-
當今最重要的兩項發明即網路和手機,它們改變了世界。然而,出乎我們意料的是,它們也成了進行監視的完美工具。事實上它蒐集-基本上關於任何人、乃至所有人-資料、訊息、關係的能力,正是我們整個夏季聽到的、關於西方情報機構被揭發的機密;主要是美國情報機構,監控世上所有其他國家。
我們從6月6日的披露開始得知這一點;愛德華.史諾登開始披露訊息,關於美國情報機構最高機密的訊息。我們開始得知諸如稜鏡計畫、XKeyscore及其他監控計劃;這只是美國情報機構目前進行的類似計劃中幾個例子,針對世上所有其他國家。
如果回顧喬治.歐威爾對監視的預言,只證明喬治.歐威爾是個樂天派。(笑聲)我們現在面臨的是更大規模、對每位人民的追蹤,遠大於他所能想像的程度。
這是位於猶他州、惡名昭彰的NSA(美國國家安全局)資料中心,不久後將正式啟用,做為超級計算機中心及資料儲存中心。你可簡單想像:它有一個大廳,裝滿硬碟,其中儲存了他們所蒐集的資料。這是相當巨大的建築,有多大?好,我可以給你們一些數據-14萬平方公尺。但或許無法讓你們有具體概念,或許以對照方式較容易想像。不妨想像一下你去過最大的IKEA賣場,這是它的五倍大。IKEA能裝多少硬碟?對嗎?它相當大。我們估計,光是運作這個資料中心的電費賬單,每年將高達數千萬美元。這種大規模監控意味著他們可蒐集我們的資料,基本上永久保存,長期保存,保存數年、數十年,這開啟了對所有人來說一項嶄新的危機-對每個人展開大規模、地毯式的監控。
好吧,也許不是每個人,因為美國情報機構只能合法監控外國人。他們可監控外國人,當外國人的資料連接到美國或經過美國時。監控外國人似乎不是什麼壞事,除非你意識到,我算是外國人,你也算是外國人;事實上,地球上96%人口都是外國人。
展開英文
收合英文
-
以下為系統擷取之英文原文
The two most likely largest inventions of our generation are the Internet and the mobile phone. They've changed the world. However, largely to our surprise, they also turned out to be the perfect tools for the surveillance state. It turned out that the capability to collect data, information and connections about basically any of us and all of us is exactly what we've been hearing throughout of the summer through revelations and leaks about Western intelligence agencies, mostly U.S. intelligence agencies, watching over the rest of the world.
We've heard about these starting with the revelations from June 6. Edward Snowden started leaking information, top secret classified information, from the U.S. intelligence agencies, and we started learning about things like PRISM and XKeyscore and others. And these are examples of the kinds of programs U.S. intelligence agencies are running right now, against the whole rest of the world.
And if you look back about the forecasts on surveillance by George Orwell, well it turns out that George Orwell was an optimist. (Laughter) We are right now seeing a much larger scale of tracking of individual citizens than he could have ever imagined.
And this here is the infamous NSA data center in Utah. Due to be opened very soon, it will be both a supercomputing center and a data storage center. You could basically imagine it has a large hall filled with hard drives storing data they are collecting. And it's a pretty big building. How big? Well, I can give you the numbers -- 140,000 square meters -- but that doesn't really tell you very much. Maybe it's better to imagine it as a comparison. You think about the largest IKEA store you've ever been in. This is five times larger. How many hard drives can you fit in an IKEA store? Right? It's pretty big. We estimate that just the electricity bill for running this data center is going to be in the tens of millions of dollars a year. And this kind of wholesale surveillance means that they can collect our data and keep it basically forever, keep it for extended periods of time, keep it for years, keep it for decades. And this opens up completely new kinds of risks to us all. And what this is is that it is wholesale blanket surveillance on everyone.
Well, not exactly everyone, because the U.S. intelligence only has a legal right to monitor foreigners. They can monitor foreigners when foreigners' data connections end up in the United States or pass through the United States. And monitoring foreigners doesn't sound too bad until you realize that I'm a foreigner and you're a foreigner. In fact, 96 percent of the planet are foreigners.
