What is happening in Apple’s data centres in China?
Following a report by the New York Times, it has been revealed that U.S. tech company Apple may be storing personal data of its Chinese customers and encryption keys to unlock the information in its China-based data centres.
What does the report reveal?
The report, published on 17 May 2021, provided details of Apple’s actions, saying that the data was being stored on “computer servers run by a state-owned Chinese firm”. Apple’s Chief Executive, Tim Cook, has pointed out that the “data is safe”, however, at their data centre Guiyang, which it is hoped will be constructed by next month, the iPhone manufacturer has “largely ceded control to the Chinese government”, the New York Times reported.
According to the article, the computers on which the data has allegedly been stored are run by Chinese state employees and “the digital keys that unlock information on those computers are stored in the data centres they’re meant to secure”. Apple attempted to remove encryption technology used in other data centres but the Chinese government “would not allow it”.
To obtain this information, the New York Times reviewed a collection of internal documents, interviews with 17 current and former Apple employees and four security experts. They offer “an extensive inside look” at the way in which Apple “has given in” to the rising demands of the Chinese government.
Apple’s entrance into China
Apple first made its entrance into China nearly two decades ago, led by Mr Cook, and the company soon became the most valuable in the world. Meanwhile, the company first transferred its encryption keys and Chinese iCloud operations to the country back in 2018, following their announcement of a partnership with the Chinese firm, Guizhou-Cloud Big Data (GCBD), which is supervised by a board controlled by government-owned businesses.
Apple launched its first cyber security-based data centre in May 2020, which the company hoped would help comply with the latest cyber security laws at the time. Situated in the province of Guizhou, the facility hosted iCloud services to adhere to a then-new ruling requiring firms to store data in China.
Obtaining personal data is “nearly impossible” to stop
According to the report, a spokesperson for Apple has reassured the company’s Chinese customer base, stating that it “still controlled the keys”, protecting their personal data from being leaked, and that Apple “used its most advanced encryption technology to do so”.
Despite these precautions, the compromise of storing the keys used to unlock personal information with that data itself has meant that it is “nearly impossible” for them to stop the Chinese government from using the encryption devices to gain access to documents, emails, contacts, and even the locations of millions of Chinese residents, according to security experts and Apple engineers.
A breach of cyber security law
Tensions between Apple and the Chinese government heightened when, according to the New York Times, the government “started to pass laws giving the country greater leverage” over the company, after it discovered that Apple, through the use of its iCloud service which allows users to store personal information, was, therefore, keeping personal data of Chinese residents outside of the country, which was against the aforementioned Chinese cyber security law.
The law, which came into force in November 2016, required all “personal information and important data collected in China to be kept in China”. Apple’s iCloud system went against this and, according to the New York Times, resulted in the company’s China team asking Mr Cook to shut down the system and move the personal information of Chinese residents to a company owned by the country’s government.
This brings everything up to date, as Apple then went on to mistakenly store the encryption keys with the personal data, allowing the Chinese state-owned firm to access a variety of information about Apple’s Chinese customers.
Apple has said in a statement that it follows the laws in China and does everything it can to keep the data of customers safe.