Linked by Thom Holwerda on Fri 23rd Feb 2018 23:51 UTC

With Apple moving its Chinese iCloud data to a company partially owned by the Chinese government, it's natural to wonder what this means for the privacy of Chinese Apple users.

If Apple is storing user data on Chinese services, we have to at least accept the possibility that the Chinese government might wish to access it - and possibly without Apple’s permission. Is Apple saying that this is technically impossible?

This is a question, as you may have guessed, that boils down to encryption.

This article is from the middle of January of this year, but I missed it back then - it's a great insight into what all of this means, presented in an easy-to-grasp manner. Definitely recommended reading.

Permalink for comment 654114
To read all comments associated with this story, please click here.
by Alfman on Sat 24th Feb 2018 01:01 UTC
Member since:

The critical thing is that the “anyone” mentioned above includes even Apple themselves. In short: Apple has designed a key vault that even they can’t be forced to open. Only customers can get their own keys.

Strictly speaking, these kinds of assertions are only true for software attacks (because the software domain is fully controlled by the hardware). But the same isn't true of the hardware, which is vulnerable to countless hardware attacks. Granted it might be very expensive, but nevertheless within the capabilities of a sophisticated agency (or even a smart defcon guy ;) )

Probably there’s nothing funny going on, but this is an example of how Apple’s vague (and imprecise) explanations make it harder to trust their infrastructure around the world.
Where Apple provides overwhelming detail about their best security systems (file encryption, iOS, iMessage), they provide distressingly little technical detail about the weaker links like iCloud encryption. We know that Apple can access and even hand over iCloud backups to law enforcement. But what about Apple’s partners? What about keychain data? How is this information protected? Who knows.

Yep, PR is often vague and imprecise. While this can be annoying to a tech person, I don't necessarily hold it against them. However I do hold it against them when they lie or deceive, as apple did when it claimed that imessage and facetime couldn't be wiretapped, all the while, the protocol enabled wiretaping by letting apple set their own encryption keys.

Even when they're not intentionally misleading, the truth is PR teams and even CEOs don't always comprehend the technical nuances of what they're talking about. The author understands this, but many people taking things at face value can be mislead.

Reply Score: 6