The two most likely largest inventions of our generation are the Internet and the mobile phone. They've changed the world. However, largely to our surprise, they also turned out to be the perfect tools for the surveillance state. It turned out that the capability to collect data, information and connections about basically any of us and all of us is exactly what we've been hearing throughout of the summer through revelations and leaks about Western intelligence agencies, mostly U.S. intelligence agencies, watching over the rest of the world.
互联网和手机可以说是 我们这个时代 最为重要的两大发明了 它们改变了整个世界 然而,令我们非常吃惊的是 它们同时也成为了 用于国家监视的完美工具 事实上,收集关于我们 每个人或者说所有人的 数据、信息以及关系的这种能力 正是这个夏天从 西方情报机构 特别是美国情报机构 所透露或者泄露的 这些情报机构监视着世界其它地方
We've heard about these starting with the revelations from June 6. Edward Snowden started leaking information, top secret classified information, from the U.S. intelligence agencies, and we started learning about things like PRISM and XKeyscore and others. And these are examples of the kinds of programs U.S. intelligence agencies are running right now, against the whole rest of the world.
六月六日开始 陆续听到一些泄露的消息 斯诺登开始透露 那些来源于美国情报机构的 顶级机密信息 于是我们也开始了解到一些 诸如菱镜计划和XKeyscore的事情 这些都是美国情报机构 正在运作的项目 以此对抗世界其它国家
And if you look back about the forecasts on surveillance by George Orwell, well it turns out that George Orwell was an optimist. (Laughter) We are right now seeing a much larger scale of tracking of individual citizens than he could have ever imagined.
如果你回顾一下乔治·奥威尔 有关监视的预言 你会发现 奥威尔的确是一个乐观主义者 (笑声) 如今我们看到的是大规模的 对普通民众的跟踪 这远远超出了他最初的想象
And this here is the infamous NSA data center in Utah. Due to be opened very soon, it will be both a supercomputing center and a data storage center. You could basically imagine it has a large hall filled with hard drives storing data they are collecting. And it's a pretty big building. How big? Well, I can give you the numbers -- 140,000 square meters -- but that doesn't really tell you very much. Maybe it's better to imagine it as a comparison. You think about the largest IKEA store you've ever been in. This is five times larger. How many hard drives can you fit in an IKEA store? Right? It's pretty big. We estimate that just the electricity bill for running this data center is going to be in the tens of millions of dollars a year. And this kind of wholesale surveillance means that they can collect our data and keep it basically forever, keep it for extended periods of time, keep it for years, keep it for decades. And this opens up completely new kinds of risks to us all. And what this is is that it is wholesale blanket surveillance on everyone.
这就是那个臭名昭著的 美国犹他州的NSA数据中心 在不久的将来开放后 它将成为一个超级计算中心 同时也将成为一个超大数据中心 你几乎可以想象那个被硬盘设备塞满的大厅 无时不刻都在存储 他们收集来的数据 这是一幢巨大的建筑 具体有多大呢?我们来看一个数据 14万平方米 可能你对这个数据也没有太多概念 我们最好通过比较来想象 想想你去过的 最大的宜家家具吧 它将是宜家的五倍大 想想你能在宜家塞进多少硬盘设备吧 是吧?数目的确非常巨大! 我们估算仅用于运行 这个数据中心的电费 每年就需要数千万美元 而这种大规模的监视 意味着他们可以收集我们的数据 并且基本上可以永久保留 保留很长时间 几年甚至几十年 这个将给我们所有人 带来前所未有的风险 它将是一种大规模的对我们每个人的 无障碍监视
Well, not exactly everyone, because the U.S. intelligence only has a legal right to monitor foreigners. They can monitor foreigners when foreigners' data connections end up in the United States or pass through the United States. And monitoring foreigners doesn't sound too bad until you realize that I'm a foreigner and you're a foreigner. In fact, 96 percent of the planet are foreigners.
当然,确切来说也不是对所有人 因为美国情报机构只有对外国人的 合法监视权力 一旦那些非美国的数据流 到达或者经过美国 就要被监视了 监视外国人听起来似乎没那么糟糕 除非你意识到 其实我们都是老外 事实上,这个星球上96%都是老外
(Laughter)
(笑)
Right?
