Apple is about to make a serious change in how it handles iCloud accounts in China. The Wall Street Journal reported Monday that Apple will begin hosting encryption keys for Chinese iCloud accounts on servers in China in order to comply with Chinese law.
It’s the first time Apple has hosted those keys outside the U.S., and while Apple says those keys are in a secure location and remain under Apple’s control, it’s a slippery slope. Worse, it’s a slope with ramifications far beyond the Great Firewall of China.
The Journal reported that Apple said it advocated against the Chinese laws. In the end, however, Apple decided that offering iCloud on China’s terms was better than not offering iCloud at all.
The company said it, “felt that discontinuing the [iCloud] service would result in a bad user experience and less data security and privacy for our Chinese customers.”
There are twin dangers for both Apple and its customers. The first is that both the data and the keys to that data are now being held on servers ultimately under the control of the Chinese government. At the very least, that government could be free to beat on copies of that data all day long to see if they can crack it open. Mind you, I imagine Apple is capable of making that possibility as difficult as it can be, but it’s an awful position for Apple to be in.
More practically, however, China will no longer have to go through U.S. courts to compel access to data held on those Chinese servers. There’s no way to slice that as anything other than bad news for privacy in China. At the end of the day, that’s why China forced this change.
The worse danger to the rest of us is that Apple has now set a precedent of compromising its policies at a government’s demand. Other governments will be encouraged to make their own demands, and that could lead even to requiring Apple to give those governments back door access into Apple’s systems. Indeed, Reuters reported that the European Union is looking to for new ways to force tech companies to give European governments access to user data even now.
Hopefully I’m just being an alarmist, and this cost of doing business in China will be just that, a cost, and not some slippery path to hell. Only time time will tell, and at least Apple’s track record says it will do everything it legally can to protect its users and their privacy.