
How Apple is paving the way to a ‘cloud dictatorship’ in China - tonyztan
https://www.hongkongfp.com/2018/02/17/apple-paving-way-cloud-dictatorship-china/
======
outsidetheparty
So is literally every tech company working in China.

> The Chinese state relies upon private enterprise to implement social credit
> and extend its tentacular reach. Top-tier concerns like Alibaba’s Alipay,
> Tencent, Baidu, the mobility-on-demand service Didi Chuxing, and the
> massively popular dating site Baihe either contribute significant elements
> of the system’s architecture or incorporate its rulings into their services.

[https://www.theatlantic.com/technology/archive/2018/02/china...](https://www.theatlantic.com/technology/archive/2018/02/chinas-
dangerous-dream-of-urban-control/553097/)

I'm not at all arguing Apple is _right_ to do this (in a moral sense.
Certainly it's right in a purely financial sense); just that it's one small
part of a much broader issue.

(EDIT: removed gratuitous complaint about clickbait headline; you guys have
convinced me I was wrong. As long as I'm here, though, I really do recommend
reading the Atlantic link above; it does a good job showing the context in
which this is happening)

~~~
mtgx
Most people missed it, but Apple has already started started giving in to
authorities, in China, the U.S., and probably elsewhere, too. I think that's
newsworthy on its own given their "strong privacy stance".

[https://www.engadget.com/2017/11/08/apple-fbi-unlock-
texas-s...](https://www.engadget.com/2017/11/08/apple-fbi-unlock-texas-
shooter-phone/)

And I believe their recent moves to weaken iOS security are related to this.

[http://www.zdnet.com/article/oops-apple-has-seriously-
weaken...](http://www.zdnet.com/article/oops-apple-has-seriously-weakened-
ios-10-backups-against-password-hackers/)

The China thing is related to this "move towards helping authorities", too.
They're all connected. I don't know what or who convinced Tim Cook to give in
and stop defending his customers' privacy against governments (at least
compared to what was originally promised), but it's pretty clear that's what's
happening here. I think we should expect more such moves from Apple in the
future.

[https://blog.cryptographyengineering.com/2018/01/16/icloud-i...](https://blog.cryptographyengineering.com/2018/01/16/icloud-
in-china/)

As for "but everyone's doing it" \- come on, haven't we moved on from
accepting such weak excuses? I thought Apple was a _leader_ in the industry,
paving the way for _positive progress_. Apple's mantra is "we challenge the
status quo" and "we think different". Not "I guess we'll do whatever everyone
else is doing."

If they keep this up, the answer to Simon Sinek's "WHY does Apple exist?" may
soon become "We exist only to make money and nothing else", rather than
inspire anyone.

[https://www.youtube.com/watch?v=OVnN4S52F3k](https://www.youtube.com/watch?v=OVnN4S52F3k)

~~~
throwahey
That first link does not even demonstrate what the article title claims. Apple
offered assistance in the same way it always has, providing iCloud access
logs, IP's, etc. They did not help the FBI unlock the phone.

The other errors they have had lately on the other hand do seem malicious, but
I suspect either serious fuckups on engineer side, or people being
paid/blackmailed by intelligence agencies to introduce backdoors.

~~~
Spooky23
More items have been leaving the secure envelope of the phone.

FaceTime is mediated by a central service, iMessage is moving to cloud
services, iCloud backup is focused on, while iTunes sync is deemphasized.

------
crystaln
There's a double standard because the US and China have different standards.
Apple has defended the rights of its users when it can. If Apple received a
U.S. Supreme Court order to hand over user data, Apple would follow that
order, even if Apple disagreed or felt it was unethical. Same for China.
Apple's alternative is to leave China, a la Google. One can argue that leaving
is the ethical choice. One can not argue effectively against a "double
standard".

As for me, I'm happy that Apple will at least transparently defend user rights
to the greatest of their ability in China, which would not be the case with
Xiaomi or another local company that would fall over backwards to please the
government.

~~~
kodablah
The double standard is what they publicly state they believe in. You're
talking about whether they have to comply or not with a US-based hypothetical.
But they clearly published on their website what they believed in with regards
to the US requests. Can you link the same for the Chinese policy?

