In order to comply with China’s latest controversial data protection law, Apple has decided to open a new Chinese data center for its’ Chinese iCloud users. Even though there are some concerns from human rights activists, Apple will move the cryptographic keys and iCloud data in centers that are run by a company called Cloud Big Data Industrial Development Co.
The Chinese government has introduced Cybersecurity Law that requires “critical information infrastructure operators” to store Chinese consumers’ information inside the country. As a result, Apple was forced to partner with the new Chinese-based data center.
What is more, the Chinese government has legislation named National Security Law which was introduced in 2015. The National Security Law provides police with the authority to request businesses help in order to bypass encryption or other security tools to access personal user information and data.
It is going to be the first time when Apple will store encryption keys needed to access iCloud accounts of its users outside the United States.
By doing so, Chinese law enforcement institutions will be able to use their legal system to demand access to cryptographic keys and access Chinese users’ iCloud accounts, without needing to ask US courts for compelling Apple to access the data of Chinese users. The personal data Chinese law enforcement agencies will be able to access include users’ messages, contacts, emails, and photos.
Apple announced that the company will be able to access the iCloud encryption keys alone. However, Chinese authorities will not be provided with a backdoor into its data troves. Apple also added that it had not given any of its users’ account data to Chinese authorities, even though they have received 176 requests in total from 2013 to 2017. All the request were made before the introduction of the new cybersecurity law. In contrast, Apple has actually provided the United States customer account information in response to 2,366 out of 8,474 government requests, According to Reuters.
Those figures are from before the Chinese cybersecurity laws took effect and also don’t include special national security requests in which U.S. officials might have requested data about Chinese nationals. Apple, along with other companies, is prevented by law from disclosing the targets of those requests.
Human rights activists are concerned about this relationship with a state-controlled entity Cloud Big Data.
Apple also has removed VPN applications from its official Chinese-based App Store, in order to comply with Chinese cybersecurity regulations.