Apple Will Store Russian User Data Locally, Possibly Decrypt on Request: Report

After resisting local government's mandates for years, Apple appears to have agreed to store Russian citizens' data within the country, a report says. From a report: According to a Foreign Policy report, Russia's telecommunications and media agency Roskomnadzor has confirmed that Apple will comply with the local data storage law, which appears to have major implications for the company's privacy initiatives. Apple's obligations in Russia would at least parallel ones in China, which required it turn over Chinese citizens' iCloud data to a partially government-operated data center last year. In addition to processing and storing Russian citizens' data on servers physically within Russia, Apple will apparently need to decrypt and produce user data for the country's security services as requested.

That's funny!

[fustakrakich]

After all that crap projecting that sign about *what goes in an iPhone stays in an iPhone*....

SNAFU

Re:That's funny!

It's about iCloud data, not iPhone data...

Re:That's funny!

After all that crap projecting that sign about *what goes in an iPhone stays in an iPhone*....

SNAFU

So, please tell us what the OTHER, equivalent-scope companies, (Google, Microsoft, et al.) do in this regard?

I'm genuinely curious.

CAPTCH: Liberty

Re:That's funny!

apple is nothing if not hypocritical.

Re:That's funny!

[fustakrakich]

They're the same or worse, but that's irrelevant. There's insufficient demand for real privacy/security, on the contrary...

But Apple's ads belie the reality...

Re:That's funny!

[ShanghaiBill]

Apple is obligated to obey the law in every country where they operate.

It is not the job of American corporations to "fix" Russia. That is up to the Russian people.

Re:That's funny!

[AHuxley]

Re AC and "in this regard?"
A domestic version of PRISM for any government that asked.
It is a legal request by a nation gov to get approval to be a connected part of the nations telco network.
Every nations sets up their own version of a "Section 702 of the Foreign Intelligence Surveillance Act" with FISA for all its citizens just like the USA did.
ie telco laws authorized by a gov. Any gov can do the statutorily authorized collection on anything it wants.
Lawful and conducted under authorities granted.
The obligation is keeping citizens in a "nation" safe. (add any nations name as needed and the big brand hands over the all the crpyo keys ;)
Any nation can create its own legally binding order or subpoena.
Its only under applicable laws, and to provide information when required by law in that nation.
The gov got a court order to see the customer data.

Re: That's funny!

It's about iCloud data, on a platform that doesn't allow its users to have removablelocal storage. "Use the cloud" sings the chorus of fans denigrating removable storage.

My android phone is logged out of Google and has been for months now. I have a big 128G SD card installed.

Re:That's funny!

That's a load of crap. We have no obligation to bow down to tyranny. If we can tear down the borders with technology, all the better! THAT would be our obligation! Liberation is everybody's obligation.

Re: That's funny!

Pull the commercials, since they have been shown they will fold to governments as needed.

"it stays on the phone, until further request."

It is ALWAYS just marketing gimmicky bullshit if it comes from Apple. They're slick that way.

Re:That's funny!

Oh well, obviously the moderators don't believe in truth in advertising either. All kissing fascist ass!

Re:That's funny!

[ShanghaiBill]

If we can tear down the borders with technology, all the better!

There are no border restrictions. Russians are free to travel. The Soviet Union ended 30 years ago.

Many countries require access to data. If American tech companies pull out of all those countries, they would be abandoning half the world to companies with even less scruples. No country is 100% pure, and in many ways America is more repressive than Russia. The FSB has a tenth of the NSA's budget, and we certainly arrest / incarcerate / execute far more people.

Re:That's funny!

Funny how all you people want to lecture us about respecting the laws of sovereign nations, while fully approving military invasions and economic warfare against the countries that mass media tells you to hate. No irony there.

I'm posting this AC because *FUCK* the moderators! They're fascists too!

Re:That's funny!

[AHuxley]

AC the trick is not to use a smartphone in any interesting way.
To LOL at the big brands to offer "security and "crypto" after the PRISM news.
Nation are getting the crypto keys as that is the telco law in each nation.

Re:That's funny!

