#GNN - #Apple to store some user data in #China: Weighing the pros and cons

#Summary: Apple's move to store some of its Chinese users' data in the country has benefits — and drawbacks — for its customers.

Apple has started to store some of its Chinese users' data on servers in mainland China, becoming one of the very few technology giants to store information on Chinese soil.

It's a step away from its rivals, like Google and Microsoft, which tend to shy away from storing data in the country due to its policies on censorship and past accusations of state-sponsored hacking and spying.

Apple said it made the move in order to speed up its iCloud service to users in the country, and increase reliability across the board, according to the Reuters news agency.

China remains increasingly important to the company's bottom line, as it continues to drive the company's strong quarterly revenue. The iPhone and iPad maker's fiscal third-quarter results showed China accounted for about 16 percent of the company's global revenue, thanks to a bump in iPhone sales — its predominant profit driver — in the country.

But skeptics are already questioning whether or not the data-storing approach may harm its business, in light of the nation state's past (and ongoing) practices.

Here's what you need to know:

1. The data will be held by China Telecom, the country's third-largest wireless carrier — though, the data will be encrypted. The carrier will not have access to the data, Apple said.
2. Encryption keys for iCloud, which lets users store their music, photos, documents, and other data from their iPhone, iPad, or Mac, will be stored offshore by Apple.
3. China Telecom is state-owned, but remains a strong partner for Apple. It was a key partner in getting the iPhone to market in the country, which at the time was stalling its iPhone profit growth.

Apple will remain the custodian of the encryption keys. But because Apple conducts business in China, it still has to abide by data requests by law enforcement and intelligence agencies.
Reports suggest that the move was twofold: to make iCloud faster and more reliable for its users, but also because the company was facing a crackdown by the Chinese authorities that may have seen it penalized for failing to store data within grabbing-reach of the state.

It follows Russia's recent steps to force companies to store Russian data on its soil, which would make it significantly easier for Moscow to conduct surveillance on its citizens.

Russia and China, two of the last remaining communist states, remain at arms length from the rest of the G7 and the United Nations due to these practices.

But it may not alleviate concerns that China may be able to grab data when it wants, for any given reason.

China's policies and practices on state surveillance, government censorship, and extraterritorial hacking have been widely criticized by Western nations. Google refuses to store data in China after it was hacked by Beijing in 2011, leading to the search giant pulling out of the country altogether.

Apple has in recent months become one of the pinnacles of user privacy, particularly in the wake of the Edward Snowden disclosures. Although Apple denied any knowledge of the PRISM surveillance system during a time in which its transparency levels were at an all-time low, many remain skeptical of how much access the US government has to Apple's networks.

In the wake of the disclosures, Apple issued its first transparency report with a "warrant canary," to show before-the-fact if a wide-ranging warrant for its customers' data had been received.

Apple also devises its messaging systems to be encrypted to the point where, according to reports, even the company cannot access the data — making it impossible to hand over that data to the US government and other nation states. Search warrants can still be served on the company. It's not clear if there are master encryption keys to allow Apple's general counsel or custodian of the records to hand over data in a law enforcement or national security emergency.

That said, trust in the wider Silicon Valley technology scene has been shaken by the scope of state surveillance.

For now, it seems like the fairest compromise. Though the data may be stored in China, it's said to be unreadable by its carrier partner — and therefore also unreadable by Beijing. With Apple storing the encryption keys, it may be the best-case scenario for everyone.

Facebook Data Privacy Class #Action Joined By 11,000 And Counting

#GNN - On Friday the #Europe vs #Facebook #privacy campaign #group kicked off a new legal initiative targeting Facebook — in the form of a class action lawsuit that’s inviting adult non-commercial Facebook users located anywhere outside the US and Canada to join in.

Today, the group told TechCrunch its civil action has pulled in some 11,000 participants so far, in the first weekend since launch. The largest proportion of participants (about 50%) are currently coming from German-speaking countries, followed by “high number” from the Netherlands, Finland and the UK.

“Reasonable numbers come from all European countries and South America,” added a Europe vs Facebook spokesperson.

