-
Chris Anderson:我們幾天前做了愛德華.史諾登的訪談,現在是回應時間。有幾位聽眾寫了問題給我,想詢問來自NSA(美國國家安全局)的嘉賓。Richard Ledgett是美國國家安全局第15任副局長,屬於高級文職人員,擔任營運總監、指導策略、建立內部政策、並擔任局長的主要顧問,十分稱職。歡迎Rick Ledgett來到TED。(掌聲)
Richard Ledgett:十分榮幸有機會來此演講,我很期待這次談話,十分感謝大會的安排。
CA:謝謝Rick,十分感謝你的參與。這是相當有力的聲明:NSA願意現身、在此進行公開訪談。我想你看過幾天前史諾登在此的訪談,你有什麼看法?
RL:我認為非常有意思。我們沒料到他會在此現身,因此-十分佩服你們安排了那樣的驚喜。我認為,如同史諾登先生開始披露機密資訊後發生的許多事,其中有核心真相,但也有許多臆測及半真半假的內容,我很樂意做個說明。我認為這是相當重要的談話,對美國和全世界來說,我認為這相當重要,因此我們需要使它成為以事實為基礎的談話,我們希望協助達成這個目標。
CA:因此許多人的問題是:你認為史諾登所作所為的動機是什麼?他有任何其他選擇嗎?
RL:他確實擁有其他選擇。我認為將他歸類為舉發者確實對合法舉發行為有所傷害。因此如果某個任職於NSA的人-NSA有35,000多名員工,他們都是優秀的公民。他們就像你的丈夫、父親、姐妹、兄弟、鄰居、侄子、朋友和親戚,他們全都樂於為國家及我們的盟國做正確的事。因此如果員工有所顧慮,有各種管道可申訴。首先是他們的管理者,上至組織內部管理鏈高層。如果這讓員工感到不自在,還有一些督察長。以史諾登先生為例,他可選擇NSA督察長、海軍督察長、太平洋司令部督察長、國防部督察長、情報局督察長,以上任何一個人都可將他的擔憂列入機密管道,且樂於處理。(CA和RL同時說話)他可選擇前往國會委員會,那裡有處理這種狀況的機制,因此他並未採取以上任何做法。
展開英文
收合英文
-
以下為系統擷取之英文原文
Chris Anderson: We had Edward Snowden here a couple days ago, and this is response time. And several of you have written to me with questions to ask our guest here from the NSA. So Richard Ledgett is the 15th deputy director of the National Security Agency, and he's a senior civilian officer there, acts as its chief operating officer, guiding strategies, setting internal policies, and serving as the principal advisor to the director. And all being well, welcome, Rick Ledgett, to TED. (Applause)
Richard Ledgett: I'm really thankful for the opportunity to talk to folks here. I look forward to the conversation, so thanks for arranging for that.
CA: Thank you, Rick. We appreciate you joining us. It's certainly quite a strong statement that the NSA is willing to reach out and show a more open face here. You saw, I think, the talk and interview that Edward Snowden gave here a couple days ago. What did you make of it? RL: So I think it was interesting. We didn't realize that he was going to show up there, so kudos to you guys for arranging a nice surprise like that. I think that, like a lot of the things that have come out since Mr. Snowden started disclosing classified information, there were some kernels of truth in there, but a lot of extrapolations and half-truths in there, and I'm interested in helping to address those. I think this is a really important conversation that we're having in the United States and internationally, and I think it is important and of import, and so given that, we need to have that be a fact-based conversation, and we want to help make that happen.
CA: So the question that a lot of people have here is, what do you make of Snowden's motivations for doing what he did, and did he have an alternative way that he could have gone?
RL: He absolutely did have alternative ways that he could have gone, and I actually think that characterizing him as a whistleblower actually hurts legitimate whistleblowing activities. So what if somebody who works in the NSA -- and there are over 35,000 people who do. They're all great citizens. They're just like your husbands, fathers, sisters, brothers, neighbors, nephews, friends and relatives, all of whom are interested in doing the right thing for their country and for our allies internationally, and so there are a variety of venues to address if folks have a concern. First off, there's their supervisor, and up through the supervisory chain within their organization. If folks aren't comfortable with that, there are a number of inspectors general. In the case of Mr. Snowden, he had the option of the NSA inspector general, the Navy inspector general, the Pacific Command inspector general, the Department of Defense inspector general, and the intelligence community inspector general, any of whom would have both kept his concerns in classified channels and been happy to address them. (CA and RL speaking at once) He had the option to go to congressional committees, and there are mechanisms to do that that are in place, and so he didn't do any of those things.
-
CA:現在,你說史諾登有其他管道可提出他的擔憂,有幾項針對這個說法的反駁。第一,他確實認為,身為外包人員,他無法使用雇員可用的管道。第二,根據其他舉報者過往的經歷,例如,以某些觀點來看,Thomas Andrews Drake遭受的處置相當嚴厲。第三,他並非針對他發現的某個缺失採取行動,而是被三個政府分支機構認可的計畫。我是指,在那種情況下,難道你不認為他的做法是合理的嗎?
RL:不,我並不認同。我認為-抱歉,我聽見麥克風傳來訊息-他採取的行動並不適當。因為事實上從長遠來看,他將人們的生命置於風險中。我知道史諾登先生和一些記者在許多公開談話中,說那些被揭露的事並未將國家及人民安全置於風險中。這絕非事實,它們確實有所影響。我認為他的想法也相當傲慢,自認比制憲者所知更多,關於政府權力分立該如何設計及運作;執法與立法部門必須共同合作、互相制衡;司法部門監督整個過程。我認為他的想法相當自大。
CA:你是否能舉一個具體例子,說明他如何將人們的生命置於風險中?