> I'm happy that Apple will at least transparently defend user rights to the
> greatest of their ability in China

Why do you believe it is transparent? Can you link to something showing they
"transparently defend user rights to the greatest of their ability in China"?
Otherwise in the absence of being able to provide this transparent proof, will
you admit it is not transparent?

~~~
Spooky23
Civil authority trumps beliefs and opinion.

~~~
kodablah
Of course it does. I am unsure what that has to do with making your opinion
clear, especially if you've shown yourself to be willing to make that opinion
clear in other circumstances.

------
Analemma_
This is a good article, but the author goofs here:

> “Apple says the handover is due to new regulations that cloud servers must
> be operated by local corporation. But this is unconvincing. China’s
> Cybersecurity Law, which was implemented on June 1 2017, does demand that
> user information and data collected in mainland China be stored within the
> border. But it does not require that the data center be operated by a local
> corporation.”

It’s common knowledge that the more authoritarian the country, the bigger the
disconnect between the law and the truth-on-the-ground. I think it’s very
likely that a party organ spoke to Apple and made it plain that “hand it over,
or you’re out”. Which still has plenty of troubling implications, but
criticism focused on Apple going beyond the letter of the law is disingenuous:
the letter of the law is nothing in China.

------
culturestate
China requires Chinese user data to be stored on servers physically located in
China, and foreign entities are required to take on local partners for
operations within China. I don't think either of those stipulations will come
as a galloping shock to anyone here, and taken together they fully explain the
reason for this change.

The question I'm then moved to ask is this: who cares, so long as the data is
e2e encrypted?

~~~
tonyztan
The problem is that we don't know what is encrypted, how, and who holds the
keys:
[https://blog.cryptographyengineering.com/2018/01/16/icloud-i...](https://blog.cryptographyengineering.com/2018/01/16/icloud-
in-china/)

~~~
threeseed
I would be surprised/mortified if Apple didn't hold the keys.

Otherwise iCloud Keychain which houses credentials for non-Apple sites would
be exposed. I can't imagine the likes of Facebook, Google, Amazon etc just
sitting back and allowing Apple to compromise their sites in the name of
Chinese expansion.

It would surely amount to the biggest security compromise in history if this
was the case.

~~~
seanmcdirmid
Apple doesn't hold the keys, they've outsourced responsibility to Guizhou on
the Cloud Big Data Industrial Development Co., Ltd.

~~~
threeseed
That doesn't mean they have transferred the keys.

You can manage and operate a data centre without needing the keys to the HSM.

~~~
seanmcdirmid
The whole reason they did this in the first place was to not have control over
the data, they definitely don’t have the keys. The Chinese police/government
contact Guizhou, not Apple, when they want anything.

~~~
culturestate
This comes back to my initial question: if data is encrypted by _my_ key
before it ever leaves my device, as Apple has repeatedly claimed, why should
it matter to me?

China can have all the encrypted blobs of my data they want. I have to assume
that unencrypted information has always been available to the CCP on request,
even more readily than it is to US law enforcement.

------
gigatexal
So does this entity get my data if I text, email, imessage, etc., a Chinese
national? Hmm...between google monetizing my every data point to the
encroachment of foreign governments on my data there really isn't a phone that
is well designed, fast, useful, but also safe and secure with my data.

~~~
jackvalentine
Similarly, do they get access to my data if I travel to China and connect to
Apple servers from there? Does that trigger a 'replicate to China' job because
I'm now a user in China?

~~~
tonyztan
I could be wrong, but I checked this a while ago and think it's based on your
account billing address.

------
scarface74
I really don't know how much of affect on privacy that this will have in
practice. If iMessage is end to end encrypted and is FaceTime, will the
Chinese government be able to see anything that they can't already see?

What's actually stored on iCloud by iOS that's sensitive besides those two
things that people couldn't store in other places? App backups?

I'm assuming that the Chinese government already has access to everything that
goes over any cellular network in China.

------
exBarrelSpoiler
The cruelest part of this whole farce- Apple might not get very far in China
even with government sanction.

