Apple’s first iCloud data center in mainland China, built in co-operation with a state-owned company, has now officially gone online following more than two years of preparations.
STORY HIGHLIGHTS:
- Apple’s first iCloud data center in mainland China is now operational.
- Chinese users’ iCloud data is operated by GCBD, a state-owned company.
- A recent NYT report cast a spotlight on Apple’s iCloud “hard bargain“ in China.
Apple’s first local iCloud in China is operational
According to a local report from Xinhua, the iPhone maker’s new iCloud data center in the southwestern province of Guizhou commenced operation on Tuesday, May 25, 2021.
From the report:
In 2017, Apple signed an agreement with the Guizhou provincial government to build its first Chinese data center in Gui’an New Area. With a contracted investment of $ billion dollars, the data center plans to offer iCloud services on the Chinese mainland.
Does that mean that the iCloud data in China is vulnerable to the Chinese government?
Apple turns over China’s iCloud data to a state-run firm
There was a big shadow of controversy cast over that 2017 agreement between Apple and the Chinese government. Apple basically had to accept that deal due to Chinese regulation requiring that customer data collected on mainland China be stored locally.
In order to comply with the requirement, Apple on February 28, 2019, turned over the iCloud data of its Chinese customers to a state-owned local partner.
“iCloud in China mainland is operated by GCBD (AIPO Cloud (Guizhou) Technology Co. Ltd),“ reads a support document on the Apple website. “This allows us to continue to improve iCloud services in China mainland and comply with Chinese regulations.”
The China/iCloud controversy
It says all photos, videos, documents, backups and other iCloud data of Apple’s customers in mainland China are subject to the Terms and Conditions of iCloud operated by GCBD.
A recent story in The New York Times zeroing in on Apple’s “hard bargain“ in China alleges that the company made a series of compromises to meet the authorities’ demands.
The documents show that GCBD employees would have physical control over the servers, while Apple employees would largely monitor the operation from outside the country. The security experts said that arrangement alone represented a threat that no engineer could solve.
Wow. If GCBD employees have physical access to Apple’s iCloud hardware in the facility, then it can be inferred that the security of Chinese iCloud users could be seriously compromised.
Matthew D. Green, a cryptography professor at Johns Hopkins University, said this:
Chinese intelligence has physical control over your hardware—that’s basically a threat level you can’t let it get to.
On the other hand, the article posits that Apple surrendering iCloud data from Chinese customers to the ultimate control of the government may not be as concerning as it sounds.
People close to Apple suggested that the Chinese authorities often don’t need Apple’s data, and thus demand it less often, because they already surveil their citizens in myriad other ways.
But as John Gruber notes on his Daring Fireball blog, there isn’t much Apple could do here other than to comply with Chinese law or else stop selling products in the country.
And given Apple makes $50 billion/year in sales within China, the latter isn’t really a viable option for Apple—especially taking into account that replicating Apple’s enormous Chinese supply chain operation would be virtually impossible.