RL:好,沒問題。因此他揭露的事,關於情報能力。NSA是基於情報能力的組織,因此當我們獲得國外情報目標-具合法利益的目標-例如恐怖份子是代表範例,但也包括-例如人口販子、毒品販子;嘗試製造先進武器-例如核武及建立相關運輸系統的人;以及可能對鄰近區域進行侵略的國家。你或許能事先看出哪些正在進行。這些功能以相當分立、謹慎及嚴格控制的方式施行,因此毫無顧忌地披露這些功能,意味著當敵人得知並意識到:「嘿,這或許對我不利。」他們會避開風險。我們已發現一些國內恐怖主義目標人物、各式各樣的走私者和其他嫌疑分子,因為這些訊息的披露,從我們有能力監控的範圍內消失。這造成的整體影響是,身處海外危險地帶的我國人民,無論是外交或軍事人員,以及與我們處境相同的盟國,都處於更大風險中,因為我們無法得知即將來臨的威脅。
CA:因此這是對這件事的一般回應:因為他的揭露,導致獲取特定類型資訊的管道無法運作。但人們關注的焦點是,這種管道的性質原本就不合法。我是指,據我們所知,所謂的Bullrun計畫,即NSA刻意削弱安全性,以獲得你所說的那種管道。
展開英文
收合英文
-
CA: Now, you had said that Ed Snowden had other avenues for raising his concerns. The comeback on that is a couple of things: one, that he certainly believes that as a contractor, the avenues that would have been available to him as an employee weren't available, two, there's a track record of other whistleblowers, like [Thomas Andrews Drake] being treated pretty harshly, by some views, and thirdly, what he was taking on was not one specific flaw that he'd discovered, but programs that had been approved by all three branches of government. I mean, in that circumstance, couldn't you argue that what he did was reasonable?
RL: No, I don't agree with that. I think that the — sorry, I'm getting feedback through the microphone there — the actions that he took were inappropriate because of the fact that he put people's lives at risk, basically, in the long run, and I know there's been a lot of talk in public by Mr. Snowden and some of the journalists that say that the things that have been disclosed have not put national security and people at risk, and that is categorically not true. They actually do. I think there's also an amazing arrogance to the idea that he knows better than the framers of the Constitution in how the government should be designed and work for separation of powers and the fact that the executive and the legislative branch have to work together and they have checks and balances on each other, and then the judicial branch, which oversees the entire process. I think that's extremely arrogant on his part.
CA: Can you give a specific example of how he put people's lives at risk?
RL: Yeah, sure. So the things that he's disclosed, the capabilities, and the NSA is a capabilities-based organization, so when we have foreign intelligence targets, legitimate things of interest -- like, terrorists is the iconic example, but it includes things like human traffickers, drug traffickers, people who are trying to build advanced weaponry, nuclear weapons, and build delivery systems for those, and nation-states who might be executing aggression against their immediate neighbors, which you may have some visibility into some of that that's going on right now, the capabilities are applied in very discrete and measured and controlled ways. So the unconstrained disclosure of those capabilities means that as adversaries see them and recognize, "Hey, I might be vulnerable to this," they move away from that, and we have seen targets in terrorism, in the nation-state area, in smugglers of various types, and other folks who have, because of the disclosures, moved away from our ability to have insight into what they're doing. The net effect of that is that our people who are overseas in dangerous places, whether they're diplomats or military, and our allies who are in similar situations, are at greater risk because we don't see the threats that are coming their way.
CA: So that's a general response saying that because of his revelations, access that you had to certain types of information has been shut down, has been closed down. But the concern is that the nature of that access was not necessarily legitimate in the first place. I mean, describe to us this Bullrun program where it's alleged that the NSA specifically weakened security in order to get the type of access that you've spoken of.
-
RL:因此當我之前描述的那種合法外國情報目標,使用全球通訊系統作為他們的通訊方式-他們確實這麼做,因為這是很棒的系統,是人類設計出最複雜的系統。這是一項奇蹟,在座許多聽眾對創造及改進這個系統有所貢獻。它是相當美妙的東西,但它也被對抗我國及我們盟國的人利用。因此如果我要追蹤他們,我需要追蹤他們的能力。同樣地,控制因素在於我如何運用這種能力,而非我擁有這種能力。另一方面,如果我們能這麼做,使所有壞人都使用網路的一部分;我們可以給它一個域名,例如badguy.com,這將多麼美妙。我們可將所有力量集中在那裡,這並非它運作的方式。他們試圖躲避政府隔離及阻止他們行為的能力,因此我們不得不潛入相同領域。但我想說明這一點。因此NSA有兩項任務,其一是訊號情報任務。很遺憾,我們已藉由媒體對此知之甚詳。另一項是資訊保安任務,旨在保護美國國家安全系統。這是指,例如總統用的通訊、控制核武的通訊、我國軍隊在全球使用的通訊、我們與盟國之間使用的通訊,以及其中一些盟國自行使用的通訊。因此我們對使用標準提出建議。我們使用相同標準,因此我們對確保這些通訊使用目的之安全性進行投資。
CA:但這聽起來彷彿是說,當整體上涉及網路,只要能增進美國安全,任何策略都是公平的,我認為這正是人們意見分歧的部分原因。現場及全球有許多人對網路的看法大不相同,他們認為網路是人類的重大發明,幾乎能媲美古騰堡計畫。它是將知識分享給大眾的傳遞者,是一切的聯繫,人們以這些理想主義觀點看待它。由這個角度來看,NSA的做法相當於過去的德國掌權者,在所有印刷機安裝某種設備,顯示人們購買及閱讀哪些書。你是否能理解,由這個角度來看,這似乎太超過了?
