The two most likely largest inventions of our generation are the Internet and the mobile phone. They've changed the world. However, largely to our surprise, they also turned out to be the perfect tools for the surveillance state. It turned out that the capability to collect data, information and connections about basically any of us and all of us is exactly what we've been hearing throughout of the summer through revelations and leaks about Western intelligence agencies, mostly U.S. intelligence agencies, watching over the rest of the world.
當代影響最大的 兩個發明 是網絡和手機。 它們改變了世界。 然而,大大出乎我們意料的是, 它們竟成了國家監視 的理想工具。 事實是 收集關於我們任何一人,乃至所有人 的數據,信息,和關係的能力 就是我們 整個夏天通過 揭露和洩密所聽到的 關於西方情報機構 主要是美國的情報機構, 正在窺探整個世界。
We've heard about these starting with the revelations from June 6. Edward Snowden started leaking information, top secret classified information, from the U.S. intelligence agencies, and we started learning about things like PRISM and XKeyscore and others. And these are examples of the kinds of programs U.S. intelligence agencies are running right now, against the whole rest of the world.
6月6日的揭露 使我們開始了解到這些 愛德華斯諾登開始披露 有關美國情報機構的 最高機密信息, 因此我們知道了諸如棱鏡計劃 XKeyscore和其他的監視計劃。 這些只是美國情報機構正在進行的 此類監視計劃中的幾個個案, 對象是全世界其他國家。
And if you look back about the forecasts on surveillance by George Orwell, well it turns out that George Orwell was an optimist. (Laughter) We are right now seeing a much larger scale of tracking of individual citizens than he could have ever imagined.
現在若回過去看 被監視的喬治奧威爾, 事實證明 喬治奧威爾是個樂天派。 (笑聲) 我們現在面臨的是比我們 所能想像得到的更大規模的 對於每個公民的監視和跟蹤
And this here is the infamous NSA data center in Utah. Due to be opened very soon, it will be both a supercomputing center and a data storage center. You could basically imagine it has a large hall filled with hard drives storing data they are collecting. And it's a pretty big building. How big? Well, I can give you the numbers -- 140,000 square meters -- but that doesn't really tell you very much. Maybe it's better to imagine it as a comparison. You think about the largest IKEA store you've ever been in. This is five times larger. How many hard drives can you fit in an IKEA store? Right? It's pretty big. We estimate that just the electricity bill for running this data center is going to be in the tens of millions of dollars a year. And this kind of wholesale surveillance means that they can collect our data and keep it basically forever, keep it for extended periods of time, keep it for years, keep it for decades. And this opens up completely new kinds of risks to us all. And what this is is that it is wholesale blanket surveillance on everyone.
這個就是臭名昭著的 美國安全局位於猶他州的數據中心。 不久將正式辦公, 它將作為超級計算機中心 和數據儲存中心。 你可以簡單想像一下, 它有一個巨大的廳堂, 裡面放滿了他們蒐集的 存有數據的硬碟。 而且這棟樓非常大。 有多大?我可以給你幾個數字--- 14萬平方米-- 但是這可能不夠具體。 或許比較之下更好想像。 想像一下你所去過的 最大的宜家賣場。 這棟大樓就是它的五倍大。 在宜家裡面能裝進多少硬碟? 對吧?它很大。 我們估計光這個數據中心 運營的電費賬單 每年就可高達數千萬美元了。 而且這種大規模的監聽 意味著他們將會收集我們的數據 還永久保存下去, 留更長的時間, 留上幾年,幾十年。 這對我們所有人來說 是一種新的危機。 這是對每個人的大規模 地毯式的監聽。
Well, not exactly everyone, because the U.S. intelligence only has a legal right to monitor foreigners. They can monitor foreigners when foreigners' data connections end up in the United States or pass through the United States. And monitoring foreigners doesn't sound too bad until you realize that I'm a foreigner and you're a foreigner. In fact, 96 percent of the planet are foreigners.
