
Apple in China: who holds the keys? - auslander
http://blog.cryptographyengineering.com/2018/01/16/icloud-in-china
======
abalone
_> Where Apple provides overwhelming detail about their best security systems
(file encryption, iOS, iMessage), they provide distressingly little technical
detail about the weaker links like iCloud encryption._

Sounds like the author missed Apple's BlackHat 2016 talk. It goes into _lots_
of technical detail on Cloud Key Vault.[1] Well worth watching -- and a very
cool implementation of a secure backup system designed for "adversarial
clouds".

It's pretty cool how it retains end-to-end encryption of your keychain while
also backing it up to untrusted clouds. Basically it employs Hardware Security
Modules that limit recovery attempts to 10 tries before destroying the data,
thus protecting against backend brute forcing and allowing you to use your
relatively weak device passcode to encrypt the backup. And here's the kicker
-- they put the HSM firmware signing keys in a blender so even an adversarial
government can't force them to modify them.

Update: I guess he did watch the video (he previously wrote a whole post on
it). So I'm not sure what he thinks is missing, or maybe I misunderstood and
he's only complaining about non-keychain data encryption.

[1]
[https://www.youtube.com/watch?v=BLGFriOKz6U&feature=youtu.be...](https://www.youtube.com/watch?v=BLGFriOKz6U&feature=youtu.be&t=25m43s)

~~~
kodablah
I think the author is looking for written documentation and reference
material, not a presentation that may be outdated and not apply to this
situation. I concur with the author, this should be available in clear
unambiguous docs. Instead, many are unfortunately forced to point to old
videos and depositions as reference material.

~~~
abalone
August 2016 is not that old, it clearly applies to this situation
(“adversarial clouds”), and also the salient points are documented in the iOS
security white paper which is updated annually:
[https://www.apple.com/business/docs/iOS_Security_Guide.pdf](https://www.apple.com/business/docs/iOS_Security_Guide.pdf)

~~~
sandworm101
And why should we assume that every cloud is the same? The china cloud might
be different in tiny but important ways.

Or all the clouds might have 'evolved' a few minutes ago to comort with some
new apple policy. This is all about trusting a corporation. I still prefer to
handle my own encryption, keeping my keys how and where i like.

~~~
abalone
Nobody is assuming that. The whole point is it can store secrets on
adversarial clouds. The key stays with the client.

------
TaylorAlexander
Quick question: if a user is under camera based surveillance and they type in
their PIN, does that allow someone holding their data to decrypt it?

Because apparently China is putting cameras everywhere, and it stands to
reason they could have a module that monitors for PIN entry and records it.
Even at my workplace in the US I try to avoid entering my PIN near security
cameras.

~~~
lathiat
The answer to this _used_ to be no, but iOS 11 made a number of changes that I
don't fully understand yet; I think the answer is still no unless you have the
device then you may be able to get an iCloud reset token.. but don't take my
word for it. (at that point they already have your device though eh?)

As a side note I think people _vastly_ underestimate how easy it is to capture
you typing your password on a phone screen.. especially when you put it in the
context of complaining about minor security implications of TouchID or FaceID.
I would suggest it's typically much easier to watch you typing a password than
to clone your TouchID .

~~~
auslander
Snowden hides under towel to type passwords :))
[https://youtu.be/4EgTXEn15ls?t=37m31s](https://youtu.be/4EgTXEn15ls?t=37m31s)

~~~
jacquesm
I could not help but notice the dissonance between Laura Poitras arriving at
'Newark Liberty International Airport' and how she was treated there. For
small values of Liberty I guess.

It's simply harassment, the kind that I would have expected in former Eastern
Germany, Poland, Russia or any other state like that.

~~~
mindslight
Furthermore, clicking the above link actually displays a message saying the
video is not available for viewing in the US...

~~~
jacquesm
That's odd, it works for me.

~~~
mindslight
Sorry. I edited to add that it's based on country - information control (and
its associated ambiguity) being another quality of totalitarianism.

~~~
lern_too_spel
It clearly says it's blocked by the Weinstein Company, who owns the US rights.

~~~
mindslight
There's always a justification.

------
omeid2
Y in X: who holds the keys? The alphabet agencies in X.

Where Y is any corporation, and X any nation. At this point, I believe any
assumption otherwise is naive.

------
natch
What I want to know is if I send an iMessage to someone who is, unbeknownst to
me, living in or visiting China, does that mean my private information is now
going to be shared with the Chinese government without my knowledge?

I get that we have “no” or very little privacy now. But I’m wondering if Apple
is making it clear to users in the US that their private messages may be
siphoned off and exploited by governments of countries they have never been
to.

~~~
dfee
Well, which is it? Do you want to know the answer to your question, or do you
already have the answer as suggested by your claim?

