Why would the US Gov attempt to enforce data storage within the US when the equipment is built overseas and the Internet has no borders?
How much business does the US federal government represent for Apple?
I'm guessing far less than 1% of Apple's revenue is from the US Gov today.
It's a global market. Apple is the world's largest company by market capitalization. The US Gov is finding itself a smaller customer in the global market compared to the past. 50 years ago the US Gov had sway over the computers and electronics industry.
That influence is fading based on market demands.
Apple is selling millions of iPhones per month. ~245 million iPhones sold since 2007, with 100 million phones sold thus far in 2012.
The US Gov is buying a tiny fraction of the total volume.
Commercial data centers physically located in the US and connected to the Internet are generally no more secure from a cyber perspective than data centers overseas, with the exception that the US law enforcement can seize equipment with a court order in
the US, whereas doing so overseas is a challenge.
The majority of computers and electronics operated in the US are built overseas, especially all Apple devices. China is the lead manufacturer. At no point should the supply chain for consumer-grade equipment be considered trusted or secure.
When you trust your data to commercial facilities accessed via the Internet, using mobile devices built overseas, do not believe that your data is any more secure in the US than elsewhere. Foreign nationals work throughout the US. IPv4 & IPv6 networks
interconnect all nations as borderless neighbors. The oceans, TSA, and ICE are negated via the Internet. It's probably not much harder for China to exfil data from most commercial facilities in the US versus Hong Kong or other overseas locations.
Apple operating a new data center in Hong Kong isn't going to measurably increase the risk that's already accepted for your data on the iPhone or iPad.
The US Gov initiative to establish a cyber border for federal agencies, the Trusted Internet Connection (TIC) program, is somewhat contrary to the Cloud-First initiative (e.g. Google's comments about data as shards of glass, global file systems, big public
cloud computing versus private clouds). If OMB and DHS are going to require all data - not just federal users, but also their data - to operate from within a TIC-enclosed boundary, the best path forward is for an executive order or law to mandate such a requirement
for federal agencies, ultimately making it a crime to circumvent the TIC boundary.
If TIC evolves to enforce a cyber boundary around all US Gov data processing and users, then federal data will need to be maintained within private clouds, leaving Apple's iCloud and equivalent service offerings as not viable for federal data processing
& storage. That sounds expensive, especially when we have a $16T hole in our pocket.
High security doesn't come at a low cost.
Do we need high security for the majority of our open, unclassified communications?
Is encryption and strong authentication sufficient for data protection? If so, then the Good/Sandbox/MDM model should negate much of the perceived need for transit layers to be stateside.
If we want the same security in our mobile devices as the oceans provide, we would need to start with building those electronics on this side of the ocean. From a cost perspective, market trends suggest we can't afford that.
-----Original Message-----
From: fed-talk-bounces+robert.patrick=email@hidden [
mailto:fed-talk-bounces+robert.patrick=email@hidden] On Behalf Of chuck
Sent: Tuesday, September 18, 2012 11:53 PM
To: email@hidden Talk
Subject: Re: [Fed-Talk] iCloud China Data Center
With all the data centers Apple is building, I suspect that if the US Gov decreed that that only US-based data centers could be used for its devices Apple wouldn't bat an eye and simply agree.
On Sep 18, 2012, at 12:17 PM, Joel Esler wrote:
Most iPhones are made in China. I'd think the concern is moot for the most part, and have to agree with Dave.
Since we have no idea if it's actually going to be built, or what the datacenter will do, I think it's a bit early to offer conjuncture.
On Sep 18, 2012, at 12:21 PM, Mike Pike <
email@hidden> wrote:
> Exclusively?
>
> There HAS to be a correlation, especially if you can imessage and facetime people on those countries.
>
> mike
>
> On Sep 18, 2012, at 10:12 AM, Dave Schroeder wrote:
>
>> Has it occurred to anyone that such a datacenter in China would be serving customers in China and Asia?
>>
>> - Dave
>>
>> On Sep 18, 2012, at 10:00 AM, Mike Pike <
email@hidden> wrote:
>>
>>>
>>> Reading the above, is this going to cause issues with iOS devices within the government?
>>>
>>> It's been a long time since I've tried to order Apple products at the federal level, but China was always an issue.. Apple used to make a batch of products in the US for the government, but not sure if they still do.
>>>
>>> The fact that people almost all have to use iCloud in some way (iMessage, Docs, etc) that a data center going up in China, could cause issues with privacy and government usage.
>>>
>>> Any thoughts? We already have people here advocating the blocking of iCloud - which at this point is impossible because it goes through the cell network, but at BYOD becomes closer to reality, iCloud could feasibly be blocked by policy.
>>>
>>> I'm also a little concerned that a lot of my personal data could be sitting at a data center located in a country that has made numerous attacks at Google to get information.
>>>
>>> mike