也許,不是每一個人 因為美國情報機構只能合法 監視外國人 他們可以在外國人的 數據連接到美國 或經過美國的時候進行監視。 對外國人實施網路監視 聽起來並不那麼糟 直到你意識到 我是外國人,你也是外國人 事實上,地球上百分之九十六的人 都是外國人。
(Laughter)
(笑聲)
Right?
對吧?
So it is wholesale blanket surveillance of all of us, all of us who use telecommunications and the Internet.
所以這是針對我們所有人的 大規模的地毯式的監聽。 所有使用電信通訊和網絡的人 都受到監聽。
But don't get me wrong: There are actually types of surveillance that are okay. I love freedom, but even I agree that some surveillance is fine. If the law enforcement is trying to find a murderer, or they're trying to catch a drug lord or trying to prevent a school shooting, and they have leads and they have suspects, then it's perfectly fine for them to tap the suspect's phone, and to intercept his Internet communications. I'm not arguing that at all, but that's not what programs like PRISM are about. They are not about doing surveillance on people that they have reason to suspect of some wrongdoings. They're about doing surveillance on people they know are innocent.
但是別誤解我的意思: 其實有些類型監聽是合理的。 我熱愛自由,但是我也認同 有些監視是可以的。 如果執法人員在搜尋殺人犯, 或者他們在追蹤毒梟 或在防止校園槍擊, 他們有證據 或有鎖定的犯罪嫌疑人, 那他們監聽嫌疑人的電話 攔截他的網絡通訊 是完全合理的。 我沒有就此辯論, 因為這些與棱鏡計劃是不同的。 他們不是對那些疑似犯罪嫌疑人 進行監視。 他們是對那些他們明知 無辜的人進行監視。
So the four main arguments supporting surveillance like this, well, the first of all is that whenever you start discussing about these revelations, there will be naysayers trying to minimize the importance of these revelations, saying that we knew all this already, we knew it was happening, there's nothing new here. And that's not true. Don't let anybody tell you that we knew this already, because we did not know this already. Our worst fears might have been something like this, but we didn't know this was happening. Now we know for a fact it's happening. We didn't know about this. We didn't know about PRISM. We didn't know about XKeyscore. We didn't know about Cybertrans. We didn't know about DoubleArrow. We did not know about Skywriter -- all these different programs run by U.S. intelligence agencies. But now we do.
所以,針對支持此等監視 主要有四個爭論據, 首先,每當你開始說起 這些被披露的真相時, 就有否定者想息事寧人 聲稱早已知道, 我們早已知道會發生此事 我們知道已經在發生, 這些資訊我們早已掌握 那都是騙人的。 別信他們說“我們已經知道了” 因為我們不知道。 我們最怕可能就是這樣的, 但是我們不知道這正在發生。 現在我們知道事實就是它正在發生。 我們不知道這些。 我們不知道棱鏡計劃。 我們不知道XKeyscore 我們不知道Cybertrans. 我們不知道Doublearrow. 我們不知道到Skywriter-- 這些各種各樣的 美國情報機構進行的計劃。 但現在我們知道了。
And we did not know that U.S. intelligence agencies go to extremes such as infiltrating standardization bodies to sabotage encryption algorithms on purpose. And what that means is that you take something which is secure, an encryption algorithm which is so secure that if you use that algorithm to encrypt one file, nobody can decrypt that file. Even if they take every single computer on the planet just to decrypt that one file, it's going to take millions of years. So that's basically perfectly safe, uncrackable. You take something which is that good and then you weaken it on purpose, making all of us less secure as an end result. A real-world equivalent would be that intelligence agencies would force some secret pin code into every single house alarm so they could get into every single house because, you know, bad people might have house alarms, but it will also make all of us less secure as an end result. Backdooring encryption algorithms just boggles the mind. But of course, these intelligence agencies are doing their job. This is what they have been told to do: do signals intelligence, monitor telecommunications, monitor Internet traffic. That's what they're trying to do, and since most, a very big part of the Internet traffic today is encrypted, they're trying to find ways around the encryption. One way is to sabotage encryption algorithms, which is a great example about how U.S. intelligence agencies are running loose. They are completely out of control, and they should be brought back under control.
