Apple iCloud Data in China is Being Stored By a State-Run Telco

Six months ago Apple caused controversy by announcing its intentions to move Chinese users' iCloud keys out of the US and into China, in order to comply with Chinese law. From a report: Now, that data, which includes emails, text messages and pictures, is being looked after by government-owned mobile operator China Telecom. And users and human rights activists alike have big concerns. The move has unsurprisingly been praised by state media, with Chinese consumers being told they can now expect faster speeds and greater connectivity. But as comments on Weibo (China's equivalent of Twitter) reveal, users have major privacy worries, claiming the government -- known for its extreme citizen surveillance methods -- will now be able to check personal data whenever it wishes.

Re: Next up

[saloomy]

My understanding with apple's ecosystem, especially around messages and account details, is that the company doesn't hold the decryption keys. Each device creates a public/private key pair, the private keys are stored on device, the public keys are in an API you draw from to send a message to each of the recicioente devices. The downside to this form of communication is each outbound message has to be encrypted and transmitted multiple times (matching the device count of the recipient).

Therefore, it doesn't matter who has the data, as long as the government hasn't secretly cracked the form of encryption Apple uses, and they really never receive the private keys, which would otherwise be subject to subpoena.

Re: Next up

[saloomy]

I agree that would be the best idea, if data security was your end goal. But that is not the end goal. The end goal is to provide a service that has to work even when your phone is off. They need to store/forward those messages. Any semi-competant techie will tell you the same thing. So, given as to how they need to store your messages to deliver to your devices that come online later, they have IMHO come up with a pretty clever solution: iOS Security . This states the level of encryption, the storing of private keys, and the methods and processes.

Can this be cracked in the future? Yes. Should you then just destroy all services that require online storage of sensitive data? No. You implement the best techniques you know how, and improve when life teaches you.

Re:Everything in China is a JV with the state

[ShanghaiBill]

China requires a member of the Party and the government to be on every corporate board.

This is only true for public companies. Most Chinese corps have no such requirement. My spouse is a director on the board of a Shanghai based private corporation, and they have no board members from the government, and no party member, although my spouse is an ex-member, who lost her membership when she became a US citizen.

Also, being a "member of the party" does not imply any loyalty or ideology. Most members joined to advance their careers. The application process is fairly rigorous, but there are still tens of millions of members.

In America, we have many political parties (although only two with real power), so you can join the one that is most aligned with your beliefs and interests. In China, there is only one party, so it encompasses every possible ideology. Some members are hardcore Marxists, others are free market libertarians, along with everything in between.