Apple Opens Up -- Slightly -- on Hong Kong's National Security Law

An anonymous reader shares a report: After Beijing unilaterally imposed a new national security law on Hong Kong on July 1, many saw the move as an effort by Beijing to crack down on dissent and protests in the semi-autonomous region. Soon after, a number of tech giants -- including Microsoft, Twitter and Google -- said they would stop processing requests for user data from Hong Kong authorities, fearing that the requested data could end up in the hands of Beijing. But Apple was noticeably absent from the list. Instead, Apple said it was "assessing" the new law. When reached by TechCrunch, Apple did not say how many requests for user data it had received from Hong Kong authorities since the new national security law went into effect. But the company reiterated that it doesn't receive requests for user content directly from Hong Kong. Instead, it relies on a long-established so-called mutual legal assistance treaty, allowing U.S. authorities to first review requests from foreign governments. Apple said it stores iCloud data for Hong Kong users in the United States, so any requests by Hong Kong authorities for user content has to be first approved by the Justice Department, and a warrant has to be issued by a U.S. federal judge before the data can be handed over to Hong Kong.

Why don't the rest do that?

[guruevi]

Have all your datacenters in the US, then you don't have to pretend you're not complying with Chinese law while backdooring your products.

Re:Why don't the rest do that?

[OrangeTide]

I'll do one better and move my datacenters to Switzerland.

Re:

[Anonymous Coward]

I'll do one better and move my datacenters to Switzerland.

Switzerland or Iceland would be great.

But if it comes down to either America or China, I would prefer my data was in China, out of reach of the NSA and other US spy and law enforcement agencies.

I don't much care if the Chinese govt sees my data since they have no power or authority over me.

Re:

[DDumitru]

The problem is that this runs into physics. See RFC 1925.

https://tools.ietf.org/html/rf... [ietf.org]

Specifically, 2.2: "No matter how hard you push and no matter what the priority, you can't increase the speed of light." ... ... and 2.3: "With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea. It is hard to be sure where they are going to land, and it could be dangerous sitting under them as they fly overhead."

Re:

[Mattcelt]

The rule of thumb is thus:

1) Put your thumb over the apparent position of the pig.
2) If the pig appears to be moving up, over your thumb, it will overshoot you.
3) If the pig appears to be moving down, below your thumb, it will undershoot you.
4) If the pig appears to be stationary on the other side of your thumb, move.

(Fortunately you don't need to move very far, as pigs generally have negligible splash damage.)

Re:Why don't the rest do that?

[pedz]

But if it comes down to either America or China, I would prefer my data was in China, out of reach of the NSA and other US spy and law enforcement agencies.

I don't understand this. As soon as the data goes out of the country, the NSA can capture it with no warrant at all... At least that is how I thought things currently stood.

As far as power, the typical Joe Average can be blackmailed, doxed, and embarrassed.

Re:

[AmiMoJo]

It's worth looking at the Snowden leaks in detail because they explain how this stuff works.

When the NSA was inside Apple's network it was because Apple screwed up its security. At some points in the chain the data wasn't encrypted. They thought it was fine, data moving between servers or datacentres, but the NSA was able to capture it.

So assuming Apple fixed the issues it's possible that the NSA lost access. If the data centre was in China and the connection was entirely encrypted and the encryption wasn't

Re:

[tlhIngan]

I don't much care if the Chinese govt sees my data since they have no power or authority over me.

So you're absolutely sure at no point in your life, past, present or future, you will be associated with someone from China? Or anyone in your family? Or will stop over in China controlled territory once the pandemic is over and international travel is allowed again?

If your life is that laid out, congratulations. Most people aren't so sure they won't make friends with someone from China or who has family in Chin

Re:

[Slonak Nana]

Switzerland or Iceland would be great.

But if it comes down to either America or China, I would prefer my data was in China, out of reach of the NSA and other US spy and law enforcement agencies.

I don't much care if the Chinese govt sees my data since they have no power or authority over me.

Yea right; let see when China starts to sell your data / manipulate your data (or even your children, if you have) ; and you have no power of authority over there.

Query

[Mikkeles]

Why are they storing user data in the first place?

(And no: I'm not referring to their app store (hashed) password.)

Re:Query

[NateFromMich]

Why are they storing user data in the first place?

(And no: I'm not referring to their app store (hashed) password.)

If you knew anything about hosting even a website, then you'd know the answer. It would be almost impossible for them to not store user data in some form, even if it's just a userid, password and a few rows of preferences.

In this case, we're talking about iCloud. From what I've briefly read, it's like Google Drive, so there is actual user data there in folders and files.

Re: Query

[NoMoreACs]

In this case, we're talking about iCloud. From what I've briefly read, it's like Google Drive, so there is actual user data there in folders and files.

I don't know about Google Drive; but with iCloud, the User controls what is, and is not, stored there.

Re:

[El_Muerte_TDS]

Given how aggressive Apple pushes their iCloud service I expect it to contain a lot of personal data. With every major update it wants you to enable it with defaults that sync most of your data

Re:

[NoMoreACs]

Given how aggressive Apple pushes their iCloud service I expect it to contain a lot of personal data. With every major update it wants you to enable it with defaults that sync most of your data

iCloud does have some serious usability advantages if you have multiple Apple devices.

As i said, the User controls what gets stored in iCloud. Isn't that the Slashdot way?

Not a bad approach

[hdyoung]

That's.... actually not a bad way of going about it. Even with the current state of our executive branch (steaming pile of feces), if the Justice department AND a judge agree that China is entitled to a certain piece of cellphone data, it's probably fine to hand it over.

Not everything is political. Run-of-the-mill murders and other crimes happen over there, and we should be willing to help with those, if things are vetted properly.

XI is on it

[Anonymous Coward]

Apple said it stores iCloud data for Hong Kong users in the United States

I'm pretty sure Emperor Xi will fix that little loophole soon. And Apple will then, of course, follow the national laws of the PRC [slashdot.org].

Re: XI is on it

[martynhare]

...and then the encrypted data will be stored on Chinese servers with private keys stored by Apple in the US. That means China Telecom will be able to see emails (as they are stored unencrypted as disclosed in their security documentation) but not much else by default. However, in the event of a valid court order, Apple would need to comply with Chinese law just like how Apple fork over iCloud data under US law. The best bet is not to communicate with closed source software lacking end to end encryption

Apple already whored itself out

[Hongkonger2047]

Finish these sentences: iMessage and no other foreign messanger workings China because.... Apple stores all data in China because.... China goverment has access to.... use the word encryption in your sentence Apple already blocked Apps which allowed HK people to know where the police were located to avoid being beaten up.. enough said.