我們過去不知道美國 情報機構會極端的 做出例如潛入官方標準機構 有目的地破壞加密運算法。 也就是說 當你使用一個安全的文件, 一個安全的加密運算法會 給你的文件加密, 一旦被加密那麼 沒有人能破解它。 即使他們想用地球上的所有電腦 去破解那個文件 也得花上百萬年。 所以它稱得上是安全的, 無懈可擊的。 你擁有那麼好的東西 卻故意削弱它的優勢 導致我們承擔不安全的後果。 而現實是 情報機構強行 給每個房子的報警器 都植入秘密的識別碼 這樣他們就可以 自由進入每一座房子 因為,壞人也會有房屋報警鈴, 但是它也最終讓我們 都少一些保障。 越位加密算法 讓這種想法退縮。 然而,情報機構當然有他們的職責。 他們被命令做如下幾件事: 信號情報, 監聽電信, 監控網絡流量。 那就是他們正在做的, 由於當今大多數的網絡流量都是加密的, 他們在努力破解。 一種破解辦法是破壞加密運算法, 這就是美國情報機構 胡作非為的 典型例子。 他們完全失控了, 而他們必須趕快恢復理智。
So what do we actually know about the leaks? Everything is based on the files leaked by Mr. Snowden. The very first PRISM slides from the beginning of June detail a collection program where the data is collected from service providers, and they actually go and name the service providers they have access to. They even have a specific date on when the collection of data began for each of the service providers. So for example, they name the collection from Microsoft started on September 11, 2007, for Yahoo on the March 12, 2008, and then others: Google, Facebook, Skype, Apple and so on.
那我們又對洩密有什麼真正的了解呢? 我們的了解全都基於 斯諾登曝露的文件。 六月初最先 揭露的棱鏡計劃 詳述這個數據收集計劃 是從服務提供商那裡獲得的, 而且實際上他們指定 這些可以合作的服務提供商。 他們有詳細的日期記錄 記錄著從什麼時候開始 從哪個服務提供商得到收集的數據。 例如,他們指定從2007年9月11日開始 從微軟收集數據, 雅虎是從2008年3月12日, 隨後其他的:谷歌, 臉書, Skype, 蘋果等也開始了。
And every single one of these companies denies. They all say that this simply isn't true, that they are not giving backdoor access to their data. Yet we have these files. So is one of the parties lying, or is there some other alternative explanation? And one explanation would be that these parties, these service providers, are not cooperating. Instead, they've been hacked. That would explain it. They aren't cooperating. They've been hacked. In this case, they've been hacked by their own government. That might sound outlandish, but we already have cases where this has happened, for example, the case of the Flame malware which we strongly believe was authored by the U.S. government, and which, to spread, subverted the security of the Windows Update network, meaning here, the company was hacked by their own government. And there's more evidence supporting this theory as well. Der Spiegel, from Germany, leaked more information about the operations run by the elite hacker units operating inside these intelligence agencies. Inside NSA, the unit is called TAO, Tailored Access Operations, and inside GCHQ, which is the U.K. equivalent, it's called NAC, Network Analysis Centre. And these recent leaks of these three slides detail an operation run by this GCHQ intelligence agency from the United Kingdom targeting a telecom here in Belgium. And what this really means is that an E.U. country's intelligence agency is breaching the security of a telecom of a fellow E.U. country on purpose, and they discuss it in their slides completely casually, business as usual. Here's the primary target, here's the secondary target, here's the teaming. They probably have a team building on Thursday evening in a pub. They even use cheesy PowerPoint clip art like, you know, "Success," when they gain access to services like this. What the hell?
