The 2011 Arab Spring captured the attention of the world. It also captured the attention of authoritarian governments in other countries, who were worried that revolution would spread. To respond, they ramped up surveillance of activists, journalists and dissidents who they feared would inspire revolution in their own countries. One prominent Bahraini activist, who was arrested and tortured by his government, has said that the interrogators showed him transcripts of his telephone calls and text messages.
2011 年阿拉伯之春引起世界嘅關注 亦都引起其他國家獨裁政府嘅警覺性 佢哋擔心運動會蔓延 為咗應對 佢哋加強對社會運動人士、 記者同異議分子嘅監控 佢哋驚呢班人會喺自己國家裏面 引發一場革命 一個巴林出名嘅社運人士 被政府拘捕同虐待 佢話,問話嘅人俾佢睇 佢電話嘅通話內容同短訊內容
Of course, it's no secret that governments are able to intercept telephone calls and text messages. It's for that reason that many activists specifically avoid using the telephone. Instead, they use tools like Skype, which they think are immune to interception. They're wrong. There have now been over the last few years an industry of companies who provide surveillance technology to governments, specifically technology that allows those governments to hack into the computers of surveillance targets. Rather than intercepting the communications as they go over the wire, instead they now hack into your computer, enable your webcam, enable your microphone, and steal documents from your computer.
當然 政府能夠截聽電話同埋短訊 早已經唔係咩秘密 正因為係咁 好多社運人士都避免用電話 佢哋會用类似 Skype 嘅工具 因為佢哋認為咁樣就唔會俾人截聽到 但佢哋錯啦 从前幾年開始 已經有好多公司向政府提供監控技術 尤其係 俾政府可以入侵監察對象電腦嘅科技 由佢哋以前喺線路中間一半截聽通訊 改為宜家直接入侵你嘅電腦 启动你嘅網絡攝錄機、麥克風 盜取你電腦裡邊嘅文件 當埃及政府喺 2011 年倒台時
When the government of Egypt fell in 2011, activists raided the office of the secret police, and among the many documents they found was this document by the Gamma Corporation, by Gamma International. Gamma is a German company that manufactures surveillance software and sells it only to governments. It's important to note that most governments don't really have the in-house capabilities to develop this software. Smaller ones don't have the resources or the expertise, and so there's this market of Western companies who are happy to supply them with the tools and techniques for a price. Gamma is just one of these companies. I should note also that Gamma never actually sold their software to the Egyptian government. They'd sent them an invoice for a sale, but the Egyptians never bought it. Instead, apparently, the Egyptian government used a free demo version of Gamma's software. (Laughter)
社運人士搜查咗秘密警察嘅辦公室 喺好多文件裏面 發現一份嚟自 Gamma International 旗下子公司 Gamma Corporation 嘅文件 Gamma International 係一間德國公司 佢研發監控軟件同埋剩係向政府售卖 值得注意嘅係 大部分政府本身係冇能力開發呢啲軟件 更細規模嘅政府更加冇 咁樣嘅資源同人才 因此 西方企業好樂意提供呢啲工具同技術 以換取收入 Gamma 只係其中一間咁樣嘅公司 我亦都要強調事實上 Gamma 從來冇賣軟件俾埃及政府 佢哋有寄過報價嘅發票 但係埃及從來冇買過 好明顯 埃及政府係用紧 Gamma 嘅免費試用版 (笑聲)
So this screenshot is from a sales video that Gamma produced. Really, they're just emphasizing in a relatively slick presentation the fact that the police can sort of sit in an air-conditioned office and remotely monitor someone without them having any idea that it's going on. You know, your webcam light won't turn on. There's nothing to indicate that the microphone is enabled.
呢個截圖係嚟自 Gamma 銷售推廣嘅片 佢哋喺呢個比較簡潔流暢嘅影片裏面強調 其實警察坐喺冷氣辦公室 就能夠遙控地監控著某人 而被監聽嘅人係唔知情嘅 你知嗎? 網絡攝錄機嘅燈唔會著 唔會有嘢話你知個麥克風被人開咗
This is the managing director of Gamma International. His name is Martin Muench. There are many photos of Mr. Muench that exist. This is perhaps my favorite. I'm just going to zoom in a little bit onto his webcam. You can see there's a little sticker that's placed over his camera. He knows what kind of surveillance is possible, and so clearly he doesn't want it to be used against him. Muench has said that he intends for his software to be used to capture terrorists and locate pedophiles. Of course, he's also acknowledged that once the software has been sold to governments, he has no way of knowing how it can be used. Gamma's software has been located on servers in countries around the world, many with really atrocious track records and human rights violations. They really are selling their software around the world.