~~~
natch
Well there's a contradiction. On the one hand, if I send a message to China
(including unknowingly) it sounds like it would end up as part of a
conversation stored on servers in China. On the other hand, Apple has a
reputation as a company that cares about and protects user privacy. There's a
contradiction, is all I know.

------
Cw67NTN8F
So if China demands the key, Apple will pull out of China?
[https://www.cnbc.com/2017/11/02/apple-china-revenue-
up.html](https://www.cnbc.com/2017/11/02/apple-china-revenue-up.html) ~$10
Billion last quarter of 2017

------
motohagiography
I interpret that there is an implication in what is described in the article
that, when you set the region on your apple device, you get region specific
iCloud keys provisioned to it.

If that were the case, there is no reason why you couldn't provision from to
an HSM domain that hadn't had its keys shredded.

The implied architecture is there is a secure element on the phone with a
unique key provisioned to it during manufacture - likely one that is derived
from one of the HSM keys at Apple. However, since Apple cannot produce this
individual device key themselves to do 3rd party device decryption, they must
generate keys randomly in SE hardware on the device, using the user PIN as a
derivation component - and somehow use SE firmware to set a fuse on the number
of PIN tries. I don't know specifically how Apple does this, but the list of
secure/viable approaches is short. (edit: unnecessary if they shred hsm keys.)

I don't doubt Apple's integrity on this, given the heat they have taken over
it in the west. But an "adaptation" of their infrastructure to serve that
regional market wouldn't surprise me either.

I'm skeptical of any scheme, and one that isn't presented in BAN logic tends
to mean protocol designers have handwaved over where they are hiding things.
Good examples of this notation are here.
([http://www.lsv.fr/Software/spore/table.html](http://www.lsv.fr/Software/spore/table.html)).

If they have weakened the scheme, the technical ways Apple may have conceded
to Chinese requirements, are all discoverable.

Breakable? I doubt that's viable given the security difference is an HSM with
shredded keys vs. one where the keys still exist somewhere (probably in a
duplicate HSM that operates the decryption service for Chinese govt). So still
at least as good as any EMV payment system.

We can speculate about how this is implemented but reality is tech companies
while ubiquitous, are not sovereign. Yet, anyway.

------
bradenb
Maybe I'm off-base, but I feel like at this point the question of "who can see
my data if it's stored in China?" is a bit silly. I--for one--will just always
assume that any data stored in China might as well be public.

~~~
puzzle
Well, not public, but eventually accessible by those holding the guns and
running the prisons. Which is still not great.

~~~
tluyben2
I get into many discussions like this; not sure where you are from but
educated Americans I talk to do not accept their data being read by anyone
except the gov in cases of terrorism. That means, in practice, the gov can
read your data. What is the difference in China? Do you want all data or no
data or some data and how is some data defined exactly? If this is not black
and white the definitions are going to be painful and biased and how to
enforce proper use?

~~~
mattnewton
Many Americans (but probably not the majority) don’t accept that their data is
going to be read in cases of terrorism. It’s why Apple refused to backdoor
their phone for the government in a case of terrorism.

Narrow warrants granted by a seperate branch of government in broad daylight
is very different from this. And it’s why we need to fight to restore that
norm in America. I don’t buy that terrorism is such an exceptional case that
we ought to bend due process out of shape.

~~~
Feniks
What little protection remains is a relic of the seventies. An interesting
time in America. A time of strong resentment against the government after
Vietnam and Nixon. There was a really powerful TRUE left wing in Washinton
that had power.

Ofcourse even back then they never extended FISA to non US citizens. Nobody
legislates the CIA.

~~~
mc32
People rag on Nixon --he's not a likeable guy, deservedly, but he also passed
title ix as well as the EPA. The true left were to some extent tools of the
soviet information warfare effort, which has now transformed into a alt right
effort. In both cases in an effort to destabilize (weaken) the US position
--but people wanna believe.

~~~
alsetmusic
> People rag on Nixon --he's not a likeable guy, deservedly, but he also
> passed title ix as well as the EPA.

It’s good to see this mentioned. I’m sometimes surprised by the good that
Nixon did, despite my overall conclusion that he was unfit for office.