It is not the job of American corporations to "fix" Russia. That is up to the Russian people.

Over Putin's dead body. And I mean that quite literally.

Re: That's funny!

Actually, they are not hypo-, but hypercritical. And the technical term is prompt criticality.

Re:That's funny!

Many countries require access to data. If American tech companies pull out of all those countries, they would be abandoning half the world to companies with even less scruples.

So, what you're saying is you're only helping to push people into to the ovens because if you didn't, someone else with less scruples would? Yep, that makes it okay then.

No country is 100% pure, and in many ways America is more repressive than Russia. The FSB has a tenth of the NSA's budget, and we certainly arrest / incarcerate / execute far more people.

Officially execute, sure. Russia (and China) operate on a lower budget because they allow more corruption and crime to occur while seeking to repress those that go against the regime. If you think that's less repressive, I guess you're right if you're a criminal in line with the government. For the common person, the repression caused by criminals outweighs the repression of government to seek criminals by the US government. Btw, as much as I don't like the NSA or trust its intentions, the NSA isn't going around providing information specifically to hunt and kill anti-regime Americans. At least point at the FBI or CIA which might at least conceptually do such dirty work. Or argue that people outside Russia and America are the repressed ones; except, we all know that those in Russia are repressed.

Re:That's funny!

If we don't sell Zyklon B to the Nazis, some other chemical company will, or maybe something even worse! So it's actually the morally right thing to do.

Re:That's funny!

[LostMyAccount]

Can't you make an argument that by depriving repressive country consumers desirable products because of their governments policies that it will actually motivate their citizens to demand change?

A lot of the policies of both Russia and China seem to be driven around the idea that if the can buy off their citizens with access to high-quality and usually Western consumer goods, they won't complain about political repression.

Obviously this isn't the "job" of Apple or any other specific corporation, but ironically it seems to be the exact strategy used when economic sanctions are applied to a country. The goal with Iran seems to be to make life hard for their consumers who will then demand their government change. I can't say it's been a wholly successful policy, although there are arguments that the nuclear deal wouldn't have happened without it and its leaders are genuinely concerned with a populace increasingly believing that its pursuit of unpopular policies is directly connected to their suffering.

Re:That's funny!

The primary duty of corporations is recognized to be the maximization of shareholder value.
If shareholder value is maximized by bowing down to tyranny, to tyranny they shall bow down.

Re:That's funny!

[fustakrakich]

Well, regardless of all the legal babble, I'm just saying Apple shouldn't make "privacy" promises they can't/won't keep. The safest assumption for any user to work with is that everything is collected and sorted for fun and profit.

Re: That's funny!

Android let's you use removable local storage and third party encryption, even for files on a remote server. This is far superior to Apple's faux privacy Orwellian smorgasbord of dumpster fire they call security architecture. Google is no more trustable than Apple but Google lets you trust your own security for SDcards and 3rd party options you select. Apple doesn't.
Winner: Google

Re:That's funny!

Or perhaps they are morally obligated to refuse to comply with laws that are immoral or unethical.

IBM learned that after WWII. https://en.wikipedia.org/wiki/IBM_and_the_Holocaust

(posting anon to keep from undoing moderations in this thread)

Ha! In Russia, state stores user in crypt.

[mnemotronic]

In Soviet People's Republic, government in crypt put user. Nighty, night comrade.

Re: Ha! In Russia, state stores user in crypt.

And after they shoot you they will stuff you and put you on display in what amounts to a barn

iTurd

So they're perfectly happy to protect your privacy as long as it doesn't affect their market share. Gotcha.

Re: iTurd

[registrations_suck]

Right, because guess what? No other company operating legally in Russia can ignore its laws either.

Re:iTurd

[Rhipf]

To be fair it is a bit about market share. Apple could have avoided storing the data in Russia if they stopped serving Russians. This would of course affect their market share so the OP was sort of correct that "they're perfectly happy to protect your privacy as long as it doesn't affect their market share".

Of course if they pulled out of the Russian market there wouldn't be any private data for them to protect.

