Apple moves to store iCloud keys in China, raising human rights fears

“When Apple Inc begins hosting Chinese users’ iCloud accounts in a new Chinese data center at the end of this month to comply with new laws there, Chinese authorities will have far easier access to text messages, email and other data stored in the cloud,” Stephen Nellis and Cate Cadell report for Reuters. “That’s because of a change to how the company handles the cryptographic keys needed to unlock an iCloud account. Until now, such keys have always been stored in the United States, meaning that any government or law enforcement authority seeking access to a Chinese iCloud account needed to go through the U.S. legal system. Now, according to Apple, for the first time the company will store the keys for Chinese iCloud accounts in China itself. That means Chinese authorities will no longer have to use the U.S. courts to seek information on iCloud users and can instead use their own legal system to ask Apple to hand over iCloud data for Chinese users, legal experts said.”

“Human rights activists say they fear the authorities could use that power to track down dissidents, citing cases from more than a decade ago in which Yahoo Inc handed over user data that led to arrests and prison sentences for two democracy advocates,” Nellis and Cadell report. “Jing Zhao, a human rights activist and Apple shareholder, said he could envisage worse human rights issues arising from Apple handing over iCloud data than occurred in the Yahoo case.”

“In a statement, Apple said it had to comply with recently introduced Chinese laws that require cloud services offered to Chinese citizens be operated by Chinese companies and that the data be stored in China. It said that while the company’s values don’t change in different parts of the world, it is subject to each country’s laws,” Nellis and Cadell report. “‘While we advocated against iCloud being subject to these laws, we were ultimately unsuccessful,’ it said. Apple said it decided it was better to offer iCloud under the new system because discontinuing it would lead to a bad user experience and actually lead to less data privacy and security for its Chinese customers.”

“While China does have data privacy laws, there are broad exceptions when authorities investigate criminal acts, which can include undermining communist values, ‘picking quarrels’ online, or even using a virtual private network to browse the Internet privately,” Nellis and Cadell report. “Privacy lawyers say the changes represent a big downgrade in protections for Chinese customers. ‘The U.S. standard, when it’s a warrant and when it’s properly executed, is the most privacy-protecting standard,’ said Camille Fischer of the Electronic Frontier Foundation.”

Read more in the full article here.

MacDailyNews Take: Apple should immediately make iCloud an opt-in service, rather than opt-out, for Chinese users.

Chinese users should not use iCloud for any data they wish to keep private.

Exit question: Why can’t Chinese citizens be trusted with freedom?

Apple’s China lesson: Think different, but not too different – February 26, 2018
Apple in talks for first order from a Chinese chipmaker – February 14, 2018
Apple utterly dominates the premium smartphone market in China with 85% share – February 7, 2018
Apple warns users who created Apple IDs overseas on dodging China’s new data law – January 12, 2018
How U.S. iCloud users can ensure their data isn’t migrated to state-owned servers in China – January 11, 2018
Apple sets date to turn over cloud operations to a state-owned data center in China – January 10, 2018
U.S. Senate Republican Marco Rubio hits Tim Cook for kowtowing to China – December 13, 2017
Apple CEO Cook kissed the ring in China because he had no choice – December 4, 2017
Apple CEO Cook in China: Internet must have security, humanity – December 4, 2017
U.S. Senators Ted Cruz and Patrick Leahy blast Apple CEO Tim Cook for removing VPN apps from App Store in China – October 20, 2017
Apple issues statement regarding removal of VPN apps from China App Store – July 31, 2017
Apple removes VPN apps from China App Store – July 29, 2017
Apple sets up China data center to meet new cybersecurity rules – July 12, 2017
Analyst: China iPhone sales are pivotal for Apple – June 26, 2017
In bid to improve censorship, China to summon Apple execs to discuss stricter App Store oversight – April 20, 2017
Apple CEO Tim Cook named recipient of Newseum’s 2017 Free Expression Award – February 2, 2017


  1. Poor Chinese Apple users. I hope they can opt out. But Apple experience is not same without iCloud. I just don’t know what to think. Except China is communist.

    1. Unfortunately this isn’t about ideology. China has done what a great number of liberal democracies have wanted very much to do. The only difference is that the CCP has the means and authority to implement these requirements.

      1. …liberal democracies.

        Liberal extremists or Conservative extremists. They both lead to the same HELL. It’s called TOTALITARIANISM. Don’t be fooled by either lunatic end of the 1 dimensional political scale. It’s ALL about control and manipulation of all of us. We The People turns into ‘We The Overlords‘ in BOTH cases.

        No thank you!
        Not interested.

  2. Ok, so there are iCloud keys. So basically the only iOS user data that is completely ‘secure’ is any data that has not be synced outside of the iOS/macOS devices’ Secure Enclave?

    1. Not exactly. Apple has made it clear from the very beginning that it will provide access to iCloud backups in response to a proper court order. For example, they did so in the case of the San Bernardino shooter.

      Apple won’t—and can’t—provide access to encrypted data that is on the device itself (even outside the secure enclave) or in a non-iCloud backup, because they don’t have the keys for that. For example, they couldn’t—not wouldn’t—get the FBI into the shooter’s phone to see data added after the last iCloud backup. (As another story on MDN today claims, that data may be available to an Israeli security firm that has not shared its means of access with Apple.)

      Since all the iCloud backup keys were kept on U.S. servers, Apple would only respond to an order from a U.S. court, no matter where the phone was located or what country had jurisdiction of the case. Even with American court orders, Apple lawyers would examine each warrant or subpoena and contest it if it was not clearly in compliance with the Fourth Amendment and other relevant American law.

      However, the People’s Republic of China has passed a law that makes it illegal for a company providing cloud storage to a Chinese customer inside China to keep either the encryption keys or the encrypted data itself on servers outside that country. Apple had the choice of either complying or blocking all Chinese iOS and MacOS devices from access to iCloud and all its associated services. There was no third choice.

      Chinese users can, of course, choose not to put any data in the cloud or use any of those services. However, if they do use iCloud in any way, they are on notice that the data is no longer protected by the U.S. Constitution or laws. It can be accessed at any time via a court order issued in China under Chinese law. I think we can assume that a lot of other countries (starting with Russia) are going to follow the Chinese lead. Apple can’t do much to stop them.

  3. Imagine that you run Apple. Your alternatives are (1) comply with Chinese law by moving the servers for Chinese customers in-country; (2) comply with Chinese law by blocking all access for Chinese customers to iCloud and the associated services; (3) break Chinese law, accept the jailing of your employees in China, and not only lose that market but most of Apple’s manufacturing capacity; or (4) come up with an alternative that nobody else has found. What, exactly, would you do?

    If you pick (4), you must describe it and explain why it is Tim Cook’s fault for missing such an obvious solution.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.