76 points by quantisan 6 days ago
This is required to operate under Chinese law.
For instance, here is Microsoft's description of their own compliance.
>Keep your data within datacenters located in China with an Azure China account and stay compliant with international and industry-specific compliance standards. Access to your customer data is controlled by an independent company in China, 21Vianet. Not even Microsoft can access your data without approval and oversight by 21Vianet.
Not only is this not news there's a lot of FUD about it. https://news.ycombinator.com/item?id=20904857
Reposting my comment:
Apple has already publicly said in court filings, and under threat of perjury, that they don't make any exceptions for China.
From Apple's filing :
>Finally, the government attempts to disclaim the obvious international implications of its demand, asserting that any pressure to hand over the same software to foreign agents “flows from [Apple’s] decision to do business in foreign countries . . . .” Opp. 26. Contrary to the government’s misleading statistics (Opp. 26), which had to do with lawful process and did not compel the creation of software that undermines the security of its users, Apple has never built a back door of any kind into iOS, or otherwise made data stored on the iPhone or in iCloud more technically accessible to any country’s government. See Dkt. 16-28 [Apple Inc., Privacy, Gov’t Info. Requests]; Federighi Decl. ¶¶ 6–7. The government is wrong in asserting that Apple made “special accommodations” for China (Opp. 26), as Apple uses the same security protocols everywhere in the world and follows the same standards for responding to law enforcement requests. See Federighi Decl. ¶ 5.
and a declaration from Craig Federighi personally :
>Apple uses the same security protocols everywhere in the world.
>Apple has never made user data, whether stored on the iPhone or in iCloud, more technologically accessible to any country's government. We believe any such access is too dangerous to allow. Apple has also not provided any government with its proprietary iOS source code. While governmental agencies in various countries, including the United States, perform regulatory reviews of new iPhone releases, all that Apple provides in those circumstances is an unmodified iPhone device.
>It is my understanding that Apple has never worked with any government agency from any country to create a "backdoor" in any of our products and services.
>I declare under penalty of perjury under the laws of the United States of America that the foregoing is true and correct.
When China wants something from iCloud they do it the same way that law enforcement does it everywhere in the world, which is through Apple.
The juicy parts from the Legal Agreement for folks in China using iCloud:
> E. Access to Your Account and Content
> We reserve the right to take steps we believe are reasonably necessary or appropriate to enforce and/or verify compliance with any part of this Agreement. You acknowledge and agree that we may, without liability to you, access, use, preserve and/or disclose your Account information and Content to law enforcement authorities, government officials, and/or a third party, as we believe is reasonably necessary or appropriate, if legally required to do so or if we have a good faith belief that such access, use, disclosure, or preservation is reasonably necessary to: (a) comply with legal process or request; (b) enforce this Agreement, including investigation of any potential violation thereof; (c) detect, prevent or otherwise address security, fraud or technical issues; or (d) protect the rights, property or safety of GCBD, its users, Apple, a third party, or the public as required or permitted by applicable law. You understand and agree that Apple and GCBD will have access to all data that you store on this service, including the right to share, exchange and disclose all user data, including Content, to and between each other under applicable law.
The next step is to understand Rule of Law and Rule by Law. Guess which one China is.
I dont see which part of this is FUD.
None of this is inconsistent with what Apple has said about the security of iPhones or iCloud. Anything that's not end-to-end encrypted, as listed here , is subject to law enforcement requests, as it is everywhere.
I'll quote the relevant part of the agreement below:
"You understand and agree that Apple and GCBD [emphasis added] will have access to all data that you store on this service."
As a Chinese company, GCBD can and probably does indiscriminately send data to Chinese law enforcement.
> It is my understanding that …
This is weasel wording though. When said this way, Craig can make such a declaration under penalty of perjury even if a government backdoor exists, as long as he doesn’t personally know about it.
Both of your statements are from before Apple handed control of the data to GCBD, which the article is about. If anything is misleading here, it is your comment.
It doesn't matter what they say in court, what matters is how the iMessage protocol works.
As far as I can tell, the way iMessage works according to Apple's documentation, is that endpoints generate 1280-bit RSA encryption keys, hold the private keys on the device, but publish the public keys to a centralized IDS Directory Server. Note that their published security documents curiously don't say anything about man-in-the-middle mitigation, and indeed, MITM attacks against iMessage on IOS9 were publicly documented.
Now, what do you know about where the IDS servers are located in China, and who controls them? Because if Apple doesn't control them, and control them in a way that makes them impossible to spoof, then it is easy for the Chinese government to attack iMessage.
Thus, Tim Cook could say "We haven't put any backdoors into iMessage for the Chinese government and it is end to end encrypted" and it would be a true statement, but also Apple engineers could know full well the IDS in China could be subject to a MITM.
A plausible way this could happen, after Apple moved the iCloud keys to China, is that the Chinese government could request to intercept communications from a particular user, and the public keys of every recipient that user communicates with could be replaced with a MITM key so they can rely the messages and see the unencrypted content.
We don't know, but what we do know is that iMessage has been attacked with MITM before, and we know the PRC isn't going to let unbreakable encryption be sold to Uighurs in Xinjiang. It defies logic.
Can the GreatFireWall MITM the key-exchange in China? Can iCloud China's servers just outright have a facility for doing it? We don't know, but this is completely orthogonal to claims of end-to-end encryption.
End-to-end is only as strong as your key exchange.
Rather than reposting the same comment, the better thing to do here is flag the story.
It's useful that people keep seeing it because I've seen plenty of bad faith comments about this over the years.
To be fair, this is actually the first time I'd read anything like what the commenter above wrote, and was quite happy to hear it. Though I understand if this is common knowledge in the HN community writ large.
there's nothing wrong about OP: he/she is just sharing a statement released by Apple.
it's only "wrong" or misleading in light of current events, but i don't think it is sufficient reason to delete it.
I feel this should have a very basic statement:
"Apple does/does not store or provide access to encryption keys or plaintext of content uploaded to iCloud services"
This "support" page says nothing at all about what is actually encrypted vs. faux-encrypted.
Apple maintains a separate document on how individual content is encrypted .
Note that it is not apparent whether some of data listed under "end-to-end encrypted" is also included with iCloud Backups.
suppose i have an iphone 7 and a macbook air. i would like to know (to the extent possible) if it is possible to keep encrypted messages in iMessage accessible only on the iPhone while keeping photos available in iCloud/cross device.
after reading the link, it seems that as long as i do not have iCloud enabled for messages, no matter what other services i have enabled iCloud enabled for, i'm OK - for example, i do have photo iCloud backup enabled.
can anyone confirm that's what happens?
You can have iCloud enabled for Messages, but if you have iCloud Backup on then the keys are stored in the backup.
>Messages in iCloud also uses end-to-end encryption. If you have iCloud Backup turned on, your backup includes a copy of the key protecting your Messages. This ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices. When you turn off iCloud Backup, a new key is generated on your device to protect future messages and isn't stored by Apple.
You’ll also probably need to disable iMessage on your Mac.
That's not true though?
Edit: I'm not familiar with this beyond previous discussion on hn, so could be wrong.
Learned this from one of the Blizzard threads . I'm surprised this move by Apple went unnoticed on HN.
It's been covered previously on HN, extensively, for a long time.
Indeed. The linked Apple Support page marked the page as published on Oct 1, 2019 so I assumed it's new.
It hasn’t; it comes up every time Apple and privacy is discussed.