展開英文
收合英文
-
RL: So there are, when our legitimate foreign intelligence targets of the type that I described before, use the global telecommunications system as their communications methodology, and they do, because it's a great system, it's the most complex system ever devised by man, and it is a wonder, and lots of folks in the room there are responsible for the creation and enhancement of that, and it's just a wonderful thing. But it's also used by people who are working against us and our allies. And so if I'm going to pursue them, I need to have the capability to go after them, and again, the controls are in how I apply that capability, not that I have the capability itself. Otherwise, if we could make it so that all the bad guys used one corner of the Internet, we could have a domain, badguy.com. That would be awesome, and we could just concentrate all our efforts there. That's not how it works. They're trying to hide from the government's ability to isolate and interdict their actions, and so we have to swim in that same space. But I will tell you this. So NSA has two missions. One is the Signals Intelligence mission that we've unfortunately read so much about in the press. The other one is the Information Assurance mission, which is to protect the national security systems of the United States, and by that, that's things like the communications that the president uses, the communications that control our nuclear weapons, the communications that our military uses around the world, and the communications that we use with our allies, and that some of our allies themselves use. And so we make recommendations on standards to use, and we use those same standards, and so we are invested in making sure that those communications are secure for their intended purposes.
CA: But it sounds like what you're saying is that when it comes to the Internet at large, any strategy is fair game if it improves America's safety. And I think this is partly where there is such a divide of opinion, that there's a lot of people in this room and around the world who think very differently about the Internet. They think of it as a momentous invention of humanity, kind of on a par with the Gutenberg press, for example. It's the bringer of knowledge to all. It's the connector of all. And it's viewed in those sort of idealistic terms. And from that lens, what the NSA has done is equivalent to the authorities back in Germany inserting some device into every printing press that would reveal which books people bought and what they read. Can you understand that from that viewpoint, it feels outrageous?
-
RL:我確實瞭解,事實上我也這麼看待網路的用途。我的主張是,它更勝於網路。它是全球通訊系統,網路只是其中的一大部分,但還有許多其他東西。我認為人們的關注是合理的,對於透明度與保密的平衡,這有時被描述為隱私與國家安全的平衡,我不認為這是正確的說法,我認為這確實是透明度與保密的平衡。因此我們現在進行的是國家與國際的對話。我們希望參與其中,希望人們以知情的方式參與其中,因此容我稍微說明一下幾件事。有些事我們需要透明化:我們的機構、我們的過程、我們的監督、我們是誰。我們,NSA,對這部分做得不是很好,我認為這正是媒體以如此聳動的方式大肆渲染的部分原因。沒人知道我們是何方神聖,我們是不存在的機構,絕對保密的機構。有人把我們的標誌惡搞成戴著耳機的老鷹,因此這就是我們的公眾象徵。因此我們需要對這些事更加透明化。我們不需要透明化的是對美國不利的事、對所有與我們合作的國家不利的事。因此我們提供資訊,幫助他們保衛國家及人民,暴露這些行動與能力是不利的,這使得那些全球公敵、那些普遍認定為壞人的傢伙得以反擊。
CA:但這給了美國一些公司沉重的打擊,不是也很糟嗎?那些基本上為全球提供大部分重要網路服務的公司?
RL:是的。這些公司處境艱難,和我們一樣。因為這些公司,我們強迫他們提供資訊,正如世上任何其他國家。世上所有工業化國家都有合法的攔截計畫。它們要求公司提供國家安全所需的資訊,參與的公司以相同方式遵守這些計畫,當他們在俄羅斯或英國營運,或中國、印度、法國,任何你說得出的國家。因此事實上這種提供資訊的行為廣泛被解讀為:「你不能信任A公司,因為它們有洩漏你隱私的嫌疑。」事實上這句話僅適用於以下情況-這句話適用於世上所有與任何採取這種做法的國家打交道的公司。因此這被人們用來作為市場行銷優勢。有幾個國家藉此進行行銷,包括某些我們的盟國。他們的說法是:「嘿,你不能信任美國,但你可以信任我們的通訊公司,因為我們是安全的。」它們確實藉此反擊美國公司擁有的龐大技術優勢,例如雲端及以網路為基礎的技術領域。
展開英文
收合英文
-
RL: I do understand that, and I actually share the view of the utility of the Internet, and I would argue it's bigger than the Internet. It is a global telecommunications system. The Internet is a big chunk of that, but there is a lot more. And I think that people have legitimate concerns about the balance between transparency and secrecy. That's sort of been couched as a balance between privacy and national security. I don't think that's the right framing. I think it really is transparency and secrecy. And so that's the national and international conversation that we're having, and we want to participate in that, and want people to participate in it in an informed way. So there are things, let me talk there a little bit more, there are things that we need to be transparent about: our authorities, our processes, our oversight, who we are. We, NSA, have not done a good job of that, and I think that's part of the reason that this has been so revelational and so sensational in the media. Nobody knew who we were. We were the No Such Agency, the Never Say Anything. There's takeoffs of our logo of an eagle with headphones on around it. And so that's the public characterization. And so we need to be more transparent about those things. What we don't need to be transparent about, because it's bad for the U.S., it's bad for all those other countries that we work with and that we help provide information that helps them secure themselves and their people, it's bad to expose operations and capabilities in a way that allows the people that we're all working against, the generally recognized bad guys, to counter those.