每一家公司都拒絕承認。 他們都說這是胡扯, 他們沒有授權讓人秘密使用他們的數據。 然而,我們有這些文件。 所以,是他們之中有一方在撒謊呢, 還是有什麽其他的解釋呢? 有一種解釋是 這些當事人,這些服務提供商, 沒有配合政府。 其實他們的系統是被駭客侵入了。 這樣猜行得通。他們沒有狼狽為奸, 他們是被駭客攻擊了。 這就是說,他們被 自己政府的駭客侵入了。 這說法聽起來很奇特, 但是也不是第一次了, 已有類似情況發生, 例如惡意軟件“火焰” 我們堅信這是 美國政府授權的, 散播,破壞Windows升級 網絡的安全性, 這就意味著,這家公司被 他們自己政府的駭客攻擊了。 還有更多的證據 證明這個論點。 德國人Der Spiegel洩露更多 在這些情報機構內, 精英駭客小組 執行的任務。 在美國國家安全局NSA,這個小隊代號TAO, 特別侵入行動, 在英國同類機構 政府通訊總部GCHQ里, 這樣的小組叫做NAC, 網絡分析中心。 最近洩漏的3個幻燈片 詳細描述了 英國政府通訊總局 指揮的一次行動 目標是比利時的一個電信公司。 這顯然 是一個歐盟國家的情報機構 故意破壞另外一個 歐盟國家的電信安全, 然後在他們的幻燈片里, 完全像談生意一樣 隨意地討論這件事。 這是第一個目標, 第二個目標是這個, 這樣組隊。 他們這個小組可能 星期四晚上在酒吧聚餐。 當他們達到目的, 像進入這家電信 他們竟然用了PowerPoint 剪貼畫,比如“成功”。 搞什麽?
And then there's the argument that okay, yes, this might be going on, but then again, other countries are doing it as well. All countries spy. And maybe that's true. Many countries spy, not all of them, but let's take an example. Let's take, for example, Sweden. I'm speaking of Sweden because Sweden has a little bit of a similar law to the United States. When your data traffic goes through Sweden, their intelligence agency has a legal right by the law to intercept that traffic. All right, how many Swedish decisionmakers and politicians and business leaders use, every day, U.S.-based services, like, you know, run Windows or OSX, or use Facebook or LinkedIn, or store their data in clouds like iCloud or Skydrive or DropBox, or maybe use online services like Amazon web services or sales support? And the answer is, every single Swedish business leader does that every single day. And then we turn it around. How many American leaders use Swedish webmails and cloud services? And the answer is zero. So this is not balanced. It's not balanced by any means, not even close.
接著有這樣一個論點 好吧,對,我們在做這件事, 但其他國家也在做。 所有的國家都監視。 或許,確實如此。 很多國家都監視, 但不是全部,舉個例子。 拿瑞典舉例。 我用瑞典舉例主要因為 他們的法律和美國 有一點相似之處。 當你的數據流量通過瑞典時, 他們的情報機構可以合法的 攔截那個流量。 好吧,哪有有多少瑞典的決策人 政客,商業領袖 每天使用美國服務器呢, 例如運行Windows,或OSX 或者使用Facebook或LinkedIn, 或把他們的數據存儲到諸如iCloud 或Skydrive或DropBox之類的雲端存儲 或者使用例如Amazon網站服務 或銷售支持這樣的線上服務呢 答案是,每個瑞典的商業領袖 每天都在使用。 然後我們反過來看。 有多少美國各界領袖使用瑞典的 郵件和雲端存儲服務呢? 答案是零。 這顯然不平衡。 從任何的角度來看, 都絕對不平衡。
And when we do have the occasional European success story, even those, then, typically end up being sold to the United States. Like, Skype used to be secure. It used to be end-to-end encrypted. Then it was sold to the United States. Today, it no longer is secure. So once again, we take something which is secure and then we make it less secure on purpose, making all of us less secure as an outcome.
