By Boris Zyumbyulev || Staff Writer
Apple has now decided to move its Chinese iCloud data and iCloud encryption keys to China.
The change is a result of new governmental regulations. Last June Beijing introduced a new cybersecurity law after consulting the company on the same, which forces data to be stored within the country. Prior to that, Apple traditionally stored all of its users’ data in the US along with the encryption keys. However, last month the US firm confirmed that by the end of February, the Chinese Guizhou-Cloud Big Data (GCBD) would be taking over the management of local data. Additionally, Apple has agreed to move their Chinese encryption keys to China.
While this does not affect any users other than Chinese registered ones, the decision has raised international concerns about human rights and privacy.
“The changes being made to iCloud are the latest indication that China’s repressive legal environment is making it difficult for Apple to uphold its commitments to user privacy and security”, is what Amnesty International claimed in a statement February 27th. What allowed Apple to have more control and ensure privacy for its users is that the data was stored in the US. In other words, if the Chinese government was interested in accessing any information, they would have to go through an international legal process and then have to comply with US law. According to Ronald Deibert, director of the University of Toronto’s Citizen Lab, which investigates the intersection of human rights and digital policy, the move allows the the Chinese government to avoid these processes, since all the data and encryption keys will be in their jurisdiction. The lateral movement risk detection is what is needed to avoid cyber attacks and phishing.
However, Apple is not the first company to be forced to alter its data storage behavior according to CNN. Amazon and Microsoft are already storing their Chinese data in the country. According to Beijing the regulations were put in place to allow the state to prevent crime and terrorism, and ultimately protect Chinese citizen’s privacy.
A spokesman for Apple informed CNN that their “choice was to offer iCloud under the new laws or discontinue the service.” However, this also underlines the complicated ethical situation the firm is in. It is unclear whether Apple will be able to resist pressure from the government if Beijing asks for a “backdoor.” In December 2016, when the terrorist attack of San Bernardino occured, the United States asked for a way into the iPhone of the one of the terrorists. Then, CEO Tim Cook claimed that it would be too dangerous to set that precedent and allow people’s data to have a “backdoor.” Thus, Apple publicly fought against a US court’s order for such an option. However, Apple presented its case on the privacy rights that exist in the US. Since those rights do not exist in China, it is unclear how can Apple protect its data against a state request.
Last year Apple, under different Chinese regulations, was forced to pull all VPN applications from their App Store, which also raised international backlash. Both cases, however, illustrate a firm’s struggle to maintain and protect consumer rights abroad, while also staying within the bounds of the law in a given country. The size of the Chinese market makes it difficult for firms to simply collect their services and leave the country. Thus, the future ramifications of this policy remain unseen.
Sophomore Boris Zyumbyulev is a staff writer. His email is email@example.com.