Cybersecurity · Russia

How Russia Is Strong-Arming Apple

Apple is being forced by Russia to store Russian users’ information in Russia.

This elicits privacy fears, a real issue in Russia.  

Russia is cracking down on any and all means of communications, privacy is not an option.  Potentially Apple’s iMessage service will be affected.

</end editorial>

Moscow is demanding control over users’ personal data.

The Russian security services could soon have access to the personal data of thousands of Apple users in Russia, following the tech giant’s decision to comply with Russian law and store user data on servers in the country.

Roskomnadzor, the Russian government agency that oversees media and telecommunications, has confirmed for the first time that Apple Russia is to adhere to a 2014 law that requires any company handling the digital data of Russian citizens to process and store it on servers physically located in Russia. Under Russian counterterrorism laws, Apple could be compelled to decrypt and hand over user data to security services on request.

With Apple products now able to gather vast quantities of information on their customers’ lives, the company has publicly positioned itself as a champion of data privacy, and CEO Tim Cook has condemned the “weaponization” of personal data. In 2016, the tech giant refused to unlock the iPhone of one of the shooters involved in the San Bernardino, California, terrorist attack in December 2015.

But in China and now Russia, Apple has quietly complied with local laws that could leave vast quantities of user data within the reach of the state.

In 2017, the company removed virtual private networks, or VPNs, that mask browsing activity from its App Store in China. Last year, Apple moved iCloud operations and encryption keys to data centers in China, raising fears that the authorities could have easier access to messages, emails, and other data stored in the cloud.

It’s not clear what data Apple will store on its servers in Russia. The company’s registration with the media agency lists names, addresses, email addresses, and phone numbers as the kinds of user data it processes. Apple Russia’s registration documents, filed on Dec. 25, make no mention of its iCloud service, which can host user photos, videos, documents, contacts, and messages.

“Seems that something is hidden here because of course Apple collects more data,” said Sergey Medvedev, a senior lawyer with the Moscow-based law firm Gorodissky and Partners.

Russian law takes a broad interpretation of personal data and applies it to anything that could be used to identify individuals or their behavior. Photos, music, and e-book downloads would all indirectly be defined as personal data, said Medvedev, who specializes in internet and e-commerce law.

Apple did not respond to repeated requests for comment.

Controversial changes to Russia’s counterterrorism law, which came into force last year, call on telecom providers to store the content of user communications, including text, video, and audio messages, for up to six months and gives the security services the right to access this data without a court order. Human rights advocates described the legislation as Russia’s “Big Brother” law, amid concerns that it provides sweeping rights to the Federal Security Service—the successor to the KGB—to access people’s communications without judicial oversight.

Medvedev said the law could potentially be applied to Apple’s iMessage service.


2 thoughts on “How Russia Is Strong-Arming Apple

  1. Will this mean that my password or number sequence here in a nearby country to Russia can get compromized? Although I have a number of different passwords and number sequences for a number of sites and services there are a lot of people who have only one password for everything.

Comments are closed.