呢位係 Gamma International 嘅董事總經理 Martin Muench 佢出現過喺好多相裏邊 呢張係我最鍾意嘅 我哋放大佢嘅網絡攝錄機 可以見到有一張細黐紙 黐咗喺攝錄機度 佢知道有咩監控係可能發生嘅 所以好明顯佢唔希望咁樣嘅嘢 發生喺佢自己身上 Martin 話 佢希望佢嘅軟件 可以用嚟捉恐怖分子 或者搵出戀童癖嘅藏身之處 當然 佢都承認呢個軟件賣咗俾政府之後 佢哋點樣用就唔知啦 全世界好多伺服器都裝咗 Gamma 個軟件 好多伺服器都有驚人嘅追蹤紀錄 同埋好多都違反人權 佢哋真係做到銷售全球化
Gamma is not the only company in the business. As I said, it's a $5 billion industry. One of the other big guys in the industry is an Italian company called Hacking Team. Now, Hacking Team has what is probably the slickest presentation. The video they've produced is very sexy, and so I'm going to play you a clip just so you can get a feel both for the capabilities of the software but also how it's marketed to their government clients.
Gamma 唔係唯一一個咁嘅公司 好似我話齋 呢個係一個價值五十億美元嘅行業 呢行嘅另一間大公司係 義大利嘅 Hacking Team 今日嚟講 呢家公司做嘅匯報可能係最簡潔流暢 佢哋整嘅宣傳片非常有吸引力 我一陣間會播出嚟 令你哋感受下呢間公司嘅軟件有幾勁 以及係佢哋係點樣向政府推銷呢件產品
(Video) Narrator: You want to look through your target's eyes. (Music) You have to hack your target. ["While your target is browsing the web, exchanging documents, receiving SMS, crossing the borders"] You have to hit many different platforms. ["Windows, OS X, iOS, Android, Blackberry, Symbian, Linux"] You have to overcome encryption and capture relevant data. [Skype & encrypted calls, target location, messaging, relationships, web browsing, audio & video"] Being stealth and untraceable. ["Immune to any protection system Hidden collection infrastructure"] Deployed all over your country. ["Up to hundreds of thousands of targets Managed from a single spot"] Exactly what we do.
(影片嘅聲音) 錄音︰你想睇你監控對象睇梗啲乜 (音樂) 你要攻擊你個對象 [「當你監控對象喺度上網、 交換文件、收短訊、過境」] 你必須要攻入好多唔同嘅平台 [「Windows, OS X, iOS, Android, Blackberry, Symbian, Linux」] 你必須要克服加密嘅問題以獲取相關資料 [「Skype 以及已加密嘅通話 目標位置、短訊、 關係、 網頁瀏覽、錄音及影片」] 隱形而冇被偵測到 [「對任何保護系統都有抗禦能力」] [「隱藏嘅資料收集設施」] 遍佈全國 [「一個設施可以監控數以千計嘅目標」] 正係我哋做嘅嘢
Christopher Soghoian: So, it would be funny if it wasn't true, but, in fact, Hacking Team's software is being sold to governments around the world. Last year we learned, for example, that it's been used to target Moroccan journalists by the Moroccan government. Many, many countries it's been found in. So, Hacking Team has also been actively courting the U.S. law enforcement market. In the last year or so, the company has opened a sales office in Maryland. The company has also hired a spokesperson. They've been attending surveillance industry conferences where law enforcement officials show up. They've spoken at the conferences. What I thought was most fascinating was they've actually paid for the coffee break at one of the law enforcement conferences earlier this year. I can't tell you for sure that Hacking Team has sold their technology in the United States, but what I can tell you that if they haven't sold it, it isn't because they haven't been trying hard.
講者:如果頭先講嘅嘢係虛構 噉就幾搞笑啦 但事實上 駭客團隊嘅軟件係賣俾全世界嘅政府 舉個例 舊年我哋至知摩洛哥政府 一直用呢個科技監控記者 好多國家都有類似嘅情況 所以 駭客團隊都留意 美國司法管轄地方嘅市場 舊年左右呢間公司 喺維珍妮亞州或者馬里蘭州 開設銷售辦公室 仲請咗一名發言人 佢哋有參與監控業界嘅研討會 執法官員都有出席 佢哋有喺研討會度發言 我覺得最得意嘅係 佢哋今年初喺其中一個 有關執法嘅會議裏面贊助咗休息時間 我唔可以好肯定咁話你知駭客團隊 有冇賣咗佢哋嘅科技俾美國政府 但我可以話俾你聽 如果佢哋冇賣到 唔係因為佢哋冇努力推銷
So as I said before, governments that don't really have the resources to build their own tools will buy off-the-shelf surveillance software, and so for that reason, you see that the government of, say, Tunisia, might use the same software as the government of Germany. They're all buying off-the-shelf stuff. The Federal Bureau of Investigation in the United States does have the budget to build their own surveillance technology, and so for several years, I've been trying to figure out if and how the FBI is hacking into the computers of surveillance targets.