是吧?
So it is wholesale blanket surveillance of all of us, all of us who use telecommunications and the Internet.
所以说只要你使用通信工具和互联网 你就会被彻底监视
But don't get me wrong: There are actually types of surveillance that are okay. I love freedom, but even I agree that some surveillance is fine. If the law enforcement is trying to find a murderer, or they're trying to catch a drug lord or trying to prevent a school shooting, and they have leads and they have suspects, then it's perfectly fine for them to tap the suspect's phone, and to intercept his Internet communications. I'm not arguing that at all, but that's not what programs like PRISM are about. They are not about doing surveillance on people that they have reason to suspect of some wrongdoings. They're about doing surveillance on people they know are innocent.
大家也别误会 的确也有一些还不错的监视形式 我热爱自由,但我自始至终也同意 有一些监视是有益的 比如如果执法机关正在寻找一名谋杀犯 或者搜捕一个贩毒者 或者试图阻止一场校园枪击案的发生 并且他们中有头目有嫌疑犯 此时如果能监听他们的手机 截获他们的网络通信那就太棒了 我并不反对这一点 但菱镜计划之类的项目并不是这么做的 他们不是在监视那些 他们有理由怀疑的坏人 他们在监视那些 无辜的人
So the four main arguments supporting surveillance like this, well, the first of all is that whenever you start discussing about these revelations, there will be naysayers trying to minimize the importance of these revelations, saying that we knew all this already, we knew it was happening, there's nothing new here. And that's not true. Don't let anybody tell you that we knew this already, because we did not know this already. Our worst fears might have been something like this, but we didn't know this was happening. Now we know for a fact it's happening. We didn't know about this. We didn't know about PRISM. We didn't know about XKeyscore. We didn't know about Cybertrans. We didn't know about DoubleArrow. We did not know about Skywriter -- all these different programs run by U.S. intelligence agencies. But now we do.
对于这样的监听 有四条主要的理由 首先是只要你 一开始讨论信息泄露的问题 总会有反对者站出来 把泄露的重要性降到最小 他们说我们早已知道这些 我们知道在发生什么,没有什么新鲜的 事实不是这样的 谁说我们早知道这些?我们不知道 我们最大的恐惧就是这些事情已经发生 而我们一无所知 现在我们的确可以确定的知道在发生什么 而我们之前并不了解 我们不了解PRISM 也不了解XKeyscore,Cybertrans 还有DoubleArrow 以及Skywriter 这些各式各样 由美国情报局运行的项目 但现在我们都了解了
And we did not know that U.S. intelligence agencies go to extremes such as infiltrating standardization bodies to sabotage encryption algorithms on purpose. And what that means is that you take something which is secure, an encryption algorithm which is so secure that if you use that algorithm to encrypt one file, nobody can decrypt that file. Even if they take every single computer on the planet just to decrypt that one file, it's going to take millions of years. So that's basically perfectly safe, uncrackable. You take something which is that good and then you weaken it on purpose, making all of us less secure as an end result. A real-world equivalent would be that intelligence agencies would force some secret pin code into every single house alarm so they could get into every single house because, you know, bad people might have house alarms, but it will also make all of us less secure as an end result. Backdooring encryption algorithms just boggles the mind. But of course, these intelligence agencies are doing their job. This is what they have been told to do: do signals intelligence, monitor telecommunications, monitor Internet traffic. That's what they're trying to do, and since most, a very big part of the Internet traffic today is encrypted, they're trying to find ways around the encryption. One way is to sabotage encryption algorithms, which is a great example about how U.S. intelligence agencies are running loose. They are completely out of control, and they should be brought back under control.
