
Apple moves to store iCloud keys in China, raising human rights fears - dsr12
https://www.reuters.com/article/us-china-apple-icloud-insight/apple-moves-to-store-icloud-keys-in-china-raising-human-rights-fears-idUSKCN1G8060
======
abalone
To Apple's credit there are still significant parts of their platform that
remain end-to-end encrypted even in China -- meaning that Apple or any other
cloud operator can't read because they don't have the keys, notably:[1]

\- iMessage

\- Keychain

\- Siri data

And more like health, home & payments.

While it's unfortunate that Apple couldn't compel China to run their
government requests for data through the U.S. court system, in my view it is
pretty amazing that they are "getting away" with keeping the most sensitive
data end-to-end encrypted.

I mean China shut down WhatsApp last year and iMessage is of a similar level
of security.[2] Then again nobody really uses iMessage in China. They do use
keychain.

[1] [https://support.apple.com/en-us/HT202303](https://support.apple.com/en-
us/HT202303)

[2]
[https://www.apple.com/business/docs/iOS_Security_Guide.pdf](https://www.apple.com/business/docs/iOS_Security_Guide.pdf)

~~~
mtgx
To Apple's _non_ -credit, it's still tying iMessage backups to iCloud backups
despite years of criticism over this. That means everyone who uses iCloud
backups (enabled by default on iPhones) don't actually benefit from iMessage's
"end-to-end encryption" (which isn't that safe against sophisticated hackers
or oppressive authorities to begin with).

I'd say people may as well forget about Apple's "privacy stance". It's nothing
but smokescreen at this point (yes, even in the U.S.).

~~~
ztjio
So don't use iCloud backups. You're never required to. You can trivially back
up through iTunes, even automatically via Wi-Fi assuming you have them on the
same network regularly.

Anyone concerned about privacy, the first thing they should be ensuring is
they are NOT using iCloud backup.

~~~
rsync
"So don't use iCloud backups. You're never required to. You can trivially back
up through iTunes"

Is that how iDevices work ? You do data backup with your mp3 player ?

Is there really no Finder equivalent on an iphone ?

Genuinely curious ...

~~~
grzm
Yup. iTunes has been a central hub ever since the iPod. Once they had the
syncing work there, it made a certain amount of sense to use it for all
iDevices and interaction with Apple's media, as it was available on both
Windows and macOS. It's been a painful and unhappy evolution, in my experience
(and those of many others from what I've read), however.

------
echevil
Speaking as a Chinese citizen, I'd say most people already use local
apps/services for almost everything, so having Apple moving servers to China
won't practically have any impact on "privacy" or "human rights concerns", at
least to vast majority of the population. I really appreciate that Apple is
finally moving their servers to China as downloading apps and updates from App
Store has been painfully slow.

iPhone has lost quite some market shares to local brands like Huawei, Xiaomi
in the past few years, and more people are feeling local brands knows what
people needs better. Having a faster service might actually help bringing back
some market share.

~~~
rqs
> I'd say most people already use local apps/services for almost everything,
> so having Apple moving servers to China won't practically have any impact on
> "privacy" or "human rights concerns"

Does this mean anything? You also breathe polluted air like "most people", do
you want new fresh air then?

The reason of "__INSERT ACTION HERE__ won't practically have any impact on
'privacy' or 'human rights concerns'" is because "most people" unaware the
importance of their privacy, NOT because their privacy is not important.

So, their is a choice to make: To make people understand the importance of
their privacy; OR, continue selling this unawareness (to make people
ignorant). Which way you go?

~~~
tonylinn80
Whichever way, it doesn't matter that much. At least where Apple wants to put
their server makes no difference.

It's not that we are "unaware" of anything, we just don't feel the same way
about privacy (and many other western values as well). Not that they're bad,
we just don't believe they're so important. Sure you think you "know the
importance of privacy", but that's rather just an opinion, not a fact.

In fact, another apparent trend in China is that people who have been studying
and living in US for some time tends to become more agreeable with Chinese
government afterwards.

~~~
cromwellian
You'll feel different the first time the "social credit" system ends up
denying you a loan because of something you said in a private message.

Or you'd feel real different if you were a Uighur who lived in Xinjiang.

Right now, thanks to a growing economy, no one cares about rocking the boat,
or what the government does. That will all change when China experiences its
first deep recession, and like the US, the government will have no choice but
to stoke dangerous levels of nationalism to deflect anger away from it, while
ratcheting up the amount of control it has.

