Hacker News new | ask | show | jobs
by bduerst 2828 days ago
That was back in February. Since then there's been some shuffling of the companies who own the servers with the keys so that China now has access.

From July 2018:

>Fast forward to today: China Telecom, a government owned telco, is taking over the iCloud data from Guizhou-Cloud Big Data. This essentially means that a state-owned firm now has access to all the iCloud data China-based users store, such as photos, notes, emails, and text messages.

https://mashable.com/article/china-government-apple-icloud-d...
1 comments
IBM 2828 days ago
That report doesn't say that Apple no longer retains control of the keys.
link
bduerst 2828 days ago
Nobody said that Apple no longer retains control of the keys. The point is that the Chinese government has access to Apple user data and Apple is complicit.
link
IBM 2828 days ago
>Nobody said that Apple no longer retains control of the keys. The point is that the Chinese government has access to Apple user data and Apple is complicit.

The Chinese government has the exact same access to Apple user data as before, which is through Apple. Who controls the keys is what matters.

link
bduerst 2828 days ago
>The Chinese government has the exact same access to Apple user data as before, which is through Apple.

No, the Chinese government now owns the servers with the key storage. They now have access to all the keys and user data at rest.

If the Chinese government is accessing all the user data because they requested Apple to put the user keys on their now-state-owned servers, then why does it matter if Apple controls the keys? You're still splitting hairs.

link
IBM 2828 days ago
>No, the Chinese government now owns the servers with the key storage. They now have access to all the keys and user data.

>If the Chinese government is accessing all the user data because they requested Apple to put the user keys on their now-state-owned servers, then why does it matter if Apple controls the keys? You're still splitting hairs.

Apple said literally the opposite of this to Reuters and in this statement to 9to5Mac [1]:

>Last year, we announced that Guizhou on the Cloud Big Data (GCBD) would become the operator of iCloud in China. As we said at the time, we’re committed to continuously improving the user experience, and our partnership with GCBD will allow us improve the speed and reliability of our iCloud services products while also complying with newly passed regulations that cloud services be operated by Chinese companies. Because of our commitment to transparency, there will be a series of customer communications over the course of the next seven weeks to make sure customers are well informed of the coming changes. Apple has strong data privacy and security protections in place and no backdoors will be created into any of our systems.

You seem to think there's some material difference by storing the keys or data in China. There isn't. China's power over Apple comes from the fact that they can block their access to operate in China. It's not technical or legal. Chinese iCloud data was just as vulnerable to requests from the Chinese government when it was stored in the US.

[1] https://9to5mac.com/2018/01/10/apple-will-begin-storing-chin...

link
fauigerzigerk 2828 days ago
You are wrong. Apple merely said "no backdoors will be created into any of our systems".

And no backdoors into any of Apple's systems are necessary because a government-owned company will be operating iCloud, including the keystore.

Apple's terms of service make this very clear:

"You understand and agree that Apple and GCBD will have access to all data that you store on this service"

https://www.apple.com/legal/internet-services/icloud/en/gcbd...

link
JorgeGT 2828 days ago
The old mantra: physical access is root access.
link
394549 2828 days ago
> That report doesn't say that Apple no longer retains control of the keys.

Even if it does (which is unclear), do you think Apple will be able to refuse if the Chinese government asks for them? I wouldn't be surprised of "the laws and regulations of China" say that Apple is required to turn them over.

link
IBM 2828 days ago
>Even if it does (which is unclear), do you think Apple will be able to refuse if the Chinese government asks for them? I wouldn't be surprised of "the laws and regulations of China" say that Apple is required to turn them over.

Apple says that they respond to valid legal requests, but that isn't any different than when iCloud data was stored in the US. If you thought that Apple would cave to any request for data from the Chinese before, then there's no material difference by storing Chinese iCloud data in China.

link
quickben 2828 days ago
Thinking that China doesn't have physical access to servers located on China (with all apple keys on it) is just not how real world works.
link