我们之前也并不知道 美国情报机构如何极端到 通过渗透至标准组织内部 以达到削弱加密算法强度的目的 这就意味着 如果你拿到一份加密文件 它的加密算法可以安全到 使你加密之后 没有任何人可以解开它 即便你用地球上的每一个计算机去解密它 也需要数百万年 它可以说是绝密的,无懈可击 拿到这样一件完美的东西 然后故意弱化它 使得我们每个人终都变得不安全 现实生活中一个类似的例子是 情报机构会强行 将某种加密识别码植入每个家居防盗系统 这样他们就可以进入任何一所房子 因为坏人可能装有防盗系统 但这样一来 最后我们自己也变得不那么安全 利用加密算法这个后门儿 的确让人匪夷所思 当然啦,这些情报机构只是在履行自己的职责 这正是他们被要求做的事情 做信号情报 监视通讯渠道 以及监测网络流量 这正是他们尝试在做的 由于目前相当大一部分的互联网流量是加密的 他们也就在尝试通过加密寻找突破口 削弱加密算法就是其中一种手段 这是美国情报机构如何 为所欲为 的一个极好的例子 他们完全不受控制 而这些应该加以控制
So what do we actually know about the leaks? Everything is based on the files leaked by Mr. Snowden. The very first PRISM slides from the beginning of June detail a collection program where the data is collected from service providers, and they actually go and name the service providers they have access to. They even have a specific date on when the collection of data began for each of the service providers. So for example, they name the collection from Microsoft started on September 11, 2007, for Yahoo on the March 12, 2008, and then others: Google, Facebook, Skype, Apple and so on.
而我们对这些信息泄露的真实了解能有多少呢 所有这些都基于 Snowden先生的那些泄露文件 从六月初 第一个PRISM的幻灯片开始 它详细描述了 一个从服务提供商收集数据的项目 而且他们还对那些被使用的 服务商进行了命名 甚至为他们设立一个纪念日 记载开始从各个服务提供商 获取数据的日子 比如,他们为2007年9月11号 开始从Microsoft获取的那批数据起了名字 还有2008年3月12号的Yahoo 之后还有Google, Facebook Skype, Apple等等
And every single one of these companies denies. They all say that this simply isn't true, that they are not giving backdoor access to their data. Yet we have these files. So is one of the parties lying, or is there some other alternative explanation? And one explanation would be that these parties, these service providers, are not cooperating. Instead, they've been hacked. That would explain it. They aren't cooperating. They've been hacked. In this case, they've been hacked by their own government. That might sound outlandish, but we already have cases where this has happened, for example, the case of the Flame malware which we strongly believe was authored by the U.S. government, and which, to spread, subverted the security of the Windows Update network, meaning here, the company was hacked by their own government. And there's more evidence supporting this theory as well. Der Spiegel, from Germany, leaked more information about the operations run by the elite hacker units operating inside these intelligence agencies. Inside NSA, the unit is called TAO, Tailored Access Operations, and inside GCHQ, which is the U.K. equivalent, it's called NAC, Network Analysis Centre. And these recent leaks of these three slides detail an operation run by this GCHQ intelligence agency from the United Kingdom targeting a telecom here in Belgium. And what this really means is that an E.U. country's intelligence agency is breaching the security of a telecom of a fellow E.U. country on purpose, and they discuss it in their slides completely casually, business as usual. Here's the primary target, here's the secondary target, here's the teaming. They probably have a team building on Thursday evening in a pub. They even use cheesy PowerPoint clip art like, you know, "Success," when they gain access to services like this. What the hell?
