技术权威称与政府共享加密数据危害巨大
Security Experts Oppose Government Access to Encrypted Communication
技术权威称与政府共享加密数据危害巨大
SAN FRANCISCO ― An elite group of security technologists has concluded that the American and British governments cannot demand special access to encrypted communications without putting the world’s most confidential data and critical infrastructure in danger.
旧金山――一个由顶尖安全技术专家组成的团队得出结论,向美国和英国政府提供获取加密通讯的特殊手段,势必会令全球最秘密的数据和至关重要的基础设施陷入危险境地。
A new paper from the group, made up of 14 of the world’s pre-eminent cryptographers and computer scientists, is a formidable salvo in a skirmish between intelligence and law enforcement leaders, and technologists and privacy advocates. After Edward J. Snowden’s revelations ― with security breaches and awareness of nation-state surveillance at a record high and data moving online at breakneck speeds ― encryption has emerged as a major issue in the debate over privacy rights.
在情报和执法部门领导人与技术和隐私倡导人士的交锋中,由全球14位知名密码学和计算机科学家组成的团队发布的这篇论文,形成了一次排山倒海的攻势。在爱德华・J・斯诺登(Edward J. Snowden)披露后,随着网络入侵事件频发、对政府监控的戒备意识空前强烈,以及数据在网络间的高速传输,加密已经成为隐私权争论的一个焦点话题。
That has put Silicon Valley at the center of a tug of war. Technology companies including Apple, Microsoft and Google have been moving to encrypt more of their corporate and customer data after learning that the National Security Agency and its counterparts were siphoning off digital communications and hacking into corporate data centers.
这就让硅谷成为了这场拉锯战的中心。得知美国国家安全局(National Security Agency)及他国情报机构在窃听数码通讯,并侵入企业数据中心后,包括苹果、微软和谷歌在内的科技公司已经开始增加对企业和客户数据的加密。
Yet law enforcement and intelligence agency leaders argue that such efforts thwart their ability to monitor kidnappers, terrorists and other adversaries. In Britain, Prime Minister David Cameron threatened to ban encrypted messages altogether. In the United States, Michael S. Rogers, the director of the N.S.A., proposed that technology companies be required to create a digital key to unlock encrypted data, but to divide the key into pieces and secure it so that no one person or government agency could use it alone.
然而,执法和情报部门领导人认为,这样的措施会影响他们监控绑架犯、恐怖分子及其他敌人的能力。英国首相戴维・卡梅伦(David Cameron)威胁要全面禁止讯息加密。而在美国,国家安全局局长迈克尔・S・罗杰斯(Michael S. Rogers)提议,科技公司应该制作一种用于解除加密数据锁定的数码密钥,但是可以把密钥分成多份,分别妥善保存,这样没有任何个人或单一的政府机构可以独自加以使用。
The encryption debate has left both sides bitterly divided and in fighting mode. The group of cryptographers deliberately issued its report a day before James B. Comey Jr., the director of the Federal Bureau of Investigation, and Sally Quillian Yates, the deputy attorney general at the Justice Department, are scheduled to testify before the Senate Judiciary Committee on the concerns that they and other government agencies have that encryption technologies will prevent them from effectively doing their jobs.
这场关于加密的争论使双方产生了巨大分歧并处于对战状态。按计划,联邦调查局(FBI)局长小詹姆斯・B・科米(James B. Comey Jr.)和司法部副部长莎莉・奎利安・耶茨(Sally Quillian Yates)即将出席参议院司法委员会(Senate Judiciary Committee)的听证会,就以下议题发言:如果他们和其他政府机构使用这种加密技术,就无法有效地完成工作。这些密码专家故意选择在此次听证会的前一天发布了自己的报告。
The new paper is the first in-depth technical analysis of government proposals by leading cryptographers and security thinkers, including Whitfield Diffie, a pioneer of public key cryptography, and Ronald L. Rivest, the “R” in the widely used RSA public cryptography algorithm. In the report, the group said any effort to give the government “exceptional access” to encrypted communications was technically unfeasible and would leave confidential data and critical infrastructure like banks and the power grid at risk.
这份新报告,是公共密钥密码学先驱惠特菲尔德・迪菲(Whitfield Diffie)和罗纳德・L・瑞威斯特(Ronald L. Rivest)等著名密码专家和考虑安全事宜的人士对政府提议的首次深度技术分析。广泛使用的RSA公共加密算法里的“R”就取自瑞威斯特姓氏的首字母。这些专家在报告中表示,任何赋予政府获得加密通讯信息等“特殊权限”的做法,从技术层面而言都不具有可行性,而且会使机密数据及银行和电网等基础设施暴露在风险之下。
Handing governments a key to encrypted communications would also require an extraordinary degree of trust. With government agency breaches now the norm ― most recently at the United States Office of Personnel Management, the State Department and the White House ― the security specialists said authorities could not be trusted to keep such keys safe from hackers and criminals. They added that if the United States and Britain mandated backdoor keys to communications, China and other governments in foreign markets would be spurred to do the same.
把获取加密通讯信息的密钥交给政府,需要非同寻常的信任。鉴于政府机构目前频频泄密――最近的泄密事件发生在美国人事管理办公室(United States Office of Personnel Management)、国务院和白宫――这些安全专家表示,他们无法信任当局能保证这些密钥不被黑客和罪犯窃取。他们还表示,如果美国和英国强行要求持有通讯信息的后门密钥,那么也会刺激海外市场上的中国等国家的政府采取同样的举动。
“Such access will open doors through which criminals and malicious nation-states can attack the very individuals law enforcement seeks to defend,” the report said. “The costs would be substantial, the damage to innovation severe and the consequences to economic growth hard to predict. The costs to the developed countries’ soft power and to our moral authority would also be considerable.”
