Breach, Compliance Management, Data Security, Privacy, Vulnerability Management

Apple’s China-based iCloud data center raises privacy, human rights fears

Human rights activists are concerned that the Chinese government's regulation requiring that Apple host its citizen's iCloud accounts on servers in China could make it easier for that nation to track down dissenters.

To comply with this regulation Apple has opened a data center for its Chinese account holders that uses the state-owned firm Guizhou - Cloud Big Data Industry Co., Reuters reported. Guizhou was created and funded by the local Guizhou provincial government.

Apple said that while it does not agree with the law it must comply, but it also oes not mean the Chinese government has direct access to user data as Apple retains control over the encryption keys used to secure the data and it will only hand over use information when the Chinese government issues a valid request. Apple did admit the keys also will be stored in China 

Human rights activists said there are prior examples of Chinese authorities using stored data to find dissidents. Reuters quoted a case when Yahoo supplied information that led to the arrests of two democracy advocates.

Aron Brand, CTO of CTERA Networks, said end users should be concerned no matter where there data is stored as government surveillance requests can come from China, the U.S. or any nation. The only way to ensure data remains private is for it to be encrypted and for the owner to hold on to the encryption keys.

“There is always the potential for government surveillance whenever encryption keys are managed by a service provider.  It's not an occurrence limited to Apple or China.  In the U.S. we've seen several instances in which tens of thousands of customer cloud accounts have been impacted by government surveillance requests, whether they be Apple accounts, Microsoft accounts, or any other large service provider's account," he said, adding having said that, if it is a given that your encryption keys are managed by a service provider, the data privacy will remain a question of quality of government (QoG) rather the technology.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.