任何一个公司对此都呈否认态度 都说这简直就是谎言 他们从来没有开过后门让别人获取他们的数据 但是我们的确得到了这些文件 那么是其中一方在撒谎吗? 有没有其他可能的解释? 一种可能的解释是 这些当事人,也就是这些服务提供商 他们并没有合作 只是被黑了 这种解释是合理的:他们没有参与而是受到了黑客攻击 其实可以说是他们被自己的政府黑了 也许这听起来有点荒唐 但我们的确有过这样的案例 比如那个有关恶意软件Flame的案子 我们之前多么坚信它是由 美国政府授权的 而就是它破坏了Windows的 网络升级系统的安全 这就意味着 他们被自己的政府黑了 当然还有更多 支撑这个说法的证据 德国的明镜周刊(Der Spiegel)暴露了更多 有关这些情报机构中的顶级黑客团队 所做作为的信息 在NSA内部, 这个部门被叫做TAO 特定情报获取行动 这个等同于英国GCHQ内部的NAC 网络分析中心(Network Analysis Centre) 最近泄露的这三个幻灯片 详细描述了一个由GCHQ情报局 在英国发起的行动 目标定位在 一个比利时的电信公司 这件事表明了一个事实 一个欧盟国家的情报机构 正在蓄意破坏 联盟国家电信公司的安全 而他们在幻灯片里谈论这件事时 一如既往的自然 这是主要目标 这是次要目标 这是他们的团队 他们通常会在周四晚上在酒吧里做团队建设的活动 他们每成功一次 就会用一些俗气的幻灯片 庆祝所谓的胜利 他们究竟在搞什么鬼
And then there's the argument that okay, yes, this might be going on, but then again, other countries are doing it as well. All countries spy. And maybe that's true. Many countries spy, not all of them, but let's take an example. Let's take, for example, Sweden. I'm speaking of Sweden because Sweden has a little bit of a similar law to the United States. When your data traffic goes through Sweden, their intelligence agency has a legal right by the law to intercept that traffic. All right, how many Swedish decisionmakers and politicians and business leaders use, every day, U.S.-based services, like, you know, run Windows or OSX, or use Facebook or LinkedIn, or store their data in clouds like iCloud or Skydrive or DropBox, or maybe use online services like Amazon web services or sales support? And the answer is, every single Swedish business leader does that every single day. And then we turn it around. How many American leaders use Swedish webmails and cloud services? And the answer is zero. So this is not balanced. It's not balanced by any means, not even close.
有人会争辩说 是的,他们是在监视 但话说回来,哪个国家没有这样的行动呢? 也许真的是 所有国家都有间谍 很多国家都有,但并不是所有都是这样 比如说,瑞典 我提起瑞典这个国家是因为 在法律方面它与美国是有些相似的 当你的数据流经过瑞典的时候 他们的情报机构的确是有 截获这些数据的合法权力 那么,有多少瑞典的决策者 政治家和商业领袖 每天使用美国的服务呢? 比如像使用Windows或OSX 使用Facebook或LinkedIn 或者将数据上传到类似iCloud中进行云存储 还有Skydrive或者DropBox 也许还有一些在线服务,类似Amazon网络服务或者销售支持? 答案是,每一个瑞典的商业人士每天都会使用它们 那么如果我们反过来问 有多少美国杰出人士 使用瑞典的网络邮箱和云服务呢? 答案是零 所以这显然是不平衡的 相差甚远
And when we do have the occasional European success story, even those, then, typically end up being sold to the United States. Like, Skype used to be secure. It used to be end-to-end encrypted. Then it was sold to the United States. Today, it no longer is secure. So once again, we take something which is secure and then we make it less secure on purpose, making all of us less secure as an outcome.
即使有一天我们偶然发现一个 欧洲人获胜的故事 典型的结局一定是这个服务被美国公司收购 比如,Skype最初采用端到端的加密 所以还是安全的 后来被卖给了美国后 就不再安全了 所以,我们再一次把一个原本安全的东西 弄得不再安全 使得我们所有人最终也都不再安全了
And then the argument that the United States is only fighting terrorists. It's the war on terror. You shouldn't worry about it. Well, it's not the war on terror. Yes, part of it is war on terror, and yes, there are terrorists, and they do kill and maim, and we should fight them, but we know through these leaks that they have used the same techniques to listen to phone calls of European leaders, to tap the email of residents of Mexico and Brazil, to read email traffic inside the United Nations Headquarters and E.U. Parliament, and I don't think they are trying to find terrorists from inside the E.U. Parliament, right? It's not the war on terror. Part of it might be, and there are terrorists, but are we really thinking about terrorists as such an existential threat that we are willing to do anything at all to fight them? Are the Americans ready to throw away the Constituion and throw it in the trash just because there are terrorists? And the same thing with the Bill of Rights and all the amendments and the Universal Declaration of Human Rights and the E.U. conventions on human rights and fundamental freedoms and the press freedom? Do we really think terrorism is such an existential threat, we are ready to do anything at all?