-
對嗎?
因此這是對所有人的大規模地毯式監控,所有使用電信設備及網路的人。
但別誤會我的意思,某些類型的監控確實是適當的。我熱愛自由,但即使我也認同某些監控無傷大雅。如果執法人員試圖搜尋殺人犯,或試圖追捕毒梟,或試圖防止校園槍擊事件,他們擁有線索和嫌疑人,這完全沒問題。如果他們監聽嫌疑人電話、攔截他的網路通訊,我對這一點沒有任何異議;但這並非稜鏡計劃的情形。他們並非對那些有犯罪嫌疑或不法行為的人進行監視,他們監視的是那些他們明知無辜的人。
因此對於支持這類監視的看法主要有四項爭議。好,首先,每當你開始談論這些被披露的真相時,就有否認者試圖息事寧人,聲稱我們早知此事,早知此事的發生,沒什麼新的資訊。這並非事實,別相信任何人所說的,我們早已知情,因為我們根本一無所知。我們最深的恐懼或許就是類似情形,但我們不知道這正在發生,現在我們已確認這個事實。我們對此一無所知,我們不知道稜鏡計畫、我們不知道XKeyscore、我們不知道Cybertrans、我們不知道DoubleArrow、我們不知道Skywriter-這全是美國情報機構進行的不同計劃;但現在我們知道了。
我們不知道美國情報機構會採取極端手段,例如滲透官方標準機構,刻意破壞加密演算法。這意味著當你使用某種安全防護,一種十分安全的加密演算法。如果你使用這種演算法將檔案加密,沒人能破解這個檔案。即使他們使用世上所有電腦,只為了破解那個檔案,都得花上數百萬年,因此它基本上相當安全,無懈可擊。你使用那麼好的東西,卻故意削弱它的優勢,導致所有人承擔缺乏安全的後果。這相當於在現實世界中,情報機構強行將秘密識別碼植入每間房子的警報系統,這樣他們就能闖入每間房子。因為,你知道,壞人或許也有房屋警報系統,但這最終也將使所有人少一些保障。在加密演算法植入後門簡直令人難以置信。當然,情報機構只是盡忠職守,這是他們奉命執行的任務:攔截訊號情報、監控電信系統、監控網路流量;那就是他們試圖進行的工作。因為現今大多網路流量都是加密的,他們試圖尋找破解方法,其中之一就是破壞加密演算法。這是美國情報機構恣意妄為的絕佳範例,他們已完全失控,他們應該回歸正軌。
展開英文
收合英文
-
Right?
So it is wholesale blanket surveillance of all of us, all of us who use telecommunications and the Internet.
But don't get me wrong: There are actually types of surveillance that are okay. I love freedom, but even I agree that some surveillance is fine. If the law enforcement is trying to find a murderer, or they're trying to catch a drug lord or trying to prevent a school shooting, and they have leads and they have suspects, then it's perfectly fine for them to tap the suspect's phone, and to intercept his Internet communications. I'm not arguing that at all, but that's not what programs like PRISM are about. They are not about doing surveillance on people that they have reason to suspect of some wrongdoings. They're about doing surveillance on people they know are innocent.
So the four main arguments supporting surveillance like this, well, the first of all is that whenever you start discussing about these revelations, there will be naysayers trying to minimize the importance of these revelations, saying that we knew all this already, we knew it was happening, there's nothing new here. And that's not true. Don't let anybody tell you that we knew this already, because we did not know this already. Our worst fears might have been something like this, but we didn't know this was happening. Now we know for a fact it's happening. We didn't know about this. We didn't know about PRISM. We didn't know about XKeyscore. We didn't know about Cybertrans. We didn't know about DoubleArrow. We did not know about Skywriter -- all these different programs run by U.S. intelligence agencies. But now we do.