CA: But isn't it also bad to deal a kind of body blow to the American companies that have essentially given the world most of the Internet services that matter? RL: It is. It's really the companies are in a tough position, as are we, because the companies, we compel them to provide information, just like every other nation in the world does. Every industrialized nation in the world has a lawful intercept program where they are requiring companies to provide them with information that they need for their security, and the companies that are involved have complied with those programs in the same way that they have to do when they're operating in Russia or the U.K. or China or India or France, any country that you choose to name. And so the fact that these revelations have been broadly characterized as "you can't trust company A because your privacy is suspect with them" is actually only accurate in the sense that it's accurate with every other company in the world that deals with any of those countries in the world. And so it's being picked up by people as a marketing advantage, and it's being marketed that way by several countries, including some of our allied countries, where they are saying, "Hey, you can't trust the U.S., but you can trust our telecom company, because we're safe." And they're actually using that to counter the very large technological edge that U.S. companies have in areas like the cloud and Internet-based technologies.
-
CA:你和一面美國國旗坐在一起;美國憲法保障不受不合理搜查及逮捕的自由。你如何定義美國公民的隱私權?有這樣的權利嗎?
RL:是的,當然有。我們投入超量的時間和壓力-事實上我應該這麼說,超量且適宜的-時間和精力,確保對隱私的保護。此外還有全球公民的隱私,不僅是美國人。有幾件事在此發揮了作用。第一,我們都處於同一個網路。我的通訊、我使用的網路郵件服務,正是全球恐怖份子首選的電子郵件服務商。因此在網路電子郵件空間中,我正好是他們的鄰居。因此我們必須能將它篩選出來,找出相關訊息。藉由這種做法,我們必定會遇上安分守己的美國人和無辜的外國人,因此我們有一個適當程序進行篩檢,它寫著:當你發現-並非如果發現,而是當你發現,因為你一定會發現-這就是保護的方法。這被稱為最小化程序,它們由司法部長根據憲法批准,因此這是我們保護的對象。此外,針對全球進行合法生意的公民,總統在1月17日的演講中宣布某些我們將提供的額外保護,因此我相當肯定,人民確實有隱私權,我們費盡心力地確保隱私權受到保護。
CA:那使用美國公司網路服務的外國人呢?他們有任何隱私權嗎?
RL:他們有,當然。以某種意義來說,我們唯一能強迫這些公司提供資訊的途徑是落在這三種類型之一的資訊:我們能識別這個特定的人-由某種選擇器識別-與反恐、核擴散或其他外國情報目標相關。
CA:經常出現的討論是,大部分你們藉由這些項目獲得的資訊基本上是元數據。不一定是某人寫在郵件中或在電話中說出的實際字詞,而是收件人、時間等等。但這有所爭議。現場某位聽眾曾與前NSA分析師討論過,他說事實上元數據比核心數據更具侵略性。因為在核心數據中,你展示的是你想表達的內容;至於元數據,誰知道會產生何種結論?你有什麼說法嗎?
RL:我不太瞭解這項爭議,我認為元數據的重要性在於幾個原因。元數據是讓你找出人們試圖隱藏之關聯的資訊。因此當一個恐怖份子與某個我們不曾聽過的人通信,但他從事或支持恐怖活動;或是某個違反國際制裁的人,提供核武相關材料給例如伊朗或北韓等國家,正設法隱藏這個活動,因為是非法的。元數據的作用就是讓你找出其中關聯。另一種選擇是效率低得多、且更侵略隱私的方式;那是大量內容的集合。因此以某種程度來說,元數據確實增強了隱私。我們並非-不同於某些媒體的報導,我們並非坐在那裡、篩選出一般人的元數據資料。如果你不曾與那些有效情報目標聯繫,我們對你不感興趣。
展開英文
收合英文
-
CA: You're sitting there with the American flag, and the American Constitution guarantees freedom from unreasonable search and seizure. How do you characterize the American citizen's right to privacy? Is there such a right?
RL: Yeah, of course there is. And we devote an inordinate amount of time and pressure, inordinate and appropriate, actually I should say, amount of time and effort in order to ensure that we protect that privacy. and beyond that, the privacy of citizens around the world, it's not just Americans. Several things come into play here. First, we're all in the same network. My communications, I'm a user of a particular Internet email service that is the number one email service of choice by terrorists around the world, number one. So I'm there right beside them in email space in the Internet. And so we need to be able to pick that apart and find the information that's relevant. In doing so, we're going to necessarily encounter Americans and innocent foreign citizens who are just going about their business, and so we have procedures in place that shreds that out, that says, when you find that, not if you find it, when you find it, because you're certain to find it, here's how you protect that. These are called minimization procedures. They're approved by the attorney general and constitutionally based. And so we protect those. And then, for people, citizens of the world who are going about their lawful business on a day-to-day basis, the president on his January 17 speech, laid out some additional protections that we are providing to them. So I think absolutely, folks do have a right to privacy, and that we work very hard to make sure that that right to privacy is protected.
CA: What about foreigners using American companies' Internet services? Do they have any privacy rights?
RL: They do. They do, in the sense of, the only way that we are able to compel one of those companies to provide us information is when it falls into one of three categories: We can identify that this particular person, identified by a selector of some kind, is associated with counterterrorist or proliferation or other foreign intelligence target.
