Apple to Start Putting Sensitive Encryption Keys in China
Posted: Mon Feb 26, 2018 6:33 pm
So much for Apple being the guardian of user privacy. That didn't last long.
https://www.wsj.com/articles/apple-to-s ... 1519497574When Apple Inc. next week begins shifting the iCloud accounts of its China-based customers to a local partner’s servers, it also will take an unprecedented step for the company that alarms some privacy specialists: storing the encryption keys for those accounts in China.
The keys are complex strings of random characters that can unlock the photos, notes and messages that users store in iCloud. Until now, Apple has stored the codes only in the U.S. for all global users, the company said, in keeping with its emphasis on customer privacy and security.
While Apple says it will ensure that the keys are protected in China, some privacy experts and former Apple security employees worry that moving the keys to China makes them more vulnerable to seizure by a government with a record of censorship and political suppression.
“Once the keys are there, they can’t necessarily pull out and take those keys because the server could be seized by the Chinese government,” said Matthew Green, a professor of cryptography at Johns Hopkins University. Ultimately, he says, “It means that Apple can’t say no.”