也有争论说 美国只是在 展开一场针对恐怖分子的战争 本来无需担忧 但事实上它不是 是的,我们承认这中间有恐怖分子 我们必须与这些 肆意残害的行为作战 但从那些泄露的消息中我们也知道 他们在使用相同的手段 监听那些欧洲的领导者 截获墨西哥和巴西居民的邮件 甚至联合国总部以及欧盟议会的邮件 他们显然不会在欧盟议会内部 寻找恐怖分子,对吧? 所以,这不是一场针对恐怖分子的战争 虽然部分意义上可以说是 恐怖主义的确是存在的 但我们会认为它是一种 必需我们不惜一切代价去全力对抗的现存威胁么? 美国人民准备为了恐怖分子 而抛弃宪法? 抛弃那些人权法案? 还有世界人权宣言 欧盟那些关于人权和基本自由的法案 还有出版自由? 我们真的认为恐怖主义 需要我们不惜这一切代价吗?
But people are scared about terrorists, and then they think that maybe that surveillance is okay because they have nothing to hide. Feel free to survey me if that helps. And whoever tells you that they have nothing to hide simply hasn't thought about this long enough.
是的,人们惧怕恐怖主义 所以也许他们认为这样的监视是合理的 反正也没什么需要隐藏的 需要的话那就随便监视好了 但是,谁说他们没有什么值得隐藏起来的? 只是他们还没有考虑那么长远罢了
(Applause)
(掌声)
Because we have this thing called privacy, and if you really think that you have nothing to hide, please make sure that's the first thing you tell me, because then I know that I should not trust you with any secrets, because obviously you can't keep a secret. But people are brutally honest with the Internet, and when these leaks started, many people were asking me about this. And I have nothing to hide. I'm not doing anything bad or anything illegal. Yet, I have nothing that I would in particular like to share with an intelligence agency, especially a foreign intelligence agency. And if we indeed need a Big Brother, I would much rather have a domestic Big Brother than a foreign Big Brother. And when the leaks started, the very first thing I tweeted about this was a comment about how, when you've been using search engines, you've been potentially leaking all that to U.S. intelligence. And two minutes later, I got a reply by somebody called Kimberly from the United States challenging me, like, why am I worried about this? What am I sending to worry about this? Am I sending naked pictures or something? And my answer to Kimberly was that what I'm sending is none of your business, and it should be none of your government's business either. Because that's what it's about. It's about privacy. Privacy is nonnegotiable. It should be built in to all the systems we use.
因为我们每个人都有隐私 如果你真的认为你没有什么要隐藏的 那你一定要弄清楚这是你告诉我的第一件事 因为这之后我会觉得 不能再信任你 因为你明显不会保守秘密 人们对互联网都表现出盲目的诚实 当那些信息开始泄露的时候 许多人问我 说他们没有什么需要隐瞒的 也没有做什么坏事或者违法的事情 而且我也没有什么想要与 情报中心分享的特殊信息 何况还是国外的情报机构 就算我们真的需要一个老大 我也希望他是本国的 而不是来自国外 当信息泄露开始的时候,我最先发表的 一条评论就是关于 当人们使用搜索引擎时, 是如何将信息泄露给了美国情报机构 两分钟后我收到一条回复 来自一个叫做Kimberly的美国人 他反对我说 我又没有发送裸照之类的东西,为什么我还需要担心这个? 我回答他说 我发送什么与你无关 当然也与你的政府无关 因为这就是隐私 这一点没什么好讨论的 就是应该在我们所用的所有系统得到保障
(Applause)
(鼓掌)
And one thing we should all understand is that we are brutally honest with search engines. You show me your search history, and I'll find something incriminating or something embarrassing there in five minutes. We are more honest with search engines than we are with our families. Search engines know more about you than your family members know about you. And this is all the kind of information we are giving away, we are giving away to the United States.