CA: Much has been made of the fact that a lot of the information that you've obtained through these programs is essentially metadata. It's not necessarily the actual words that someone has written in an email or given on a phone call. It's who they wrote to and when, and so forth. But it's been argued, and someone here in the audience has talked to a former NSA analyst who said metadata is actually much more invasive than the core data, because in the core data you present yourself as you want to be presented. With metadata, who knows what the conclusions are that are drawn? Is there anything to that?
RL: I don't really understand that argument. I think that metadata's important for a couple of reasons. Metadata is the information that lets you find connections that people are trying to hide. So when a terrorist is corresponding with somebody else who's not known to us but is engaged in doing or supporting terrorist activity, or someone who's violating international sanctions by providing nuclear weapons-related material to a country like Iran or North Korea, is trying to hide that activity because it's illicit activity. What metadata lets you do is connect that. The alternative to that is one that's much less efficient and much more invasive of privacy, which is gigantic amounts of content collection. So metadata, in that sense, actually is privacy-enhancing. And we don't, contrary to some of the stuff that's been printed, we don't sit there and grind out metadata profiles of average people. If you're not connected to one of those valid intelligence targets, you are not of interest to us.
-
CA:因此以美國面臨的整體威脅來看,你把恐怖主義排在第幾位?
RL:我認為恐怖主義仍是頭號威脅。我認為不曾有任何時刻、有那麼多地方情況變得如此糟糕,利用缺乏治理的情況形成恐怖主義溫床。我之前的長官Tom Fargo,海軍司令Fargo曾將它形容為不穩定電弧。因此目前世上有許多這樣的不穩定電弧。例如敘利亞這樣的地方正進行內戰,相當大量、成千上萬的外國好戰分子來到敘利亞,學習如何成為恐怖分子、實施這種活動,其中有許多持歐洲國家或美國護照的西方人。因此他們基本上是在學習如何進行戰爭及表達意圖,以便將來在他們的祖國如法炮製。有些地方,例如伊拉克,目前正遭受嚴重的宗教暴力衝突,同樣是孕育恐怖主義的溫床。非洲之角及非洲薩赫爾地區也出現這類活動。同樣地,許多治理薄弱的政府逐漸形成恐怖活動的溫床,因此我認為這非常嚴重,我認為這是頭號威脅。我認為排名第二的是網路威脅。我認為網路威脅有三種:第一,或許是人們最耳熟能詳的形式,來自於智慧財產的竊取。因此基本上是其他國家侵入、竊取公司機密,然後將這些資訊提供給國有企業,或與政府有關的公司,幫助他們技術躍進,或獲得用於贏取海外合約的商業情報。這是目前大量進行中的活動,幾個國家正進行這種活動。第二是阻斷服務攻擊。你們或許聽說過,自2012年起一連串針對美國金融機構的攻擊。同樣地,這是國家執行的攻擊,他們藉此進行半匿名式報復行動。最後一種是破壞性攻擊,這是我最擔心的一種,正不斷增加中。包括2012年8月對沙烏地阿拉伯石油公司的攻擊,藉由Wiper式病毒,使35,000台電腦癱瘓。一週後,卡達一家公司遭受攻擊。2013年3月,南韓遭受攻擊,媒體聲稱始作俑者是北韓,使數千台電腦癱瘓。這種情況與日俱增,我們發現人們對這些能力表示感興趣,並渴望採用。
展開英文
收合英文
-
CA: So in terms of the threats that face America overall, where would you place terrorism?
RL: I think terrorism is still number one. I think that we have never been in a time where there are more places where things are going badly and forming the petri dish in which terrorists take advantage of the lack of governance. An old boss of mine, Tom Fargo, Admiral Fargo, used to describe it as arcs of instability. And so you have a lot of those arcs of instability in the world right now, in places like Syria, where there's a civil war going on and you have massive numbers, thousands and thousands of foreign fighters who are coming into Syria to learn how to be terrorists and practice that activity, and lots of those people are Westerners who hold passports to European countries or in some cases the United States, and so they are basically learning how to do jihad and have expressed intent to go out and do that later on in their home countries. You've got places like Iraq, which is suffering from a high level of sectarian violence, again a breeding ground for terrorism. And you have the activity in the Horn of Africa and the Sahel area of Africa. Again, lots of weak governance which forms a breeding ground for terrorist activity. So I think it's very serious. I think it's number one. I think number two is cyber threat. I think cyber is a threat in three ways: One way, and probably the most common way that people have heard about it, is due to the theft of intellectual property, so basically, foreign countries going in, stealing companies' secrets, and then providing that information to state-owned enterprises or companies connected to the government to help them leapfrog technology or to gain business intelligence that's then used to win contracts overseas. That is a hugely costly set of activities that's going on right now. Several nation-states are doing it. Second is the denial-of-service attacks. You're probably aware that there have been a spate of those directed against the U.S. financial sector since 2012. Again, that's a nation-state who is executing those attacks, and they're doing that as a semi-anonymous way of reprisal. And the last one is destructive attacks, and those are the ones that concern me the most. Those are on the rise. You have the attack against Saudi Aramco in 2012, August of 2012. It took down about 35,000 of their computers with a Wiper-style virus. You had a follow-on a week later to a Qatari company. You had March of 2013, you had a South Korean attack that was attributed in the press to North Korea that took out thousands of computers. Those are on the rise, and we see people expressing interest in those capabilities and a desire to employ them.
