Chinese iCloud data moved to servers operated by state-owned telco
Apple's Chinese iCloud partner has struck a deal with China Telecom to migrate all in-country customer data to the state-owned firm's Tianyi Cloud service, a move that seemingly flies in the face of Apple assurances against government snooping.
According to local publication Caixin, China Telecom's Tianyi Cloud in late June signed an "Infrastructure Agreement" with Apple partner Guizhou-Cloud Big Data Industry Co. Ltd. to provide iCloud storage services for mainland China. China Telecom representatives declined to offer details of the arrangement, but said GCBD migrated all Chinese iCloud customer data to Tianyi servers.
Apple confirmed the change to TechCrunch late Tuesday.
The development is likely to raise the hackles of privacy advocates who earlier this year warned of snooping risks associated with Apple's decision to move regional iCloud data to China-based servers.
Apple completed the transfer to GCBD cloud services in February after informing customers of the handover a month prior. To conform with Chinese cybersecurity laws, both user data and the cryptographic keys that protect it were transferred in the operation.
Like other cloud storage providers, Apple secures iCloud data using cryptographic keys. Prior to the mass data migration, all iCloud keys — even those for Chinese accounts — were located on U.S. servers, meaning governmental requests for access fell under the purview of U.S. law. Those protections vanished once user data hit Chinese soil.
For its part, Apple has repeatedly said the move is a requirement for operating iCloud and other cloud services in China. The company last year said its Chinese servers do not include backdoors, adding that it would be control of iCloud keys, not GCBD. Whether the situation has shifted with the Tianyi agreement is unclear.
The decision to continue iCloud services in light of China's record of censorship and snooping is seemingly at odds with Apple's consumer privacy dogma.
"While we advocated against iCloud being subject to these laws, we were ultimately unsuccessful," Apple said in February. It added that maintaining iCloud with its partner GCBD — known to have close ties with the Chinese Communist Party — is a better option than discontinuing the service, as doing so would not only lead to a negative user experience, but would also be detrimental to user privacy.
The GCBD-Tianyi tie-up is not the first time Apple leaned on China Telecom for help with its iCloud services. In 2014, the company confirmed it was storing customer data on localized servers to improve speed and reliability for customers. Unlike the current arrangement, however, iCloud security keys were kept offshore.