Apple moves iCloud encryption keys for Chinese users to China

Apple told Reuters that the company had to comply with Chinese authorities and move iCloud data to Chinese data centers. Not everyone’s data is moving to China. This is only going to apply to residents of mainland China who chose China as their main country when they created their Apple account (not Hong Kong, Macau or Taiwan).

The Chinese government can now ask access iCloud data much more easily. Human rights activists are concerned because it could lead to arrests of democracy advocates.

Before this change, all encryption keys would be stored in the U.S. It means that authorities would have to go through the U.S. legal system to ask for user data stored on iCloud. Apple is partnering with a Chinese company for its Chinese data center.

Apple has already complied with requests for iCloud data in the U.S. You might remember Apple’s fight with the FBI over the San Bernardino shooter’s iPhone 5c. This is different as the FBI was asking for a backdoor to unlock the phone as they wanted to access data on the phone itself and not just on iCloud.

Apple has always stored encryption keys for iCloud data. It means that data is encrypted on Apple’s servers, but Apple has a way to decrypt this data. This is useful if you forget your password for instance as Apple always has a way to recover data for you.

If you’re wondering about iMessage in particular, the messaging protocol has been designed so that messages are encrypted on your phone and decrypted on the recipient’s phone. Apple has no way to access and read those messages.

But, by default, Apple uploads a backup of your phone data to iCloud if you activate iCloud during the iPhone on-boarding process. This backup includes a database of all your iMessage conversations you haven’t deleted. Apple has been working on a way to store iMessage data on iCloud servers with end-to-end encryption. But it’s not available just yet.

The company has sent notifications to Chinese users days before the change. Apple probably hopes that users with sensitive data disabled iCloud backups and iCloud data before the switch.

Chinese authorities can now get a Chinese legal order and tell Apple’s local partner to hand over user data. The local partner (and by extension Apple) will have no choice but to comply with the order.

Apple’s statement to Reuters is quite telling. “While we advocated against iCloud being subject to these laws, we were ultimately unsuccessful,” The company told Reuters. Apple simply couldn’t win this fight.

Correction: I made some corrections to iCloud’s on-boarding process, the iMessage database that gets backed up to iCloud and Apple’s relationship with its local partner in China.