Amnesty International is calling on Apple to inform Chinese iCloud users that their data might be at risk of government prying after the company migrated regional accounts to China-based servers, a move designed to conform with local laws.
In a post to its official blog on Thursday, Amnesty announced a new social media initiative urging Apple to inform its Chinese customer base of potential unwarranted data access by government agencies. The campaign is timed to coincide with CEO Tim Cook's visit to China, where he is co-chairing the China Development Forum.
"Tim Cook is not being upfront with Apple's Chinese users when insisting that their private data will always be secure," said Nicholas Bequelin, East Asia Director at Amnesty International. "Apple's pursuit of profits has left Chinese iCloud users facing huge new privacy risks."
Apple in February moved Chinese iCloud keys to a local server farm run by in-country partner Guizhou-Cloud Big Data Industry Co. Ltd.
The Cupertino tech giant opened its first China-based data center in collaboration with GCBD in 2017, noting at the time that the facility would allow compliance with newly passed regulations. China last year passed cybersecurity laws requiring foreign internet companies to store customer data on domestic servers.
For its part, Apple said it advocated against iCloud being subject to the new rules, but was ultimately unsuccessful in its attempt at exclusion. Instead of discontinuing the service, a move Apple said would lead to negative user experiences and eroded customer privacy, the company conformed and migrated data to GCBD.
Of concern to privacy advocates is GCBD's close ties to the Chinese Communist Party, whose cybersecurity regulators are notorious for surveillance programs and operations to stifle free speech.
To allay fears, Apple promised consumers it would not allow backdoors into GCBD's servers, and that it would be control of iCloud's cryptographic keys. With those keys subject to China's legal system, which lacks a system for independently reviewed warrants or data requests, that detail might not matter.
"By handing over its China iCloud service to a local company without sufficient safeguards, the Chinese authorities now have potentially unfettered access to all Apple's Chinese customers' iCloud data. Apple knows it, yet has not warned its customers in China of the risks," Bequelin said. "Apple needs to be much more transparent about the risks to privacy posed by recent changes to the iCloud service in China."
Apple informed Chinese users of the data transfer in January, a month prior to the actual handover. In a message to existing customers, the company said its GCBD partnership will enable speed and reliability improvements and compliance with Chinese regulations. Further, a link to GCBD's terms and conditions was provided.
Apple in previous statements said it would not migrate customer data to Chinese servers without express customer consent, noting those who did not wish to have their data transferred were able to terminate their account. In February, shortly before the exchange was scheduled to take place, the company said more than 99.9 percent of current Chinese iCloud users had agreed to the terms.