And we did not know that U.S. intelligence agencies go to extremes such as infiltrating standardization bodies to sabotage encryption algorithms on purpose. And what that means is that you take something which is secure, an encryption algorithm which is so secure that if you use that algorithm to encrypt one file, nobody can decrypt that file. Even if they take every single computer on the planet just to decrypt that one file, it's going to take millions of years. So that's basically perfectly safe, uncrackable. You take something which is that good and then you weaken it on purpose, making all of us less secure as an end result. A real-world equivalent would be that intelligence agencies would force some secret pin code into every single house alarm so they could get into every single house because, you know, bad people might have house alarms, but it will also make all of us less secure as an end result. Backdooring encryption algorithms just boggles the mind. But of course, these intelligence agencies are doing their job. This is what they have been told to do: do signals intelligence, monitor telecommunications, monitor Internet traffic. That's what they're trying to do, and since most, a very big part of the Internet traffic today is encrypted, they're trying to find ways around the encryption. One way is to sabotage encryption algorithms, which is a great example about how U.S. intelligence agencies are running loose. They are completely out of control, and they should be brought back under control.
-
我們對這起洩密事件有何確切瞭解?全都基於史諾登先生揭露的文件。首先是六月初曝光的稜鏡計劃投影片,詳述從服務供應商取得資訊的數據蒐集計劃。他們確實採取行動,指定欲獲取數據的服務供應商;他們甚至列出具體日期,從何時開始蒐集各個服務供應商的數據。例如,他們指定從2007年9月11日開始蒐集微軟的數據;雅虎從2008年3月12日開始;然後是其他公司:Google、Facebook、Skype、Apple等等。
每一家公司都否認,他們都說這並非事實,他們並未授權讓人秘密獲取他們的數據。然而,我們有這些文件,因此是其中一方撒謊,或還有其他解釋?其中一種解釋是,這些當事人,這些服務供應商並未配合政府,而是他們被駭了。這是一種解釋:他們並未配合,他們被駭了。以這種情況看來,他們被自己的政府駭了。這聽起來或許不可思議,但早有前例,例如Flame惡意軟體,我們堅信這是美國政府發佈的,進行散播、破壞Windows升級網路的安全性,這意味著這家公司被自己的政府駭了。還有更多證據支持這個論點,來自德國的Der Spiegel揭露更多關於這些情報機構之菁英駭客單位執行的任務。在美國國家安全局,這個單位叫TAO-特定入侵行動辦公室。在英國同類機構GCHQ(政府通訊總部)中,它被稱為NAC-網路分析中心。最近曝光的三張投影片,詳細描述英國GCHQ情報機構指揮的一項行動,目標是比利時一家電信公司,這意味著一個歐盟國家的情報機構故意破壞另一個歐盟國家的電信安全。他們在投影片中毫不在意地討論這件事,彷彿例行公事:這是第一個目標、這是第二個目標、這是分組情形。他們或許星期四晚上在酒吧聚會,他們甚至用花俏的PowerPoint剪貼畫製作-例如「成功」等字眼-當他們成功駭入這家電信服務商時。這是什麼情形?
展開英文
收合英文
-
So what do we actually know about the leaks? Everything is based on the files leaked by Mr. Snowden. The very first PRISM slides from the beginning of June detail a collection program where the data is collected from service providers, and they actually go and name the service providers they have access to. They even have a specific date on when the collection of data began for each of the service providers. So for example, they name the collection from Microsoft started on September 11, 2007, for Yahoo on the March 12, 2008, and then others: Google, Facebook, Skype, Apple and so on.
And every single one of these companies denies. They all say that this simply isn't true, that they are not giving backdoor access to their data. Yet we have these files. So is one of the parties lying, or is there some other alternative explanation? And one explanation would be that these parties, these service providers, are not cooperating. Instead, they've been hacked. That would explain it. They aren't cooperating. They've been hacked. In this case, they've been hacked by their own government. That might sound outlandish, but we already have cases where this has happened, for example, the case of the Flame malware which we strongly believe was authored by the U.S. government, and which, to spread, subverted the security of the Windows Update network, meaning here, the company was hacked by their own government. And there's more evidence supporting this theory as well. Der Spiegel, from Germany, leaked more information about the operations run by the elite hacker units operating inside these intelligence agencies. Inside NSA, the unit is called TAO, Tailored Access Operations, and inside GCHQ, which is the U.K. equivalent, it's called NAC, Network Analysis Centre. And these recent leaks of these three slides detail an operation run by this GCHQ intelligence agency from the United Kingdom targeting a telecom here in Belgium. And what this really means is that an E.U. country's intelligence agency is breaching the security of a telecom of a fellow E.U. country on purpose, and they discuss it in their slides completely casually, business as usual. Here's the primary target, here's the secondary target, here's the teaming. They probably have a team building on Thursday evening in a pub. They even use cheesy PowerPoint clip art like, you know, "Success," when they gain access to services like this. What the hell?