Specifically, the class action is targeting the following “unlawful acts” on the part of Facebook — as the group sees it:

• Data use policy which is invalid under EU law
• The absence of effective consent to many types of data use
• Support of the NSA’s ‘PRISM’ surveillance programme
• Tracking of Internet users on external websites (e.g. through ‘Like buttons’)
• Monitoring and analysis of users through ‘big data’ systems
• Unlawful introduction of ‘Graph Search’
• Unauthorised passing on of user data to external applications

The suit has been brought at the Commercial Court for Vienna against Facebook’s Irish subsidiary. The claimant is Viennese lawyer and data privacy activist Max Schrems, who heads up the Europe vs Facebook group. Schrems will be the sole claimant named, meaning there are no risks that others participating in the action will need to pay any associated costs. The suit is being financed by Austrian law firm ROLAND ProzessFinanz AG — which will net a fifth (20%) of any winnings, as the legal funding provider.

Damages are being set deliberately low, at what Europe vs Facebook describes as “a token €500 per user”. But obviously if enough participants join in the cumulative impact could be considerably more substantial. Indeed, with the current 11,000-strong participation the damages could amount to up to €5.5 million.

“We are only claiming a small amount, as our primary objective is to ensure correct data protection. However, if many thousands of people participate we would reach an amount that will have a serious impact on Facebook’,” said Schrems in a statement.

The class action requires participants to actively come forward to be part of the suit, although they can join at any time. Europe vs Facebook has create a mobile-friendly website where people can input the details required to join the action.

The process requires potential participants to sign in with their Facebook credentials, to verify they have an account and that they qualify to join, and then provide certain additional details — such as their address, birth date (to verify they are an adult) and to upload a scan of a government issued identity document such as a passport.

It’s a straightforward process to step through but does require a degree of effort, given the requirement to upload an identity document scan — so pulling in 11,000 participants in a few days is pretty impressive.

Schrems said the group has chosen Austria as the location for the suit — rather than Ireland where Facebook’s European HQ is located — because it believes Irish authorities are overly sympathetic to Facebook’s business processes, based on the role the IT industry plays in the Irish economy.

“We shouldn’t have that problem in Austria. We are therefore transferring the focus of our activities here,” said Schrems.

In parallel to this European class action, an association of consumer NGOs in the US and Europe — gathered together as the Transatlantic Consumer Dialogue (TACD) — wrote to data protection authorities on both sides of the Atlantic last week, to express concern about Facebook’s plan to expand the amount of web browsing data it collects from users for targeted advertising purposes.

TACD said Facebook’s new policies directly contradict prior statements made by the company that it “does not track users across the web”.

“We urge you to act immediately to notify the company that it must suspend its proposed change in business practices to determine whether it complies with current U.S. and EU law. Moreover, we ask you to publish your findings so that your investigations can be subject to a public assessment and review,” TACD wrote in its letter to FTC and ODPC officials.

TACD accuses Facebook of effectively trying to resurrect an overreaching data-gathering process that was killed off by angry Facebook users some seven years ago, after they brought a class action lawsuit against the company for privacy violations based on spying on what they were doing elsewhere on the web.

“Facebook’s proposed use of pixel tags to track users offline is almost identical to its 2007 Beacon program. Beacon similarly used 1×1 pixel GIF tags to track and transmit users’ browsing history—on non-Facebook websites—to Facebook’s own servers. Facebook users objected so strongly to Beacon that over 50,000 users signed a petition against the program within its first 10 days. Other users filed a class-action lawsuit against Facebook for privacy violations. Facebook abandoned the program during the course of the lawsuit and publicly apologized, admitting that the program had been a mistake,” TACD writes.

“Facebook has now completely reversed its stance to the detriment of users of the service. Contrary to its prior representations, upon which users may have relied, the company will now routinely monitor the web browsing activities of its users and exploit that information for advertising purposes.”

Snowden Calls On #Developers To Champion #Privacy By Design

#Speaking at the Hope X #conference taking place in New York this weekend, NSA whistleblower Edward #Snowden put out a #call for developers to build systems that protect privacy and constitutional rights by design. He also revealed his own intention to work on developing privacy protecting technology.

Snowden was speaking via videolink from Russia where he currently has asylum after the US government cancelled his passport, following his leak last year of classified NSA documents detailing security agency surveillance programs.

Responding to a question about what people working in technology can do to counteract dragnet, overreaching surveillance, Snowden said encryption is an “important first step”. But he added that simply securing the content of communications is not in itself enough. New privacy-protecting protocols and infrastructures need to be designed.  

