Apple’s Good Intentions on Privacy Stop at China’s Borders

Credit to Author: Louise Matsakis| Date: Thu, 17 Oct 2019 20:16:47 +0000

As pro-democracy protests continue in Hong Kong, the tech giant’s troubling relationship with an authoritarian regime has come into focus.

Last October, as Facebook grappled with the fallout from the Cambridge Analytica scandal, Apple CEO Tim Cook gave a speech in Brussels in which he sought to distance the iPhone maker from its peers. Cook railed against the “data industrial complex,” and chastised companies like Google and Facebook for collecting personal information from users and weaponizing it against them. “This is surveillance,” he said. “This should make us very uncomfortable. It should unsettle us.”

The speech was meant to reaffirm Apple’s position in Silicon Valley as the Patron Saint of Privacy, the company willing to protect user data while others profit from it. In many ways, that reputation is well-earned. After all, Apple refused to help the FBI break into an iPhone that belonged to one of the alleged perpetrators of the 2015 San Bernardino terrorist attack. Its devices are among the most secure in the world, and its has aggressively curbed data-tracking in its own apps. But the company’s recent actions in China demonstrate that Apple’s privacy, security, and human rights virtues appear to have a limit. They don’t always extend beyond Beijing’s borders.

Earlier this month, Apple removed HKmap.live—an app that pro-democracy protestors in Hong Kong used to track police activity—from its iOS App Store, after an op-ed criticizing the tool was published in People’s Daily, the Chinese Communist Party’s flagship newspaper. Apple also removed the Quartz news app from its China App Store, after the outlet extensively covered the protest movement in Hong Kong. Around the same time, Apple began hiding the Taiwan flag from users in Hong Kong and Macau; the Chinese Communist Party asserts that Taiwan is formally part of the country under its One-China policy. (The emoji was previously banned only on the mainland.)

Apple says it removed HK.map.live not because of pressure from China, but because it posed a safety risk. “Many concerned customers in Hong Kong have contacted us about this app and we immediately began investigating it,” an Apple spokesperson said in a statement. “The app displays police locations and we have verified with the Hong Kong Cybersecurity and Technology Crime Bureau that the app has been used to target and ambush police, threaten public safety, and criminals have used it to victimize residents in areas where they know there is no law enforcement.”

In an internal letter to employees, Tim Cook reiterated that Apple had credible reason to believe HK.map.live was “was being used maliciously to target individual officers for violence.” But protest leaders, as well as Charles Mok, Hong Kong’s IT legislator, disputed that the app, which relies on crowdsourced information and doesn’t identify individual police officials, legitimately posed a danger. “I can’t recall an Apple memo or statement that crumbles so quickly under scrutiny,” wrote John Gruber, an influential Apple commentator, referring to Cook’s letter. “For a company that usually measures umpteen times before cutting anything, it’s both sad and startling.”

And last week, Buzzfeed News reported that Apple told some Apple TV+ show developers in 2018 to avoid portraying China in a poor light, as other studios have in the past. “That really says [Chinese] censorship is reaching audiences outside of China,” says Yaqui Wang, a Human Rights Watch researcher who studies the country. “Those shows are not just watched by Chinese people. Americans should be worried about this.” Apple declined to comment on Buzzfeed's reporting.

Taken together, the decisions show Apple's acute concern about upsetting China’s leaders. “Over the past several years, Apple has made a series of concessions in the realm of free speech and privacy protection,” says Wang. “Every time you concede, it’s a signal to the Chinese government that you are open to more submission.” Last year, to comply with local laws, Apple began storing data and keys to Chinese iCloud accounts in China, making it easier for the government to potentially obtain information on its citizens. And in 2017, Apple removed apps from The New York Times from its Chinese App Store, as well as hundreds of virtual private networks that may have allowed Chinese users to access content blocked by the country’s internet censors. The latter are illegal in the country.