-
CA:好,因此你舉了幾個例子,因為這幾乎可說是核心原因。我是指,首先,許多人觀察這些風險和數字,仍不明白恐怖主義是頭號威脅的觀點。你知道,除了911事件,我認為過去30至40年間的數字-大約500名美國人喪命於恐怖主義,多半歸因於本土恐怖分子;近幾年因恐怖主義喪命的機率遠小於雷擊。我猜你會說,只要一場核事故或生化恐怖活動之類的事件,這些數字將大幅改觀。這是你的觀點嗎?
RL:好,我得說明兩件事。第一,911之後,美國尚未遭受重大攻擊的原因是-那並非偶然,而是因為我們做了相當多的努力。還有其他情報系統、軍隊及我們全球的盟國所做的努力。你聽過關於恐怖分子攻擊的數目只是冰山一角。NSA項目阻止的攻擊有54起,其中25起在歐洲。這25起當中,18起發生在三個國家,有些是我們的盟國。順帶一提,有些則令NSA項目遭受嚴重打擊。因此這一切並非偶然發生,這是相當艱苦的努力。我們發現恐怖活動相關情報,以不同方式阻止,藉由執法、藉由與其他國家合作,有時藉由軍事活動。我要說明的另一點是,你關於核武或生化威脅的說法絕非牽強的藉口。事實上,有幾個團體多年來對獲得這些能力展現高度興趣及渴望,並致力於這個目標。
CA:也有人說,這54起所謂的攻擊事件,幾乎沒有任何一個與史諾登先生揭露的爭議性項目有關,那基本上是藉由其他形式的情報獲得。你們所做的是海底撈針;這些項目的作用,這些爭議性項目只在大海中加入水滴,並非真的為了尋針,針是藉由其他方式找到的。是否存在類似這樣的情況?
RL:不,事實上相關討論中通常涉及兩個項目,一個是《愛國者法案》215條,美國電話元數據項目;另一個是一般稱之為稜鏡計畫的項目,事實上是外國情報監視法修正案702條。但215項目只與針對美國的威脅有關,其中涉及十幾種威脅。現在你將看見人們公開說,其中沒有「如果不是」的例子,因此沒有「如果不是那樣,攻擊就會發生」的例子。但事實上這顯示了對恐怖分子實際調查過程的缺乏瞭解。思考一下你在電視上看見的兇案調查。你從何開始?從屍體開始,然後一步步解開兇案之謎。事實上我們早在那之前就開始進行,希望在任何屍體出現之前。我們試著建立「這些人是誰?他們想做什麼?」的檔案,這包含大量訊息。不妨把它想像成馬賽克圖案,很難說哪一塊馬賽克是建立馬賽克圖案的必要組成。但為了建構事件全貌,你需要擁有所有資訊碎片。另一方面,54起威脅中與美國無關的另外42起,稜鏡計畫與其有相當大的關聯,事實上對阻止這些攻擊有相當重要的貢獻。
CA:史諾登兩天前說,恐怖主義一向被情報界稱為「行動的掩飾」,因為它可激起人民相當強烈的情緒反應,使這些項目啟動時獲得單一機構本來無法擁有的權力。是否存在相關的內部爭論?
展開英文
收合英文
-
CA: Okay, so a couple of things here, because this is really the core of this, almost. I mean, first of all, a lot of people who look at risk and look at the numbers don't understand this belief that terrorism is still the number one threat. Apart from September 11, I think the numbers are that in the last 30 or 40 years about 500 Americans have died from terrorism, mostly from homegrown terrorists. The chance in the last few years of being killed by terrorism is far less than the chance of being killed by lightning. I guess you would say that a single nuclear incident or bioterrorism act or something like that would change those numbers. Would that be the point of view?
RL: Well, I'd say two things. One is, the reason that there hasn't been a major attack in the United States since 9/11, that is not an accident. That's a lot of hard work that we have done, that other folks in the intelligence community have done, that the military has done, and that our allies around the globe have done. You've heard the numbers about the tip of the iceberg in terms of numbers of terrorist attacks that NSA programs contributed to stopping was 54, 25 of those in Europe, and of those 25, 18 of them occurred in three countries, some of which are our allies, and some of which are beating the heck out of us over the NSA programs, by the way. So that's not an accident that those things happen. That's hard work. That's us finding intelligence on terrorist activities and interdicting them through one way or another, through law enforcement, through cooperative activities with other countries and sometimes through military action. The other thing I would say is that your idea of nuclear or chem-bio-threat is not at all far-fetched and in fact there are a number of groups who have for several years expressed interest and desire in obtaining those capabilities and work towards that.
CA: It's also been said that, of those 54 alleged incidents, that as few as zero of them were actually anything to do with these controversial programs that Mr. Snowden revealed, that it was basically through other forms of intelligence, that you're looking for a needle in a haystack, and the effects of these programs, these controversial programs, is just to add hay to the stack, not to really find the needle. The needle was found by other methods. Isn't there something to that?
RL: No, there's actually two programs that are typically implicated in that discussion. One is the section 215 program, the U.S. telephony metadata program, and the other one is popularly called the PRISM program, and it's actually section 702 of the FISA Amendment Act. But the 215 program is only relevant to threats that are directed against the United States, and there have been a dozen threats where that was implicated. Now what you'll see people say publicly is there is no "but for" case, and so there is no case where, but for that, the threat would have happened. But that actually indicates a lack of understanding of how terrorist investigations actually work. You think about on television, you watch a murder mystery. What do you start with? You start with a body, and then they work their way from there to solve the crime. We're actually starting well before that, hopefully before there are any bodies, and we're trying to build the case for who the people are, what they're trying to do, and that involves massive amounts of information. Think of it is as mosaic, and it's hard to say that any one piece of a mosaic was necessary to building the mosaic, but to build the complete picture, you need to have all the pieces of information. On the other, the non-U.S.-related threats out of those 54, the other 42 of them, the PRISM program was hugely relevant to that, and in fact was material in contributing to stopping those attacks.
