten their families, and so on, until they get what they want, not like it's a stretch of the imagination in their case.

    3. Re:iMistake by Obfuscant · · Score: 1

      Unless they somehow learned to crack modern encryption, then they cannot look at the data.

      I seem to recall a recent case where the US government wanted Apple to decrypt someone's iPhone for them so it could be used in a court of law as evidence, and Apple (and every other smart person) laughed at them for even thinking it could be done. Absolutely impossible.

      And then someone in Israel came and did it.

      I also seem to recall being told how secure "modern encryption" was, and now I cannot even use those forms of encryption because they aren't secure.

      I guess it's possible that in China they've added another encryption key to the mix, but I doubt it.

      Of course they haven't. And of course Apple will say it's secure, because admitting it isn't would be bad for business. Just like every website that ever collected credit card data claims to store it securely.

      I get the feeling that if this was the US government saying that all Apple iCloud data had to be stored on US government-run servers, people would be screaming about government violation of their privacy. But because it is China, people are saying "oh, the Chinese can't actually access any of the stuff they're storing on their servers..."

    4. Re:iMistake by Anonymous Coward · · Score: 0

      "And then someone in Israel came and did it. "
      We don't know what the people in Israel did.

  7. Important - Govts control Market Access by sasparillascott · · Score: 1

    This is a warning on why its foolish to count on for profit companies to guard your privacy (or anything else that might be "profitable"). Governments always control market access and in the end, if they are bad, they will make the tech in the country bad as well.

    Hard to believe, but given an unexpected turn of events and the election of a tyrant as a President, throw in a compliant legislature and this kind of collusion could be forced in the U.S.. Current President isn't interested in this so we, thankfully, get a pass, for the time being.

    1. Re: Important - Govts control Market Access by bursch-X · · Score: 1

      Heartbleed 2.5 years undetected gaping security hole, Shellshock 25 years... Security by obscurity is just as unreliable as open-source, more eyes only makes bugs shallow, if those eyes are competent and actually looking

      --
      There are two rules for success:
      1. Never tell everything you know.
  8. Just goes to show you by Anonymous Coward · · Score: 0

    That all the pro-privacy Apple propaganda in the US is bullshit. They do it because it gets them more sales, not because they really care. If they really cared, they would not compromise in China.

  9. Re:NSA is pissed by Anonymous Coward · · Score: 0

    china doesnt have 911, its something else.

  10. Why the faux outrage?! by DatbeDank · · Score: 1

    Sorry, but you'd have to be a dumb ass to assume anything in China is private!

    Just like assuming digital assistants aren't passing your recorded conversations to the NSA.

    You do business in China, don't assume you have any privacy for trade secrets or even thought crime.

    The idiocy of people astounds me.

  11. Nope. by DogDude · · Score: 1

    Also from the privacy policy:

    we may collect a variety of information, including your name, mailing address, phone number, email address, contact preferences, device identifiers, IP address, location information and credit card information.

    --
    I don't respond to AC's.
    1. Re:Nope. by saloomy · · Score: 1

      Show me where it says private messages again? Or Device Keys for that matter?

    2. Re:Nope. by 110010001000 · · Score: 1

      The point is YOU DON'T KNOW.

      "we may collect a variety of information"

      They could be doing anything.

    3. Re:Nope. by saloomy · · Score: 1

      You do know. Its right there in their security document. If you don't believe them, wireshark or reverse it and prove otherwise.

      Its a shitty argument to say "I dont believe them, just because it sounds wrong to me."

  12. Big whoop by ArchieBunker · · Score: 2

    Data stored in "the cloud" can be read by whoever runs the cloud, Fucking shocked.

    --
    Only the State obtains its revenue by coercion. - Murray Rothbard
  13. State run Taco? by Anonymous Coward · · Score: 0

    I must be hungry, I thought it said State run Taco... mmmm tacos...

  14. I believe they don't have enough keys by izzo+nizzo · · Score: 1

    I don't think the iCloud keys mentioned are enough to fully decrypt the messages.

    After all, our iMessage data can't be decrypted by Apple even though they presumably store the equivalent keys to what has been transferred. It's a multi-key encryption technique.

    In order to access iMessage data, or anything else locked to the phone, you'd still have to either spoof the biometrics (Touch ID or Face ID) or go in through GrayKey.

    China may one day get access to those messages, but they haven't got it yet.

  15. The grass is always greener on the other side ?! by Anonymous Coward · · Score: 0

    There have been over 300 data leaks following a system/network breach (source: Troy Hunt's website) on companies based in the USA (and before you cry wolf about them having been carried-out by state actors: these were all cases where the data was later found for sale on the dark corners of the web so it was most likely by greedy criminals, not state actors). None of those breaches and consequent leaks happened on Chinese companies so it's good to assume that either they're not a target or that in any case they run a pretty tight ship (meaning a secure environment) in the middle kingdom and your data is safe with them!

  16. Re: NSA is pissed by Bing+Tsher+E · · Score: 1

    We have 911 in the US and the one time I had to call it (the field behind our house was burning) the operator was pretty fumbly and borderline incompetent. Which is actually a little reassuring. Snap-action government might seem like a good thing but we all, uniformly, have to die sometime, and compromising how you get to live doesn't change that.

  17. Re:Good thing you voted for it! by Anonymous Coward · · Score: 0

    Unrelenting trade with China is only weaking Democracies. Fuck those Chinks, their tiny cocks, and their hatred for all others. Time to start dropping NUKES.

  18. If Apple encrypted the data by ayesnymous · · Score: 1

    it wouldn't matter where the data was stored.

  19. Re: Editors stop censoring creimer posts!!! by Anonymous Coward · · Score: 0

    26 subscribers. Nice. LUL.