Unlike other American tech giants, which have largely failed to enter the country, Apple’s business relies heavily on China. Its iPhones and other gadgets are largely manufactured and assembled there, and it earned almost $44 billion in sales in the country during the 12-month period ending in June. China, Hong Kong, and Taiwan together constitute Apple's second-largest market after the United States. As pro-democracy demonstrations have continued in Hong Kong for months, Apple has become one of many international corporations caught between their stated democratic values and lucrative business interests.

That includes Google, which was reportedly criticized by its own employees this week for removing a pro-Hong Kong mobile game, The Revolution of Our Times, from the Google Play Store. Earlier this year, Google cancelled its project to create a censored Chinese search engine in the country after sustained backlash from workers and scrutiny from US lawmakers. But if Apple employees similarly objected to their employer’s actions in the region, it couldn’t easily back out of working there. Apple needs China, and that puts it in an inherently troubling position.

Take what happened in August, when Google researchers first revealed a series of astonishing iPhone vulnerabilities that compromised a person’s phone almost instantly if they visited certain websites. Several news outlets reported the exploits had been used to target China’s minority Uighur population, more than a million members of whom have been thrown into concentration camps in the western Xinjiang province. When Apple finally released a statement addressing the vulnerabilities, it acknowledged that Uighurs had been their intended target, but the words “China” and “human rights” didn’t appear. Apple also failed to acknowledge the brutal surveillance techniques the Muslim minority group and other religious and ethic minorities have endured in China for years.

Then there’s the recent criticism around Safe Browsing, a feature Apple has used in its Safari web browser for over a decade to warn people when they may be visiting a malicious website. For most Safari users around the world, the tool relies on Google, which maintains a list of websites it has identified as potentially malicious or harmful. When Apple thinks you’ve visited one, it checks the URL against Google's database. If there’s a match, Apple displays a warning. For users in China, Safe Browsing relies on a database compiled instead by Tencent, a Chinese internet company with ties to the government. The relationship between the two corporations wasn’t widely known in the United States until this week.

“It was just kind of like one day, Tencent appears—that was concerning,” says Matthew Green, a cryptographer at Johns Hopkins University. (Apple announced the partnership to Chinese media organizations when it was formed in 2017.) Green worries Tencent could potentially use Safe Browsing to monitor whether iPhone users in China visit certain websites, since it ultimately controls what ends up on its list of malicious URLs. The Chinese government already widely surveils citizens' digital habits via other means. Apple acknowledged that a person's IP addresses, and therefore their locations, are also shared with Tencent if they land on a malicious site. In a statement, Apple’s spokesperson said the “actual URL of a website you visit is never shared with a safe browsing provider and the feature can be turned off.”

"It’s impossible as a tech company to be neutral anymore; there is no neutral."

Samm Sacks, New America

China's complicated politics present problems not just for Apple and other tech companies, but for any corporation that courts consumers in the country. Earlier this month, Daryl Morey, the general manager of the Houston Rockets, was forced to delete a tweet in support of the Hong Kong protests. Tencent and Chinese state media later halted digital streaming of NBA preseason games, and Morey and the NBA issued an apology. Two days later, the video game company Activision Blizzard suspended Blitzchung, a professional esports player, after he similarly expressed support for the pro-democracy movement in the city.

But for Apple, the stakes are higher than just public relations. Chinese citizens store data about nearly every aspect of their lives on their iPhones.

"It’s impossible as a tech company to be neutral anymore; there is no neutral. And so the question is: Do you come down on the side of protestors in one of your biggest markets in the world, or do you come down on the side of police and the Chinese government," says Samm Sacks, a cybersecurity policy and China digital economy fellow at the think tank New America. "It’s almost a lose-lose situation."

Apple, for its part, has argued that its presence in China “helps promote greater openness and facilities the free flow of ideas and information,” according to a 2017 letter written by Cynthia Hogan, Apple’s vice president for public policy and government affairs, which was sent to US Senator Patrick Leahy and Senator Ted Cruz. “We are convinced that Apple can best promote fundamental rights, including the right of free expression, by being engaged even where we may disagree with a particular country’s law.”

https://www.wired.com/category/security/feed/