CA: Snowden said two days ago that terrorism has always been what is called in the intelligence world "a cover for action," that it's something that, because it invokes such a powerful emotional response in people, it allows the initiation of these programs to achieve powers that an organization like yours couldn't otherwise have. Is there any internal debate about that?
-
RL:是的,我是指,我們一直對此有所辯論。目前行政部門、NSA內部及情報界正進行一些討論,關於什麼是對的、什麼是適當的、什麼是正確的做法。值得一提的是,我們談論的那些項目全都經由兩位不同的總統批准,兩個不同的政黨、經國會通過兩次、經聯邦法官核准16次,因此並非NSA自作主張、自行其是。這是所有美國政府機構同意的美國政府對外合法活動,麥迪遜總統也會感到驕傲。
CA:然而,當國會議員發現事實上這些活動是經授權的行為,多半相當震驚。還是你認為這並非真實反應,只因現在曝光在眾人之前。事實上他們確實知道你們用他們賦予之權利所做的一切?
RL:國會是相當龐大的體系,有535人,人員經常變動。以眾議院為例,每兩年變動一次。我認為NSA提供所有相關訊息給我們的監督委員會,然後這些訊息藉由國會管理的監督委員會傳遞。我認為我可以說,國會成員有機會得知這些訊息,事實上為數不少。那些擔負監督責任的人確實有能力這麼做,那些委員會主席確實公開承認這一點。
CA:好,你提到網路攻擊威脅,我認為現場任何人都同意這是很大的憂慮。但你是否接受,攻擊與防禦策略之間存在權衡關係,這種權衡可能造成「減弱加密」,使你得以發現壞人,或許同時打開網路攻擊的大門?
RL:因此我想這包含兩件事。第一,你提到減弱加密,我沒這麼做。另一點是,這兩種都是NSA的任務,我們強烈傾向於防禦。事實上,我們在大多數案例中發現的漏洞,我們告知負責製造或開發這些產品的人,我們擁有大量相關記錄。事實上目前我們正著手擬定一個提案,進行透明化及公布透明度報告,如同網路公司公布透明度報告的方式。我們希望更透明化。因此同樣地,我們使用自己的產品,我們使用相同標準、使用我們建議的產品,因此以人們所需的方式保護通訊安全同樣對我們有利。
CA:愛德華.史諾登,當他結束演講、藉由機器人在演講廳閒逛時,我聽見他與幾個人交談。他們問他對NSA的整體評價,他對與你共事的人十分讚賞,說那是一群充滿熱情的員工,致力於做正確的事,問題僅源於某些設想不周的政策。他看起來確實相當理智和沉著,看起來不像瘋子。即使你不贊同他的做法,是否至少能接受這一點:他開啟了一項相當重要的辯論?
RL:因此我認為這是相當重要的討論。我不喜歡他的做法,我認為他可採取一些其他做法,不是使我們失去對敵人行動之掌控,而危害我國及其他國家人民安全的方式。但我確實認為這是一項重要的對話。
展開英文
收合英文
-
RL: Yeah. I mean, we debate these things all the time, and there is discussion that goes on in the executive branch and within NSA itself and the intelligence community about what's right, what's proportionate, what's the correct thing to do. And it's important to note that the programs that we're talking about were all authorized by two different presidents, two different political parties, by Congress twice, and by federal judges 16 different times, and so this is not NSA running off and doing its own thing. This is a legitimate activity of the United States foreign government that was agreed to by all the branches of the United States government, and President Madison would have been proud.
CA: And yet, when congressmen discovered what was actually being done with that authorization, many of them were completely shocked. Or do you think that is not a legitimate reaction, that it's only because it's now come out publicly, that they really knew exactly what you were doing with the powers they had granted you?
RL: Congress is a big body. There's 535 of them, and they change out frequently, in the case of the House, every two years, and I think that the NSA provided all the relevant information to our oversight committees, and then the dissemination of that information by the oversight committees throughout Congress is something that they manage. I think I would say that Congress members had the opportunity to make themselves aware, and in fact a significant number of them, the ones who are assigned oversight responsibility, did have the ability to do that. And you've actually had the chairs of those committees say that in public. CA: Now, you mentioned the threat of cyber attacks, and I don't think anyone in this room would disagree that that is a huge concern, but do you accept that there's a tradeoff between offensive and defensive strategies, and that it's possible that the very measures taken to, "weaken encryption," and allow yourself to find the bad guys, might also open the door to forms of cyber attack?
RL: So I think two things. One is, you said weaken encryption. I didn't. And the other one is that the NSA has both of those missions, and we are heavily biased towards defense, and, actually, the vulnerabilities that we find in the overwhelming majority of cases, we disclose to the people who are responsible for manufacturing or developing those products. We have a great track record of that, and we're actually working on a proposal right now to be transparent and to publish transparency reports in the same way that the Internet companies are being allowed to publish transparency reports for them. We want to be more transparent about that. So again, we eat our own dog food. We use the standards, we use the products that we recommend, and so it's in our interest to keep our communications protected in the same way that other people's need to be.
