Apple Will Store Russian User Data Locally, Possibly Decrypt on Request: Report (venturebeat.com) 74
After resisting local government's mandates for years, Apple appears to have agreed to store Russian citizens' data within the country, a report says. From a report: According to a Foreign Policy report, Russia's telecommunications and media agency Roskomnadzor has confirmed that Apple will comply with the local data storage law, which appears to have major implications for the company's privacy initiatives. Apple's obligations in Russia would at least parallel ones in China, which required it turn over Chinese citizens' iCloud data to a partially government-operated data center last year. In addition to processing and storing Russian citizens' data on servers physically within Russia, Apple will apparently need to decrypt and produce user data for the country's security services as requested.
Re: (Score:1)
After all that crap projecting that sign about *what goes in an iPhone stays in an iPhone*....
SNAFU
So, please tell us what the OTHER, equivalent-scope companies, (Google, Microsoft, et al.) do in this regard?
I'm genuinely curious.
CAPTCH: Liberty
Re: (Score:2)
A domestic version of PRISM for any government that asked.
It is a legal request by a nation gov to get approval to be a connected part of the nations telco network.
Every nations sets up their own version of a "Section 702 of the Foreign Intelligence Surveillance Act" with FISA for all its citizens just like the USA did.
ie telco laws authorized by a gov. Any gov can do the statutorily authorized collection on anything it wants.
Lawful and conducted under authorities granted.
Re: (Score:2)
To LOL at the big brands to offer "security and "crypto" after the PRISM news.
Nation are getting the crypto keys as that is the telco law in each nation.
Re: (Score:1)
Well, regardless of all the legal babble, I'm just saying Apple shouldn't make "privacy" promises they can't/won't keep. The safest assumption for any user to work with is that everything is collected and sorted for fun and profit.
Re:That's funny! (Score:5, Insightful)
Apple is obligated to obey the law in every country where they operate.
It is not the job of American corporations to "fix" Russia. That is up to the Russian people.
Re: (Score:1)
That's a load of crap. We have no obligation to bow down to tyranny. If we can tear down the borders with technology, all the better! THAT would be our obligation! Liberation is everybody's obligation.
Re: (Score:2)
If we can tear down the borders with technology, all the better!
There are no border restrictions. Russians are free to travel. The Soviet Union ended 30 years ago.
Many countries require access to data. If American tech companies pull out of all those countries, they would be abandoning half the world to companies with even less scruples. No country is 100% pure, and in many ways America is more repressive than Russia. The FSB has a tenth of the NSA's budget, and we certainly arrest / incarcerate / execute far more people.
Re: (Score:2, Insightful)
If we don't sell Zyklon B to the Nazis, some other chemical company will, or maybe something even worse! So it's actually the morally right thing to do.
Re: (Score:3)
Can't you make an argument that by depriving repressive country consumers desirable products because of their governments policies that it will actually motivate their citizens to demand change?
A lot of the policies of both Russia and China seem to be driven around the idea that if the can buy off their citizens with access to high-quality and usually Western consumer goods, they won't complain about political repression.
Obviously this isn't the "job" of Apple or any other specific corporation, but ironical
Quite reasonable (Score:2)
Microsoft got in a snarl for keeping US accounts on UK servers or vica versa then refusing to comply with data requests.
Then there's the issue of are you allowed to encrypt communications at all as a means to evade warranted surveilance? For example, in the 70s some folks marketed an encrypted CB radio. If you recall CB radios, one of their uses was for drug running speed boats to arrange a meeting at sea. And for smuggling and illicit transport of goods in the US.
The FCC ended that one by saying CB band
Re: (Score:2)
Its another nations laws and telco network that will have to be connected to.
Don't hand over the keys and they can say its not going to be possible to approve that brand of smart phone.
Once the security services are happy they have plain text, files, voice prints, real time tracking, mic on/off, soft power GUI on, then the smart phone is legal.
Great for tracking anyone who was near all the MI6/CIA "embassy" workers.
Re "Now what authority does the U
Ha! In Russia, state stores user in crypt. (Score:1)
Re:Ha! In Russia, state stores user in crypt. (Score:5, Insightful)
You can't blame Apple for this, that would be like saying that IBM shouldn't have helped the Germans in the 1930s. /s
iTurd (Score:2, Insightful)
So they're perfectly happy to protect your privacy as long as it doesn't affect their market share. Gotcha.
