Apple Begins Storing Chinese User Data On Servers In China 92
An anonymous reader writes Reuters reported on Friday that Apple "has begun keeping the personal data of some Chinese users on servers in mainland China." Apple has claimed that the move is meant "to improve the speed and reliability of its iCloud service", but given China's track record with censorship and privacy, the explanation rings hollow for some skeptics. Nevertheless, Apple assures its Chinese users that their personal data on China Telecom is encrypted and that the encryption keys will be stored offshore. Only time will tell if Apple will be able to resist Chinese government requests to access its China-based servers.
What's the problem... (Score:5, Insightful)
They're storing mainland customer data on mainland servers. I don't see the problem with this - if the Chinese gov't wants data, they have SO many means at their disposal to capture it regardless of whether it's stored on a domestic server, or external. This is a good move, imo, as storing data in any country other than China would mean heavy latency passing through the GFW and having it likely captured elsewhere anyways.
Re: (Score:2)
Um?
You clearly don't know much about the country. There are only several providers of internet services, how do you think people's personal information gets from one place to another? Magic? Or through China Telecom?
Re: (Score:2, Interesting)
However, Apple should be given huge kudos if their claim that they store it encrypted, and that the encryption keys are offshore, is correct. If so, it's a brilliant move. Eat that, China!
Re: (Score:2)
Re: (Score:2)
No, that's just marketing. They can just order Apple to decrypt the data since Apple has the keys. Their location doesn't matter since the data is in the country already.
What a silly-assed thing to say. Sure, they could order it. And Apple could completely ignore them. Big fucking deal.
Guess what? Apple has been gradually been bringing its manufacturing back home. If China pressed them, they'd just do it quicker.
Re: (Score:2)
Re: (Score:2)
This is about end-users, not manufacturing. Even if Apple managed to completely move all of their manufacturing to the U.S. they wouldn't want to lose all the possible end-users of their products in China.
Yes it is, and that's precisely where you're getting it wrong.
"End users" in China don't want the government to control their information. This is the 21st Century. They're not fucking stupid.
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I said the government can come and tell Apple to give access to the data.
How? ON what basis? Apple is not based in China, and there certainly isn't any international law that would compel Apple to do so. You argue:
Apple can't conduct business on the Chinese soil unless the Chinese government lets them, so they have no other choice than to do anything the government tells them to.
So you really think China would willy-nilly force Apple out of the country, and in the process (because they would have no choice) shut down some of their own largest companies, which make Apple products?
You really don't get it. Governments can't just do any old shit they want, and damn the economy. I mean, we know Obama t
Re: (Score:2)
Re: (Score:2)
If they wish to do business in China they have to comply with the Chinese law. It's that simple. I can't for example launch a company here, then start breaking the laws in the US while still being able to do business there. I have no idea why that is so damn difficult for you to understand.
No shit, Sherlock. That isn't, and hasn't been, anything I'm arguing about.
The factories do a lot of parts for a lot of companies, not just Apple. They would not be shut down if they lost Apple, they'd still have plenty of other customers.
They'd just lose 80% of their business, not all of it. Duh.
The Chinese economy isn't dependant on Apple.
I didn't say it was. But a surprisingly large chunk of it is. I don't think you realize how important that chunk is.
Re: (Score:2)
This story [npr.org] from 2008 suggests that the citizens support censorship.
This story [thediplomat.com] from a few months ago says most don't believe it is being censored/monitored.
Re: (Score:2)
I believe those articles demonstrate several things, but it's impossible to tell in what proportions:
* Educational indoctrination from birth, censorship, and propaganda seem to be effective
* Some are afraid to say what they really think, especially when being quoted on the record
* Some don't mind authoritarian regimes or censorship
It's important not to draw conclusions solely from what people say when there are obvious external factors which may be influencing the truthfulness of their statements. The poll
Re: (Score:2)
Are you retarded? Do you have any idea how much the Chinese market is worth to Apple? Here's a clue: http://www.forbes.com/sites/gr... [forbes.com]
THE END MARKET is what Apple is going for. Screw the Chinese government. What they're doing is in the interest of the Chinese CUSTOMER.
And if you don't see that, then let's talk again about who's retarded.
Market... and HQ Raids (Score:2)
Parent A/C is right.
This is entirely about marketshare. Apple decided its market in China was worth making it really easy for China to take Apple's data and use it against people. It's an understandable business decision. You know, like when the Pope didn't denounce Hitler.
