As Apple plans to open its data center in China, concerns erupt over security of iCloud accounts

Apple will open a data center in mainland China with ties to the country’s government, raising concerns about the security of iCloud accounts that store personal information transferred from iPhones, iPads and Mac computers there.

The data center announced Wednesday will be located in the Guizhou province and run by a company owned by the Chinese government. Apple is teaming up with the company, Guizhou on the Cloud Big Data, to comply with a new Chinese law requiring data-storage providers to keep the information of mainland China customers on computers located within the country. The Guizhou data center will store photos, video, documents and other personal information uploaded to iCloud accounts by Apple customers who live in mainland China, even when they’re traveling outside the country. Backups and other data stored in iCloud accounts by customers outside China will continue to be stored in data centers in the US and eventually Denmark.

 

Other major technology companies, including amazon , Microsoft, and IBM, have already made similar deals to run data centers in mainland China to remain in the good graces of the country’s Communist government. But Apple’s acquiescence is striking because CEO Tim Cook has made preserving customers’ privacy a company cornerstone. The Cupertino, California, company underscored that commitment last year in a high-profile battle with the US government over a legal demand to crack open the iPhone of a suspected killer in a mass shooting.

Apple has a strong incentive to toe the line in China because that country already is its third-largest market behind North America and Europe, with all signs pointing to it become an even bigger profit center. China currently accounts for about 20 percent of Apple’s revenue. Even though it’s working with a government-owned company, Apple sought to reassure customers in China that the arrangement won’t compromise their privacy. “As our customers know, Apple has strong data privacy and security protections in place and no backdoors will be created into any of our systems,” the company said in a statement.

What’s more, Apple says it will hold to the security keys protecting the data that people routinely back up in iCloud accounts. But experts believe the data center will make it easier for the government to retrieve the information through legal demands or other means. Apple will find it more challenging to resist any order from a Chinese court to give authorities their access to an iCloud account that they want to sift through, predicted Nate Cardozo, a senior staff attorney specializing in privacy for the Electronic Frontier Foundation, a digital rights group. Currently, the Chinese government has to funnel those demands through the U.S. court system, a more difficult process to negotiate.

Cardozo recommends that Apple customers in mainland customer turn off the iCloud feature on their iPhones and other devices to protect their information from prying eyes. Data stored on the devices themselves should remain secure as long as they lock them with passwords that only the user knows. Even if the government seizes a device, Apple won’t have the keys to unlock data. But with iCloud, Apple does have the keys. The exception is passwords and credit card data synced with iCloud Keychain.

Ajay Arora, CEO of data security specialist Vera, also warns that Apple’s partnership with a company owned by the Chinese government increases the chances that authorities could secretly pry their way into iCloud accounts. “It’s like Apple is putting the fox in charge of the henhouse,” Arora said.