> The true left were to some extent tools of the soviet information warfare
> effort…

This deserves citation to back it up. Please provide links to credible
sources.

~~~
mc32
You can follow down the rabbit hole here[1]. There is an anecdote of a Soviet
spy working in post-war London. He frequented high society and people
sometimes wondered what he did. On one occasion, someone muttered to him,
something to the effect "what do you do, you never seem to be doing anything,
are you a Soviet spy or something [laughter]" and he responds, "yes, of course
I'm a soviet spy" and people laughed it off [what a funny bloke]. Point is,
this interaction shows a sort of acceptance that one in their own circles
could be a spy, they could joke about it, not caring it it were really true.

[1][https://en.wikipedia.org/wiki/Soviet_influence_on_the_peace_...](https://en.wikipedia.org/wiki/Soviet_influence_on_the_peace_movement)

~~~
grzm
Huh. My reading of the anecdote is they laugh it off because they consider it
absurd (no real spy would tell us they were!), more than acceptance and
uncaring. Could be your telling or my reading. Is there more to it, or perhaps
how it was related, that leads you to your interpretation rather than mine?
I'm not doubting it; it's just my read.

------
stevefeinstein
Apple would have us believe that they're the privacy company. They're doing a
good job with that marketing message. But what's more secure? How do Google,
and Amazon compare? Do I have to run my own servers? Do I have not run
servers? Do I have to keep a hardened device on my person at all time? What
about backups?

------
xoa
I think the core issue uniting all of these recent concerns about Apple and
China (or any other country) is how critical structural incentives and
capabilities are when it comes to individual free, privacy, and security, and
in turn the fundamental danger of centralization. I've seen a lot of criticism
towards companies for "folding" to oppressive regimes or orders, comparisons
to people or organizations being party to atrocities in the past, etc., but I
think those often miss the point. It is generally unreasonable to expect
companies to directly oppose powerful governments. By design they are not in
fact governments themselves, mostly for better (though maybe rarely for
worse). Conflicting laws and norms between sovereign polities can be directly
opposed, and there is rarely a bright line for "worth giving up everything
for." In general, I don't think it's that fruitful to expect humans not to be
humans.

So it's a lot better if they just plain don't have the power (or at least not
total power) in the first place. It's just like in infosec in general: the
most secure information is the information that _you don 't ever have_, you
cannot be hacked for it or leak it. That's the only surefire way to avoid not
merely abuse but even pressure for abuse, and it's here that I think Apple has
made a big blunder even vs the rest of the tech industry. Yes the cloud is a
big deal nowadays, but Apple's business model is uniquely well suited to
supporting full non-cloud distributed usage models in addition as a
differentiator from where so many other offerings have gone. It's fine if
Apple has their own iCloud and App Store as the core principle source, but if
they simply gave individual users and organizations the full and ungated
ability to replicate that (in features if not breadth) locally then Apple
could simply wash their hands of some of this without hassle (it could even
let them get pickier elsewhere since there'd be a separate release valve).

Apple used to be great at this too, back in OS X 10.5/10.6 at least Mac OS X
Server had a lot of interesting potential. Easy full mirrors of Software
Update, Network Homes and NetBoot/NetInstall were awesome, etc. It's not hard
to imagine them having gone further that route, and it's too bad they've kind
of half-assed gone the other way despite being weaker at network services then
their competitors anyway.

Legislatively from an American perspective this would also be the right way to
try to fight back against authoritarian regimes: require American tech
companies by law to offer decentralized options for owners of devices, like
side-loading. If that's available then it would make the job of authoritarians
significantly more challenging.

------
juanmirocks
Call me a cynic, but I bet China has it all. One way or another.

------
IBM
Apple's statements to the press about this have repeatedly said [1]:

>Apple has strong data privacy and security protections in place and no
backdoors will be created into any of our systems.

iMessage is end-to-end encrypted and has never been blocked in China, while
services like WhatsApp are [2]. During the FBI brouhaha, the national security
establishment water holders started writing op-eds on blogs like Lawfare
suggesting that Apple was being hypocritical in opposing the FBI, alleging
that they had already given the jewels away to China [3]. The DoJ basically
parroted this in their filings to the court, accusing Apple of this outright
(whether or not the op-eds were co-ordinated with the DoJ is unclear).
Fortunately, this led to Apple responding to these accusations in their own
filings to the court [4], including this declaration from Craig Federighi
under threat of perjury [5]:

>5\. Apple uses the same security protocols everywhere in the world.

>6\. Apple has never made user data, whether stored on the iPhone or in
iCloud, more technologically accessible to any country's government. We
believe any such access is too dangerous to allow. Apple has also not provided
any government with its proprietary iOS source code. While governmental
agencies in various countries, including the United States, perform regulatory
reviews of new iPhone releases, all that Apple provides in those circumstances
is an unmodified iPhone device.

>7\. It is my understanding that Apple has never worked with any government
agency from any country to create a "backdoor" in any of our products and
services.

