Update: It appears the TechCrunch report is based on a misunderstanding. Post updated to reflect our own understanding of the position, including a statement made by Apple to us.
A reported change to the way iCloud data is stored for Chinese iCloud accounts has raised further concerns about the ease with which the government could access sensitive information.
TechCrunch reported that data has been moved to servers owned by China Telecom, a state-owned company – but that report appears to be based on a misunderstanding …
A WeChat post referenced China Telecom providing cloud storage for iCloud data in the country. It was presented to users as a way of providing faster service throughout the country.
China Telecom Tianyi Cloud [is] to provide cloud storage services for iCloud. Both parties officially signed the Infrastructure Agreement at the end of June . As the world’s largest fixed network operator, FDD 4G network operator and the largest data center and cloud service provider in China, China Telecom will provide high-quality network and data center services.
However, we understand this to be essentially nothing new. Apple has always stored encrypted blocks of data on third-party servers like Amazon Web Services, and in China Tianyi Cloud has long been one of these.
Originally, iCloud data was stored on Apple-controlled servers, with the Cupertino company holding the encryption keys. Apple announced a year ago that this would change to comply with new laws in China, and that data for Chinese iCloud accounts would be moved to a server run by Guizhou-Cloud Big Data (GCBD), a company owned by the provincial government.
That move happened in February of this year, with Apple reported then to have handed over the encryption keys to GCBD, meaning any data access requests by the Chinese government would be made to a company which was under the control of the local government.
However, I have spoken to Apple today, who confirmed that it still holds the encryption keys, and states categorically that they have not been made available to either GCBD or China Telecom.
Apple said at the time of the original transfer to GCBD that it had tried to argue against the move, but the law required it to comply. It stated that the encryption keys were for the first time being stored in China, but that local authorities would still have to apply through the courts to Apple if it wanted to gain access.
The move was widely criticized by human rights activists, including Amnesty International, which said that it gave the government ‘unfettered access’ to customer data. CNET reports that Chinese Weibo users are expressing further concern about this latest development, illustrating this with posts saying that the speed increase would be to government access to personal data, and to censorship.
Apple’s user agreement specifying GCBD as the data holder is still online, and would still apply to the existing arrangement. We understand that GCBD is building its own servers specifically for iCloud data, and that Tianyi Cloud continues to be utilized as it always was as a repository for blocks of encrypted data.
Photo: South China Morning Post