WSJ: "Why the iPhone Is Losing Out to Chinese Devices in Asia"

Google link:
[https://encrypted.google.com/search?hl=en&q=Why%20the%20iPho...](https://encrypted.google.com/search?hl=en&q=Why%20the%20iPhone%20Is%20Losing%20Out%20to%20Chinese%20Devices%20in%20Asia)

~~~
djrogers
$18B in Q1 revenue and 10% growth in China is nothing to sneeze at...

[1][https://qz.com/1195908/apple-q1-2018-record-breaking-
earning...](https://qz.com/1195908/apple-q1-2018-record-breaking-earnings-the-
iphone-x-and-its-massive-cash-pile-stole-the-show-but-for-surprising-reasons-
aapl/)

~~~
adventured
That's a particularly strong result given the Chinese smartphone market
contracted by 4% in 2017 and has been weak for years.

For China's whole smartphone market, 2015 saw 2% growth, 2016 was 11% growth,
2017 was negative 4%. It's likely their market has reached saturation. 2017
should have seen a big jump in sales due to a replacement cycle, given the
near zero growth in 2015. Most of the domestic Chinese brands will die off
soon, leaving three or so dominant players to go up against Samsung and Apple.

------
JudasGoat
I wonder if the Chinese government was harvesting organs from homosexuals
instead of spiritual practitioners, would Tim Cook be as quick to chase the
money?[https://en.wikipedia.org/wiki/Organ_harvesting_from_Falun_Go...](https://en.wikipedia.org/wiki/Organ_harvesting_from_Falun_Gong_practitioners_in_China)

~~~
adventured
China actively tortures thousands of homosexuals in an effort to cure them:

[https://www.hrw.org/news/2017/11/14/china-end-conversion-
the...](https://www.hrw.org/news/2017/11/14/china-end-conversion-therapy-
medical-settings)

[https://www.economist.com/news/china/21731405-quack-
treatmen...](https://www.economist.com/news/china/21731405-quack-treatments-
are-available-even-public-hospitals-many-people-china-believe-gays-can-be)

------
codedokode
The article gives a good reason to use open source technologies rather than
proprietary "clouds" that do whatever they want with your data. Of course,
Chinese government can try to ban Jabber/OTR but they won't be able to read
the encrypted messages.

------
ksec
That is why I long for iOS Time Capsule. The cloud is increasing a single
point of area for government intervention. Especially for certain places in
the world.

~~~
simonh
Isn’t that what syncing/backing up your device to iTunes over WiFi is?

------
contingencies
My take. This is a big win for Guizhou, one of China's poorest provinces. It
is also a big win for Southwest China in general, which is developing rapidly
as Chengdu and Kunming gain direct flights to Europe and Australia, and
integrate road, rail and pipeline links to Myanmar, Laos, Thailand, Vietnam,
and beyond.

Politically, as a nation China certainly has the right to self-governance and
storing user data inside the country is not an unreasonable request.

The Hong Kong Free Press is probably well meaning - we'd all like more freedom
and less government rules - but also may be more holistically perceived as a
group with an axe to grind as Hong Kong is being forced to adapt to Chinese
rule, journalism is under pressure the world over and Hong Kong's GDP was
recently surpassed by Shenzhen, which three decades ago was a fishing village.

Things are changing. This is just a phase.

~~~
hnzix
All of this cloud data will eventually be funneled into your social credit
score ("Sesame Credit"). This is already happening. Chinese individuals are
being ostracized from personal and professional relations because of their
score.

China invented whuffie, but in the most dystopian and fascist way possible.

\-- Edit with citations as requested. (I'm not asserting that this social
pressure is universal or even common yet.)

[0] [https://www.wired.com/story/age-of-social-
credit/](https://www.wired.com/story/age-of-social-credit/) She explained how
to boost my score. “They will check what kind of friends you have,” she said.
“If your friends are all high-score people, it’s good for you. If you have
some bad-credit people as friends, it’s not nice.”

[1] [https://theconversation.com/chinas-social-credit-system-
puts...](https://theconversation.com/chinas-social-credit-system-puts-its-
people-under-pressure-to-be-model-citizens-89963) “Since last December, the
National Development and Reform Commission and Central Bank of China began to
approve pilot plans to integrate big data with the Social Credit System. As
one of China’s first pilot provinces, Guizhou province was selected to
showcase a government-led experiment of a big data-empowered Social Credit
System.”

Australia, for example now lowers your credit score if you pay bills late. But
it doesn't (yet?) penalize you for who you associate with.

~~~
logicchains
>Chinese individuals are being ostracized from personal and professional
relations because of their score.

