Technology giant Apple is currently under fire after revelations the company was storing customer data and encryption keys in China were made public by an investigation from the New York Times.
Apple has responded to the story confirming that it does indeed store customer data in Chinese data centres, but says that the integrity of these sites should not be questioned.
Technology analysts are concerned that data centres based in China may well be required to hand over data to the ruling Chinese Communist Party, which is becoming a common practice for organisations operating within China.
Get ISO 27001 – Information Security – Certification With Best Practice
The report alleges that Apple has “largely ceded control to the Chinese government,” in terms of its encryption techniques and allegedly abandoned some of the basics of data protection at its data centres, under pressure from the Chinese Communist Party.
This is made more problematic by the fact that Apple’s encryption technology was banned by the Chinese government, and digital keys, the only way to unlock information, are stored within the data centre itself; a massive contradiction of cyber security best practices.
Apple’s original plan was to keep these keys safe in the United States, but they eventually made their way directly to China, prompting fears from a number of cyber security experts.
The New York Times says that “to stay on the right side of Chinese regulators, [Tim Cook’s] company has put the data of its Chinese customers at risk and has aided government censorship in the Chinese version of its App Store.”
The report continues to explain that “in its data centres, Apple’s compromises have made it nearly impossible for the company to stop the Chinese government from gaining access to the emails, photos, documents, contacts and locations of millions of Chinese residents.”
“iCloud data in China is vulnerable to the Chinese government because Apple made a series of compromises to meet the authorities’ demands, according to dozens of pages of internal Apple documents on the planned design and security of the Chinese iCloud system, which were reviewed for The Times by an Apple engineer and four independent security researchers.”
Apple Under Fire For Storing Customer Data & Encryption Keys in China
Apple has responded to the allegations presented in the report, stating that “we have never compromised the security of our users or their data in China or anywhere we operate.”
In reference to the fact that Apple removed a number of applications at the request of the Chinese Communist Party, the company said that “these decisions are not always easy, and we may not agree with the laws that shape them, but our priority remains creating the best user experience without violating the rules we are obligated to follow.”
Responding to the fact that valuable encryption keys are now being kept within China, Apple said that “we retain control of the encryption keys for our users’ data, and every new data centre we build affords us the opportunity to use Apple’s most cutting-edge hardware and security technologies to protect those keys.”
“In addition, we handle law enforcement requests in China through the appropriate legal process, just like we do everywhere else, and we regularly and transparently report the instances when we are compelled to provide user information,” the company said.
Nicholas Bequelin, Amnesty International’s Asian director has said that “Apple has become a cog in the censorship machine that presents a government-controlled version of the internet… if you look at the behavior of the Chinese government, you don’t see any resistance from Apple – no history of standing up for the principles that Apple claims to be so attached to.”
Professor Michael Posner, Director of the Centre for Business and Human Rights and Human Rights at the New York University has told the BBC that “I would have been uncomfortable a long time ago using Apple products if I were critical of the Chinese government.”
“I would have no confidence that there is any privacy in anything that I’m putting up on the cloud using an Apple product,” he said, adding that the move to store decryption keys within China is a clear signal that Apple is “playing by Chinese rules.”