>I declare under penalty of perjury under the laws of the United States of
America that the foregoing is true and correct.

Assuming Craig Federighi didn't perjure himself, why has China seemingly made
an exception for Apple when it comes to iMessage (or iOS or iCloud)? The
answer is that Apple is the only tech company that actually has leverage with
the CPC in (indirectly) employing millions of workers in China. People have
criticized Apple for taking down the NYT's app or VPN apps in the App Store in
China and for not resisting it, but Apple is rightly picking their battles to
protect the crown jewels.

[1] [https://9to5mac.com/2018/01/10/apple-will-begin-storing-
chin...](https://9to5mac.com/2018/01/10/apple-will-begin-storing-chinese-
customer-icloud-data-at-new-china-data-center-from-next-month/)

[2] [https://www.nytimes.com/2017/09/25/business/china-
whatsapp-b...](https://www.nytimes.com/2017/09/25/business/china-whatsapp-
blocked.html)

[3] [https://www.lawfareblog.com/deposing-tim-
cook](https://www.lawfareblog.com/deposing-tim-cook)

[4] [https://assets.documentcloud.org/documents/2762131/C-D-
Cal-1...](https://assets.documentcloud.org/documents/2762131/C-D-
Cal-16-Cm-00010-Dckt-000177-000-Filed-2016.pdf)

[5] [https://www.documentcloud.org/documents/2762118-Federighi-
De...](https://www.documentcloud.org/documents/2762118-Federighi-Decl-
Executed.html#document/p1)

~~~
socceroos
> It is my understanding that Apple has never worked with any government
> agency from any country...

Not exactly inspiring.

~~~
mtgx
It's also false:

[https://www.engadget.com/2017/11/08/apple-fbi-unlock-
texas-s...](https://www.engadget.com/2017/11/08/apple-fbi-unlock-texas-
shooter-phone/)

~~~
yorwba
The rest of the quote is "...to create a "backdoor" in any of our products and
services."

Which you won't be able to easily find evidence for, even if they did do it.

------
John_KZ
The Chinese government is right to require all of it's citizens data to be
stored in domestic datacenters.

The danger of the Chinese government accessing your data is 1) Non-existent if
you didn't declare you're Chinese 2) Not any different than the danger of the
US government accessing your data

By the way, since so many of you feel so strongly about your data being stored
abroad, don't you think the Chinese should feel the same? Why should they
trust their data to a foreign government?

~~~
wmf
Some people take the position that it's better for the US government to have
access to Chinese people's data than for the Chinese government to have access
their data because the US government is better (e.g. more due process).

~~~
tzs
I think one could make a decent case that in general if you are a citizen or
resident of country X, you are probably better off having your data stored in
some country Y that you are neither a citizen or resident of...simply because
(1) Y has less reason to be interested in your data, and (2) if they do look
at your data, it is less likely they can use what they find against you.

A counterargument might be that since Y has no connection to you, Y has less
interest in protecting your data from third parties than your own country, X,
would.

~~~
wmf
MLATs can throw a wrench in that, though.

------
threeseed
Something that doesn't get enough attention.

iCloud Keychain stores the passwords, SSH keys, client side certificates etc
for third party sites. That means that sites like Facebook, Google etc would
be compromised on the biggest scale in history if Apple were to hand over
encryption keys to the Chinese government. Not to mention the national
security implications e.g. my work VPN credentials are in iCloud Keychain.

There is no way Apple would be stupid enough to allow this situation to
persist without informing users unless they maintained the keys and it was a
moot point. Otherwise they are inviting themselves up for all sorts of legal
issues. Not to mention people who travel to China for holiday/work purposes.

~~~
abalone
Apple doesn't even have the encryption keys for iCloud Keychain. They've taken
a very hardcore secure approach to this that is explicitly designed for
"adversarial clouds". This isn't true for all iCloud data, but the most
sensitive stuff like keychain and health data use end-to-end encryption.[1]

What's impressive is they've implemented a backup solution for this that still
retains end-to-end encryption. They use HSMs to encrypt a keychain "escrow"
backup using your device passcode. The HSMs protect against brute forcing and
Apple has no way to bypass -- they literally put the firmware administration
keys in a blender.[2] It's pretty cool.

[1]
[https://www.apple.com/business/docs/iOS_Security_Guide.pdf](https://www.apple.com/business/docs/iOS_Security_Guide.pdf)

[2]
[https://www.youtube.com/watch?v=BLGFriOKz6U&feature=youtu.be...](https://www.youtube.com/watch?v=BLGFriOKz6U&feature=youtu.be&t=25m43s)