“这种权限将对犯罪分子和不怀好意的国家敞开大门,使他们能够攻击执法部门试图保护的那些个人,”报告称。“代价将会很大,创新将受到严重打击,对经济增长的影响也将难以预料。发达国家的软实力和我们的道德权威也将受到重大影响。”
A spokesman for the F.B.I. declined to comment ahead of Mr. Comey’s appearance before the Senate Judiciary Committee hearings on Wednesday. Mr. Comey recently told CNN, “Our job is to find needles in a nationwide haystack, needles that are increasingly invisible to us because of end-to-end encryption.”
FBI的一个发言人拒绝在科米周三出席参议院司法委员会的听证会前发表评论。科米最近告诉CNN,“我们的工作就是在整个国家的这片大海中捞针,因为端到端的加密,这些针现在越来越难找了。”
A Justice Department official, who spoke on the condition of anonymity before the hearing, said that the agency supported strong encryption, but that certain uses of the technology ― notably end-to-end encryption that forces law enforcement to go directly to the target rather than to technology companies for passwords and communications ― interfered with the government’s wiretap authority and created public safety risks.
司法部的一名官员在听证会前匿名表示,司法部支持强有力的加密,但是这种技术的某些使用――尤其是端到端的加密――会影响政府的监听权限,从而带来公共安全隐患,因为它会迫使执法部门直接去找目标,而不是去找技术公司索要密码和通讯信息。
Paul Kocher, the president of the Rambus Cryptography Research Division, who did not write the paper, said it shifted the debate over encryption from how much power intelligence agencies should have to the technological underpinnings of gaining special access to encrypted communications.
兰巴斯密码研究公司(Rambus Cryptography Research Division)总裁保罗・科克(Paul Kocher)并没有参与这篇论文的撰写。他表示,论文把针对加密的争论对象,从情报机构究竟应该拥有多大权限,变成了获取加密通讯信息的特殊权限的技术基础。
The paper “details multiple technological reasons why mandatory government back doors are technically unworkable, and how encryption regulations would be disastrous for computer security,” Mr. Kocher said. “This report ought to put to rest any technical questions about ‘Would this work?’ ”
论文“提供了多个技术原因,详细解释了为何强制性的政府后门在技术上行不通,以及加密法规为何会给计算机安全带来灾难性的影响,”科克说。“这篇报告应该会终止一切关于‘这样是否可行’的技术问题。”
The group behind the report has previously fought proposals for encryption access. In 1997, it analyzed the technical risks and shortcomings of a proposal in the Clinton administration called the Clipper chip. Clipper would have poked a hole in cryptographic systems by requiring technology manufacturers to include a small hardware chip in their products that would have ensured that the government would always be able to unlock scrambled communications.
撰写报告的这些人此前也曾反对过关于获得加密权限的提议。1997年,他们分析了克林顿政府一个被称作“曲别针芯片”(Clipper Chip)的提议项目的技术风险和缺点。曲别针项目会通过要求科技产品制造商在产品中加入一个小型芯片硬件,在加密系统里形成一个漏洞,以此保证政府总能解密复杂的通讯信息。
The government abandoned the effort after an analysis by the group showed it would have been technically unworkable. The final blow was the discovery by Matt Blaze, then a 32-year-old computer scientist at AT&T Bell Laboratories and one of the authors of the new paper, of a flaw in the system that would have allowed anyone with technical expertise to gain access to the key to Clipper-encrypted communications.
在该团队的分析表明曲别针项目在技术上行不通后,政府放弃了这一提议。马特・布拉兹(Matt Blaze)的发现对该提议形成了最后一击。他当时32岁,是AT&T贝尔实验室(AT&T Bell Laboratories)的一名计算机科学家,他也是这篇新论文的作者之一。他发现,系统里存在一个漏洞,任何拥有专业技术技能的人,都能获得曲别针加密通讯信息的密钥。
Now the group has convened again for the first time since 1997. “The decisions for policy makers are going to shape the future of the global Internet and we want to make sure they get the technology analysis right,” said Daniel J. Weitzner, head of the MIT Cybersecurity and Internet Policy Research Initiative and a former deputy chief technology officer at the White House, who coordinated the latest report.
现在,该团队召开了自1997年来的第一次会议。“政策制定者的决定将改变全球网络的未来,我们希望确保他们搞懂了相关技术分析,”麻省理工学院网络安全与网络政策研究行动(MIT Cybersecurity and Internet Policy Research Initiative)负责人、前白宫副首席技术官丹尼尔・ J ・魏茨纳(Daniel J. Weitzner)说。魏茨纳负责协调整理了这份最新的报告。
“The government’s proposals for exceptional access are wrong in principle and unworkable in practice,” said Ross Anderson, a professor of security engineering at the University of Cambridge and the paper’s sole author in Britain. “That is the message we are going to be hammering home again and again over the next few months as we oppose these proposals in your country and in ours.”
“政府有关特殊权限的提议存在原则性错误,而且也不可行,” 剑桥大学(University of Cambridge)安全工程教授、该报告唯一的英国作者罗斯・安德森(Ross Anderson)说。“我们未来几个月将会反复传达这一信息,因为我们反对在你们和我们的国家实施这些提议。”