To comply with Chinese law, Apple has moved Chinese iCloud accounts and encryption keys to China.
The great encryption debate was a boon for Apple in terms of their reputation for security. In the case of an employer owned iPhone used by the terrorist responsible for the San Bernardino attack, Apple had no problem standing up to the phone’s legal owner, and the United States government in refusing access to the phone. Consumers in America are still under the belief that Apple is fighting the government for their privacy, It appears that Apple didn’t put up as much of a fight in China, or at least didn’t have as much of a media circus.
To comply with Chinese law, Apple has moved Chinese users iCloud accounts to China. China recently passed laws that cloud services offered to Chinese citizens must be operated by Chinese companies and the data stored within China. Apple has chose to partner with Guizhou – Cloud Big Data Industry Co Ltd. The Guizhou company is state-owned and has close ties to the Chinese Communist Party.
With this change, China will no longer need to approach Apple in US courts to obtain user information. Apple has admitted that they will comply with valid legal requests in China. Of course valid legal requests in China differ very much from valid legal requests in the US. Court approval is not required under Chinese law. Instead, police have broad power to obtain evidence, no matter how early it may be in the investigation.
Apple is quick to point out that China does not have a “backdoor” into their system. Of course this should be a very important point to make, as Apple implied complying with US law would be creating a “backdoor”. But where is the truth? In the US, there was a valid court order. Federal law enforcement and Congress was even involved. What Apple is complying with in China is little more than local police demanding information, and Apple handing it over. Is it a backdoor? No, I don’t believe so. But I don’t believe the terrorist phone would require a backdoor either.
In fairness to Apple, there is a difference between an iPhone and iCloud. The level of security is very different. The San Bernardino case required access to a phone. This new China policy requires access to iCloud. However, we do now know, that by Apple’s definition, a backdoor does exist for the iPhone. The Israeli security company Cellebrite now offers to hack any iPhone at a very affordable cost for law enforcement. While I, again, would not call this a backdoor by any means, Apple said that if they were forced to obtain access on a locked phone, that would be creating a backdoor. Yet they don’t seem to be doing anything to stop Cellebrite.
Yes, the encryption debate was great for Apple’s marketing, but I think it’s safe to say that’s a well Apple won’t be able to return to.