Personal online information belonging to Chinese owners of iPhones and iPads — including private messages, photos and device backups — is to be stored locally in China for the first time, as Apple opens its first iCloud data centre on the mainland.
Apple’s move follows Beijing’s introduction last month of tighter cyber security rules and reflects the concessions foreign multinationals must make to tap the world’s largest mobile market, which is increasingly important for iPhone sales.
The US tech group’s new facility in Guizhou will be jointly operated with a Chinese internet company as part of a $1bn investment in the southwestern province.
Announcing the relocation of mainland Chinese customers’ iCloud data from the US, Apple sought to head off potential security concerns from its tens of millions of users in the region.
“As our customers know, Apple has strong data privacy and security protections in place and no backdoors will be created into any of our systems,” it said in a statement.
Apple already complies with legally valid requests for data from law enforcement authorities around the world, including China. Nonetheless, moving customers’ iCloud data to a Chinese facility will make it easier for the authorities to go through the legal motions required to obtain that private information.
Under US law, foreign governments have to undertake a process that can sometimes take years to obtain data about their citizens that are stored on servers in America.
China’s new cyber security law requires all data collected on the country’s citizens or areas relating to broadly defined issues of national security to be held on servers in China. Transfers of data abroad must first be reviewed and approved by regulators.
Until now, Apple has serviced its Chinese iCloud customers using data centres outside the country, primarily in the US. Some Apple media systems, including parts of its iTunes and iBooks digital content stores, were transferred to servers in China a few years ago but those systems did not include any personal data.
Last year, Apple fought a request by the US government to break down the encryption protections built into its iOS operating system, as investigators sought to access a dead terrorist’s iPhone. Apple also said last year that it had rejected a Chinese demand that it hand over its iOS source code.
The Chinese law means Apple must store its iCloud encryption keys there securely. Apple will retain control of the keys but in certain instances, such as credit card information, only the user holds the key to their data, meaning the iPhone maker would be unable to comply with any request from law enforcement.
Other US tech groups including Microsoft, IBM and Amazon already offer their cloud infrastructure services in China through local partners.
“It’s not a new direction. China has been increasingly requiring different types of data be stored within China,” said Mark Natkin, managing director at Marbridge Consultancy. “It’s indicative of an effort China is making to ensure that user data from online and mobile services provided to Chinese users is stored in data centres in China.”
Source: Financial Times