What is happening in Apple’s data centres in China?
Following a report by the New York Times, it has been revealed that U.S. tech company Apple may be storing personal data of its Chinese customers and encryption keys to unlock the information in its China-based data centres.
What does the report reveal?
The report, published on 17 May 2021, provided details of Apple’s actions, saying that the data was being stored on “computer servers run by a state-owned Chinese firm”. Apple’s Chief Executive, Tim Cook, has pointed out that the “data is safe”, however, at their data centre Guiyang, which it is hoped will be constructed by next month, the iPhone manufacturer has “largely ceded control to the Chinese government”, the New York Times reported.
According to the article, the computers on which the data has allegedly been stored are run by Chinese state employees and “the digital keys that unlock information on those computers are stored in the data centres they’re meant to secure”. Apple attempted to remove encryption technology used in other data centres but the Chinese government “would not allow it”.
To obtain this information, the New York Times reviewed a collection of internal documents, interviews with 17 current and former Apple employees and four security experts. They offer “an extensive inside look” at the way in which Apple “has given in” to the rising demands of the Chinese government.
Apple’s entrance into China
Apple first made its entrance into China nearly two decades ago, led by Mr Cook, and the company soon became the most valuable in the world. Meanwhile, the company first transferred its encryption keys and Chinese iCloud operations to the country back in 2018, following their announcement of a partnership with the Chinese firm, Guizhou-Cloud Big Data (GCBD), which is supervised by a board controlled by government-owned businesses.
Apple launched its first cyber security-based data centre in May 2020, which the company hoped would help comply with the latest cyber security laws at the time. Situated in the province of Guizhou, the facility hosted iCloud services to adhere to a then-new ruling requiring firms to store data in China.
Obtaining personal data is “nearly impossible” to stop
According to the report, a spokesperson for Apple has reassured the company’s Chinese customer base, stating that it “still controlled the keys”, protecting their personal data from being leaked, and that Apple “used its most advanced encryption technology to do so”.
Despite these precautions, the compromise of storing the keys used to unlock personal information with that data itself has meant that it is “nearly impossible” for them to stop the Chinese government from using the encryption devices to gain access to documents, emails, contacts, and even the locations of millions of Chinese residents, according to security experts and Apple engineers.
A breach of cyber security law
Tensions between Apple and the Chinese government heightened when, according to the New York Times, the government “started to pass laws giving the country greater leverage” over the company, after it discovered that Apple, through the use of its iCloud service which allows users to store personal information, was, therefore, keeping personal data of Chinese residents outside of the country, which was against the aforementioned Chinese cyber security law.
The law, which came into force in November 2016, required all “personal information and important data collected in China to be kept in China”. Apple’s iCloud system went against this and, according to the New York Times, resulted in the company’s China team asking Mr Cook to shut down the system and move the personal information of Chinese residents to a company owned by the country’s government.
This brings everything up to date, as Apple then went on to mistakenly store the encryption keys with the personal data, allowing the Chinese state-owned firm to access a variety of information about Apple’s Chinese customers.
Apple has said in a statement that it follows the laws in China and does everything it can to keep the data of customers safe.
GTR and SEGRO agree first UK data centre facility
SEGRO, a property investment and development company, has announced it has come to an agreement with the European data centre platform, Global Technical Realty (GTR) to construct its first UK-based data centre. SEGRO claims that the facility, which will span a total area of 400,711 sq ft, will be located in Slough and is to become “the largest data centre campus in the UK’s premier data centre and communications hub”.
What will SEGRO’s data centre facility be used for?
Supported by the global investment firm KKR, Global Technical Realty says it will be using the facility’s space on a 25-year term to operate bespoke data centres for high-growth global technology companies. The new facility aims to support the growing demand for third-party data centre provision amid ever-increasing growth in data usage and cloud services adoption.
Franek Sodzawiczny, CEO & Founder of GTR, said: “We are excited to be back in the UK alongside our partner KKR and look forward to working closely with SEGRO to deliver this state-of-the-art data centre campus. The data centre space is a fast-moving one. GTR was established to support its customers in providing a data centre solution wherever in the world there is a demand for it. We are delighted that the UK will become home to our flagship concept”.
James Craddock, Managing Director, Thames Valley at SEGRO, said: “We’re pleased to welcome GTR as the latest data centre operator to our thriving estate and our team of experts look forward to developing a stunning new facility for them and their customers. “Homeworking, data streaming, e-commerce and businesses’ reliance on cloud services have all grown during the pandemic, meaning demand for data centres is unabated.
“Slough Trading Estate is home to Europe’s largest data centre cluster and data centres are increasingly regarded as part of our key national infrastructure given the critical role they play in our daily lives”, he added.
The facility is expected to be delivered in two phases with operations beginning by Q4 of next year. The first phase plans to provide 132,575 sq ft of space phase two will create 268,136 sq ft of space. “Vacant possession of the site delivered to the customer by early 2022”, SEGRO said.
The project is also expected to create around 200 jobs during its construction, and a further 80 permanent roles once completed.