Citation needed. I live in China, and not a single person I know takes the
Zhima Credit score even remotely seriously. It's treated like a joke, or at
worst like one's astrological sign. Many older people I've met don't even know
about it. Chinese people aren't stupid, they're not going to let some easily
gamed virtual points influence their decisions.

~~~
contingencies
Ditto (live in China, never heard of it being applied). Anyway, in the US you
would have opaque bank and private industry credit agencies which are
basically performing the same function. I believe the government priorities
(political security, social stability, reduced corruption) are potentially a
better starting point than private sector priorities (profit), even if (as is
inevitable) they screw up the infosec side and people's data is easily
accessible on the black market through thousands of government employees.

~~~
hnzix
I've added citations to my parent comment. It's being rolled out further in
Guizhou. I think it's a novel way to combat corruption, but the potential for
overall social control is chilling. "Sorry, Mobike does not rent to
dissidents."

------
hackme1234
I wonder would China ban Apple if they refused to do this?

Why is Apple submitting to all the demands of the Chinese government?

~~~
seanmcdirmid
> I wonder would China ban Apple if they refused to do this?

Yes.

> Why is Apple submitting to all the demands of the Chinese government?

China is Apple's second or first largest market, depending on the quarter.

~~~
mmrezaie
> Yes.

I am not sure how you can know that. I am actually sure Apple would have lost
some market but not much and there could have been stuff they could do to let
it happen rather than now just giving up everything to any authoritarian
government.

Maybe Apple could have gained some respect and then market share if they would
have stood firm. With this new management, Apple has become just focused on
business (income) not what they were known to be passionate about.

~~~
mattnewton
We know that because China has banned western tech companies in the past when
they don’t play ball.

[https://www.investopedia.com/articles/investing/042915/why-f...](https://www.investopedia.com/articles/investing/042915/why-
facebook-banned-china.asp)

[https://en.m.wikipedia.org/wiki/Google_China](https://en.m.wikipedia.org/wiki/Google_China)

Also twitter and Snapchat.

~~~
dwringer
As I understand it, Google actually had been cooperating with China's
censorship requests, but didn't like it, and Google made the decision
themselves[1] to relocate offices [ED: web search was moved but Google
maintains offices in mainland China] to Hong Kong rather than continue self-
censorship.

[1] [https://www.theguardian.com/technology/2010/mar/23/google-
ch...](https://www.theguardian.com/technology/2010/mar/23/google-china-
censorship-hong-kong)

~~~
seanmcdirmid
Google didn't "relocate" to Hong Kong, their offices in Wudaokou kept running,
they just shutdown their Mainland-based webserver.

~~~
mattnewton
And redirected it to Hong Kong, which was then blocked, because they weren’t
playing ball anymore.

~~~
seanmcdirmid
Yes, but google still has other business in china (android, selling ads to
Chinese customers). They sacrificed their web search business, but not
everything else.

~~~
sidibe
I'm pretty sure nothing Google-related works in China. Youtube/search/gmail
etc. are all blocked.

They have Android phones but no Google services on them. They do sell ads
there but to companies targeting Chinese people outside of China.

~~~
seanmcdirmid
They just recently opened a new office in Shenzhen, so something is going on,
but I mostly agree.

------
skierscott
> “If you understand and agree, Apple and GCBD have the right to access your
> data stored on its servers. This includes permission sharing, exchange, and
> disclosure of all user data (including content) according to the application
> of the law.”

> In other words, once the agreement is signed, GCBD — a company solely owned
> by the state — would get a key that can access all iCloud user data in
> China, legally.

What user data will this decrypt? Are iMessage and FaceTime still safe?

------
natch
What about US users who message with somebody in China? We just get caught up
too? Yeah I realize we are all already screwed as far as privacy goes but
giving personal messages to the Chinese government is another matter.

Could happen unknowingly when you send an iMessage to, say, a gmail address,
which unlike a phone number offers no clue where the user is.

