News broke yesterday that Facebook-owned Whatsapp was partially filtered and blocked in China. This action comes a week after Apple announced it was complying with new Chinese cybersecurity regulations. Both activities showcase challenges for foreign technology companies of operating in China.
Last week Apple announced its Chinese business expansion by building its first Chinese data center in Guizhou province.
It is said that this data center will be operated by a local Internet service company named Guizhou-Cloud Big Data Industry Co Ltd, which is owned by the Guizhou provincial government; while Apple will provide technical support. This is also a part of Apple's USD1 billion investment commitment to Guizhou province.
Apple said in a statement that the new data center will improve the access speed and reliability of their products and services. Meanwhile, it is a move to comply with China's new Internet regulations, which requires that network cloud services be operated by Chinese companies. Therefore, they choose to cooperate with Guizhou-Cloud Big Data Industry to provide the iCloud services. Apple emphasized that they will protect user privacy as always and none of their systems will have backdoors.
To improve Chinese users' experience of visiting iCloud services, Apple started saving encrypted iCloud data on servers of China Telecom from 2015.
The new Guizhou data center, like all other Apple data centers in the world, will be 100% powered by renewable energy.
But this move by Apple obfuscates possible user data issues. Yes, Apple maybe will not provide a backdoor, but its encryption regime in China may be different than elsewhere, and the company has not publicly stated whether it is using a different encryption standard.
In China, encryption is controlled by the State and Web services are dumbed down. China's biggest streaming video service Youku.com does not provide an SSL method to embed videos, so this lack of security gives China's cyber sleuths a method to track who is watching what and when. And foreign cache providers like CloudFlare provide SSL around the world except in China, where they cannot provide secure connections.
So for Apple, it's probably happening that while they are encrypting user data on iCloud, the keys are not held exclusively by the company.