The 2011 Arab Spring captured the attention of the world. It also captured the attention of authoritarian governments in other countries, who were worried that revolution would spread. To respond, they ramped up surveillance of activists, journalists and dissidents who they feared would inspire revolution in their own countries. One prominent Bahraini activist, who was arrested and tortured by his government, has said that the interrogators showed him transcripts of his telephone calls and text messages.
2011年的阿拉伯之春 引起全世界的关注, 也受到其他国家 独裁政府的关注, 那些担心革命蔓延的政府。 为此,他们加强 对激进分子、记者 和异己分子的监控, 害怕他们受到启发 在自己国家发动革命。 一个著名的巴林激进分子 被政府抓捕并受到拷问, 他说讯问人给他看 他的电话记录 和短信誊本,
Of course, it's no secret that governments are able to intercept telephone calls and text messages. It's for that reason that many activists specifically avoid using the telephone. Instead, they use tools like Skype, which they think are immune to interception. They're wrong. There have now been over the last few years an industry of companies who provide surveillance technology to governments, specifically technology that allows those governments to hack into the computers of surveillance targets. Rather than intercepting the communications as they go over the wire, instead they now hack into your computer, enable your webcam, enable your microphone, and steal documents from your computer.
当然,政府可以监听电话和监视短信, 这并不是秘密, 正因如此,很多激进分子 也特别避免使用电话, 而使用其他工具比如 SKYPE(网络电话), 他们认为这样就可以避免受到监视, 他们错了。 在过去几年, 一个专门提供 监听技术给政府的公司, 特别是让政府 入侵监视目标的电脑, 入侵监视目标的电脑, 他们除了通过窃听截听信息外, 现在他们也会入侵你的电脑, 通过你的网络摄像机,或者麦克风 盗取电脑上的文件。
When the government of Egypt fell in 2011, activists raided the office of the secret police, and among the many documents they found was this document by the Gamma Corporation, by Gamma International. Gamma is a German company that manufactures surveillance software and sells it only to governments. It's important to note that most governments don't really have the in-house capabilities to develop this software. Smaller ones don't have the resources or the expertise, and so there's this market of Western companies who are happy to supply them with the tools and techniques for a price. Gamma is just one of these companies. I should note also that Gamma never actually sold their software to the Egyptian government. They'd sent them an invoice for a sale, but the Egyptians never bought it. Instead, apparently, the Egyptian government used a free demo version of Gamma's software. (Laughter)
2011年,当埃及政府倒台, 激进分子突袭秘密警局的办公室, 在他们发现的很多文件中, 有一份来自伽玛公司, 属于伽玛国际。 伽玛是一间德国公司, 生产监控软件, 产品只卖给政府, 需要注意的是很多政府 自身并没有实力 来开发软件, 较小的政府甚至没有资源 或者经验去开发, 所以西方的公司就有了这样的市场, 他们很愿意提供各样的工具 和技术, 伽玛就是这样的一间公司, 我还注意到实际上伽玛 并没有把软件卖给埃及政府, 他们只是给埃及政府报价, 但是埃及人并没有买, 而很明显埃及政府 使用的是免费版本, (笑声)
So this screenshot is from a sales video that Gamma produced. Really, they're just emphasizing in a relatively slick presentation the fact that the police can sort of sit in an air-conditioned office and remotely monitor someone without them having any idea that it's going on. You know, your webcam light won't turn on. There's nothing to indicate that the microphone is enabled.
所以这个截图是来自 一个伽玛生产的销售视频, 事实上,他们只是强调, 通过一个简单的演讲, 警察可以坐在空调办公室里, 警察可以坐在空调办公室里, 远程监控某些人, 而被监视的人却无从所知。 你知道,网络摄像机的灯不会亮起, 没有任何显示麦克风是开着的。
This is the managing director of Gamma International. His name is Martin Muench. There are many photos of Mr. Muench that exist. This is perhaps my favorite. I'm just going to zoom in a little bit onto his webcam. You can see there's a little sticker that's placed over his camera. He knows what kind of surveillance is possible, and so clearly he doesn't want it to be used against him. Muench has said that he intends for his software to be used to capture terrorists and locate pedophiles. Of course, he's also acknowledged that once the software has been sold to governments, he has no way of knowing how it can be used. Gamma's software has been located on servers in countries around the world, many with really atrocious track records and human rights violations. They really are selling their software around the world.
