New report sheds light on Apple’s concessions on security in China

It has been over three years since we learned that Apple would be turning over iCloud data in mainland China to a local, state-owned partner in the region. And now a new report aims to shed light on some of the concessions the company has had to make in the area.

The New York Times has a full report on Apple’s decisions to move iCloud data in mainland China to a state-owned partner. While, at the time, Apple reinforced that the move would not inherently endanger customer data, maintaining that the move was safe, this new report says that Apple did indeed have to make some concessions to work with the Chinese government.

China rolled out the law that all data and personal information collected in China must stay in the area back in 2016. Apple acquiesced to those rules soon after. Apple built a data center in China to comply, and now the data is managed by a Chinese company. And while Apple tried to not do any of this at the start, Apple had to comply with the Chinese government’s new law in order to keep working in the region.

Encryption keys are now stored in China, which could potentially leave some of that data in a precarious situation. The report says that two Apple executives were surprised by the decision, concerned that the data could become accessible by the Chinese government at a later date.

The report also leans into Apple’s vocal stance on user privacy and security, at least as far as it is concerned outside of mainland China. But it’s no secret that Apple’s business in China is huge, and there’s still potential for growth. As a result, Apple must follow local government laws and regulations — even if that means it backhands Apple’s goals in other regions of the globe. That does not sit well with some:

Apple has become a cog in the censorship machine that presents a government-controlled version of the internet,’ said Nicholas Bequelin, Asia director for Amnesty International, the human rights group. ‘If you look at the behavior of the Chinese government, you don’t see any resistance from Apple — no history of standing up for the principles that Apple claims to be so attached to.

While the report does say that Apple has made concessions, and has potentially left user data and information in a shaky position, the company says that’s not the case at all. It weighed in:

The company said in a statement that it followed the laws in China and did everything it could to keep the data of customers safe. ‘We have never compromised the security of our users or their data in China or anywhere we operate,’ the company said.

An Apple spokesman said that the company still controlled the keys that protect the data of its Chinese customers and that Apple used its most advanced encryption technology in China — more advanced than what it used in other countries.

The full report is worth reading. Go check it out at The New York Times.