-
還有一些論點會這麼認為:好吧,沒錯,或許確有其事,但其他國家也這麼做,所有國家都暗中進行監控。或許確實如此,許多國家進行監控,但並非全部。但我們不妨舉個例子,以瑞典為例。我選擇瑞典的原因是,瑞典的法律和美國略有雷同。當你的數據流量通過瑞典時,他們的情報機構擁有合法權利攔截那個流量。好,有多少瑞典決策者、政客、商業領袖每天使用美國伺服器,例如執行Windows或OSX;使用Facebook或LinkedIn;或將資料儲存至雲端,例如iCloud、Skydrive或DropBox;或使用線上服務,例如亞馬遜網站服務或銷售支援?答案是,每位瑞典商業領袖每天使用。然後我們反過來看,多少美國領導人物使用瑞典電郵和雲端服務?答案是零。因此這並不平衡,無論從什麼角度來看,根本談不上平衡。
當偶爾出現某個歐洲的成功創業故事,甚至這些最後總會被美國買走。例如Skype,曾經安全無虞,曾經擁有端點至端點加密連線,最後被美國收購,現在它已不再安全。因此,再次地,我們將某種安全的東西,故意削弱它的安全性,最後導致所有人都不再安全。
然後是這樣的辯解:美國只是為了對抗恐怖份子,這是反恐戰爭,你不必擔心。好,這並非反恐戰爭。是的,部份是為了反恐;沒錯,恐怖分子確實存在,他們確實殺人傷人,我們應該對抗他們。但藉由這些曝光的事實,我們知道他們使用相同科技,監聽歐洲領袖的電話、監控墨西哥及巴西居民的電子郵件、讀取聯合國總部與歐盟議會的電郵往來。我不認為他們試圖在歐盟議會中尋找恐怖份子,對嗎?這並非反恐戰爭;或許部分如此,恐怖分子確實存在,但我們真的認為,恐怖份子是如此明確的威脅,以至於我們願意做任何事來對抗他們嗎?美國人是否準備拋棄憲法,將它扔進垃圾桶,只因為恐怖分子的存在?一併拋棄人權法案、所有修正案、世界人權宣言、歐洲人權公約、基本自由和新聞自由?你真的認為恐怖主義是如此明確的威脅,以至於我們準備不惜一切?
但人們懼怕恐怖分子,因此他們認為:或許監控無傷大雅,因為他們沒什麼好隱藏的。如果有所幫助,不妨隨意監視我。任何告訴你他沒什麼好隱藏的人,只是不曾深思熟慮過。
展開英文
收合英文
-
And then there's the argument that okay, yes, this might be going on, but then again, other countries are doing it as well. All countries spy. And maybe that's true. Many countries spy, not all of them, but let's take an example. Let's take, for example, Sweden. I'm speaking of Sweden because Sweden has a little bit of a similar law to the United States. When your data traffic goes through Sweden, their intelligence agency has a legal right by the law to intercept that traffic. All right, how many Swedish decisionmakers and politicians and business leaders use, every day, U.S.-based services, like, you know, run Windows or OSX, or use Facebook or LinkedIn, or store their data in clouds like iCloud or Skydrive or DropBox, or maybe use online services like Amazon web services or sales support? And the answer is, every single Swedish business leader does that every single day. And then we turn it around. How many American leaders use Swedish webmails and cloud services? And the answer is zero. So this is not balanced. It's not balanced by any means, not even close.