Re: (Score:1)
I think you're really a special kind of stupid.
First of all, a company doing business in a country must respect and obey the laws of said country. That goes without even saying, moron. Apple has registered subsidiaries in China, nevermind their huge manufacturing sourcing business in mainland.
As for "gradually been bringing its manufacturing back home" this means you are too stupid to cross the street. No consumer IT / electronics company in the US, Apple included, can bring manufacturing back to the US. Th
Re: (Score:2)
I think you're really a special kind of stupid.
I think we'll let others decide that.
First of all, a company doing business in a country must respect and obey the laws of said country. That goes without even saying, moron. Apple has registered subsidiaries in China, nevermind their huge manufacturing sourcing business in mainland.
Show me where there is a law saying that Apple must store its encryption keys on-shore. Guess what? There isn't one. See, Apple isn't breaking the law because it isn't IN China, it just does business there. But there's more to this... very much more.
As for "gradually been bringing its manufacturing back home" this means you are too stupid to cross the street. No consumer IT / electronics company in the US, Apple included, can bring manufacturing back to the US
Yeah? [washingtonpost.com] How about this? [wsj.com] And this? [cnn.com] And this? [npr.org] And this? [detroitnews.com]
And many, many more. Hmmm. It seems just maybe I knew a bit more about it than you, eh?
Re: (Score:2)
Manufacturing happens in China because it's still labour intensive, and Chinese workers are cheap. Increasingly though, manufacturing is completely automated. At which point China has no advantage over anywhere else. At that stage there is advantage to manufacturing closer to the customers.
Re: (Score:2)
> What a silly-assed thing to say. Sure, they could order it. And Apple could completely ignore them
Then China can, and will, close the server farms in China. Or arrest the managers in China for the equivalent of "contempt of court".
Re: (Score:2)
Then China can, and will, close the server farms in China. Or arrest the managers in China for the equivalent of "contempt of court".
Just as easily as Apple can, and will, pull its jobs back out of China. Which, it should be noted, support some of the largest and most successfull businesses in the country.
Apple can afford to do it. If it wants.
Re: (Score:2)
I'm sure Apple will structure it to ensure the latter cannot be (legitimately) applied. The Chinese team, employed by Apple of China (or similar), will not have access to the encryption keys. Those will be stored stateside, accessible only to employees of Apple of America.
That being said, the authorities will ABSOLUTELY have the power to cut Apple out of China entirely. They will be walking a tight rope between giving in, and standing strong. Google went through a lot of this a few years ago, now Apple
Re: (Score:2)
Apple is rolling over to let the Chinese government rub their belly, because they want the cash they will get SELLING in China, not just making products there.
Re: (Score:2)
Re: (Score:2)
If this was really about latency, Apple could have kept the servers in Japan or South Korea.
Or, you know, in China near a well connected telecommunications hub instead of offshore where the data is routed through a small number of undersea fibers.
Re: What's the problem... (Score:1)
Re: (Score:1)
Apple just confirmed what the Chinese government has been saying. The NSA has access to data they store. The keys are deliberately kept where the NSA has access to them. Of you don't want the US to steal your data, don't store it on an Apple server.
Looking at this from a Chinese perspective there is a lot more concern about the US than about their own government spying on them. The US uses the intel for economic advantage, and Chinese companies don't want to be at a disadvantage in negotiations.
Re: (Score:2)
apple needs to give stuff to chinese and usa, since it wants to operate in both countries and both countries have what are effectively secret courts and laws for such co-operation.
(and no, not every country has that)
Re: (Score:2)
Apple just confirmed what the Chinese government has been saying. The NSA has access to data they store. The keys are deliberately kept where the NSA has access to them. Of you don't want the US to steal your data, don't store it on an Apple server.
This is funny because every server I have worked on in the last 15 years -- and that means a lot -- has gotten regularly port-scanned and other penetration attempts from Chinese IP addresses. EVERY ONE of them.
Re: (Score:2)
Sure, but you don't know if the scan was from a Chinese hacker or just a hijacked computer in China. There was another story about GCHQ port scanning entire countries yesterday. Why do you think they do that? It's to find vulnerable machines to hack in order to hide their own tracks.
Re: (Score:2)
Apple's statement that its move is to "improve speed and reliability" is clearly bullshit, in light of the recent Chinese government demand that such data be stored in-country. So much is clear and obvious.
