Apple is accused of letting China control the national data |
To do business in China, foreign technology companies must comply with strict government oversight and cybersecurity laws, and Apple has been criticized by civil rights activists for complying with China's complex anti-opposition regulations.
In recent years, Apple has been accused of subserving Chinese censorship by removing the podcast apps, bundled mobile games and map apps used by pro-democracy activists in Hong Kong.
More and more reports describe Apple's relationship with the Chinese government, and a new report shows that the way Apple handles domestic data could create another ethical nightmare for Apple.
Apple has transferred control of its data centers in Guiyang and Inner Mongolia to the Chinese government, according to a variety of documents examined by the New York Times.
These documents contain little information about the company's franchise to do business in China, as well as comprehensive information on how Apple is responding to the growing demands of Chinese authorities.
Twenty years ago, as Apple's COO, Tim Cook took the lead in promoting the company's entry into the Chinese market. This decision made Apple the most valuable company in the world and became Steve. The undisputed legacy of Steve Jobs.
Apple now collects nearly all products and has a fifth of its sales in China. Just as Cook discovered how China could serve Apple, China allowed Apple to serve the Chinese government as well.
This exemption was reportedly made under a 2016 law requiring all personal and critical data collected in China to remain in China.
Apple moved its Chinese customers' iCloud data from servers outside the country to the Chinese state-owned network of GCBD.
The company did this on the advice of its team in China, which is part of the Golden Gate in-house project.
In this way, Apple can protect itself from US law, which prohibits US companies from transferring data to Chinese law enforcement agencies.
The key location for storing Chinese customer data is at the heart of the negotiations between Apple and Chinese officials. Apple wants to keep it in the US while Chinese officials want to keep it in China.
The Cybersecurity Act came into effect in June 2017. A tentative agreement between Apple and Chinese officials intentionally blocked the location of the key, but eight months later, the encryption key was sent to China.
Apple's concession has made it nearly impossible to block the Chinese government from accessing the emails, photos, documents, contacts, and websites of thousands of Chinese.
Related Apple executives told the New York Times that the move could put customer data at risk.
Under the new iCloud Terms of Service, Chinese users have received notifications of the changes, with GCBD listed as the service provider and Apple as the counterparty.
Apple announced to customers that the update aims to improve iCloud services in China and comply with Chinese regulations.
The terms and conditions contain a new clause that will not be published in other countries / regions: Apple and GCBD can access all data stored through this service and share this data with each other in accordance with applicable law.
The New York Times admitted that it saw no evidence that the Chinese government had access to the information, but the documents showed that Apple made concessions that would make the government's job easier.
The problem is that officials can request this data from domestic companies under laws that comply with the rules that prove that the United States and its allies block Huawei.
Another problem is the type of encryption technology that Apple uses in China.
Documents show that GCBD personnel are effectively controlling the server while Apple employees oversee the process mostly overseas. Security experts say this agreement alone poses a threat that no engineer can solve.
The documents also show that Apple uses a different encryption technology in China than anywhere else in the world, and the digital keys that can decrypt iCloud data are usually stored via specialized devices, called HSM.
After the Chinese government rejected HSM devices, Apple planned to build new data storage security devices that use an older version of iOS and low-cost hardware originally built for the Apple TV.
The outdated technology has raised concerns among security experts that these devices could be easily penetrated by hackers.
The Chinese iCloud network is created, managed and monitored separately from all other networks, without any means to move to other networks outside the country, and this measure aims to prevent security breaches in China from spreading to the rest of Apple's data centers.
Apple refutes the allegations in the report, and said: It designed iCloud security in such a way that it alone controls the encryption keys, and isolated Chinese data centers because they are owned by the Chinese government.
She added that some of the documents seen by the New York Times are old and that Chinese data centers feature the latest and most sophisticated protection methods, and in addition, they keep all external parties separate from their internal network.
In addition to processing data, Apple also continues to proactively delete software at the request of Chinese censors.
An analysis by the New York Times found that tens of thousands of apps have disappeared from the Chinese app store over the past several years, more than previously known.
The deleted apps include foreign news services and encrypted messaging apps.
It also blocked apps from the Dalai Lama, the spiritual leader of Tibetan Buddhism who fled China in 1959 after a failed uprising against Chinese rule while hosting apps from a Chinese paramilitary group accused of detaining and mistreating the Uyghurs, a Muslim minority in China.
Apple opposed these figures, saying: Some developers are removing their own apps from China, and that since 2017 it has closed about 70 news apps in response to the demands of the Chinese government.
According to Apple, the majority of apps it removed at the request of the Chinese government were related to gambling or pornography or were operating without a government license, such as loan services and live streaming apps.