Re:iTurd

[Pinky's+Brain]

You only realise that now? They do business in the US with a closed source device for which they push the updates. The only way they can protect your privacy from government is by making it technologically impossible for themselves to invade it, but that only works in some limited circumstances such as locked phones. For normal use all your data is ready for the taking by Apple and thus the US government, they knew that going in ... they are now extending that courtesy to other nations.

If they really wanted to protect your privacy they would go open source with verifiable builds, that way they would at least have to push a backdoor to all their customers to be able to target a single one. They could still do it, but it would be harder to do unnoticed and easier to challenge in court.

If It Exists In Their Product

[NicknameUnavailable]

It exists in all their products.

Re:If It Exists In Their Product

It exists in all their products.

so apple II stores data in russia?

Re:If It Exists In Their Product

If it is an apple II operated in Russia, it most certainly does.

Re:Remember "The Fappening?" iCloud is wide open

"The Fappening" was a clear indication that Apple stores all data unencrypted, or, which could be either worse or better depending on how you see it, that people at iCloud and/or NSA etc. have unrestricted access to all the unencrypted data.

Go ahead with the usual evil Russia accusations, but know that Apple and the U.S. gov are since long all up in your iPhone pictures and movies, whether they admit to it or not.

Wrong.

The "Fappening" was a result of a list of leaked Passwords of Celebrities that used extremely-guessable Passwords.

https://techcrunch.com/2016/03/15/prosecutors-find-that-fappening-celebrity-nudes-leak-was-not-apples-fault/

But still, the meme lives on, because... Apple.

As to the other stuff, give me some proof (other than that likely-faked "PRISM" PPT slide), or STFU.

Re: #notfree #fuckAPL

And then they will release a copy of all your data only it wonâ(TM)t be easy to find. First you will have to fill out some forms and sit in a lobby. Then they will show you a promotional video and then a q and a period with snacks. An attorney will explain to you how you have no rights in their building and you must follow any instructions you are given while you are perusing what amounts to your own data. These companies will have you on your knees while you lie down and let them take full advantage of your data. They will do it until the cows come home and then some. Think it just a one time pain point? No it starts all over again even before the next election

First Trump. Now Cook. Putin Pwnz!

Does that make two gay guys or three?

Re: First Trump. Now Cook. Putin Pwnz!

Yes Roger Stone, Donald, and sputin

Don't forget their default search engine

Don't forget that Apple apparently auctions off their default search engine to Google for billions of dollars instead of using something like duck duck go.

So they will blame Google for tracking you, but they are basically selling your tracking data to them. They didn't set the default to free (so they are profiting)

They also force you to allow them to track what apps you've installed on your devices.

Apple has only gotten away with this crap because they always blame someone else. But seriously, their privacy claims are backed up more by marketing than reality

APL

I got fed up with APL's funky keyboard and said **** APL. COBOL rules!

Re:Ha! In Russia, state stores user in crypt.

[Aighearach]

You can't blame Apple for this, that would be like saying that IBM shouldn't have helped the Germans in the 1930s. /s

Re:Ha! In Russia, state stores user in crypt.

You can't blame Apple for this, that would be like saying that IBM shouldn't have helped the Germans in the 1930s. /s

If you live in Russia you already have bigger problems than where Apple is being told to store your data.

Re:Remember "The Fappening?" iCloud is wide open

Oh yes apple is so secure. Remember when you could log in as root without any password into macos. Such a meme.

OMG, Apple colludes with Russia!

OMG. Apple colludes with Russia! Put 'em all in prison! Hang the treasonous rat bastards who decided this was okay to do! Traitors.

Quite reasonable

[goombah99]

Microsoft got in a snarl for keeping US accounts on UK servers or vica versa then refusing to comply with data requests.

Then there's the issue of are you allowed to encrypt communications at all as a means to evade warranted surveilance? For example, in the 70s some folks marketed an encrypted CB radio. If you recall CB radios, one of their uses was for drug running speed boats to arrange a meeting at sea. And for smuggling and illicit transport of goods in the US.
The FCC ended that one by saying CB band could not use encryption.