正如我之前所講 冇資源開發軟件嘅政府 會買呢啲上咗架嘅監控軟件 正因為咁 你會見到,譬如,突尼斯政府 可能會同德國政府一樣用同一款軟件 佢哋都係買貨架上嘅軟件 美國聯邦調查局 FBI 有筆預算去研發佢哋 自己一套嘅監控技術 於是呢幾年嚟 我嘗試搵出 FBI 有冇真係入侵
My friends at an organization called the Electronic Frontier Foundation -- they're a civil society group — obtained hundreds of documents from the FBI detailing their next generation of surveillance technologies. Most of these documents were heavily redacted, but what you can see from the slides, if I zoom in, is this term: Remote Operations Unit. Now, when I first looked into this, I'd never heard of this unit before. I've been studying surveillance for more than six years. I'd never heard of it. And so I went online and I did some research, and ultimately I hit the mother lode when I went to LinkedIn, the social networking site for job seekers. There were lots of former U.S. government contractors who had at one point worked for the Remote Operating Unit, and were describing in surprising detail on their CVs what they had done in their former job. (Laughter) So I took this information and I gave it to a journalist that I know and trust at the Wall Street Journal, and she was able to contact several other former law enforcement officials who spoke on background and confirmed that yes, in fact, the FBI has a dedicated team that does nothing but hack into the computers of surveillance targets. Like Gamma and Hacking Team, the FBI also has the capability to remotely activate webcams, microphones, steal documents, get web browsing information, the works.
同埋點樣入侵監控對象嘅電腦 我有個朋友喺電子領域基金會度做 呢個基金會一個民間組織 佢哋攞咗好多 FBI 嘅文件 裏邊寫低 FBI 下一代嘅監聽科技會係點 呢啲文件大多數內容都俾人大執過 但若果我放大熒幕上面嘅嘢 你會見到呢行字: 遠端營運單位 當我第一次見到呢樣嘢 我從來未聽過呢個單位 我已經研究咗監控呢樣嘢超過六年啦 但我由未聽過呢個單位 於是我上網搵 最後我搵到答案 就係我上 Linkedin 一個求職者嘅社交網站嗰時 嗰度有好多美國政府嘅前合約僱員 佢哋都曾經都喺 呢個遠端營運單位裏面做 佢哋仲係履歷上面詳細描述 佢哋做呢份工嗰陣做過啲乜 (笑聲) 我將呢啲資料 交俾一個我識得同信得過嘅 華爾街日報記者 佢聯絡咗一啲前執法人員 佢哋喺背後承認同證實 FBI 的確有一個專責單位 入侵監控對象嘅電腦 好似 Gamma 同駭客團隊噉 FBI 都有能力 遙控啟動網絡攝錄機、麥克風 去偷文件、攞上網紀錄、電腦檔案
There's sort of a big problem with governments going into hacking, and that's that terrorists, pedophiles, drug dealers, journalists and human rights activists all use the same kinds of computers. There's no drug dealer phone and there's no journalist laptop. We all use the same technology, and what that means then is that for governments to have the capability to hack into the computers of the real bad guys, they also have to have the capability to hack into our devices too.
政府入侵電腦係一個大問題 恐怖分子、戀童癖嘅人 毒販、記者同埋從事人權運動嘅人 全部都用同一款電腦 嗰度冇專為毒販而設嘅電話 冇專為記者而設嘅手提電腦 我哋都係梗用同一種科技 咁代表咗 政府有能力入侵真正壞人嘅電腦 同時政府都有能力入侵我哋嘅電腦
So governments around the world have been embracing this technology. They've been embracing hacking as a law enforcement technique, but without any real debate. In the United States, where I live, there have been no congressional hearings. There's no law that's been passed specifically authorizing this technique, and because of its power and potential for abuse, it's vital that we have an informed public debate.
所以全世界嘅政府都好鍾意用呢種技術 佢哋鍾意將監控當係一種執法工具 但啲人從來冇辯論過呢樣嘢 喺美國,我生活嘅國家 國會從來冇聽證過 或者冇通過任何嘅法律 明確授權政府使用呢種技術 鑒於監控力量之大同埋有可能被濫用 我哋必須要有一場公開辯論 等公眾知道呢回事
Thank you very much.
多謝晒
(Applause)
(掌聲)