Back in Apple and Privacy: are there Bedrock Principles Based on Inviolable Philosophical/Moral Principles, or Rather, Concretized Pragmatic State of the Moment “whatever works” Policies?, I commented on the dubious self-servering and now clearly hypocritical pseudo-philosophical claims of Apple about privacy.
While I gave Apple some benefit of the doubt, the implications are now confirmed: Apple has thrown Chinese users under the bus by agreeing to store encryption keys for iCloud in China. Does anyone but a naif think the Chinese government won’t demand those keys sooner or later, and probably sooner?
I’d like Apple to formally state: “Before we turn over encryption keys to the Chinese government, we will give users 72 hours notice of that action and destroy all data (and backups) of any user that requests it”. That would show some shred of respect for the respect-for-user-privacy that Apple just loves to tout when it is convenient and makes for good PR. But Apple has made no such statement.
From Apple to Start Putting Sensitive Encryption Keys in China in the Wall Street Journal (emphasis added):
Apple says it is moving the keys to China as part of its effort to comply with a Chinese law on data storage enacted last year. Apple said it will store the keys in a secure location, retain control over them and hasn’t created any backdoors to access customer data. A spokesman in a statement added that Apple advocated against the new laws, but chose to comply because it “felt that discontinuing the [iCloud] service would result in a bad user experience and less data security and privacy for our Chinese customers.”
Apple’s move reflects the tough choice that has faced all foreign companies that want to continue offering cloud services in China since the new law. Other companies also have complied, including Microsoft Corp. for its Azure and Office 365 services, which are operated by 21Vianet Group , Inc., and Amazon.com Inc., which has cloud operating agreements with Beijing Sinnet Technology Co. and Ningxia Western Cloud Data Technology Co.
The rationalization about user privacy is stunning: note the reference to feelings ('felt') but not to facts or to moral-philosophical principles, as well as the ugly precedent it sets.
What the statement above really means is:
“We at Apple support privacy for our users as extremely important. Unless and until it impacts our bottom line.
This after Apple gave the FBI the finger as to cell phone encryption (Apple in 2016 fought a U.S. government demand to help unlock the iPhone of the gunman in the 2015 San Bernardino terrorist attack). So Apple blocks the FBI, but thinks it is just fine to comply with a repressive government with zero respect for human rights in a way that compromises millions of users. The sanctimonious irony should not be lost on anyone, anywhere. George Orwell just rolled over in his grave.
One has to wonder about the convoluted rationalizations Tim Cook must go through to avoid implosive cognitive dissonance. That is, assuming he actually does respect user privacy morally-philosophically as a conviction, versus just a nice talking point. As I see it, it is either cowardice through and through, or it’s all been a nice “fair weather” show.
Will Apple be complying with government demands in any two-bit totalitarian dictatorship as well? Where is Apple’s formal policy on such matters—why not spell it out? Still, it’s hardly necessary—the precedent has been set so the policy is clear enough.
Does Tim Cook now have any credibility on any issue involving individual rights? You can’t pick and choose which rights apply or do not apply; one either has a deep conviction that individual rights matter (the founding principle of this country), or it’s all for show. Contrary to the absurd rationalization quoted above, this is not a complex issue: supporting a repressive state where individual rights don’t matter makes Apple complicit, with Apple sanctioning a totalitarian state. No amount of honey-coated press releases change that core fact.
To quote Tim Cook:
I believe Apple has led by example, and we’re going to keep doing that.
How is Apple leading now?
From Apple moves to store iCloud keys in China, raising human rights fears in Reuters, emphasis added:
Now, according to Apple, for the first time the company will store the keys for Chinese iCloud accounts in China itself. That means Chinese authorities will no longer have to use the U.S. courts to seek information on iCloud users and can instead use their own legal system to ask Apple to hand over iCloud data for Chinese users, legal experts said.
Human rights activists say they fear the authorities could use that power to track down dissidents, citing cases from more than a decade ago in which Yahoo Inc handed over user data that led to arrests and prison sentences for two democracy advocates. Jing Zhao, a human rights activist and Apple shareholder, said he could envisage worse human rights issues arising from Apple handing over iCloud data than occurred in the Yahoo case.
MPG: Apple seems to be on the brink of being complicit in violating human rights. There can be no justifiable moral basis for anyone or any company to participate in supporting a totalitarian state which does not recognize individual rights.
What exactly does Apple intend to do now to rationalize its new policy, which sets a grotesque precedent which could ultimately allow governments to kill and imprison and torture people? Apple must have had some compelling business reasons ($$$) to comply. Morals and integrity are oxymorons when money can change them. All the years of Apple posturing about respecting privacy, respecting people, loving the planet = a zero.
Kurt FH writes “he blinked”:
You’ve commented on this “unfortunate” issue, but not strong enough in my view.
Does anyone doubt, that other countries selling a significant volume of Apple products will soon follow? In short: iCloud will soon join the “unwashed unprotected data” stored and accessible by virtually anyone in some kind of power anywhere.
Now, I think Apple has to explain what happens to iCloud users of other countries - US, UK, Germany, Denmark etc. - when they use their iPhones inside China? Will data be transferred “untainted” and “encrypted” to home country iCloud or will it have to use the Chinese iCloud site(s) as proxies for further progress past the big firewall. In effect, this - ahem - “proxy” could decode any traffic, make a copy and reencode the traffic before transferring to somewhere abroad. The Chinese counterpart to NSA (FISA and whatnot) will probably not have to inform anyone (and prevent Apple to “blabber”) about this “man-in-the-middle” in the former “middle kingdom”. Or?
Especially will it be interesting, if Apple has to explain and defend, that american citizens must accept “iCloud data access by the chinese government” while traveling in china, but not allow the same to take effect in the US (or is it already implemented as a “silent understanding” also including repatriation of huge funds to US ciontrolled shores ;-)
I’m just asking…
I know, that Android is not secure. And I probably have to realize, that iOS etc. is just as insecure in real life from now on. It will be interesting, if this will also affect the falling sales in smartphones in "western countries”, where we can easily foresee, that at least “Five Eyes”, BND (Germany), FSB (Russia) and their “friends” from India and down to any tin-pot country in the world with a semblance of a phone system.
MPG: with China building a truly Orwellian state monitoring infrastructure where (literally) soon just about everyone’s location in real time can be known, Apple is adding a key piece to the infrastructure. It’s chilling and one wonders how Tim Cook can sleep at night.