有一点我们需要知道的是 我们对搜索引擎也是在盲目信任 只要你透露了你的搜索记录 我就能在五分钟之内 找到那些与之关联的让人尴尬的东西 我们对搜索引擎的诚实 常常多于对我们的家庭 搜索引擎通常也比你的家人 更了解你 这就是那些我们 泄露给美国的信息
And surveillance changes history. We know this through examples of corrupt presidents like Nixon. Imagine if he would have had the kind of surveillance tools that are available today. And let me actually quote the president of Brazil, Ms. Dilma Rousseff. She was one of the targets of NSA surveillance. Her email was read, and she spoke at the United Nations Headquarters, and she said, "If there is no right to privacy, there can be no true freedom of expression and opinion, and therefore, there can be no effective democracy."
监视改变历史 堕落总统Nixon之类的例子告诉我们这些 想象下如果他当时有现在这样的情报收集工具会怎么样吧 我想用巴西总统Dilma Rousseff夫人 做个例子 她就是NSA监视的对象之一 她的邮件被截获了 她曾经在联合国总部质问 “如果没有隐私的权利 就不会有什么真正的言论自由和舆论自由 因此也不可能有有效的民主”
That's what it's about. Privacy is the building block of our democracies. And to quote a fellow security researcher, Marcus Ranum, he said that the United States is right now treating the Internet as it would be treating one of its colonies. So we are back to the age of colonization, and we, the foreign users of the Internet, we should think about Americans as our masters.
就是这样 隐私是民主的基础 一名在安全方面的同行学者Marcus Ranum曾说 如今美国对互联网的态度 就像对待他们的殖民地 所以我们已经又回到了殖民时代 我们这些互联网的外国用户 应该把美国当做自己的主人
So Mr. Snowden, he's been blamed for many things. Some are blaming him for causing problems for the U.S. cloud industry and software companies with these revelations -- and blaming Snowden for causing problems for the U.S. cloud industry would be the equivalent of blaming Al Gore for causing global warming.
Snowden先生曾经受到过种种指责 有些人谴责他带来了美国云产业 和软件公司的信息泄露问题 而这些谴责就如同 在责备Al Gore 带来全球变暖问题一样
(Laughter)
(笑)
(Applause)
(鼓掌)
So, what is there to be done? Should we worry. No, we shouldn't worry. We should be angry, because this is wrong, and it's rude, and it should not be done. But that's not going to really change the situation. What's going to change the situation for the rest of the world is to try to steer away from systems built in the United States. And that's much easier said than done. How do you do that? A single country, any single country in Europe cannot replace and build replacements for the U.S.-made operating systems and cloud services.
那么,我们该怎么办? 我们需要担忧吗?不 我们应该为这些丑恶的、无礼的、不该发生的事情 而愤怒 但这些对改变现实无济于事 对于世界其它国家来说解决这一问题的方法 就是尝试避开 美国建立的这些系统 但这说起来容易做起来难 该怎么做呢 任何一个欧洲国家 都没有能力替代 美国制造的操作系统和云服务
But maybe you don't have to do it alone. Maybe you can do it together with other countries. The solution is open source. By building together open, free, secure systems, we can go around such surveillance, and then one country doesn't have to solve the problem by itself. It only has to solve one little problem. And to quote a fellow security researcher, Haroon Meer, one country only has to make a small wave, but those small waves together become a tide, and the tide will lift all the boats up at the same time, and the tide we will build with secure, free, open-source systems, will become the tide that will lift all of us up and above the surveillance state.
但也许我们可以不用孤军奋战 而是与其它国家联合 这个解决方案是开源的 通过一同构建这样一个开放、免费并安全的系统 我们可以绕开监视 并且每个国家都不再只靠自己的力量 而只需要解决一个小问题 我们的安全专家Haroon Meer说过 每个国家都只能成为一个小水波 而聚在一起就可以掀起巨浪 从而可以同时载起所有的小船 这个安全,免费并开源的系统 将成为推动我们所有人的彭波巨浪 使我们可以从此 彻底逃脱国家的监视
Thank you very much.
谢谢大家
(Applause)
(鼓掌)