Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple iCloud Data in China is Being Stored By a State-Run Telco (engadget.com)

Posted by msmash on from the double-standard dept.

Six months ago Apple caused controversy by announcing its intentions to move Chinese users' iCloud keys out of the US and into China, in order to comply with Chinese law. From a report: Now, that data, which includes emails, text messages and pictures, is being looked after by government-owned mobile operator China Telecom. And users and human rights activists alike have big concerns. The move has unsurprisingly been praised by state media, with Chinese consumers being told they can now expect faster speeds and greater connectivity. But as comments on Weibo (China's equivalent of Twitter) reveal, users have major privacy worries, claiming the government -- known for its extreme citizen surveillance methods -- will now be able to check personal data whenever it wishes.

13 of 84 comments (clear)

  1. Everything in China is a JV with the state by kriston · · Score: 3, Insightful

    Don't we all now know that every non-domestic company in China is a joint venture with the state?

    --

    Kriston

    1. Re:Everything in China is a JV with the state by ShanghaiBill · · Score: 3, Informative

      China requires a member of the Party and the government to be on every corporate board.

      This is only true for public companies. Most Chinese corps have no such requirement. My spouse is a director on the board of a Shanghai based private corporation, and they have no board members from the government, and no party member, although my spouse is an ex-member, who lost her membership when she became a US citizen.

      Also, being a "member of the party" does not imply any loyalty or ideology. Most members joined to advance their careers. The application process is fairly rigorous, but there are still tens of millions of members.

      In America, we have many political parties (although only two with real power), so you can join the one that is most aligned with your beliefs and interests. In China, there is only one party, so it encompasses every possible ideology. Some members are hardcore Marxists, others are free market libertarians, along with everything in between.

    2. Re:Everything in China is a JV with the state by giggleloop · · Score: 2

      Far better to have two models of car. Then the drivers don't need to care about their own car, they just have to hate everyone driving the other model.

    3. Re:Everything in China is a JV with the state by ShanghaiBill · · Score: 2

      the party itself does not. It does not "encompass" every ideology

      Have you ever been to China? There are HUGE differences in how different regions are governed. Shanghai, which is more prosperous than much of Europe, is governed very differently than Harbin (China's Detroit).

      but it may barely tolerate members who do.

      Bo Xilai was dismissed from the communist party for advocating ... communism.

    4. Re:Everything in China is a JV with the state by buravirgil · · Score: 2

      That's like saying if there were only one model of car,...

      Slashdot would have less than zero analogies?
       

      --
      Would were! Should is! Could be! And live a hundred times three.
  2. Well? by DontBeAMoran · · Score: 3, Interesting

    What did you expect? This is China.

    Imagine companies had all their servers somewhere in Europe instead of the U.S.A. It's easy to imagine that the FBI, CIA, NSA and other three-letters-agencies would demand companies to have servers in the U.S.A. "for the security of its citizens".

    Same thing here, different point of view.

    --
    #DeleteFacebook
  3. Just like the USA ... by PPH · · Score: 4, Insightful

    ... threw a hissy-fit when e-mail stored overseas wasn't made available to law enforcement.

    China, welcome to the club.

    --
    Have gnu, will travel.
  4. Re: Next up by saloomy · · Score: 3, Informative

    My understanding with apple's ecosystem, especially around messages and account details, is that the company doesn't hold the decryption keys. Each device creates a public/private key pair, the private keys are stored on device, the public keys are in an API you draw from to send a message to each of the recicioente devices. The downside to this form of communication is each outbound message has to be encrypted and transmitted multiple times (matching the device count of the recipient).

    Therefore, it doesn't matter who has the data, as long as the government hasn't secretly cracked the form of encryption Apple uses, and they really never receive the private keys, which would otherwise be subject to subpoena.

  5. Re: Next up by 110010001000 · · Score: 2

    The problem with that is: you don't know. The system is closed to you. They could have open access to anyone who pays for it (or government). Maybe it can be decrypted. Maybe it can be decrypted in the future when flaws are discovered. The best idea is not to collect it in the first place.

  6. Re: Next up by saloomy · · Score: 3, Informative

    I agree that would be the best idea, if data security was your end goal. But that is not the end goal. The end goal is to provide a service that has to work even when your phone is off. They need to store/forward those messages. Any semi-competant techie will tell you the same thing. So, given as to how they need to store your messages to deliver to your devices that come online later, they have IMHO come up with a pretty clever solution: iOS Security . This states the level of encryption, the storing of private keys, and the methods and processes.

    Can this be cracked in the future? Yes. Should you then just destroy all services that require online storage of sensitive data? No. You implement the best techniques you know how, and improve when life teaches you.

  7. Re: Next up by saloomy · · Score: 2, Interesting

    You can stand up a device and wire-shark it. In fact many in the security industry probe solutions like this all the time to try and make a name for themselves. If/when someone finds something untrue, they publish it to become famous, collect bounties, and become expert consultants at ridiculously high rates. Also, this is a document sighted in many court cases and if Apple lied about it, it would ruin their business and expose them to untold levels of liability. Plus, you can look into their financials and understand that if they had any financial incentive to implement their own backdoors, it certainly isn't for the money. Their money comes from device sales.

    Besides, do you run NO software that isn't open source and you haven't read through the source? Thought so. At some level, you have to take the documentation and contracts at face value, and if you can prove them wrong, you have a strong case on your hands.

  8. Big whoop by ArchieBunker · · Score: 2

    Data stored in "the cloud" can be read by whoever runs the cloud, Fucking shocked.

    --
    Only the State obtains its revenue by coercion. - Murray Rothbard
  9. Re:iMistake by Rick+Schumann · · Score: 2

    Do you really think the Chinese government would stand for being locked out of anything within it's borders? They've either made a hush-hush deal with Apple to 'allow' them to operate in China under those conditions, or they've cracked it already. Or maybe they just do beat the shit out of anyone whose iPhone they want unlocked, beat them daily, threaten their families, and so on, until they get what they want, not like it's a stretch of the imagination in their case.