Yesterday, Apple officially transferred Chinese users’ iCloud data from servers in the USA to data centres that belong to, and are run by, Chinese state-run firm GCBD. This means every single Chinese citizen’s iCloud data will in future be hosted on government-owned servers, together with the iCloud encryption keys that are used to unlock that particular account.
This comes after Apple unsuccessfully tried to appeal against new Chinese legislation.
A company spokesperson tried to soften the blow by saying: “Apple has not created nor were we requested to create any backdoors and Apple will continue to retain control over the encryption keys to iCloud data.”
For Apple users that are wondering how what happens in China concerns them, the spokesperson also said: “As with other countries, we will respond to legal requests for data that we have in our possession for individual users, never bulk data.”
The fact remains that instead of terminating its iCloud services in that country, Apple has now transferred all iCloud data belonging to Chinese users to government-owned servers inside that country.
This move lets the Chinese government use that country’s legal system to force Apple to divulge a user’s iCloud data, while before they had to approach the US legal system. Many commentators have expressed doubts over whether Apple will in future still be able to safeguard Chinese iCloud users’ data given the circumstances.
On Tuesday, Amnesty International said in a statement: “The changes being made to iCloud are the latest indication that China’s repressive legal environment is making it difficult for Apple to uphold its commitments to user privacy and security.”
Security and human rights expert Ronald Deibert warned that Apple’s Chinese customers will have to take matters into their own hands if they want to protect their sensitive data, and find alternative, potentially inconvenient ways to keep their private data out of Apple’s iCloud.