CA: Edward Snowden, when, after his talk, was wandering the halls here in the bot, and I heard him say to a couple of people, they asked him about what he thought of the NSA overall, and he was very complimentary about the people who work with you, said that it's a really impassioned group of employees who are seeking to do the right thing, and that the problems have come from just some badly conceived policies. He came over certainly very reasonably and calmly. He didn't come over like a crazy man. Would you accept that at least, even if you disagree with how he did it, that he has opened a debate that matters?
RL: So I think that the discussion is an important one to have. I do not like the way that he did it. I think there were a number of other ways that he could have done that that would have not endangered our people and the people of other nations through losing visibility into what our adversaries are doing. But I do think it's an important conversation.
-
CA:報導指出,你和同事對任何可能提供他赦免交易的方案意見有所分歧。我認為你的長官-基斯.亞歷山大將軍曾說,這對其他人來說是相當糟的示範;你不能與某個以這種方式違反法律的人進行談判。但曾經有報導引述你的說法:如果史諾登能證明他已交出所有未公開的文件,那項交易或許應列入考量。你依然這麼認為嗎?
RL:是的,因此事實上我最喜歡《60分鐘》訪談的地方,就是所有錯誤的引述都來自那裡。事實上我說的是-對於以下問題的回答:「你是否接受任何關於減輕史諾登罪責的討論?」我說,是的,這值得討論。事實上美國司法部長和總統都這麼說過。我尊重司法部長的觀點,因為這是他的職掌範圍。但美國法學中有個重要傳統:與被指控有犯罪嫌疑者展開討論,如果對政府有利、能從中獲得什麼,這種情況總是存在討論空間。因此我並非預先支持任何結果,但總是存在討論空間。
CA:以一位外行人來看,他似乎確實能提供美國某些東西,對於政府、你、其他人,例如導正錯誤、協助想出更好的政策、以更好的方式邁向未來。你認為這種可能性有機會被接受嗎?
RL:這並非我的職掌範圍,也不是NSA的業務。這是司法部的權責,我尊重他們的決定。
CA:Rick,當史諾登結束演講後,我給他機會分享他認為值得傳播的想法。你有什麼值得分享給大眾的想法?
RL:我認為是「學習瞭解事實」。這是相當重要的對話,這個影響,不僅在於NSA、不僅在於政府,也在於你、在於網路公司。隱私和個人資料的問題比政府重要得多。因此學習瞭解事實,不要依賴頭條新聞、不要依賴斷章取義的引述、不要依賴片面說法。因此這是我認為值得分享的想法。我們有一個標誌,一個徽章牌,我們用繩鏈掛著徽章上班。如果我能提出建議,我希望工作時掛的徽章寫著「達拉斯牛仔」。達拉斯加油!我剛剛疏遠了半數聽眾,我知道。因此我們機構中負責密碼分析的人員,所掛繩鏈上的標籤寫著:「觀察數據」。因此這是值得分享的想法:觀察數據。
CA:Rick,我認為與聽眾進行公開談話確實需要相當的勇氣,這並非NSA習以為常的事;還有技術上的挑戰。十分感謝你的參與,並與我們分享這場相當重要的談話。十分感謝。(掌聲)
RL:謝謝Chris。
展開英文
收合英文
-
CA: It's been reported that there's almost a difference of opinion with you and your colleagues over any scenario in which he might be offered an amnesty deal. I think your boss, General Keith Alexander, has said that that would be a terrible example for others; you can't negotiate with someone who's broken the law in that way. But you've been quoted as saying that, if Snowden could prove that he was surrendering all undisclosed documents, that a deal maybe should be considered. Do you still think that?
RL: Yeah, so actually, this is my favorite thing about that "60 Minutes" interview was all the misquotes that came from that. What I actually said, in response to a question about, would you entertain any discussions of mitigating action against Snowden, I said, yeah, it's worth a conversation. This is something that the attorney general of the United States and the president also actually have both talked about this, and I defer to the attorney general, because this is his lane. But there is a strong tradition in American jurisprudence of having discussions with people who have been charged with crimes in order to, if it benefits the government, to get something out of that, that there's always room for that kind of discussion. So I'm not presupposing any outcome, but there is always room for discussion.
CA: To a lay person it seems like he has certain things to offer the U.S., the government, you, others, in terms of putting things right and helping figure out a smarter policy, a smarter way forward for the future. Do you see, has that kind of possibility been entertained at all? RL: So that's out of my lane. That's not an NSA thing. That would be a Department of Justice sort of discussion. I'll defer to them.
CA: Rick, when Ed Snowden ended his talk, I offered him the chance to share an idea worth spreading. What would be your idea worth spreading for this group?
RL: So I think, learn the facts. This is a really important conversation, and it impacts, it's not just NSA, it's not just the government, it's you, it's the Internet companies. The issue of privacy and personal data is much bigger than just the government, and so learn the facts. Don't rely on headlines, don't rely on sound bites, don't rely on one-sided conversations. So that's the idea, I think, worth spreading. We have a sign, a badge tab, we wear badges at work with lanyards, and if I could make a plug, my badge lanyard at work says, "Dallas Cowboys." Go Dallas. I've just alienated half the audience, I know. So the lanyard that our people who work in the organization that does our crypto-analytic work have a tab that says, "Look at the data." So that's the idea worth spreading. Look at the data.
CA: Rick, it took a certain amount of courage, I think, actually, to come and speak openly to this group. It's not something the NSA has done a lot of in the past, and plus the technology has been challenging. We truly appreciate you doing that and sharing in this very important conversation. Thank you so much.
RL: Thanks, Chris.