Apple moves to store iCloud keys in China, raising human rights fears
Apple moves to store iCloud keys in China, raising human rights fears
That’s because of a change to how the company handles the cryptographic keys needed to unlock an iCloud account. Until now, such keys have always been stored in the United States, meaning that any government or law enforcement authority seeking access to a Chinese iCloud account needed to go through the US legal system.
Now, according to Apple, for the first time the company will store the keys for Chinese iCloud accounts in China itself. That means Chinese authorities will no longer have to use the US courts to seek information on iCloud users and can instead use their own legal system to ask Apple to hand over iCloud data for Chinese users, legal experts said.
Human rights activists say they fear the authorities could use that power to track down dissidents, citing cases from more than a decade ago in which Yahoo Inc. handed over user data that led to arrests and prison sentences for two democracy advocates. Jing Zhao, a human rights activist and Apple shareholder, said he could envisage worse human rights issues arising from Apple handing over iCloud data than occurred in the Yahoo case.
In a statement, Apple said it had to comply with recently introduced Chinese laws that require cloud services offered to Chinese citizens be operated by Chinese companies and that the data be stored in China. It said that while the company’s values don’t change in different parts of the world, it is subject to each country’s laws.
“While we advocated against iCloud being subject to these laws, we were ultimately unsuccessful,” it said. Apple said it decided it was better to offer iCloud under the new system because discontinuing it would lead to a bad user experience and actually lead to less data privacy and security for its Chinese customers.
As a result, Apple has established a data center for Chinese users in a joint venture with state-owned firm Guizhou — Cloud Big Data Industry Co. Ltd. The firm was set up and funded by the provincial government in the relatively poor southwestern Chinese province of Guizhou in 2014. The Guizhou company has close ties to the Chinese government and the Chinese Communist Party.
The Apple decision highlights a difficult reality for many US technology companies operating in China. If they don’t accept demands to partner with Chinese companies and store data in China then they risk losing access to the lucrative Chinese market, despite fears about trade secret theft and the rights of Chinese customers.
Apple says the joint venture does not mean that China has any kind of “backdoor” into user data and that Apple alone – not its Chinese partner – will control the encryption keys. But Chinese customers will notice some differences from the start: their iCloud accounts will now be co-branded with the name of the local partner, a first for Apple.
And even though Chinese iPhones will retain the security features that can make it all but impossible for anyone, even Apple, to get access to the phone itself, that will not apply to the iCloud accounts. Any information in the iCloud account could be accessible to Chinese authorities who can present Apple with a legal order.
Apple said it will only respond to valid legal requests in China, but China’s domestic legal process is very different than that in the US, lacking anything quite like an American “warrant” reviewed by an independent court, Chinese legal experts said. Court approval isn’t required under Chinese law and police can issue and execute warrants.
“Even very early in a criminal investigation, police have broad powers to collect evidence,” said Jeremy Daum, an attorney and research fellow at Yale Law School’s Paul Tsai China Center in Beijing. “(They are) authorized by internal police procedures rather than independent court review, and the public has an obligation to cooperate.”
Guizhou — Cloud Big Data and China’s cyber and industry regulators did not immediately respond to requests for comment. The Guizhou provincial government said it had no specific comment.
There are few penalties for breaking what rules do exist around obtaining warrants in China. And while China does have data privacy laws, there are broad exceptions when authorities investigate criminal acts, which can include undermining communist values, “picking quarrels” online, or even using a virtual private network to browse the Internet privately.
Apple says the cryptographic keys stored in China will be specific to the data of Chinese customers, meaning Chinese authorities can’t ask Apple to use them to decrypt data in other countries like the United States.
Privacy lawyers say the changes represent a big downgrade in protections for Chinese customers.
“The US standard, when it’s a warrant and when it’s properly executed, is the most privacy-protecting standard,” said Camille Fischer of the Electronic Frontier Foundation.
Apple has given its Chinese users notifications about the Feb. 28 switchover data to the Chinese data center in the form of emailed warnings and so-called push alerts, reminding users that they can chose to opt out of iCloud and store information solely on their device. The change only affects users who set China as their country on Apple devices and doesn’t affect users who select Hong Kong, Macau or Taiwan.
The default settings on the iPhone will automatically create an iCloud back-up when a phone is activated. Apple declined to comment on whether it would change its default settings to make iCloud an opt-in service, rather than opt-out, for Chinese users.
Apple said it will not switch customers’ accounts to the Chinese data center until they agree to new terms of service and that more than 99.9 percent of current users have already done so.