这是伽玛国际的管理总裁 他的名字是 Martin Muench 现有很多 Muench 先生的照片, 这是我最喜欢的一张, 我只是放大一点点他的网络摄像机, 你可以看到有一张小纸条, 那个是他的网络摄像机, 他知道会发生什么样的监控, 并且很明显他也不想被利用 来对抗他。 Muench 说过他希望 他的软件被使用 来捕捉恐怖分子和定位恋童癖的人 当然,他也承认一旦 软件卖给政府, 他也不知道将被如何使用, 伽玛软件已经服务于 世界各地的国家, 很多是骇人听闻的跟踪记录 和侵犯人权的事件, 他们会卖软件给世界各地,
Gamma is not the only company in the business. As I said, it's a $5 billion industry. One of the other big guys in the industry is an Italian company called Hacking Team. Now, Hacking Team has what is probably the slickest presentation. The video they've produced is very sexy, and so I'm going to play you a clip just so you can get a feel both for the capabilities of the software but also how it's marketed to their government clients.
伽玛不是这个产业里唯一的公司, 正如我说,这是一个50亿美金的行业, 另外一个巨头是 一间意大利公司名为骇客团队 (Hacking Team), 骇客团队可能做出了 最花言巧语的广告, 他们做的视频很性感, 我现在就给你们展示一个短片, 就是让你们感受下 软件究竟能做什么, 同样也看看他们是怎么推销产品 给政府顾客的
(Video) Narrator: You want to look through your target's eyes. (Music) You have to hack your target. ["While your target is browsing the web, exchanging documents, receiving SMS, crossing the borders"] You have to hit many different platforms. ["Windows, OS X, iOS, Android, Blackberry, Symbian, Linux"] You have to overcome encryption and capture relevant data. [Skype & encrypted calls, target location, messaging, relationships, web browsing, audio & video"] Being stealth and untraceable. ["Immune to any protection system Hidden collection infrastructure"] Deployed all over your country. ["Up to hundreds of thousands of targets Managed from a single spot"] Exactly what we do.
(视频)叙述:你想看穿目标的眼睛 (音乐) 你必须骇客你的目标, [“当你的目标浏览网页、 收发文件、接收信息、跨越边境”] 你必须击中不同的平台 [“视窗、OS X、iOS、安卓、 黑莓、Symbian,Linux”] 你必须通过加密软件 来获得相关数据 [Skype 和加密电话、 目标地、短信、关系、 网页、音频和视频“] 变得隐秘和无法追踪 [不受任何保护系统影响 隐藏在基础设施中] 部署在你们国家的各个角落 [”由一个单一的地方 来控制超过成百上千的目标] 正是我们所做的。
Christopher Soghoian: So, it would be funny if it wasn't true, but, in fact, Hacking Team's software is being sold to governments around the world. Last year we learned, for example, that it's been used to target Moroccan journalists by the Moroccan government. Many, many countries it's been found in. So, Hacking Team has also been actively courting the U.S. law enforcement market. In the last year or so, the company has opened a sales office in Maryland. The company has also hired a spokesperson. They've been attending surveillance industry conferences where law enforcement officials show up. They've spoken at the conferences. What I thought was most fascinating was they've actually paid for the coffee break at one of the law enforcement conferences earlier this year. I can't tell you for sure that Hacking Team has sold their technology in the United States, but what I can tell you that if they haven't sold it, it isn't because they haven't been trying hard.
柯里斯.索侯恩:所以, 如果那不是真的就很有趣, 但事实上,骇客团队的软件 已经卖给世界各地的政府。 例如,去年我们知道, 摩洛哥政府已经用它 来监控摩洛哥的记者。 很多很多国家已经被发现使用。 所以,骇客团队也主动地推销给 美国执法部门市场。 去年左右, 公司在马里兰开了销售部门, 并雇佣了一个发言人。 他们参加了 各式各樣的监控行业业內会议, 执法官员都有参加。 他们在会议上发言。 我认为最有意思的是 今年较早前 的其中一个执法会议, 在中场休息时,他们請客喝咖啡。 我不能确切地告诉你骇客团队 是否在美国卖过他们的技术, 但是我可以告诉你们, 如果他们没卖出去, 并不是因为他们没有尽力。
So as I said before, governments that don't really have the resources to build their own tools will buy off-the-shelf surveillance software, and so for that reason, you see that the government of, say, Tunisia, might use the same software as the government of Germany. They're all buying off-the-shelf stuff. The Federal Bureau of Investigation in the United States does have the budget to build their own surveillance technology, and so for several years, I've been trying to figure out if and how the FBI is hacking into the computers of surveillance targets.