SO there's strong precedents that say the governement may access your encrypted communications. A lot of people chafe at this. But the point is not what is should be but what is the law and precedent. And if that precedent exists in the laws of a country then the companies need to follow it.

Where it gets tricky is when the company that is providing the offshoring doesn't exactly reside in the US
Off-shoring is a tricky bussiness. This happens in banking a lot. People hide money in offshore accounts. Now what authority does the US or any country have to interogte those accounts? If the banks are solely in another country and don't rely on US systems to do bussiness the US govt doesn't have a lot of leverage.

So why can't I offshore my e-mail. And for that matter VPN my Voip off shore so that it prohibits eaves dropping by the govt.

If my service provider is say, Yandex or Baidu, it may not have any bussiness ops in that part of it's bussiness in the US. So how does the US make them comply?

For that matter Microsoft itslef is an Irish/Dutch company so why should theyhave to comply with US data laws?

THe answer is indirect. Apple and microsoft have bussiness ops in the US and Russia that requires good relations. They can't be scofflaws on e-mail if they want to sell iphones or MS Word.

SO it's totally reasonable that if you are going to comply with a country's data and privacy laws you do it as they prescribe. It's not a moral decision.

Re: Quite reasonable

A drug running speedboat would go to illegal frequencies less monitored. They're running drugs, ya know. They'd have their own crystals all prearranged.

Re:Quite reasonable

[AHuxley]

Want to enter another nation with a smart phone brand?
Its another nations laws and telco network that will have to be connected to.
Don't hand over the keys and they can say its not going to be possible to approve that brand of smart phone.
Once the security services are happy they have plain text, files, voice prints, real time tracking, mic on/off, soft power GUI on, then the smart phone is legal.
Great for tracking anyone who was near all the MI6/CIA "embassy" workers.

Re "Now what authority does the US or any country have to interogte those accounts?"... "US govt doesn't have a lot of leverage"
Look at the way the USA deals with Swiss and North Korean attempts at providing quality banking services globally.
In the end they all conform to what the USA gov wants.
The US gov gets the full list of all US citizens who use/used any and all banking services/products in Switzerland.

Re: Quite reasonable

That's funny! please continue your security through obscurity while my digital tuner tracks you.

Re: Quite reasonable

They can still use encryption even if they change the band, smarty-pants. You cannot be this stupid and operate a tuner.

Really?

[grep+-v+'.*'+*]

Apple will comply with the local data storage law, ... Apple will apparently need to decrypt and produce user data for the country's security services as requested.

So they'll stand up to OUR government in 2016 (Apple won't decrypt a phone for the FBI Info link) but they'll lower their standards for foreign governments?

No matter which way you fall on this issue -- SHOULD have or should NOT have -- this is wrong.

If Apple is "The Angel of Privacy everywhere" then they should stand up for no decryption. If they take the stance "the local government makes the choice and we'll follow", then they should have decrypted the phone.

"But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone." Link

So if other governments ask for it, it's OK? Expect weasel words soon: it's not OK, but they made us do it against our will. We couldn't sell there if we didn't do it. There's a chance it might be accessed, but think of all the good information they now have access to they didn't before.

I'm not a particular fan or enemy of Apple (they produce good products that don't meet my Bang for the Buck requirements) but you're actively doing things for our frenemies that you wouldn't do for our country?? And don't give me that "we're standing up for what's right" bit, you're certainly not standing up Over There.

"Oh, but politics isn't our job." Just TRY that one.

Re:Really?

What is hard about this? They'll do what it takes to operate in different legal/political environments. As long as nobody is physically killing people with the iphones like a blunt weapon they figure it's probably going to be NBD.

When in Rome. Apple has a squeaky clean image advertised for a long time that it never really lived up to, so who's surprised by that? It's the same as anything else. Oil, fighters, missiles, spying hw, it's all profitable AF.

You're historically basically a libertarian who thinks corpos should be able to do what they want, I don't see why you're so upset about Apple in particular. They're hardly first nor last.

Re:Really?

[AHuxley]

Re "So if other governments ask for it, it's OK?"

