It seems hard to believe that Bloomberg would publish this article if it's completely untrue, but it's also hard to believe that Apple and Amazon would both issue comprehensive denials of pretty much every single claim of the article unless the article was in fact untrue.
At this point I'm leaning towards believing Apple and Amazon, because it seems more likely that Bloomberg got it wrong than for Apple and Amazon to blatantly lie about this. But I'm really curious why Bloomberg went ahead and published this article if Apple and Amazon told them for months that it was wrong. What was their source and why did they trust it so much?
The specificity of Bloomberg report (BMC controller at the right location, details of the subcontractors, details about the people involved in sabotaging the supply chain, the details about the chip's color and similarity to a coupling cap, etc.) is also important to consider. They have put in a lot of details however elementary it may seem to HN crowd.
Apple and Amazon has more at stake than Bloomberg but the incentives are stronger for Apple and Amazon than for Bloomberg. For once, why would Bloomberg post a story that is completely false!? The details they've provided suggests that it wasn't just a couple of people contacted them anonymously and they decided to post a huge story about it. There are so many anonymous individuals cited in the Bloomberg article. All stars align to indicate something has actually happened on these servers.
The NYT published many false stories about WMD in Iraq because they believed their anonymous sources (edit: or rather sources granted anonymity) ... who were making assertions far stronger than the raw intelligence supported. Hopefully that's not happening with Bloomberg.
You have a great point. If an agent of the Trump administration wanted to "plant" anonymous-sourced stories to justify a trade war with China, this is exactly the type of story they would plant.
And if we don't believe it could happen, all we have to do is remember back to 2003 when the entire Bush administration used fabricated evidence (yellow-cake uranium anyone?) to justify a pre-emptive strike against Iraq, who never attacked us.
Why not? If Bloomberg's article is true, I'd have actually expected Apple to publish a statement about this a long time ago where they acknowledge the issue (and what it affected and its resolution). There's no reason Apple must pretend it never happened.
But let's say it did happen and let's say Apple does feel the need to deny it. They wouldn't deny it in this fashion. They'd publish a simple piece with broad and vague statements that don't actually refute the exact claims in the article, a puff piece meant to reassure people that Apple is not currently compromised and that may try to imply the article is wrong but without actually lying.
As it is, Apple PR has never to my knowledge outright lied. They of course try to spin things to be favorable to Apple, but they've never knowingly published objectively untrue statements. Similarly, Amazon's piece was signed by their CIO. If Amazon wanted to lie, the statement wouldn't be signed by their CIO as that puts his personal credibility on the line. It would be a PR piece, again making vague statements that may put a spin on things but aren't actual lies.
Perhaps, any of the companies (involved) admitting it would make bigger news than the Bloomberg article.
There is no way to avoid some degree of reputation loss, but there is no scenario when admitting will cause less reputation loss than not admitting. Very few consumers will looks and think "How noble, how honest". Most will think "Apple got hacked my data is stolen". Competitors will get something concrete to point at. Maybe no one knows what exactly was stolen.
Let's not portray Apple as some saints. They didn't completely admit the iphone 4 antenna problem. Or recent macbook keyboard problem. And bent iphone 6s problem. (And those are all things we have evidence of)
On the contrary, I'm starting to think forceful denials indicate the importance of either the Chinese market, or the impact China has as a manufacturing partner, on their bottom line.
I can't imagine China being happy with anything less than a forceful denial from companies. Or else, ...
I can't imagine a universe in which Apple is willing to blatantly lie to their customers in order to please China (especially about such an important topic). That just doesn't seem to be in the realm of possibility. Amazon too I suppose.
It's one thing for a company to issue a press release that has ambiguous statements, weak denials that could be interpreted multiple ways, or denials of very specific scenarios that doesn't actually deny the more general case. But that's not what happened here. Apple issued a very comprehensive and forceful denial, covering just about everything I can think of (even asserting that they're not subject to a gag order). Amazon's denial was shorter but still reasonably comprehensive. I just can't imagine either of those being a lie.
Or to put it another way: "Apple complies with the laws in the countries where it does business".
That said, what you've described is wrong. The data is not "tapped by default". It was widely reported that Apple now contracts with a Chinese company to provide the data center, as well as stores the cryptographic keys in China. But the data center company doesn't have those keys, Apple does. The important difference here is that China can use their own legal system to compel Apple to hand over the keys for specified users rather than going through the U.S. courts. Presumably this does significantly weaken the protections here (as one can assume China's courts are going to be much more willing to approve government requests for this), but it's not the same thing as "tapped by default" because the Chinese government still needs to go through their own court system to compel access to data on specific users, as opposed to having unfettered access to data on all Chinese users.
It also sounds like Apple co-brands iCloud accounts for Chinese users with the name of the Chinese data center provider, so they're not exactly hiding it.
Of course they refute the evidence. It would make them look like their 'secure' servers weren't as secure as they thought they would be. Its marketing 101
Believing in conspiracy theories degrades you as a person, puts your immortal soul at risk, and what's worse, demeans the noble art of posting on internet forums.
At this point I'm leaning towards believing Apple and Amazon, because it seems more likely that Bloomberg got it wrong than for Apple and Amazon to blatantly lie about this. But I'm really curious why Bloomberg went ahead and published this article if Apple and Amazon told them for months that it was wrong. What was their source and why did they trust it so much?