Premium

How Apple wound up handing control of all data for its Chinese customers to the Chinese government

(AP Photo/Mark Lennihan, File)

Earlier I wrote about the internal outrage of Apple employees over the hiring of someone who’d once written a few paragraphs deemed misogynistic. Meanwhile in China, Apple has effectively handed all of the information on its Chinese customers over to a government run data center and agreed to censor thousands of apps the CCP doesn’t like.

“Apple has become a cog in the censorship machine that presents a government-controlled version of the internet,” said Nicholas Bequelin, Asia director for Amnesty International, the human rights group. “If you look at the behavior of the Chinese government, you don’t see any resistance from Apple — no history of standing up for the principles that Apple claims to be so attached to.”…

Behind the scenes, Apple has constructed a bureaucracy that has become a powerful tool in China’s vast censorship operation. It proactively censors its Chinese App Store, relying on software and employees to flag and block apps that Apple managers worry could run afoul of Chinese officials, according to interviews and court documents.

A Times analysis found that tens of thousands of apps have disappeared from Apple’s Chinese App Store over the past several years, more than previously known, including foreign news outlets, gay dating services and encrypted messaging apps. It also blocked tools for organizing pro-democracy protests and skirting internet restrictions, as well as apps about the Dalai Lama.

In addition to censoring any apps the CCP objects to, Apple has also handed control of data generated by its customers to the Chinese government. The data is encrypted and, in theory, the CCP can’t access it. But according to the sources the Times spoke with, including some Apple engineers, the company cannot guarantee it can protect the “emails, photos, documents, contacts and locations of millions of Chinese residents.” That’s because the encryption keys that protect the data aren’t being kept in California but in China with the data.

Apple encrypts customers’ private data in its iCloud service. But for most of that information, Apple also has the digital keys to unlock that encryption.

The location of the keys to the data of Chinese customers was a sticking point in talks between Apple and Chinese officials, two people close to the deliberations said. Apple wanted to keep them in the United States; the Chinese officials wanted them in China.

The cybersecurity law went into effect in June 2017. In an initial agreement between Apple and Chinese officials, the location of the keys was left intentionally vague, one person said.

But eight months later, the encryption keys were headed to China.

The article notes that it’s illegal under US law for an American company to give data on its customers to China. But Apple has already bypassed that potential problem by legally handing over all of its data on Chinese customers to the Chinese cloud firm that is owned by the government. So, technically, it was never data owned by Apple. And with the encryption keys already in China, all the government has to do to use them is hack them or maybe just make a demand for them. In either case, Apple isn’t really in a position to do anything about it.