Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple to move Chinese iCloud keys to China servers, opens door to government data requests

In order to conform with Chinese cybersecurity laws, Apple will for the first time move cryptographic iCloud account keys out of the U.S. and into China when it migrates customer data to a local server farm in late February.

Apple notified users of the data transfer in January, saying stored information would be moved to servers operated by its in-country partner Guizhou-Cloud Big Data Industry Co. Ltd. At the time, Apple failed to detail what information would be included in the move.

On Friday, Reuters confirmed customer iCloud keys are part of the mass transfer, potentially making it easier for Chinese government agencies to obtain user texts, emails and other information.

Under Apple's security protocol, data stored in the cloud is encrypted, as are data transfers to and from user devices. Like other systems, cryptographic keys are required to access iCloud data. Currently, all iCloud keys — even those for Chinese accounts — are located on U.S. servers, meaning governmental requests for access fall under the purview of U.S. law.

Those protections will disappear as soon as Apple migrates the keys into China. Once on Chinese soil, government agencies will be able to request information through the Chinese legal system, which lacks the transparency, checks or oversight of its American counterpart.

Human rights activists have voiced concern that such change could be dangerous for users branded as political dissidents, whose communications and personal information might soon be open to surveillance.

For its part, Apple has repeatedly said the data migration is a requirement for operating iCloud and other cloud services in China, a lucrative region it cannot afford to overlook. Still, the decision to continue service in light of China's notorious record of censorship and government snooping is seemingly at odds with Apple's consumer privacy dogma.

"While we advocated against iCloud being subject to these laws, we were ultimately unsuccessful," Apple said in a statement. The company went on to argue that maintaining iCloud with its partner GCBD is better than discontinuing the service, as doing so would lead to a negative user experience and would be detrimental to user privacy, the report said.

Sensitive to the political climate, Apple last year said its Chinese servers do not include backdoors and that it would be control of iCloud keys, not GCBD. That might not matter, however, as those keys will be subject to the Chinese legal system, an entity legal experts note lacks mechanics by which warrants are reviewed by an independent court, the report said.

Apple said it will not switch Chinese customer data over to GCBD servers until they agree to new terms of service, but points out that more than 99.9 percent of iCloud users have already done so, according to the report.

In previous statements on the matter, Apple said users who do not wish to have their data transferred have until the end of February to terminate their account.



46 Comments

racerhomie3 7 Years · 1264 comments

Use local iTunes backup Chinese users.
Stop being complicit.I know most of you sold your souls to free services ,but try to use encryption when you can.

saltyzip 10 Years · 193 comments

As only the well to do people in China have iPhones this could be a nice cherry picking exercise for the Chinese government to take advantage of. If US government wants to ban Huawei electronics from operating in the US, why doesn't China threaten to ban Apple from its own country, seems only fair?

optik 16 Years · 23 comments

 I think we’re going to enter the spin zone.
🤢

foggyhill 10 Years · 4767 comments

optik said:
 I think we’re going to enter the spin zone.
🤢

The one were the Chinese users and Apple have to follow Chinese laws, unless Apple becomes a foreign power, there is nothing else to do here.
And yes, in the US, the government can ask the same, that's why Apple is trying to move away from actually owning those encryption keys even for Icloud storage although they do have to "know" some of the metadata cause well, Apple knows who you are obviously. So, they could match a origin apple ID with a destination one and yet not know or be able to retrieve the content of the message.

robin huber 22 Years · 4026 comments

Is there any chance U.S. users’ data could end up in the Chinese cloud?

Can a Chinese user travel to the U.S., buy their devices here, set up their accounts here, then go back to China and access the U.S. iCloud from there? I realize that they’d have to pay a lot for roaming data from a U.S. carrier, but for their wealthy it could be a way to avoid government snooping.