When Apple wants to advertise a major privacy feature, they’re
damned good at it. As an example: this past summer the company
announced the release of the privacy-preserving “Find My” feature
at WWDC, to widespread acclaim. They’ve also been happy to claim
credit for their work on encryption, including technology such as
But lately there’s been a troubling silence out of Cupertino,
mostly related to the company’s interactions with China. Two years
ago, the company moved much of iCloud server infrastructure into
mainland China, for default use by Chinese users. It seems that
Apple had no choice in this, since the move was mandated by
Chinese law. But their silence was deafening. Did the move involve
transferring key servers for end-to-end encryption? Would
non-Chinese users be affected? Reporters had to drag the answers
out of the company, and we still don’t know many of them.
In the Safe Browsing change we have another example of Apple
making significant modifications to its privacy infrastructure,
largely without publicity or announcement. We have learn about
this stuff from the fine print. This approach to privacy
issues does users around the world a disservice.
If Apple needs to do things differently in China to comply with Chinese law, they need to explain exactly what they’re doing and why. Otherwise people are going to assume the worst. “Trust us” is not good enough. If they’re embarrassed to explain in detail what they’re doing to comply with Chinese law, then they shouldn’t be doing it.