What Apple Did and Didn't Do When China Knocked on Its Backdoor

Apple's standoff over the FBI's demand to crack open the cellphone used by San Bernardino killer Syed Rizwan Farook is more than a quintessentially American debate over the limits of privacy in an era of terrorism. It has also shone a light on how U.S. technology companies navigate the demands of governments in authoritarian countries that don't give a damn about civil liberties but also happen to be very important to corporate bottom lines. China, the world's second largest economy, heads that list, but it also includes Vladimir Putin's Russia, where the security services have gained a reputation as perhaps the most technologically sophisticated of America's adversaries. Specifically, the Apple case in the U.S. has raised the issue of whether the tech giant gives foreign governments things it righteously refuses to give to the FBI.

U.S. companies have been under pressure in China for years now, for two main reasons. First, the country remains effectively a police state, with the ruling Communist party stifling free expression and its massive security apparatus working to make sure any dissent or popular uprising is instantly squashed. Technology companies are therefore a threat to the government—or, potentially, a useful tool in the pursuit of the government's designs.

The second reason is that China's economic policy places a premium on it becoming a technology powerhouse, home to companies that the government hopes someday will supplant Apple et al. atop the tech pyramid. Local-content requirements, mandatory joint ventures and forced technology transfers in exchange for market access have all been part of Beijing's playbook (just as, to be fair, they were in other, less-authoritarian countries, including Japan and South Korea.)

The pressures are intense, and companies have chosen to push back (or not) in various ways. Most famously (or, in the eyes of some shareholders, infamously), Google's co-founders, Sergey Brin and Larry Page, chose not to operate in China rather than succumb to the government's censorship, which forbids honest information about things like the 1989 Tiananmen Square massacre from appearing in Web searches. (Search "Tiananmen Square" on Baidu, China's Google equivalent, and you tend to get a bunch of listings about what a nice tourist attraction it is.) Brin said his upbringing in the former Soviet Union would not allow him to play nice with government censors.

There have been other occasions when companies have pushed back against China, and they have even done so collectively. In one famous episode, in late 2009, China's Ministry of Science and Technology demanded that all the technologies used in products sold to the government be developed in China, which would have forced multinational companies to locate many more of their R&D activities in a country where intellectual property is notoriously unsafe. After howls of protest from a range of high-tech companies, the ministry backed down.

In other instances, high-profile tech companies have been, in the eyes of critics, something less than profiles in courage. Most notoriously, in 2005 Yahoo Holdings Ltd. in Hong Kong provided Chinese authorities the IP address for Shi Tao, a journalist who was later arrested and sentenced to a 10-year prison term for "illegally providing state secrets to foreign entities." Shi, a newspaper reporter, had sent an email to a friend in the U.S. about Beijing's instructions to Chinese media to ignore any public commemorations of the Tiananmen massacre as its anniversary drew near.

Yahoo's lawyers explained that the company was merely complying with Chinese law—a requirement of any company operating in the country. "If we want to do business here, we don't get to pick and choose which laws we like and which we don't," a Yahoo executive told me at the time. (Shi was released in September 2013, 15 months early.)

That lament—we don't get to pick the laws we like—is pretty much how every businessperson feels while trying to operate in China in a difficult environment. And it now applies to Apple, which in the wake of the conflict with the FBI has seen a flood of misinformation about its actions in China in the press and on technology blogs across the world. Before explaining what Apple did and didn't do in China, it's important to emphasize the bottom line: There is no evidence that Apple has provided anything to the Chinese government that it's refusing to give to the U.S. feds.

So what did Apple do? Consider the hysteria surrounding Edward Snowden's claims in 2013 that U.S. tech companies, including Apple, allowed governments "backdoors" into their operating systems, thus allowing them to spy on users and access private data stored on devices. Apple CEO Tim Cook shrieked from the mountaintops that no government had any backdoor into its products or services—and never would. Beijing, engaged in an escalating cyberwar with the U.S., wasn't going to take his word for it. So, according to Chinese state media accounts and technology executives in China, it told Apple it needed to do a "security audit" on its products. A year ago, it did so, and it's never been clear whether there were any ramifications from the audit. Apple has continued to sell iPhones and all its other products without incident.

Note the irony: China's security audit was done, by all accounts, to ensure that Apple had not already built a backdoor into its products that the U.S. government could use to its advantage in China. (Apple has never publicly confirmed or denied the security audit). But now, in the wake of the controversy over the San Bernardino attacker's phone, the mere fact that Beijing did a security audit has raised suspicions that Apple jumped to Beijing's tune in a way it defiantly refuses to do in the U.S.

But there's little evidence that this is true. Some critics have pounced on the security audit and concluded that Apple "gave" the Chinese government its "source code" and therefore, in theory, gave Beijing ideas about how it can build its own backdoor into Apple's products. But this is almost certainly wrong. As John Kheit, a writer at the all-Apple, all-the-time website the Mac Observer, puts it, "Showing the source code in no way reveals the magic encryption keys generated by the source code and maintained in secret on people's individual devices."

Apple is fighting a battle that "Don't-tread-on-my-iPhone" libertarians love and "Get-the-terrorists-before-they-get-us" hawks hate. However it turns out, it is important for Apple to allay fears that it is playing a double game in what will eventually be its biggest market.