Interesting story about how Apple is moving encryption keys to China. nytimes.com/2021/05/17/tec…
Ok, I have lots of things to say about encryption keys and hardware security modules. But forget all that for a second. WTF Apple. 
“A legal shield from American law.”
Apple asked a lot of people to back them against the FBI in 2015. They used every tool in the legal arsenal to prevent the US from gaining access to their phones. Do they think anyone is going to give them the benefit of the doubt now?
“Important people put their reputations on the line.”
Ok let’s talk about the concrete technical bits. Big parts of iCloud rely on special devices called Hardware Security Modules, or HSMs. These are specialized computers that store keys. In the US, Apple uses Thales HSMs.
Not only is Apple being forced to move Chinese citizens’ HSMs to China, China specifically refused to certify the Thales HSMs. This is actually pretty fascinating.
Thales is theoretically a French company but its products are manufactured and used throughout Europe and North America. They’re certified at the highest levels of FIPS and beyond. Yet China would not accept them. That’s… interesting.
So Apple responded by designing and building their own HSMs, based on the Apple TV platform. Presumably these include secure processors like the T2 chip in MacBooks. But this isn’t “high end HSM” hardware.
It’s really hard to know what to make of this. There are two good theories:
1. China does not trust western HSM hardware to keep them safe.
2. China felt the Thales HSMs were *too* safe, ie they would be difficult to for China to access.
1. China does not trust western HSM hardware to keep them safe.
2. China felt the Thales HSMs were *too* safe, ie they would be difficult to for China to access.
Let’s keep in mind that Apple is going to be deploying these new HSMs in a facility that they do not own or operate. They’ll be placing these inside of a cage at a state-owned cloud provider. Which means that the Chinese government will have significant physical access.
Another interesting note in here is that Apple is partitioning iCloud into a “Chinese iCloud” and “non-Chinese iCloud.” Users who register an account in China will have their keys and data uploaded to these new Chinese data centers and HSMs.
What’s interesting about this change is that (to the best of my knowledge) your iCloud country registration can be changed by anyone who has your iCloud password.
What happens to my data if someone changes my registration to China?
What happens to my data if someone changes my registration to China?
I’m assuming that Apple will put some protections in place to stop this kind of change, but it’s an illustration of the problems that come up when you have one set of hardware and two systems that provide different levels of security.
Anyway, the big thing you should get from this article is the direction of the trend. Apple is clearly being forced to give the Chinese government more control over customer data. The current compromise may even be “ok”, in the sense that some end-to-end encryption is allowed.
But sooner or later the Chinese government is going to ask Apple for something that it doesn’t want to give up, and Apple is going to have to make a choice. Maybe they already have.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