~~~
tonylinn80
The current credit systems in China works very, very differently from what the
western media describes. Major commercial systems like "Zhemaxinyong" are
actually way more transparent than US credit system. You get to see a lot of
the details about what's impacting your score at all time, and you have lots
of control on where do you want to share your score to.

The official "social credit" system that the government wants to build is
still at a very early stage right now, and it'll be no where close to what the
western media imagined (or rather, hoped)

The fairy tales about Chinese social credit system denying loans because of
private messages are malicious wishes of western media or Chinese activists at
most

~~~
cromwellian
Right, it's all the delusions of the Western media as to how this could go
wrong, because we never had any things go wrong with blacklists in the West?
In the 1950s we had anti-communist blacklists that didn't work out too well.
Today we have the terrorist watch list. It's our experience with government
creating blacklists and the inherent injustice from false positives that make
us very wary of it. People have accidentally gotten onto the terrorist watch
list and had their lives ruined.

In China, you have this combined with a President who seems bent on keeping
power forever (removing term limits), a party which aggressively blocks and
filters anything critical of the government, the installation of key-loggers,
face recognition cams, firewalls, and a huge system of monitoring social
media, that should raise alarms when there is talk about a universal social
ranking, as it's pretty obvious how easy you could end up with a low ranking
from off hand joke about the government on Weibo.
([https://international.thenewslens.com/article/65955](https://international.thenewslens.com/article/65955))

I assume you've been living abroad for a while, so you must know we that
aggressively criticize our own governments because we don't trust them to do
the right thing, and there is ample lessons from history that proves that out.
While the Chinese government wants to credit a social credit system to keep
the population "honest", there is no "good governance credit system" to keep
the government "honest". In the West, we have independent court systems to try
and achieve that, as well as democratic elections. It doesn't always work, and
corruption still flourishes, (good lord, the fucking Trump administration) but
at least there's some attempted check on government power and corruption.

All I'd say is, a glass heart when China is criticized is probably not the
best way to react, but I guess it may be the only way to react, since
criticism of the government isn't really permitted publicly internally, the
only Chinese widespread public criticism is from the external diaspora. My own
feeling is that Xi is taking the country in the wrong direction and there
appears to be no internal forces to stop him.

Anyway, here's an example of the hell of disputing these kinds of lists.

[https://www.marketplace.org/2018/02/13/world/social-
credit-s...](https://www.marketplace.org/2018/02/13/world/social-credit-score-
china-blacklisted)

"Lawyer Li Xiaolin was also not given advanced notice that he was blacklisted.

In 2014, Li was sued for defamation and lost. A judge ordered Li to make an
apology, which he submitted in writing in April 2015. Ten months later, when
he was away on a work trip, he was blocked from buying a return flight home to
Beijing. That’s when he found out he was blacklisted.

It took him another three weeks before an official told him why.

“The court said my apology was not sincere. I asked officials how they
determined what is sincere.” Li said.

Eventually Li wrote a second apology and the court removed him from the
blacklist in 2016. Then last year, he tried to get a credit card.

“The bank denied my application. I figured out that the bank might still have
my name blacklisted and I was right,” Li said.

The bank updated its records the next day, but by that point, he had spent
almost a year to fully clear his name."

~~~
FreedomWarrior
> A party which aggressively blocks and filters anything critical of the
> government, the installation of key-loggers, face recognition cams,
> firewalls, and a huge system of monitoring social media

I'm sure you're aware of this, but I'd like to point out that U.S. (and many
of its allies) has all those things as well, apart from the aggressive
filtering.