And when we do have the occasional European success story, even those, then, typically end up being sold to the United States. Like, Skype used to be secure. It used to be end-to-end encrypted. Then it was sold to the United States. Today, it no longer is secure. So once again, we take something which is secure and then we make it less secure on purpose, making all of us less secure as an outcome.
And then the argument that the United States is only fighting terrorists. It's the war on terror. You shouldn't worry about it. Well, it's not the war on terror. Yes, part of it is war on terror, and yes, there are terrorists, and they do kill and maim, and we should fight them, but we know through these leaks that they have used the same techniques to listen to phone calls of European leaders, to tap the email of residents of Mexico and Brazil, to read email traffic inside the United Nations Headquarters and E.U. Parliament, and I don't think they are trying to find terrorists from inside the E.U. Parliament, right? It's not the war on terror. Part of it might be, and there are terrorists, but are we really thinking about terrorists as such an existential threat that we are willing to do anything at all to fight them? Are the Americans ready to throw away the Constituion and throw it in the trash just because there are terrorists? And the same thing with the Bill of Rights and all the amendments and the Universal Declaration of Human Rights and the E.U. conventions on human rights and fundamental freedoms and the press freedom? Do we really think terrorism is such an existential threat, we are ready to do anything at all?
But people are scared about terrorists, and then they think that maybe that surveillance is okay because they have nothing to hide. Feel free to survey me if that helps. And whoever tells you that they have nothing to hide simply hasn't thought about this long enough.
-
因為我們有個叫隱私的東西。如果你真的認為自己沒什麼好隱藏的,請務必立刻告訴我,因為這樣我就知道,我不該對你吐露任何秘密,因為顯然你無法保密。但人們在網路上太過誠實。當洩密事件曝光後,許多人問我有何看法。我沒什麼好隱藏的,我沒做過任何壞事或違法的事,然而,我也沒什麼特別想與情報機構分享的訊息,尤其是外國情報機構。如果我們真的需要一位「老大哥」(喬治.歐威爾小說中的監視者),我寧可擁有我國的「老大哥」,而不是外國的「老大哥」。當洩密風波開始時,我在Twitter發佈的第一條相關訊息、相關評論是:當你使用搜尋引擎時,相當於潛在地將相關資訊洩露給美國情報機構。兩分鐘後,我收到一則回覆,來自一位叫Kimberly的美國人,質疑我為何擔心這件事?我發佈了什麼需要擔心?我是發佈了裸照還是什麼?我給Kimberly的回覆是,我發佈了什麼不關你的事,當然也不關你們政府的事,因為這就是其中的本質:事關隱私;隱私是不言而喻的,它應該根植於所有我們使用的系統中。
(掌聲)
所有人都該明白的一件事是,我們對搜尋引擎太誠實了。你讓我看你的搜尋記錄,五分鐘內,我就能找到犯罪相關訊息,或令人尷尬的資訊。我們對搜尋引擎比對家人還誠實,搜尋引擎比家人更瞭解你,這都來自於我們給出的各式訊息,我們同時把它給了美國。
監控改變了歷史,我們藉由腐敗的總統-例如尼克森-瞭解這一點。設想如果他擁有現今的監控工具,容我引用巴西總統Dilma Rousseff女士的說法-她是美國國家安全局監控目標之一,她的email遭到偷窺。她在聯合國總部發言時說道:「如果沒有隱私權,真正表達意見的自由就不存在,因此真正的民主亦不存在。」
這就是其中真義:隱私是民主的基礎。引用一位資安研究員Marcus Ranum的說法,他說目前美國對待網路的態度,就像對待它的殖民地,因此我們回歸殖民時期。我們,外國的網路使用者,應該視美國為主人。
因此史諾登先生因許多事遭受譴責,有人譴責他的洩密為美國雲端產業及軟體公司帶來麻煩-譴責史諾登為美國雲端產業帶來麻煩,相當於譴責高爾造成全球暖化。
展開英文
收合英文
-
Because we have this thing called privacy, and if you really think that you have nothing to hide, please make sure that's the first thing you tell me, because then I know that I should not trust you with any secrets, because obviously you can't keep a secret. But people are brutally honest with the Internet, and when these leaks started, many people were asking me about this. And I have nothing to hide. I'm not doing anything bad or anything illegal. Yet, I have nothing that I would in particular like to share with an intelligence agency, especially a foreign intelligence agency. And if we indeed need a Big Brother, I would much rather have a domestic Big Brother than a foreign Big Brother. And when the leaks started, the very first thing I tweeted about this was a comment about how, when you've been using search engines, you've been potentially leaking all that to U.S. intelligence. And two minutes later, I got a reply by somebody called Kimberly from the United States challenging me, like, why am I worried about this? What am I sending to worry about this? Am I sending naked pictures or something? And my answer to Kimberly was that what I'm sending is none of your business, and it should be none of your government's business either. Because that's what it's about. It's about privacy. Privacy is nonnegotiable. It should be built in to all the systems we use.
