Chinese iCloud data moved to servers operated by state-owned telco

Apple's Chinese iCloud partner has struck a deal with China Telecom to migrate all in-country customer data to the state-owned firm's Tianyi Cloud service, a move that seemingly flies in the face of Apple assurances against government snooping.

According to local publication Caixin, China Telecom's Tianyi Cloud in late June signed an "Infrastructure Agreement" with Apple partner Guizhou-Cloud Big Data Industry Co. Ltd. to provide iCloud storage services for mainland China. China Telecom representatives declined to offer details of the arrangement, but said GCBD migrated all Chinese iCloud customer data to Tianyi servers.

Apple confirmed the change to TechCrunch late Tuesday.

The development is likely to raise the hackles of privacy advocates who earlier this year warned of snooping risks associated with Apple's decision to move regional iCloud data to China-based servers.

Apple completed the transfer to GCBD cloud services in February after informing customers of the handover a month prior. To conform with Chinese cybersecurity laws, both user data and the cryptographic keys that protect it were transferred in the operation.

Like other cloud storage providers, Apple secures iCloud data using cryptographic keys. Prior to the mass data migration, all iCloud keys — even those for Chinese accounts — were located on U.S. servers, meaning governmental requests for access fell under the purview of U.S. law. Those protections vanished once user data hit Chinese soil.

For its part, Apple has repeatedly said the move is a requirement for operating iCloud and other cloud services in China. The company last year said its Chinese servers do not include backdoors, adding that it would be control of iCloud keys, not GCBD. Whether the situation has shifted with the Tianyi agreement is unclear.

The decision to continue iCloud services in light of China's record of censorship and snooping is seemingly at odds with Apple's consumer privacy dogma.

"While we advocated against iCloud being subject to these laws, we were ultimately unsuccessful," Apple said in February. It added that maintaining iCloud with its partner GCBD — known to have close ties with the Chinese Communist Party — is a better option than discontinuing the service, as doing so would not only lead to a negative user experience, but would also be detrimental to user privacy.

The GCBD-Tianyi tie-up is not the first time Apple leaned on China Telecom for help with its iCloud services. In 2014, the company confirmed it was storing customer data on localized servers to improve speed and reliability for customers. Unlike the current arrangement, however, iCloud security keys were kept offshore.

30 Comments

Rayz2016 9 Years · 6957 comments

About 6 years ago

For its part, Apple has repeatedly said the move is a requirement for operating iCloud and other cloud services in China. The company last year said its Chinese servers do not include backdoors, adding that it would be control of iCloud keys, not GCBD. Whether the situation has shifted with the Tianyi agreement is unclear.
And this is the part that needs clarity: who has the damn keys?

5 Likes · 0 Dislikes

franklinjackcon 11 Years · 612 comments

About 6 years ago

It's not really surprising. Why would China allow its citizens to have their data sitting in the US where the NSA can snoop on it. The EU has the same requirements.

7 Likes · 0 Dislikes

eriamjh 18 Years · 1814 comments

About 6 years ago

Well, assuming it existed but the first place, assume all security and privacy on iCloud in China is now lost and the government is actively scanning and searching one’s data.

gatorguy 14 Years · 24693 comments

About 6 years ago

Rayz2016 said:

For its part, Apple has repeatedly said the move is a requirement for operating iCloud and other cloud services in China. The company last year said its Chinese servers do not include backdoors, adding that it would be control of iCloud keys, not GCBD. Whether the situation has shifted with the Tianyi agreement is unclear.
And this is the part that needs clarity: who has the damn keys?

Apple has never stated that GCBD could not access iCloud data, and in fact acknowledges that GCBD can access a Chinese user's iCloud data.
"...You understand and agree that Apple AND GCBD will have access to all data that you store on this service, including the right to share, exchange and disclose all user data, including Content, to and between each other under applicable law.

Of note and something many here would not be aware of: There is no Apple iCloud service in China so they have nothing to operate. It's a GCBD operation under GCBD control and rules, with Apple as a junior partner who will sometimes be required to provide support.
Welcome to iCloud operated by GCBD
THIS LEGAL AGREEMENT BETWEEN YOU AND AIPO CLOUD (GUIZHOU) TECHNOLOGY CO., LTD. (“GCBD”) GOVERNS YOUR USE OF THE ICLOUD PRODUCT, SOFTWARE, SERVICES, AND WEBSITES (COLLECTIVELY REFERRED TO AS THE "SERVICE").
https://www.apple.com/legal/internet-services/icloud/en/gcbd-terms.html

Simple logic will tell you that GCBD in order to run the service and ensure their interests are protected (!) must have control of the keys to do so, even if Apple also retains some control of their own. They are GCBD's partner, with GCBD in the driver's seat.

At least it will be a good day for Apple making sure this doesn't get much play on the web blogs or the news. There's a big money story coming in a few hours that will drag any attention away from this one.

5 Likes · 0 Dislikes

Ciprol 8 Years · 53 comments

About 6 years ago

China caught on early and has blocked the US govt intelligence agencies from mining their country's social media data for ulterior motives cf. Regime changes and cyber warfare. Of course, this pissed the US off. Seriously and through Wikileaks and other disclosures, the intelligence community/govt in the US have far more access to network data than most people know. It's all about the PR and spin.