Until now, Apple appears to have handed over very little data about Chinese users. From mid-2013 to mid-2017, Apple said it did not give customer account content to Chinese authorities, despite having received 176 requests, according to transparency reports published by the company. By contrast, Apple has given the United States customer account content in response to 2,366 out of 8,475 government requests.
Those figures are from before the Chinese cybersecurity laws took effect and also don’t include special national security requests in which US officials might have requested data about Chinese nationals. Apple, along with other companies, is prevented by law from disclosing the targets of those requests.
Apple said requests for data from the new Chinese datacenter will be reflected in its transparency reports and that it won’t respond to “bulk” data requests.
Human rights activists say they are also concerned about such a close relationship with a state-controlled entity like Guizhou-Cloud Big Data.
Sharon Hom, executive director of Human Rights in China, said the Chinese Communist Party could also pressure Apple through a committee of members it will have within the company. These committees have been pushing for more influence over decision making within foreign-invested companies in the past couple of years.
Amazon aims to make Alexa assistant bigger part of users’ lives
- Alexa has gotten smarter, more conversational and even intuitive during the past year as teams at Amazon work hard on getting the digital assistant to better understand people
- Alexa uses artificial intelligence to identify patterns in the lives of users, factoring in habits, weather, time of year and more
SEATTLE: From the kitchen to the car, Amazon on Thursday sought to make its Alexa digital assistant and online services a bigger part of people’s lives with an array of new products and partnerships.
Updates to the Internet giant’s Alexa-infused Echo smart speakers will allow them to tend to microwave cooking and even have “hunches” regarding what users may want or have forgotten.
When Alexa is told “corn on the cob,” a digital Echo speaker starts an AmazonBasics microwave oven in a faux home demonstration room, setting the preferred time and voicing what it is doing.
But when asked to add 30 seconds, Alexa paused and then started to play songs by the band “Thirty Seconds to Mars.”
Such misunderstandings are routine enough with smart speakers that they have become fodder for humor, and even cropped up while Amazon devices and services senior vice president David Limp showed off new devices in a nearby building a short time earlier.
Alexa has gotten smarter, more conversational and even intuitive during the past year as teams at Amazon work hard on getting the digital assistant to better understand people, according to Limp.Alexa is even developing a personality, complete with a favorite pet or beer.
It has also learned to understand whispers, responding in equally hushed tones in a feature to be rolled out in the coming weeks.
Amazon on Thursday teased a coming feature called Alexa Hunches that is designed to infuse the digital assistant with intuition. For example, when a user bids Alexa a good night, it might respond by mentioning they forgot to lock a door.
Alexa uses artificial intelligence to identify patterns in the lives of users, factoring in habits, weather, time of year and more. To know what is happening with other smart devices in a home, the Echo speaker needs to be connected to them.
Amazon recently passed the 20,000 mark for smart home devices made by the Seattle-based company or partners.
“We are really at a tipping point for the smart home,” Limp said while unveiling a cornucopia of new devices.
An overhauled Echo Dot smart speaker boasts much-improved sound and design while keeping the $50 price tag of the original.
Amazon added Echo equivalents of stereo components for home sound systems, along with improvements to its online music service, with partners including Spotify, Pandora, and Deezer.
Limp unveiled a “frustration free setup” platform intended to grow into a framework that any smart device maker can use to make getting gadgets to talk to Alexa as easy as plugging them into an outlet.
“That is not going to happen overnight,” Limp said. “As we imagine a future that has thousands of these devices in your home, this is going to become absolutely essential.”
And, of course, there was the $60 microwave, which Limp contended was a strong test because of how much microwaves interfere with wireless connectivity used by devices to communicate.
A freshly announced Alexa Guard service synchronizes with Echo speakers in the home and security cameras from Amazon-owned smart doorbell maker Ring.
When Echo speakers are set to guard mode, they listen for breaking glass or the sound of alarms from smoke or carbon dioxide detectors and send alerts to smartphones or even security companies.
Ring cameras can also be connected to Echo devices with screens, letting people see who has come calling, demonstrations showed.
A new Echo Show device boasted twice the screen display area as its predecessor, and Fire TV Recast that acts as a digital recorder for traditional television broadcasts.
Not satisfied with being built into new cars, Alexa will be able to work in older models with an Echo Auto device that can be affixed to dashboards and reach the Internet through smartphones.
“Amazon launched today what I believe is the industry’s largest assortment of home automation products and added meaningful improvements to its services,” said analyst Patrick Moorhead of Moor Insights and Strategy.
“The company once again separated itself again in the smart home space from both Google and Apple by adding new devices and capabilities.”