Apple’s move to store iCloud keys for China’s users in data centers owned by state-controlled Guizhou-Cloud Big Data is raising red flags among human rights activists, Reuters reports. While Apple has always hosted iCloud keys in the United States — thus making it necessary to involve the U.S. justice system in any requests for user data — the company said it must comply with China’s new laws requiring the data to be stored locally if it wants to continue operating in the country. “While we advocated against iCloud being subject to these laws, we were ultimately unsuccessful,” Apple said in a statement. Jing Zhao, a human rights activist and Apple shareholder, pointed to earlier cases where Yahoo’s data was used to arrest and imprison two democracy advocates as a cautionary tale for what could happen if Apple’s user data is used to track down dissidents. French nonprofit advocacy group Reporters without Borders has already called on journalists in China to close their iCloud accounts in wake of Apple’s decision.
While Apple will still retain control of the encryption keys, Chinese legal experts warned that now any information stored in iCloud can be accessed by Chinese authorities with a legal order. That can take a very different form than in the U.S. since Chinese police can issue and execute warrants without any involvement from the courts. “Even very early in a criminal investigation, police have broad powers to collect evidence,” said Jeremy Daum, an attorney and research fellow at Yale Law School’s Paul Tsai China Center in Beijing. “[They are] authorized by internal police procedures rather than independent court review, and the public has an obligation to cooperate.” There are also few penalties for breaking the rules for obtaining a warrant, and police are allowed to investigate a wide range of criminal acts that include “undermining communist values, ‘picking quarrels’ online, or even using a virtual private network to browse the Internet privately.”
In another possible dent to Apple’s privacy guarantees, the European Union is working on new laws that would force tech companies to turn over a customer’s personal data even if that data is stored outside the EU, Reuters reports. While the EU executive had previously said it wanted access to data stored within the 28-nation bloc, sources with direct knowledge of the pending legislation said the new wording will also extend to data held elsewhere. The law — coming amid a legal battle between Microsoft and U.S. prosecutors who want the company to turn over emails stored on servers in Ireland in connection with a drug-trafficking case — would apply to the personal data of anyone under investigation in Europe, not just EU residents. While privacy advocates and tech companies have balked at such statutes, European Justice Commissioner Vera Jourova said accessing cross-border evidence under today’s laws is “very slow and non-efficient,” adding that police need new tools to become faster than criminals using digital services to facilitate their illegal activities.