(Applause)
And one thing we should all understand is that we are brutally honest with search engines. You show me your search history, and I'll find something incriminating or something embarrassing there in five minutes. We are more honest with search engines than we are with our families. Search engines know more about you than your family members know about you. And this is all the kind of information we are giving away, we are giving away to the United States.
And surveillance changes history. We know this through examples of corrupt presidents like Nixon. Imagine if he would have had the kind of surveillance tools that are available today. And let me actually quote the president of Brazil, Ms. Dilma Rousseff. She was one of the targets of NSA surveillance. Her email was read, and she spoke at the United Nations Headquarters, and she said, "If there is no right to privacy, there can be no true freedom of expression and opinion, and therefore, there can be no effective democracy."
That's what it's about. Privacy is the building block of our democracies. And to quote a fellow security researcher, Marcus Ranum, he said that the United States is right now treating the Internet as it would be treating one of its colonies. So we are back to the age of colonization, and we, the foreign users of the Internet, we should think about Americans as our masters.
So Mr. Snowden, he's been blamed for many things. Some are blaming him for causing problems for the U.S. cloud industry and software companies with these revelations -- and blaming Snowden for causing problems for the U.S. cloud industry would be the equivalent of blaming Al Gore for causing global warming.
-
因此-我們該怎麼做?我們該擔心嗎?不,我們不該擔心,我們應該憤怒,因為這是錯誤的、這是野蠻的、不該採取的做法,但這無法真正改變局面。世上其他國家欲改變這種局面,就得試著避開美國建立的系統。說來容易做來難,我們該怎麼做?單一國家,歐洲任何一個國家都無法取代、無法建立替代系統,取代美國製造的作業系統及雲端服務。
但或許你不需要單打獨鬥,或許你可以與其他國家合作,解決之道就是開放原始碼。藉由共同建立開放、自由、安全的系統,我們可以避開這些監視。一個國家不需獨力解決這個問題,只需解決一個小問題。引用一位資安研究員Haroon Meer的說法:一個國家只需製造一個小波浪,但所有小波浪可聚集成浪潮,這道浪潮將同時舉起所有船隻。我們建立的浪潮擁有安全、自由、開放的原始碼系統,將成為載著所有人越過監視狀態的浪潮。
十分感謝。
展開英文
收合英文
-
So, what is there to be done? Should we worry. No, we shouldn't worry. We should be angry, because this is wrong, and it's rude, and it should not be done. But that's not going to really change the situation. What's going to change the situation for the rest of the world is to try to steer away from systems built in the United States. And that's much easier said than done. How do you do that? A single country, any single country in Europe cannot replace and build replacements for the U.S.-made operating systems and cloud services.
But maybe you don't have to do it alone. Maybe you can do it together with other countries. The solution is open source. By building together open, free, secure systems, we can go around such surveillance, and then one country doesn't have to solve the problem by itself. It only has to solve one little problem. And to quote a fellow security researcher, Haroon Meer, one country only has to make a small wave, but those small waves together become a tide, and the tide will lift all the boats up at the same time, and the tide we will build with secure, free, open-source systems, will become the tide that will lift all of us up and above the surveillance state.
Thank you very much.