However, Apple should be given huge kudos if their claim that they store it encrypted, and that the encryption keys are offshore, is correct. If so, it's a brilliant move. Eat that, China!
how would that even work? When a user in china wants to access his data, that data is transmitted offshore to be decrypted and then the decrypted data is shipped back into China and served to the user? What would be the point of such a system?
Re: (Score:2)
I feel dumb by asking, but "encryption keys" is sort of vague, IMHO. What type of encryption? Disk level? SAN level (where PowerPath uses RSA keys to decrypt the LUN presented), LVM level with a tool like BitLocker? Database level? Application level (where all tuples are encrypted upstream)?
For example:
1: Take BitLocker for example. For I/O on a drive, it has to have the FVEK (full volume encryption key) in memory at all times. Even if the FVEK is unlocked from somewhere else (TPM chip), if it is sl
Re: (Score:2)
Why is Apple deciding where users' data is stored anyway? Oh, that's right, proprietary walled-garden locked-down bullshit. And yes, Google is no better.
Re: (Score:2)
But surely the reason is to keep the data out of the hands of the US courts?
Re: (Score:2)
if the Chinese gov't wants data, they have SO many means at their disposal to capture it regardless of whether it's stored on a domestic server, or external
I assume they're not transmitting it in plain-text?
Pure Marketing (Score:2, Insightful)
Nevertheless, Apple assures its Chinese users that their personal data on China Telecom is encrypted and that the encryption keys will be stored offshore
This is pure marketing bullshit. How are they going to make the data available to their users if the keys are stored offshore? What use does encryption have if they have the keys and need to be able to decrypt the data on the fly, i.e. everyone with access to their servers can also decrypt the data?
The only secure way is to design the system such that the servers just see ciphertext coming in and going out. Everything else is not secure, especially if governments are involved. The Lavabit case should have m
Re: (Score:2)
It doesn't matter anyway, since China will have hacked the encryption keys within minutes of generating them.
Or the NSA will have hacked them, passed them them on to Israel (NSA gives Israel raw intelligence access), who will then sell them to China in exchange for whatever weapons they can't get from the US.
Not just China (Score:5, Insightful)
[...] but given China's track record with censorship and privacy, the explanation rings hollow for some skeptics.[...]
Given the United State's track record, I think the skeptics should worry about data collection at home too.
Why always focus on China when it comes to human rights and privacy issues? Just look at your own navel for a change...
Re: (Score:2)
Hey quick! Look over there! (Governing 101: utilize distraction/fear-mongering.)
Re: (Score:3)
It looks to be an obvious move.
Accept that various agencies in various countries are trawling for data. Storing data locally minimises the number of agencies which have access to that data. Once the Snowden revalations became public, keeping data within national boundaries became a selling point for (not just) ISPs in most countries. I suppose I was ahead of the curve, I avoided Cloud services for just that reason - and then suspicions were confirmed.
When the Chinese Government request (or demand) that u
Re: (Score:1)
[...] but given China's track record with censorship and privacy, the explanation rings hollow for some skeptics.[...]
Given the United State's track record, I think the skeptics should worry about data collection at home too.
Why always focus on China when it comes to human rights and privacy issues? Just look at your own navel for a change...
Does every slashdot article have to come back to trashing the USA these days?
Re: (Score:2)
Re: (Score:2)
[...] but given China's track record with censorship and privacy, the explanation rings hollow for some skeptics.[...]
Given the United State's track record, I think the skeptics should worry about data collection at home too.
Why always focus on China when it comes to human rights and privacy issues? Just look at your own navel for a change...
Does every slashdot article have to come back to trashing the USA these days?
Don't ou think it's kindof relevent? Given they're talking about privacy of data, and the other option for storing would be in the States? Mm?
Re:Not just China (Score:5, Informative)
I have been living in China for quite a bit now, and I actually ask the same thing myself when I read something about China. Even this move by Apple is distorted in the way that the article is presented to always put the Chinese as the evil bad guys. Hell, I don't like the GFW myself, but I have to admit that this move by Apple is something of a trend for every tech company doing business in China. You incur a huge penalty in response times when you have to fetch content from the outside, which is why we go to great lengths in stuff we develop to make sure we are not linking to some google font, some blogspot/facebook link, etc.