At least China is up front about it.

~~~
cromwellian
False equivalence.

The US has no regulation that requires the installation of spyware or face a
fine or jail. China does ([https://www.deepdotweb.com/2017/08/12/chinese-
government-req...](https://www.deepdotweb.com/2017/08/12/chinese-government-
requiring-muslims-install-spyware-electronic-devices/)).

The US has no laws requiring firewalls to block or censor content from foreign
countries. The US doesn't block VPNs and there is no law against them.

Yes, they try to snoop on communications, but in US domestic citizens and
companies can resist with encryption and in the courts, and in general, a
warrant is required for legal access. Having the NSA snoop on your
conversations or use 0-days to hack isn't the same as being told to put
security backdoors by the government and go to jail if you don't.

And "aggressive filtering" is your euphemism for the Great Firewall? I'd call
sending to to jail for selling a VPN a little more than "aggressive filtering"

I've lived in China and to call it "aggressive filtering" is a pretty nice way
of putting it.

------
walterbell
Reminder: iCloud is entirely optional, even if Apple device provisoning UX
uses dark patterns to hide the difference between App Store account
(mandatory) and iCloud account (optional).

For E2E messaging, you can use Wire which works even on iPads or iPod touch
that does not have a phone number. Create an email-only account from a desktop
PC at [http://app.wire.com](http://app.wire.com), then use that to sign into
mobile device.

~~~
greggarious
Stuff like this is why I backup to an encrypted USB drive.

------
jacksmith21006
Pretty interesting to compare to what Google did in China.

Google noticed the China government trying to hack in to Gmail accounts and
said enough is enough.

Versus Apple handed the keys to the China government.

------
supergirl
Because if they would continue to store them in US then all would be well.
They are perfectly safe in the US...

~~~
WillPostForFood
If you are a Chinese activist, then yes, of course you are better off with the
keys anywhere outside China.

~~~
supergirl
what about American activists? why nobody worries about them?

~~~
klodolph
We do worry about American activists, but the legal system is different here
and Americans can easily use services hosted outside the US. Chinese users
cannot easily use services hosted outside China.

~~~
supergirl
> Americans can easily use services hosted outside the US. Chinese users
> cannot easily use services hosted outside China.

Services hosted outside the US by companies with presence in the US fall under
Patriot Act which means US can spy on them any time without warrant, but
ianal. Even if the company has no presence in the US, there are only a handful
of countries that would not bend over to hand data to US. That's why US
doesn't need to block access to anything while China has to.

~~~
elefanten
Ok but you're still ignoring the basic fact that activists and even criminals
in liberal democracies have legal and human rights.

In China, you have no guarantees and no recourse. Torture, forced confession
and retaliation against your family are all on the table.

That's why no one worries about US activists the same way they do about
Chinese ones.

~~~
dis-sys
> Ok but you're still ignoring the basic fact that activists and even
> criminals in liberal democracies have legal and human rights.

Such as moving those criminals and activists to Guantánamo Bay? Oh, Obama
trolled to shut it down almost a decade ago after acknowledging its wide
spread human right violations, why it is still in operation in the same shape
and form? You are free to troll whatever you like, that is not going to change
the fact that Guantánamo Bay is still being used for violating basic human
rights.

liberal democracies? think about Guantánamo Bay.

Please stop spread your highly misleading non-sense. Let's don't even go down
the paths of those weekly mass shootings in the US, when the constitution is
basically denying their rights to live and the far right elements are calling
for teachers to be armed on campus, what you can expect?

~~~
otaviokz
Also, US inmate population is far larger than China's one, even though the
former population is much smaller. For this, American citizens can either
believe their government is abusing human rights, or that Americans in general
are more inclined to commit crimes. Which one is it?

------
tonylinn80
Well, I do live in China and I don't see anyone feeling any fear about this...
Seriously, you can easily turn off keychain if you don't trust a cloud service
to store all your passwords. And if i decide to use such a service, I'd
certainly trust a local company much more than Apple or anything of US origin.

~~~
abalone
To be clear, keychain is end to end encrypted including the Cloud Key Vault
that backs it up to potentially adversarial clouds. Not true for other iCloud
data but your passwords are probably safe.

~~~
tonylinn80
Yeah, other iCloud services are just widely unpopular in China, they're
basically irrelevant.

Need to store photos? Baidu disk and tons of other services provide much
larger space with no cost, and much more affordable paid version. Wallet?
almost everyone in China uses Wechat pay or Alipay now. Even App Store
supports Alipay for purchasing apps. Maybe they can steal my contacts? If so,
they would have all my Wechat and QQ contacts already, maybe even all the
messages. While I do like more privacy, but it's basically at the bottom of my
list of concerns.

People mention "Chinese activists", well, almost all of them don't even live
in China. Rest assured their lives are not impacted as well

------
saagarjha
I’m disappointed that all this hoopla was completely avoidable: all Apple
would have to do is end-to-end encrypt _everything_ , and this wouldn’t even
be an issue: they’d be no keys to hand over. Instead, by keeping the keys,
they’ve basically opened themselves up to requests like these that they really
have no choice but to abide by.

