Cybersecurity Deja Vu

When I first arrived in China in 2011, the iPhone wasn't merely a device—it was a symbol of technological aspiration. Over the next decade, Apple's rise in the Chinese market was meteoric. Despite premium pricing, Apple expanded its iPhone user base from roughly 20 million to over 200 million within five years, capturing nearly a quarter of the mobile market.

Then, in 2016, China's sweeping cybersecurity legislation dramatically reshaped Apple's operations. The law compelled Apple to store Chinese user data on local servers managed by Chinese firms, presenting users with a stark choice:

1. Data Center-Managed Encryption: Local providers control encryption keys, ensuring easy account recovery but leaving data vulnerable to government demands.
2. Self-Managed Encryption: Users maintain exclusive control of their encryption keys, guaranteeing absolute privacy but risking permanent data loss if keys are lost.

Critics worldwide accused Apple of betraying its privacy commitments, yet Apple faced an impossible choice: comply or exit the lucrative Chinese market entirely.

By the time I left China in 2020, Apple's dominance was already slipping. Domestic rivals Huawei and Xiaomi had significantly narrowed the quality and price gap, aided by increased regulatory pressures favoring local companies.

Now, in 2025, history is repeating itself—this time in the UK. The British government has demanded direct access to encryption keys, invoking national security concerns. Unlike China, the UK hasn't mandated local data storage; instead, it outlawed true end-to-end encryption outright. New UK iPhone users are prevented from enabling Apple's Advanced Data Protection, while existing users must disable it or lose access to Apple services. This creates a systemic backdoor, granting unfettered government access to user data.

Yet, what strikes me most is the silence. In 2016, global media fiercely criticized Apple for capitulating to China's authoritarian demands. Today, the UK—a leading democracy—has implemented an even more invasive policy, yet there's hardly a murmur of protest. The simplistic global narrative, long framed as "China bad, Western democracies good," has been thoroughly undermined.

The UK's actions demonstrate clearly that invasive data policies are not exclusive to authoritarian regimes but are tempting to any government prioritizing security over privacy. The lesson is unequivocal: governments, irrespective of ideology, will continuously seek greater access to private data under the pretext of national security.

If the UK successfully sets this precedent, other nations will inevitably follow suit. The world has evolved significantly since my early days in China. The question today is no longer whether tech giants can protect user data—it's whether governments will permit them to do so.