Re: (Score:2)
The people in China who are wary of this are those of the Slashdot mindset -- your spiritual and intellectual compatriots who want the same thing as you do, privacy and to be left alone by government. Instead of standing up for friends and allies, there are those on Slashdot who would stand up for government. I don't get it. Are your minds warped somehow? Are you all so tolerant of others that you forget who you should be tolerant of?
Re: (Score:2)
This is a US-centric website, so the answer is yes.
Re: (Score:2)
It DOESN'T MAKE ANY DIFFERENCE where Apple stores credit card / serial number / address info. Look folks, it's pretty obvious. Any government larger than, say, North Korea, has the contacts, money and power to get any consumer or personal information running across their territory. Britain, France, Germany, hell even Portugal or Texas (well maybe not Texas).
So, all you can hope for, be you Chinese or American, Swiss or Tongan, is that your friggen Credit Card stays away from some clown in Eastern Europe
Trust the USA (Score:4, Insightful)
Nevertheless, Apple assures its Chinese users that their personal data on China Telecom is encrypted and that the encryption keys will be stored offshore.
So the keys are only stored back at the headquarter in the USA?
The place where a "judge" can order any company to deliver the customer's data to the state?
Data of users who may not be citizens of the USA and even data that is stored on foreign soil.
Re: (Score:3)
Almost forgot. The place where you get punished for not revealing your encryption key(s) to the court.
"I have something to hide, my privacy."
Re: (Score:2)
May I ask what you are laughing about?
Since the USA have installed listening breaks in international undersea cables, I'd guess he laughing at the naivety of the original statement.
lawful interception... (Score:3, Insightful)
It does not matter if they store the keys up at the Apple CEO's butt...
If they place the servers on Chinese physical land, then it is under Chinese jurisdiction, and the Chinese government can use their normal legal interception laws to get any data they want.
If they do not comply they confiscate the servers and start issuing large fines on Apple.
The only difference between "normal" US/UK/DE or whatever western world is that the Chinese has a much broader idea on what can be illegal.
So i would not trust that data store for 1second.
Re: (Score:2)
If the collect payments for the service using the Chinese banking system, then the Chinese government can use their normal legal channels to get the data they want.
Apple is looking at their bottom line (Score:1)
I think its clear Apple is simply looking at their bottom line and maybe also considering storage by region to some extent. I don't think people realize how much this is already being done without much public fanfare. Google certainly has server farms all over the World and Microsoft too. As well as many companies you probably do business with. Given the whole NSA situation in the States. Does finding out that my information is stored possibly in China make me feel any worse? Hardly. My own Country sifts t
Re: (Score:2)
And? (Score:3)
Seems reasonable to me. Actually reduced the needed data transport. The great firewall is in place for the data transfers to the outside world. I am sure the cn gvmnt has to possibility to targeted intercept, as has the america, german, russian or british governments.
Given what we learned in the recent years, placing data and encyption keys in two different legislations (chinese and america) is the most straighforward way to protect against legal interception.
Re: (Score:2)
But if the keys are stored in the USA, and the data is in China, then the keys will have to traverse the great firewall in order for the user to decrypt their data. That data will be susceptible to interception once it passes into China.
This is just marketing.
Re: (Score:2)
To me there is a significant difference between somthing affecting all stored dasta and only affecting data accessed after a specific date.
Re: (Score:2)
"the encryption keys will be stored off-shore" is different from "the encryption keys will be stored off-shore for ever"
Indeed, as you need the key every time the data is read...
Yes, it's more secure (Score:3)
Option 1: Store the Chinese data in China. The Chinese government owns all their bits.
Option 2: Store the Chinese data in the US and route it through China. The Chinese government owns all their bits. And so does the US.
It's pure marketing, of course. If they were really interested in security, they'd store only encrypted data without the key. But then it wouldn't be searchable, and a bunch of idiots would forget their encryption key and be angry because there'd be no magic recovery system.
All Your Switches and Routers Belong To Us (Score:2)
China already builds spyworthy Cisco networking gear, why would they have to ask Apple for access?
The ruling CCP is very desperate these days. (Score:2)
I am a Chinese who studies China for a living, and it is becoming more and more apparent to many people, that the ruling Chinese Communist Party (CCP) knows it is on its last straw of survival.
The party is facing severe and increasing systematic stress on all fronts:
1. Increasing external oppositions from all other countries in the world, forming more and more alliances and becoming more outspoken with rising strengths against China, as well as increasing anti-China sentiment from people in all other countr