所以正如我所说的, 那些政府真的没有资源 生产自家工具, 就会购买现成的监视软件, 也正因为如此, 你会看到例如突尼斯政府, 可能使用跟德国政府相同的软件, 他们都在购买现成的东西。 美国联邦调查局的预算 包括建立自己监听技术 并且已有数年, 我正在尝试弄明白 FBI 有没有和怎样 入侵监视目标的电脑。
My friends at an organization called the Electronic Frontier Foundation -- they're a civil society group — obtained hundreds of documents from the FBI detailing their next generation of surveillance technologies. Most of these documents were heavily redacted, but what you can see from the slides, if I zoom in, is this term: Remote Operations Unit. Now, when I first looked into this, I'd never heard of this unit before. I've been studying surveillance for more than six years. I'd never heard of it. And so I went online and I did some research, and ultimately I hit the mother lode when I went to LinkedIn, the social networking site for job seekers. There were lots of former U.S. government contractors who had at one point worked for the Remote Operating Unit, and were describing in surprising detail on their CVs what they had done in their former job. (Laughter) So I took this information and I gave it to a journalist that I know and trust at the Wall Street Journal, and she was able to contact several other former law enforcement officials who spoke on background and confirmed that yes, in fact, the FBI has a dedicated team that does nothing but hack into the computers of surveillance targets. Like Gamma and Hacking Team, the FBI also has the capability to remotely activate webcams, microphones, steal documents, get web browsing information, the works.
我一个在电子前哨基金会工作的朋友, 这是一个民间社会组织, 得到 FBI 数百份文件, 详细描述他们下一代的监视技术, 很多文件都被批量遮挡, 但是字里行间, 如果我放大,就是这些: 远程控制单元。 现在,当我第一次看到这些, 我从来没听过这个单元。 我研究监视技术已经有六年多了, 却从来没有听过。 所以我上网做了些调查, 最终找到了出处。 当我进入linkedin, 找工作的社交网站。 有很多前美国政府的承包商 在远程控制单元 那块领域工作, 在简历中详述很多细节, 有关他们所做的事情, (笑声) 所以我做了这个信息, 并且交给一个我认识信任的 华尔街日报记者, 他能够联系上 其他的前执法官员, 那些证实 事实上,FBI确实存在一个团队, 专门骇客 所监视的电脑。 像伽玛和骇客团队, FBI 也有能力 通过远程监控摄像头,麦克风, 来盗取资料,获得网页信息, 文件。
There's sort of a big problem with governments going into hacking, and that's that terrorists, pedophiles, drug dealers, journalists and human rights activists all use the same kinds of computers. There's no drug dealer phone and there's no journalist laptop. We all use the same technology, and what that means then is that for governments to have the capability to hack into the computers of the real bad guys, they also have to have the capability to hack into our devices too.
这是一个大问题, 就是政府监听问题, 和那些恐怖分子,恋童癖者, 毒品交易者,记者们,和人权活动家 所有使用同类电脑的人, 没有毒品交易者的电话 也没有记者的笔记本。 我们都使用相同的技术, 并且那意味着对政府而言, 有能力通过电脑监视 真正的坏人, 他们还有能力 也监听我们的设备。
So governments around the world have been embracing this technology. They've been embracing hacking as a law enforcement technique, but without any real debate. In the United States, where I live, there have been no congressional hearings. There's no law that's been passed specifically authorizing this technique, and because of its power and potential for abuse, it's vital that we have an informed public debate.
所以全世界的政府 已拥有这项技术。 他们利用骇客 作为一个执法技术, 但是没有真正意义的舆论。 在美国,我生活的地方, 没有国会听证会。 没有法律通过 特别授权这项技术, 并且因为它的权力和潜在的滥用, 我们很有必要让公众知晓这些事实,并且就此展开辩论。
Thank you very much.
谢谢大家。
(Applause)
(掌声)