As we reported, Apple migrated data from iCloud of users located in the China to a local server, administered by the Guizhou-Cloud Big Data Industry (GCBD), in order to comply with the country's cybersecurity laws. What we didn't know was that, in addition to the user data, the cryptographic keys needed to unlock such accounts will also be migrated to China, as reported by Reuters.
These keys have always been stored in the United States, which means that any government or authority that wants to access data for a particular account needed to go through the American legal system. It is precisely for this reason that we see Brazil and China, for example, in company reports like these.
Now, the company will start storing the keys to Chinese iCloud accounts in China itself. This means that local authorities will no longer have to ask the US courts for permission to seek information about users. Instead, China will use its own legal system to request Apple to deliver iCloud data from Chinese users. And as a Chinese government there is very famous for being a defender of privacy
Obviously, human rights activists fear that the authorities may use this power to track dissidents, citing cases from more than a decade ago, in which Yahoo delivered user data that led to the arrest of two defenders of democracy. Defending itself, Apple said it had to comply with recently introduced Chinese laws which require that cloud services offered to local citizens be operated by Chinese companies and that data be stored in China, further stating that, although the company's values do not change in different parts of the world, it is subject to the laws of each country.
Still according to Ma, the change does not mean that China has any kind of backdoor in the user data and that only Ma controls the encryption keys. In addition, the cryptographic keys stored in China will be specific to the data of Chinese customers, which means that Chinese authorities will not be able to request Apple to use them in order to decrypt data in other countries.
Still, I have no doubt that Ma's decision will still generate a lot of controversy.
Apple using Google Cloud Platform
In a related note, Apple reported that Google Cloud Platform It is one of the third party services used to store encrypted data from iCloud accounts. The company made it clear, however, that there is no information that can serve to identify the user in this data.
The information was shared in the last update of the IOS Security Guide (iOS Security Guide), which occurred last month. The change, however, went unnoticed by Jordan Novet, CNBC, bring up the subject.
Previous versions of the document mentioned Microsoft Azure as a service used by the company, but the Google Cloud Platform is now listed instead. Apple also continues to use Amazon's S3 service for additional storage.
ICloud stores contact information, calendars, photos and documents in files which are divided into pieces and encrypted with AES-128 and SHA-256 keys. So, at least on paper, storing information on a competitor's cloud service should not be a security concern for platform users.
via AppleInsider, MacRumors