Apple Walks a Thin Line on User Privacy While Dealing With China
Apple has found itself in a funny spot by refusing the FBI’s request to unlock the iPhone of one of the San Bernardino shooters. While Apple is making a show in the United States about respecting user privacy, the company has closely cooperated with Chinese authorities on similar issues, and the refusal to cooperate with the FBI may itself be with an eye toward the China market.
A New York judge ruled in Apple’s favor on Feb. 29 that the company is not required to help investigators by unlocking the iPhone 5C of San Bernardino shooter Syed Rizwan Farook who, alongside his wife, murdered 14 people in a Dec. 2, 2015, terrorist attack.
The debate won’t end there, however, as Apple is still fighting a California judge’s order to create specialized software that will help the FBI crack the phone’s encryption.
The case may actually not be as simple as it appears on the surface. Regardless of how Apple has conducted itself in China, it could be forced in the United States to create a system that would further undermine user privacy elsewhere.
Steven Mosher, president of the Population Research Institute and a strong critic of the Chinese regime’s human rights abuses, said in a phone interview that he is siding with Apple on this point.
Mosher isn’t most concerned about the controversy itself, but rather the implications for consumers if Apple did create software to break its own encryption.
If Apple did produce such technology, he said, “two minutes after it’s produced it would be stolen by China and nobody’s iPhone would be secure after that.”
It’s not as simple as Apple creating a backdoor into its phones and the technology only being used once, he said, asking, “What happens when the analyst who created the backdoor gets recruited by China for a million dollars a year?”
According to Apple’s website, it received between 750 and 999 national security-related requests in the first six months of 2015. It noted that “less than 0.00673 percent of customers have been affected by government information requests.”
Its policy changes, however, when it comes to devices running iOS 8 or later. According to Apple, this has to do with the design of the software, itself.
“On devices running iOS 8 and later versions, your personal data is placed under the protection of your passcode,” it states, noting that on devices running iOS 8 and later, “Apple will not perform iOS data extractions in response to government search warrants.”
The reason, it states, is that on these devices, files are protected by an encryption key that is tied to the user’s passcode, “which Apple does not possess.”
The San Bernardino shooter’s phone is running iOS 9, according to court documents. Yet, the federal government’s pleading, filed Feb. 16, asserts “Apple yet retains the capacity to provide the assistance sought herein that may enable the government to access the SUBJECT DEVICE pursuant to the search warrant.”
Some experts have speculated that Apple’s real interests aren’t about user rights, but instead about business—and all signs point back to China.
“What’s driving this is Apple’s desire to persuade the global market, and particularly the China market, that the FBI can’t just stroll in and ask for data,” James Lewis, senior fellow at the Center for Strategic and International Studies in Washington, told the Los Angeles Times.
Lewis added that if the things were the other way around, however, “I can’t imagine the Chinese would tolerate end-to-end encryption or a refusal to cooperate with their police, particularly in a terrorism case.”
Apple in China
Like most other major U.S. tech firms, Apple came under fire in China and abroad in late 2013, after former NSA contractor Edward Snowden revealed information about U.S. spy programs.
The Chinese regime used the controversy sparked by Snowden to crack down on U.S. tech firms, and to push deeper policies of its own to spy on user data—and Apple has been among the most eager of these companies to cooperate with Chinese authorities.
Soon after, in August 2014, Apple began storing data of its Chinese users on data centers of the state-run China Telecom, which became Apple’s only cloud service provider in China.
Apple claimed that user data would still be encrypted, but experts pointed out at the time that China Telecom would still have access to all data passing through the servers, and could work to decrypt the data on its own.
Seemingly benign policies such as this aren’t uncommon when it comes to foreign countries demanding access to encrypted data.
Research In Motion (RIM), the maker of BlackBerry phones, was facing similar controversies between 2008 and 2012, when several foreign countries were angry about being unable to break its email encryption.
RIM eventually capitulated in February 2012 and installed a BlackBerry server in Mumbai. BlackBerry jailbreaking website, CrackBerry, reported at the time, “By setting up these servers it allows Indian officials to ‘lawfully intercept its messenger services.'”
One month after Apple moved user data in China to severs controlled by China Telecom in 2014, Apple took similar measures to RIM. Reuters reported on Sept. 18, 2014, that Apple posted a job listing for a “head of law enforcement in Beijing to deal with user data requests from China’s government.”
Apple’s cooperation with Chinese authorities didn’t end there, either. In January 2015, Apple CEO Tim Cook met with Lu Wei, director of China’s Internet Information Office—which is in charge of censoring the Chinese Internet.
Cook had allegedly told Wu that Apple would never provide third party backdoors or access to information.
Wu responded, stating, “What you said doesn’t count. Your new products must undergo security inspections by us. We must draw our own conclusions, so that users can feel secure using these products.”
It’s unclear what happened from there, but as the LA Times reported, Chinese authorities said in January 2015 Apple became the first foreign firm to agree to rules of the Cyberspace Administration of China. Apple was also given the Chinese regime’s stamp of approval for its iPhone 6 for complying with China’s national security standards.
Apple again was given that same stamp of approval recently, on Feb. 22, the LA Times reported.
Correction: An earlier version of this article stated the San Bernardino shooter’s phone is running iOS 7. Court documents state it is running iOS 9.