~~~
prewett
Well, at least with a GMail address you are safe, because there are no GMail
servers in Mainland China, because Google doesn't operate in Mainland China.
But your point stands for other, more cooperative, mail services.

~~~
natch
You’re thinking of gmail the service. We were talking about iCloud though.

Gmail addresses can be used as Apple IDs, which means the iMessage messages
travel inside Apple’s iCloud services.

------
mankash666
China is overt with it's threats of blocking businesses if denied data. One
can imagine the covert agreements between Apple and Western governments being
the perfect storm - Apple positions itself as privacy focused -> customers are
more willing to store sensitive information with Apple -> Apple provides
access to government agencies without notifying users under covert agreements

------
microcolonel
Apple has been so perfectly gentle with the Chinese government that their
phones were allowed to show up in this year's CNY broadcasts.

------
Pica_soO
Well at least china has a internet industry- unlike Europe, more then lip
service to liberalism, doesn't seem to pay too well.

~~~
pjc50
Bizarre assertion that Europe doesn't have an internet industry. There's this
mobile phone company you may have heard of called "Nokia".

~~~
zombieprocesses
Not the best example of european "tech industry". Nokia failed horribly and
pretty much went bankrupt and got bought up by MSFT.

Also, I wouldn't call nokia as part of the "internet industry".

Compared to the US and China, europe has performed rather poorly. Europe has
hundreds of millions of more people than the US and yet lags far behind the
US.

Where is europe's facebook, google, microsoft, amazon, netflix, etc? At least
china has their baidu, alibaba, tencent, etc.

The most prominent tech company in europe is SAP and they are more of a
software/database/etc company than an internet company.

Europe has to get its act together and get in the game.

~~~
threeseed
1) Nokia is more than just their phone division. Might want to do a bit of
research. That said their phone division is killing it right now.

2) Spotify, Soundcloud, Skype, Shazam, Deliveroo, King, Rovio etc. And there
are hundreds of second tier internet sites looking at this list from 2013:

[http://tech.eu/features/186/ignorance-is-
remiss/](http://tech.eu/features/186/ignorance-is-remiss/)

~~~
adventured
Soundcloud went bankrupt in real terms. Spotify is actively attempting to go
bankrupt, given the extreme rate of red ink burn and their failure to produce
a sustainable business (they're going to end up getting acquired, the
licensing business will never produce profit margins).

Skype was sold off to two different US technology giants.

ARM was swallowed up by Japan.

King was eaten by a US company. As was Mojang.

These are all smaller success stories however. They're equivalent to fourth
tier US successes, far below the second tier US companies like Adobe, Cisco,
Texas Instruments, Airbnb, Priceline.com, Uber, etc.

The parent comment was correct. Europe nearly entirely missed the Internet/Web
software business, the mobile software business, the cloud business, and now
they're being left far behind in artificial intelligence (save for a few
bright spots, such as in Britain, none of which has yielded commercial
outcomes of large consequence).

Germany is almost single handedly keeping Europe competitive in the robotics
field. And the largest tech company in Europe for the last decade, has been
SAP.

Look at this list and compare it to companies like King and Soundcloud:

Apple, Microsoft, Google, Facebook, Amazon, Intel, Cisco, Adobe, Qualcomm,
Broadcom, Oracle, Activision Blizzard, Salesforce, Priceline, nVidia, Dell,
IBM, VMWare, Texas Instruments, Micron, Analog Devices, Applied Materials, HP
Inc, HP Enterprise, Intuit, Uber, Airbnb, Twitter, Snapchat, Pinterest, eBay,
PayPal, Stripe, Square, Workday, Western Digital, Electronic Arts, Palantir,
AMD, Autodesk, Lam Research, ServiceNow, WeWork, Lyft, Dropbox, Splunk,
Marvell Technology, Palo Alto Networks, Fortinet, Microchip Technology Inc,
NetApp, Juniper, Seagate, Symantec, VeriSign, Slack, Grubhub

And that's ignoring dozens of other companies in the US tech sector with
market caps between $2 billion and $20 billion.

------
sneak
It’s because the apple-vs-fbi standoff is a calculated move by a collaboration
between the US federal government and US companies to restore public faith in
US products and services following Snowden’s revelations (including photos)
that alerted non-US organizations that any hardware or services they receive
from the US may well be backdoored or co-opted for US military or economic
advantage.

It’s a false dichotomy. The government is helping Apple PR, following their
fuck up that spilled the beans that they’re all spying together.

Big companies operate at the mercy of the government, in the US and China
both. “state owned” is irrelevant when all the phones are tapped, as they are
in the United States now.

