Comment by shuckles
4 years ago
As far as is documented, the behavior of iCloud does not change, just the operator. In particular, the difference is that end to end encrypted data in iCloud remains that way, so saying all iCloud data is handed over is incorrect.
In fact, iMessage is the only end to end encrypted messaging service operating in the country (for example).
It’s my understanding that the keys used in that “end-to-end” encryption are also under the control of the operator [1], so from a privacy perspective it is the same as handing over that data in plaintext.
[1] https://www.nytimes.com/2021/05/17/technology/apple-china-ce...
It’s an incorrect reading of the article. The HSMs in the data center are operated by the Chinese company so any CloudKit data escrowed by Apple could be accessed, but end to end encryption keys are synced through iCloud Keychain which uses a different protocol with device secrets.
Do you have any sources for that? I ask because the article I linked specifically states that Apple was forced to discard the entire encryption system it uses elsewhere. It’s also hard to understand why a government would insist on this sort of data custody without the benefit of plaintext access.
1 reply →
Apple put a lot of money to design that HSM to lock themselves out. Chinese can’t access iCloud Keychain as plaintext.
https://blog.cryptographyengineering.com/2016/08/13/is-apple...