This post was originally published on this site
Apple’s latest move in China has privacy advocates and human rights groups worried.
The U.S. company is moving iCloud accounts registered in mainland China to state-run Chinese servers on Wednesday along with the digital keys needed to unlock them.
“The changes being made to iCloud are the latest indication that China’s repressive legal environment is making it difficult for Apple to uphold its commitments to user privacy and security,” Amnesty International warned in a statement Tuesday.
The criticism highlights the tradeoffs major international companies are making in order to do business in China, which is a huge market and vital manufacturing base for Apple (AAPL).
Related: Use iCloud in China? Prepare to share your data with a state-run firm
In the past, if Chinese authorities wanted to access Apple’s user data, they had to go through an international legal process and comply with U.S. laws on user rights, according to Ronald Deibert, director of the University of Toronto’s Citizen Lab, which studies the intersection of digital policy and human rights.
“They will no longer have to do so if iCloud and cryptographic keys are located in China’s jurisdiction,” he told CNNMoney.
The company taking over Apple’s Chinese iCloud operations is Guizhou-Cloud Big Data (GCBD), which is owned by the government of Guizhou province. GCBD did not respond to requests for comment.
The change only affects iCloud accounts that are registered in mainland China.
Apple (AAPL) made the move to comply with China’s latest regulations on cloud services. A controversial cybersecurity law, which went into effect last June, requires companies to keep all data in the country. Beijing has said the measures are necessary to help prevent crime and terrorism, and protect Chinese citizens’ privacy.
The problem with Chinese cybersecurity laws, Deibert said, is that they also require companies operating in China “to turn over user data to state authorities on demand — Apple now included.”
Other big U.S. tech companies have had to take similar steps — Amazon (AMZN) and Microsoft (MSFT) also struck partnerships with Chinese companies to operate their cloud services in the country.
Related: Apple is leading the race to $1 trillion
Apple says that it did advocate against iCloud being subject to the new law, but was unsuccessful.
“Our choice was to offer iCloud under the new laws or discontinue offering the service,” an Apple spokesman told CNN. The company decided to keep iCloud in China, because cutting it off “would result in a bad user experience and less data security and privacy for our Chinese customers,” he said.
Apple users typically use iCloud to store data such as music, photos and contacts.
That information can be extremely sensitive. Earlier this month, Reporters Without Borders urged China-based journalists to change the country associated with their iCloud accounts — which is an option for non-Chinese citizens, according to Apple — or to close them down entirely.
Human rights groups also highlighted the difficult ethical positions Apple could find itself in under the new iCloud arrangement in China.
The company has fought for privacy rights in the Unites States. It publicly opposed a judge’s order to break into the iPhone of one of the terrorists who carried out the deadly attack in San Bernardino in December 2016, calling the directive “an overreach by the US government.”
At the time, CEO Tim Cook said complying with the order would have required Apple to build “a backdoor to the iPhone … something we consider too dangerous to create.”
Human Rights Watch questioned whether the company would take similar steps to try to protect users’ iCloud information in China, where similar privacy rights don’t exist.
Related: Apple is removing VPN apps that allow users to skirt China’s Great Firewall
“Will Apple challenge laws adopted by the Chinese government that give authorities vast access to that data, especially with respect to encrypted keys that authorities will likely demand?” asked Sophie Richardson, China director for Human Rights Watch.
Apple declined to answer that question directly, but it pushed back on concerns that Chinese authorities will have easy access to iCloud users’ data.
“Apple has not created nor were we requested to create any backdoors and Apple will continue to retain control over the encryption keys to iCloud data,” the Apple spokesman said.
“As with other countries, we will respond to legal requests for data that we have in our possession for individual users, never bulk data,” he added.
Rights groups and privacy advocates are not convinced.
“China is an authoritarian country with a long track record of problematic human rights abuses, and extensive censorship and surveillance practices,” Deibert said.
Apple users in China should take “extra and possibly inconvenient precautions not to store sensitive data on Apple’s iCloud,” he advised.
Most of those users have already accepted the new status quo, according to Apple. So far, more than 99.9% of iCloud users in China have chosen to continue using the service, the Apple spokesman said.
— Nanlin Fang contributed to this report.