Projects like PRISM, BULLRUN https://en.wikipedia.org/wiki/... gave the US gov everything it needed on different networks.
The NSA and GCHQ would have never allowed any consumer phone/smart phone to be approved that did not give them tracking, voice prints, real time decryption.
The GCHQ would have never allowed any advanced secure consumer tech for use in Ireland.

So every consumer product in the free West is wide open.
Russia just wants the same keys for a consumer product to be network connectable.
Want to sell a smart phone in Russia? Its the same standard of network law.

Sell in other nations?
Security services want the same tracking, decryption, voice prints, GPS, GUI movement maps, power on, live mic.
Like Canada, New Zealand, the UK, Ireland.

Re:Really?

[supernova87a]

Well, you're missing a technological aspect of the problem.

Apple does not / cannot decrypt data on your phone because once it's encrypted with the strong keys + your passcode, Apple has no ability to disable or circumvent the hardware to get it off the phone and let it be brute force cracked. And the hardware prevents brute force cracking while on the phone.

On the other hand, with servers and cloud data, Apple does have the ability to turn that over the encrypted data to someone to be decrypted, even if not by themselves.

Re:Really?

[tlhIngan]

Apple will comply with the local data storage law, ... Apple will apparently need to decrypt and produce user data for the country's security services as requested.

So they'll stand up to OUR government in 2016 (Apple won't decrypt a phone for the FBI Info link) but they'll lower their standards for foreign governments?

No matter which way you fall on this issue -- SHOULD have or should NOT have -- this is wrong.

If Apple is "The Angel of Privacy everywhere" then they should stand up for no decryption. If they take the stance "the local government makes the choice and we'll follow", then they should have decrypted the phone.

Uh, there are two different encryptions you know? There's one on the phone itself, and Apple has said no to that.

Then there's encryption on cloud data, and Apple has always provided that information with a warrant.

Even the FBI got a copy of that guy's iCloud data when they asked Apple.

The "decryption" part is stuff like messages and such, which are stored encrypted in iCloud, but are decryptable by Apple (so you can sign in on another phone and get the history).

Apple still can't decrypt phones and won't decrypt or unlock a phone. But they will hand over your iCloud data if there's any to be handed over (since it's not mandatory to use), even though that data is stored encrypted.

And China has the same deal - Apple will hand over iCloud data, decrypted if need be. But the phone's encryption is still stored on the phone, and no encryption keys to that are stored by Apple.

The FBI wanted Apple to write special software to help them break into the phone, something Apple still refuses to do. Even more importantly, the FBI could've broken into the phone using TouchID but simply refused to, relying instead on politics to help make their case. And Apple was calling the FBI if they needed assistance on that.

Re:Really?

[Pinky's+Brain]

The have made it impossible to themselves to the best of their abilities to get data off a locked phone, but that's not really relevant to a running phone receiving updates. As long as they can push an update to your phone they have the ability to get all your data off it, in plain text.

Re:Really?

Fuck Russia right in the face. They don't deserve anything other than violence and destruction.

Re: Really?

In China. The government has free access to every iCloud account. They donâ(TM)t need apples permission or help to bulk search all of the information. Apple only cares about privacy when it does not affect their bottoms line

Re:Really?

[sysrammer]

You got it. Most of the other comments are comparing apples and oranges (pardon, not intentional). A lot of folks aren't realizing the difference between their handheld and a server farm.

Re: Really?

[sysrammer]

Again, the device is not the cloud.

Re:Really?

It shows that not decrypting was a marketing decision rather than a moral one. The felt at the time that it marketed better to the public to stand up to the Govt. but no real moral backbone at all just Tim Cook trying to read the mood of the customers.

Poster is a Troll

moddown

Actions speak louder than words

They make a big noise about privacy, but actions like this, speak louder than their words.

AC is a Troll!

stamp out!

TRANSLATION!!!

"EVIL APPLE following the local laws in other countries!!! How is that being SJW OF THE WHOLE WORLD??? Protest EVIL APPLE!!!"

possibly decrypt?!? how?