~~~
ec109685
If they did not, perhaps China would ban iCloud (similar to WhatsApp and
google’s services).

~~~
saagarjha
iMessage is end-to-end encrypted and not banned, IIRC.

------
vtange
Related, earlier thread:
[https://news.ycombinator.com/item?id=16449326](https://news.ycombinator.com/item?id=16449326)

------
ttflee
My fear of future is way above this.

Apple and other mobile OS all incorporated so called Mobile Device Management
features into their cores. With one or a few payloads pushed to your device,
it could do fairly lot from install an app remotely to wipe it out (like find-
my-iPhone).

I wonder what would be the case if China gov't asks. It could just be a small
step forward in the whole Salami tactics.

EDIT:

Of course, for now, it requires enrollment of the device to a legitimate MDM
server, but what will happen tomorrow?

[https://developer.apple.com/library/content/documentation/Mi...](https://developer.apple.com/library/content/documentation/Miscellaneous/Reference/MobileDeviceManagementProtocolRef/3-MDM_Protocol/MDM_Protocol.html)

------
chrischen
The alternative is to have the iCloud keys stores in the US. Do you trust the
US government? China definitely doesn’t.

------
tcd
So don't store data in iCloud? It's perfectly possible to perform your own
encryption and hold the private key yourself.

~~~
techrede
Sure, many users in China can use other services, but it seems to be a no win
situation for most people. Unless you’re technically sophisticated, you’re
unlikely to pursue alternatives which provide a greater degree of security and
require a bit of technical know how.

At best you can say that Chinese users will likely be no worse off using
iCloud than they would using any other China-based service. Unfortunately that
is no consolation for anyone who might have sensitive data.

~~~
pmlnr
> Unless you’re technically sophisticated, you’re unlikely to pursue
> alternatives which provide a greater degree of security and require a bit of
> technical know how.

I'm completely pro-privacy, but I need to ask: why would ordinary people's
ordinary data need better security? Even if iCloud might be decrypted by the
government. If it's data like bills, government issued photos of ID cards,
family photos, it will most likely won't matter at all and the security is
good enough, just like anything available.

Once you do have a reason to encrypt something, learning GPG, LUKS, etc. is
not that hard or that technical.

~~~
saagarjha
Almost everyone does something that can be construed as being illegal. By
allowing unfettered access to private information, this makes it much easier
for laws to be selectively enforced in ways that benefit the government.

~~~
techrede
> Almost everyone does something that can be construed as being illegal. By
> allowing unfettered access to private information, this makes it much easier
> for laws to be selectively enforced in ways that benefit the government.

Exactly. It could be something as simple as guilt by association. Even though
you might not have done anything illegal yourself, you may have the contact
information of someone who is on a watchlist or has been convicted of a crime.
For example, China is looking into developing a social credit rating system,
any association an individual has to persons who the government consider less
reputable could have real impacts on their credit rating.

------
strin
Many U.S. businesses never survived local competition in China. Kudos for
Apple to stay in business and remain a significant share of the Chinese cell
phone market.

------
api
This is why I always disable such things. Other vendors are mostly worse.

------
hotz
Apple is great at lecturing us about how bad the Trump administration is. But
when the Chinese say jump, Apple asks how high...

------
gruez
>When Apple Inc begins hosting Chinese users’ iCloud accounts in a new Chinese
data center

1\. get vpn

2\. create US icloud account

3\. ???

4\. profit?

~~~
b1ackb0x
it's not so easy without US credit/debit card

~~~
4ad
You don't need a credit card to create a US Apple account, and you don't need
a VPN either. I don't live in China, I live in Europe, but I have a US account
because everything is better about Apple US accounts.

You can use it for free (you get 5GB of iCloud space, IIRC), but to be able to
pay for services I buy US iTunes gift cards from ebay (mark-up about 1%). I
can pay all Apple services with this, including iCloud storage and apps and
music and movies.

It's a hassle, but it's totally worth it for me.