Re: (Score:3)
To be fair it is a bit about market share. Apple could have avoided storing the data in Russia if they stopped serving Russians. This would of course affect their market share so the OP was sort of correct that "they're perfectly happy to protect your privacy as long as it doesn't affect their market share".
Of course if they pulled out of the Russian market there wouldn't be any private data for them to protect.
Re: iTurd (Score:3)
Right, because guess what? No other company operating legally in Russia can ignore its laws either.
Re: (Score:2)
You only realise that now? They do business in the US with a closed source device for which they push the updates. The only way they can protect your privacy from government is by making it technologically impossible for themselves to invade it, but that only works in some limited circumstances such as locked phones. For normal use all your data is ready for the taking by Apple and thus the US government, they knew that going in ... they are now extending that courtesy to other nations.
If they really wanted
Re: (Score:1)
"The Fappening" was a clear indication that Apple stores all data unencrypted, or, which could be either worse or better depending on how you see it, that people at iCloud and/or NSA etc. have unrestricted access to all the unencrypted data.
Go ahead with the usual evil Russia accusations, but know that Apple and the U.S. gov are since long all up in your iPhone pictures and movies, whether they admit to it or not.
Wrong.
The "Fappening" was a result of a list of leaked Passwords of Celebrities that used extremely-guessable Passwords.
https://techcrunch.com/2016/03/15/prosecutors-find-that-fappening-celebrity-nudes-leak-was-not-apples-fault/
But still, the meme lives on, because... Apple.
As to the other stuff, give me some proof (other than that likely-faked "PRISM" PPT slide), or STFU.
If It Exists In Their Product (Score:1)
Really? (Score:5, Insightful)
Apple will comply with the local data storage law, ... Apple will apparently need to decrypt and produce user data for the country's security services as requested.
So they'll stand up to OUR government in 2016 (Apple won't decrypt a phone for the FBI Info link [macworld.com]) but they'll lower their standards for foreign governments?
No matter which way you fall on this issue -- SHOULD have or should NOT have -- this is wrong.
If Apple is "The Angel of Privacy everywhere" then they should stand up for no decryption. If they take the stance "the local government makes the choice and we'll follow", then they should have decrypted the phone.
"But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone." Link [washingtonpost.com]
So if other governments ask for it, it's OK? Expect weasel words soon: it's not OK, but they made us do it against our will. We couldn't sell there if we didn't do it. There's a chance it might be accessed, but think of all the good information they now have access to they didn't before.
I'm not a particular fan or enemy of Apple (they produce good products that don't meet my Bang for the Buck requirements) but you're actively doing things for our frenemies that you wouldn't do for our country?? And don't give me that "we're standing up for what's right" bit, you're certainly not standing up Over There.
"Oh, but politics isn't our job." Just TRY that one.
Re: (Score:2)
Projects like PRISM, BULLRUN https://en.wikipedia.org/wiki/... [wikipedia.org] gave the US gov everything it needed on different networks.
The NSA and GCHQ would have never allowed any consumer phone/smart phone to be approved that did not give them tracking, voice prints, real time decryption.
The GCHQ would have never allowed any advanced secure consumer tech for use in Ireland.
So every consumer product in the free West is wide open.
Russia just wants the same keys for
Re: (Score:2)
Apple does not / cannot decrypt data on your phone because once it's encrypted with the strong keys + your passcode, Apple has no ability to disable or circumvent the hardware to get it off the phone and let it be brute force cracked. And the hardware prevents brute force cracking while on the phone.
On the other hand, with servers and cloud data, Apple does have the ability to turn that over the encrypted data to someone to be decrypted, even
Re: (Score:2)
The have made it impossible to themselves to the best of their abilities to get data off a locked phone, but that's not really relevant to a running phone receiving updates. As long as they can push an update to your phone they have the ability to get all your data off it, in plain text.
Re: (Score:2)
You got it. Most of the other comments are comparing apples and oranges (pardon, not intentional). A lot of folks aren't realizing the difference between their handheld and a server farm.
Re: (Score:3)
Re: (Score:2)
Again, the device is not the cloud.
Actions speak louder than words (Score:1)
They make a big noise about privacy, but actions like this, speak louder than their words.
Re: (Score:2)
Apple controls all the software which runs on an iPhone, they let you keep your keys private as a privilege granted by a limited contract (not even an explicit contract, but advertising statements). It's not guaranteed by technology, it can not be. Anything you can do on your phone they can do, simply by pushing an update.
They use end to end encryption with the keys private on your device, but they have remote root on your device ...