I have a hard time imagining buying a computer where the manufacturer, rather than me (the owner), would have the key that decrypts the data I've stored on it. WTF kind of luddite regression is going on with this garbage?

If people are going to buy these kinds of Blue Light Specials, they ought to be warned that they aren't up to level of technology that you find on everything else made in the last 50 years. Perhaps iOS devices should be required to have a big sticker on the front of the box, saying "WARNING: THIS IS UNUSUALLY INSECURE, COMPARED TO, OH SAY, A MS WINDOWS 3.0 MACHINE OR A VIC-20" simply in the interests of basic consumer protection and fraud prevention.

Re:possibly decrypt?!? how?

[Pinky's+Brain]

Apple controls all the software which runs on an iPhone, they let you keep your keys private as a privilege granted by a limited contract (not even an explicit contract, but advertising statements). It's not guaranteed by technology, it can not be. Anything you can do on your phone they can do, simply by pushing an update.

They use end to end encryption with the keys private on your device, but they have remote root on your device ...

Re:Remember "The Fappening?" iCloud is wide open

No. The data was unencrypted and was taken directly from the inside. Apple is one of the most valuable brand the country has, and damage control is priority #1.

There is no way any individual or small group of individual would be able to successfully gather enough contact information on over a hundred young celebrity women, and somehow magically discover that they all had easy to guess passwords, discover that by chance they were all using iPhone and iCloud, and then be able to counter two-factor authorization and other security meassures, and finally get inside.

This was someone who had unrestricted access (certain iCloud employees and NSA, possibly some branches of "law" enforcement), who could happily search for every cute celelbrity girl in the system and download everything when there was a positive match.

Your idea, and what's regurgitated in the traditional media, that some evil hacker just need to rub his hands and press a few keys and buttons on a phone, does not correlate with reality.

If you use an iPhone and iCloud, then your shit is up for grabs by the people on the inside. Now STFU.

Apple cares about your privacy, as long as your no

The iCloud key bags are stored on computers owned and operated by the Chinese government. They donâ(TM)t need to ask apple to bulk search everyoneâ(TM)s iCloud account. Apple will bend over backwards and do the same in Russia. They only care about privacy when it suits their bottom line

WELCOME TO THE CLOUD! lol

Where your data is no longer yours. And can be inspected on request. Oh how 1984.

Next all those alexa and google home devices will have their recordings inspected.

Not to mention the "not our fault" if your cloud service stops working, and little to no recompense if your drive or icloud drive gets fubar'ed over by some support idiot (plenty of examples of people not being able to get help from google to recover their data when google *ban* their account for some other service or incorrect flag)

Seriously, get off the cloud and stop trusting other people to keep your data secure.

Time to dust off Godwin (morally)

This trite argument being made by the looks of Google, Apple, and Facebook of "we just comply with local laws, and we really just want to serve the users in that other country" would have very interesting implications in the 1940s.

Would Apple have happily served the many good folks err "volks" of Germany (AKA "Deutschland" or "the fatherland") and still been a "good" company as it complied with the local eugenics laws and the holocaust?

If that smartphone is spying on the user and trying to figure out if he or she might be a smidgen Jewish and then contacting authorities and auto-booking passage on the nearest boxcar to a camp...... well THAT's just "complying with the local laws" isn't it???

If a smarphone is photometrically measuring the user's head and sending the data to the Reich's phrenology agency for a friendly follow-up, what could possibly be wrong as long as it's in compliance with local laws?

I suppose it would also be fine for Apple to block all apps and news sources that Herr Geobbels at the propaganda ministry "requested" to be blocked "in accordance with local laws", right?

Tim Cook and company are full-on evil in the loving embrace of the largest and most powerful fascist country in human history, and they deserve the total scorn of any free decent human being who still has a soul. If filthy lucre will lure a company into doing business in China, then that company would absolutely have done business with the Third Reich; both regimes are fascist police states. China may pretend to be communist, but they are actually the best example of the fascism that Mussolini invented.

Have to respect different requirements

Not every country has the same laws, so if you want to offer services in those countries you have to adhere to them.