May 18, 2021

MOVE ALONG, NOTHING TO SEE HERE: Apple’s Security Compromises in China Outlined in New Report.

Apple has been making concessions on privacy and security in order to continue building and selling its devices in China, according to an in-depth report from The New York Times.

The focal point of the report is Apple’s decision to comply with a 2016 law that requires all personal information and data collected in China to be kept in China, which has led Apple to build a China data center and relocate Chinese customers’ iCloud data to China, managed by a Chinese company.

Apple fought against China’s efforts to gain more control over customer data, but given China’s leverage over Apple, Apple had no choice but to comply. There were initially disagreements over the digital keys that can unlock iCloud encryption. Apple wanted to keep them in the United States, while Chinese officials wanted them in China.

Ultimately, the encryption keys ended up in China, a decision that “surprised” two unnamed Apple executives who worked on the negotiations and who said that the decision could potentially endanger customer data. There is no evidence that the Chinese government has access to the data, but security experts have said that China could demand data or simply take it without asking Apple, especially given compromises in encryption key storage and the fact that a third-party company manages customer data on Apple’s behalf.

“The Chinese are serial iPhone breakers,” said Ross J. Anderson, a University of Cambridge cybersecurity researcher who reviewed the documents. “I’m convinced that they will have the ability to break into the servers.”

Xi’s gotta have it.

InstaPundit is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.