Linked by Thom Holwerda on Fri 23rd Feb 2018 23:51 UTC
Apple

With Apple moving its Chinese iCloud data to a company partially owned by the Chinese government, it's natural to wonder what this means for the privacy of Chinese Apple users.

If Apple is storing user data on Chinese services, we have to at least accept the possibility that the Chinese government might wish to access it - and possibly without Apple’s permission. Is Apple saying that this is technically impossible?

This is a question, as you may have guessed, that boils down to encryption.

This article is from the middle of January of this year, but I missed it back then - it's a great insight into what all of this means, presented in an easy-to-grasp manner. Definitely recommended reading.

Order by: Score:
Security
by Alfman on Sat 24th Feb 2018 01:01 UTC
Alfman
Member since:
2011-01-28

The critical thing is that the “anyone” mentioned above includes even Apple themselves. In short: Apple has designed a key vault that even they can’t be forced to open. Only customers can get their own keys.


Strictly speaking, these kinds of assertions are only true for software attacks (because the software domain is fully controlled by the hardware). But the same isn't true of the hardware, which is vulnerable to countless hardware attacks. Granted it might be very expensive, but nevertheless within the capabilities of a sophisticated agency (or even a smart defcon guy ;) )

Probably there’s nothing funny going on, but this is an example of how Apple’s vague (and imprecise) explanations make it harder to trust their infrastructure around the world.
...
Where Apple provides overwhelming detail about their best security systems (file encryption, iOS, iMessage), they provide distressingly little technical detail about the weaker links like iCloud encryption. We know that Apple can access and even hand over iCloud backups to law enforcement. But what about Apple’s partners? What about keychain data? How is this information protected? Who knows.


Yep, PR is often vague and imprecise. While this can be annoying to a tech person, I don't necessarily hold it against them. However I do hold it against them when they lie or deceive, as apple did when it claimed that imessage and facetime couldn't be wiretapped, all the while, the protocol enabled wiretaping by letting apple set their own encryption keys.

http://www.osnews.com/thread?620207

Even when they're not intentionally misleading, the truth is PR teams and even CEOs don't always comprehend the technical nuances of what they're talking about. The author understands this, but many people taking things at face value can be mislead.

Reply Score: 6

I don't think the average China citizen cares!
by nrlz on Sat 24th Feb 2018 07:51 UTC
nrlz
Member since:
2006-01-27

I don't think the average China citizen cares about privacy provided that it provides them significant utility. Think about WeChat and all the personal data that passes through it including your chat logs, purchases and location data and yet everyone is using it to replace physical cash.

And plus China is slowing evolving from a tightly controlled state to a looser one, so in their situation, they are already experiencing increasing privacy rights compared with decades ago.

Reply Score: 4

Sidux Member since:
2015-03-10

They don't actually. Apple even accepted the ideea of banning any kind of VPN software from the App Store in China and let authorities detain any developer that tried to bypass this one way or the other.
It's a market too big for tech companies to not take into account.

Reply Score: 3

avgalen Member since:
2010-09-23

I agree. China was "loosening up" 10 years ago, but lately that trend has reversed with "closing the VPN loophole" as an example on the technical side and "no term limit for presidents" on the politicial side.

Reply Score: 2

Alfman Member since:
2011-01-28

avgalen,

I agree. China was "loosening up" 10 years ago, but lately that trend has reversed with "closing the VPN loophole" as an example on the technical side and "no term limit for presidents" on the politicial side.



Things can change very quickly. Most people live their lives assuming that something like that can't happen and so don't worry about the fragility of democracy, but maybe we should be careful here too. Fortunately the US founders were wise enough to establish three branches of government, but just how vulnerable are they? Can a well orchestrated series of events significantly alter our democratic institutions? How many people would it actually take in top positions of authority to overthrow a country's major democratic protections?

It's not difficult to see how judicial&executive appointees might be selected due to their loyalty to a corrupt individual rather than the country. Congress is somewhat more difficult to control, but options can include: bribery, use allegations to get opponents fired, gaslighting to create uproar to divide&discredit opponents, create a state of emergency that defies normality, use executive orders to defy congress, etc.

Would it ever be possible to have too few good people left in positions of authority to combat a president whose goal is a dictatorship?

Reply Score: 2

avgalen Member since:
2010-09-23

[off-topic-warning]

Well, given the USA as the obvious example it should be obvious that all you need is a president with enough of a following that his supreme court nominations get approved and that the senate-candidates that he endorses get endorsed.
In reality I wouldn't have thought that was possible but Trump is trying.
Here are some of the serious flaws that seem to make this possible:
* electoral college instead of popular vote
* gerrymandering
* the above cross-contamination of the 3 branches
* the president choosing the vice-president

I never understood the reason to give 1 man (a president) such power. In most countries the king/emperor is now a purely symbolical function and the prime-minister doesn't have much power compared to other ministers. He is more like a spokesperson than a rule-maker.

Just for the record, I am Dutch and was never formally schooled in the USA political system.

[warning-personal-opinion-way-offtopic-dont-respond]
My impression is that the influence of lobbyists and money in general has reached absurd levels and that the will of the people is simply ignored too often
http://www.politifact.com/wisconsin/statements/2017/oct/03/chris-ab...
[/ducks]

Reply Score: 2

zima Member since:
2005-07-06

It suffices if large enough percentage of people is consistantly irrational enough with their voting/support decisions... you have a current example of that much closer to you, Poland. :/ (where "1 man holding power" doesn't even have any official position...)

Reply Score: 2

avgalen Member since:
2010-09-23

Poland, Egypt, Turkey, now China....democracy isn't doing so great

Reply Score: 2

Comment by cdude
by cdude on Sat 24th Feb 2018 10:11 UTC
cdude
Member since:
2008-09-21

And if Apple servers are located in the US then we have to accept the possibility that the US government might wish to access the data - and possibly without Apple’s permission.

So?

Reply Score: 2

RE: Comment by cdude
by Alfman on Sat 24th Feb 2018 10:57 UTC in reply to "Comment by cdude"
Alfman Member since:
2011-01-28

cdude,

And if Apple servers are located in the US then we have to accept the possibility that the US government might wish to access the data - and possibly without Apple’s permission.

So?


You are right, as much as we criticize china's interference, the US government has been caught red handed several times breaking it's own laws using secret courts with no public oversight.

And we know companies like to blame governments for this. Google, apple, microsoft have all spoken up against overreaching government privacy invasions. Yet the truth of the matter is that these companies are the enablers by building devices that give themselves the keys in the first place.

Integrating "cloud" services into a platform is fine, but please let me choose my own provider! Allow my phone to use my own personal cloud. I'm very disappointed with how difficult it is to access documents & media locally. Alas, I don't believe any of this is accidental. Hell google doesn't even want users to print locally without uploading the documents to them first.

They can say whatever they want about how much they value our privacy or how they disagree with government data gathering, but so long as they keep developing technology that gives themselves access to our data, it's quite disingenuous and hypocritical IMHO.

Reply Score: 3

China does
by Poseidon on Mon 26th Feb 2018 01:49 UTC
Poseidon
Member since:
2009-10-31

Considering that the Chinese government actually governs in their favor and have great leverage because of how many factories for electronics (often the only ones), including Apple, it’s not hard to figure out who has the keys.

Reply Score: 1