Nobody said that Apple no longer retains control of the keys. The point is that the Chinese government has access to Apple user data and Apple is complicit.
>Nobody said that Apple no longer retains control of the keys. The point is that the Chinese government has access to Apple user data and Apple is complicit.
The Chinese government has the exact same access to Apple user data as before, which is through Apple. Who controls the keys is what matters.
>The Chinese government has the exact same access to Apple user data as before, which is through Apple.
No, the Chinese government now owns the servers with the key storage. They now have access to all the keys and user data at rest.
If the Chinese government is accessing all the user data because they requested Apple to put the user keys on their now-state-owned servers, then why does it matter if Apple controls the keys? You're still splitting hairs.
>No, the Chinese government now owns the servers with the key storage. They now have access to all the keys and user data.
>If the Chinese government is accessing all the user data because they requested Apple to put the user keys on their now-state-owned servers, then why does it matter if Apple controls the keys? You're still splitting hairs.
Apple said literally the opposite of this to Reuters and in this statement to 9to5Mac [1]:
>Last year, we announced that Guizhou on the Cloud Big Data (GCBD) would become the operator of iCloud in China. As we said at the time, we’re committed to continuously improving the user experience, and our partnership with GCBD will allow us improve the speed and reliability of our iCloud services products while also complying with newly passed regulations that cloud services be operated by Chinese companies. Because of our commitment to transparency, there will be a series of customer communications over the course of the next seven weeks to make sure customers are well informed of the coming changes. Apple has strong data privacy and security protections in place and no backdoors will be created into any of our systems.
You seem to think there's some material difference by storing the keys or data in China. There isn't. China's power over Apple comes from the fact that they can block their access to operate in China. It's not technical or legal. Chinese iCloud data was just as vulnerable to requests from the Chinese government when it was stored in the US.
>Apple says the joint venture does not mean that China has any kind of “backdoor” into user data and that Apple alone – not its Chinese partner – will control the encryption keys.
> That report doesn't say that Apple no longer retains control of the keys.
Even if it does (which is unclear), do you think Apple will be able to refuse if the Chinese government asks for them? I wouldn't be surprised of "the laws and regulations of China" say that Apple is required to turn them over.
>Even if it does (which is unclear), do you think Apple will be able to refuse if the Chinese government asks for them? I wouldn't be surprised of "the laws and regulations of China" say that Apple is required to turn them over.
Apple says that they respond to valid legal requests, but that isn't any different than when iCloud data was stored in the US. If you thought that Apple would cave to any request for data from the Chinese before, then there's no material difference by storing Chinese iCloud data in China.