“It doesn’t end at encryption it starts at encryption,” said Snowden. “Encryption protects the content but we forget about associations… These programs like section 215 [of the Patriot Act] and mass surveillance in general is not about surveilling you, it’s not about surveilling me. It’s about surveilling us collectively. It’s about watching the company. For everybody in the country and on a global scale.

“This is basically a big data program which provides the raw data that can then be analyzed, it can be filtered, it can be subjected to rules for example… it says everything you do is being analyzed, it’s being weighted, it’s being measured and that’s without regard to whether or not you’ve done anything wrong.”

Snowden argued that government dragnet surveillance programs constitute an “unreasonable seizure” of information, under the 4th and 5th amendments, being as there’s no proven suspicion to justify what happens in advance. He also argued it can be seen as a due process violation under the 5th amendment – “where the government is basically saying we’re going to use warrantless surveillance to collect evidence to then secretly use to get a warrant application” – and a violation of 1st amendment rights that give US citizens freedom of association.

The continuous, programmatic analysis of the connections of everybody is “a fundamentally un-America thing”, he argued. “If you let you go of your rights for a moment, you’ve lost them for a lifetime. And that’s why this matters. It’s because it happened, and we didn’t know about it. We weren’t told,” he said.

“We the people. You the people, you in this room right now have both the means and capability to help build a better future by encoding our rights into the programs and protocols upon which we rely upon everyday,” he added, calling on developers to rethink how they build digital technology so both content and connections can be kept private.

“And that’s what a lot of my future work is going to be involved in and I hope that you will join me and the Freedom of the Press and every other organization in making that a reality.”

Governments are using the same techniques they use to unmask spies to discover journalists and leakers, said Snowden — via these “association methods”.

Getting into specifics, he talked about the need for protocols resistant to traffic analysis, and a padding process to make tracking content and connections harder, plus mixed routing to obfuscate individual connections.

“When we think about how we fix these, programmatically, when we think about these in terms of protocols, we need to have protocols that are resistant to traffic analysis. They need to be padded, basically, even if there’s some level of performance penalty. So you can’t look at differences in for example Skype conversations and tell which phoneme or word was spoken based on packet size and signaling speed and so on and so forth. You also need to use some sort of mixed routing, some sort of shared infrastructure, that divorces the individual connection from the individual orgination point. And that’s still a hard problem. We haven’t solved that in a performance respecting manor.”

User experience is another clear challenge to be worked on. “GPG is a robust and pretty reliable encryption. Unfortunately it’s damn near unusable,” he said. “We need encryption, mix routing, we need non-attributable communications. Or unattributable Internet access… that’s available to people — that’s easy, that’s transparent and that’s reliable. That we can use not just here in the US but around the world because again, this is a global problem.”

Snowden said he believes collective community action and a peer review model is required to address the challenges of developing privacy protections. “We need people to attack these systems, we need people to work as adversaries to try to find holes so that we can fix them,” he said.

While technology is clearly enabling governments to harvest data on individual citizens on a scale and at a frequency never before possible, Snowden as a technology practitioner evidently believes technology itself is a neutral force that can also be applied in the counter direction — to rebalance the relationship between individuals and governments. Assuming, of course, enough developers can be encouraged to start thinking about and building privacy by design.

“We need to think about software as a means of expressing our freedom, but also defending our freedom,” added Snowden. “Technology gives us a new power — if we pair that with a responsibility to police ourselves, the way technology grows, and not sleepwalk into new technologies.”

You can watch the full video interview with Snowden — which also featured Pentagon Papers’ leaker Daniel Ellsberg — via Hope X’s website.

Related articles

• India says progress on food not condition for Bali deal implementation
• Germany´s Lahm to end international career: agent
• Former United star Ferdinand joins QPR
• Registration of dislocated persons of N. Waziristan completed
• Hong Kong's leader says Chinese rules to prevail in 2017 vote
• AirAsia to order 50 Airbus A330neo: sources

• State governments can help U.S. speed up drone use (gnn-aip.tk)
• Kenya seizes 341-kg heroin haul on ship in Mombasa (gnn-aip.tk)
• UPDATE 5-Political novice wins power in Slovenia, hints at revisiting economic reform plan (gnn-aip.tk)
• Amateur explorers claim to find lost Army fort in Florida Everglades (gnn-aip.tk)