尊敬的用户您好,这是来自FT中文网的温馨提示:如您对更多FT中文网的内容感兴趣,请在苹果应用商店或谷歌应用市场搜索“FT中文网”,下载FT中文网的官方应用。
How much authority should democratic governments have to “snoop” on citizens’ online data and communications? The UK government has used new legal powers to demand that Apple create a “back door” enabling law enforcement bodies to access users’ encrypted data uploaded to the cloud. Apple has responded instead by withdrawing from Britain its most secure cloud storage service — which uses end-to-end encryption that Apple says means even it cannot access the data.
民主政府应该拥有多大的权力来“窥探”公民的在线数据和通信?英国政府已利用新的法律权力要求苹果(Apple)创建一个“后门”,以便执法机构能够访问上传到云端的用户加密数据。苹果的回应是将其最安全的云存储服务撤出英国,该服务使用端到端加密,苹果称这意味着即使它也无法访问此类数据。
Britain is not alone. Sweden’s government wants encrypted messaging apps such as Signal and WhatsApp to open a similar back door. Signal is threatening to leave Sweden if this becomes law. The cases amount to the biggest confrontation yet between western governments’ understandable desire to police crimes such as terrorism and child sex abuse online, and the gold-standard encryption now widely used to protect user privacy in messaging apps and the cloud.
英国并不孤单。瑞典政府希望Signal和WhatsApp等加密通信应用设置类似的后门。Signal威胁说,如果这成为法律,它将退出瑞典。这些案例构成了西方政府在打击线上恐怖主义和儿童性虐待等犯罪的合理愿望,与目前广泛用于保护消息应用和云端用户隐私的黄金标准加密之间的最大对抗。
Both cases echo the battle when the FBI tried to compel Apple to help it break into an iPhone used by a terrorist in a California shooting in 2015. Apple said if it created an iPhone back door for the FBI, malicious actors might discover it and use it to crack other phones. A hacking firm eventually unlocked the phone for the FBI, ending the stand-off.
这两起案例都让人想起在2015年加利福尼亚州发生的一起枪击案中,美国联邦调查局(FBI)试图强迫苹果帮助其破解一名恐怖分子使用的iPhone。苹果表示,如果它为FBI创建一个iPhone后门,恶意行为者可能会发现并利用它破解其他手机。最后一家黑客公司为FBI解锁了这部手机,结束了这一僵局。
The British and Swedish demands are much wider. Using its Investigatory Powers Act — which critics have dubbed a “Snoopers’ Charter” — the UK Home Office has issued a notice requiring Apple to allow British law enforcement, armed with a court order, to tap encrypted back-ups and other cloud data, anywhere in the world.
英国和瑞典的要求要广泛得多。英国内政部利用其《调查权力法》(被批评者称为“窥探者宪章”)发出通知,要求苹果公司允许英国执法部门在获得法院命令后,获取在世界任何地方的加密备份和其他云数据。
But the underlying dilemma is the same. When millions of people are sending or storing online sensitive data on, say, their finances or health, data protection is paramount. End-to-end encryption, where only the user and not the service provider holds the key, is the best safeguard.
但根本困境是一样的。当数以百万计人在网上发送或存储有关财务或健康等敏感数据时,数据保护至关重要。只有用户而非服务提供商持有密钥的端到端加密是最好的保护措施。
Most cyber security experts argue government bodies cannot be given access without creating a vulnerability that hackers, including authoritarian states, could abuse. Something like this has already happened. In an attack called “Salt Typhoon”, Chinese hackers last year exploited a US government-mandated back door in US telecoms networks to access call and text data and even phone calls of top politicians.
大多数网络安全专家认为政府机构不能被授予访问权限,因为这必然会产生一个会被黑客(包括威权国家)滥用的漏洞。类似的事件已经发生过。在一次名为“Salt Typhoon”的攻击中,中国黑客去年利用美国政府强制要求设置的后门进入美国电信网络,访问通话和短信数据,甚至窃听高级政客的电话。
In the UK, some 239 civil society groups, companies and cyber security experts have called on the government to rescind its demand to Apple, saying it “jeopardises the security and privacy of millions”. Using similar arguments, bipartisan members of two US congressional oversight committees have asked Tulsi Gabbard, the new national intelligence director, to demand that the UK retracts its order — and to consider limiting US-UK intelligence sharing if it does not.
在英国,约239个公民社会组织、公司和网络安全专家呼吁政府撤销对苹果公司的要求,称其“危及数百万用户的安全和隐私”。基于类似的理由,美国国会两个监督委员会的两党成员要求新任国家情报总监图尔西•加巴德要求英国撤回其命令——并考虑限制美英情报共享,如果英国不撤回的话。
This is without doubt a thorny issue. No one wishes terrorists and child abusers to be able to evade detection. Some UK security officials have insisted privacy protections can coexist with “exceptional lawful access”, and argued that tech companies could find a clever workaround. Tech experts counter that no foolproof compromise yet exists.
这无疑是一个棘手的问题。没人希望恐怖分子和虐待儿童者能够逃避侦查。一些英国安全官员坚称隐私保护可以与“例外的合法访问”共存,并称科技公司可以找到一个巧妙的解决方案。技术专家反驳称,目前还不存在万无一失的折中方案。
But almost all big tech companies rightly co-operate with legitimate law enforcement requests that do not involve “back doors” on a routine basis; Apple’s latest UK transparency report shows it complied with 93 per cent of emergency requests. If a solution is developed enabling this to happen safely with end-to-end encryption, co-operation should extend into this area too. For now, though, governments should treat this kind of protection as a common good. Efforts to police the criminal minority should not undermine the safety and privacy of the law-abiding majority.
但几乎所有大型科技公司都会恰当地与合法的执法请求合作,只要不涉及设置常规性“后门”;苹果公司最新的英国透明度报告显示,该公司遵守了93%的紧急请求。如果开发出一种解决方案,能够在端到端加密方面安全地实现这一点,那么合作也应该扩展到这一领域。不过,目前政府应将这种保护视为一种公共利益。监控少数犯罪分子的努力不应削弱守法的多数人的安全和隐私。