當我們偶爾有個 歐洲企業成功的故事, 但它們最終也總會被美國買走。 像Skype,曾經是安全的。 它曾經是客戶端與服務器終端加密的。 後來被賣給美國了。 目前,它已經不再是安全的了。 再一次,我們把安全的東西 故意弄得不安全, 結果就是我們所有人都不那麼安全了。
And then the argument that the United States is only fighting terrorists. It's the war on terror. You shouldn't worry about it. Well, it's not the war on terror. Yes, part of it is war on terror, and yes, there are terrorists, and they do kill and maim, and we should fight them, but we know through these leaks that they have used the same techniques to listen to phone calls of European leaders, to tap the email of residents of Mexico and Brazil, to read email traffic inside the United Nations Headquarters and E.U. Parliament, and I don't think they are trying to find terrorists from inside the E.U. Parliament, right? It's not the war on terror. Part of it might be, and there are terrorists, but are we really thinking about terrorists as such an existential threat that we are willing to do anything at all to fight them? Are the Americans ready to throw away the Constituion and throw it in the trash just because there are terrorists? And the same thing with the Bill of Rights and all the amendments and the Universal Declaration of Human Rights and the E.U. conventions on human rights and fundamental freedoms and the press freedom? Do we really think terrorism is such an existential threat, we are ready to do anything at all?
然後他們爭論 美國只是在對抗恐怖主義。 這是反恐戰爭。 你不必擔心這個。 這並不是場與恐怖注意的戰爭。 是,有一部份是爲了反恐,是, 確實有恐怖分子, 他們確實殺人也傷人, 我們應該跟他們鬥爭, 但是通過這些洩露的信息 我們知道他們使用反恐的科技 來監聽歐洲首腦們的電話, 監視墨西哥和巴西人的的電子郵件, 看聯合國總部和歐盟議會內部郵件往來, 所以我不認為他們是想從 歐盟議會裡找恐怖分子,對吧? 這不是反恐戰爭。 確實反恐是部份原因, 因為確實有恐怖分子, 但是我們真的願意做任何事 來打擊這些 已經存在的威脅嗎? 美國人已經準備好了拋棄憲法了嗎? 就因為有恐怖分子就要 把憲法扔進垃圾桶嗎? 也要把人權法案,修正案 世界人權宣言 和歐盟人權會議和基本自由 以及新聞自由也要扔掉嗎? 你真的認為, 爲了恐怖主義這種已存在的威脅 我們已經準備好放棄一切了嗎?
But people are scared about terrorists, and then they think that maybe that surveillance is okay because they have nothing to hide. Feel free to survey me if that helps. And whoever tells you that they have nothing to hide simply hasn't thought about this long enough.
人們害怕恐怖分子, 所以他們想,監視都是可以的 因為他們沒什麼要掩飾的。 如果有用的話,隨便查我。 不論是誰,當他告訴你 他沒什麼好隱瞞的, 只是因為他沒深思熟慮過。
(Applause)
(掌聲)
Because we have this thing called privacy, and if you really think that you have nothing to hide, please make sure that's the first thing you tell me, because then I know that I should not trust you with any secrets, because obviously you can't keep a secret. But people are brutally honest with the Internet, and when these leaks started, many people were asking me about this. And I have nothing to hide. I'm not doing anything bad or anything illegal. Yet, I have nothing that I would in particular like to share with an intelligence agency, especially a foreign intelligence agency. And if we indeed need a Big Brother, I would much rather have a domestic Big Brother than a foreign Big Brother. And when the leaks started, the very first thing I tweeted about this was a comment about how, when you've been using search engines, you've been potentially leaking all that to U.S. intelligence. And two minutes later, I got a reply by somebody called Kimberly from the United States challenging me, like, why am I worried about this? What am I sending to worry about this? Am I sending naked pictures or something? And my answer to Kimberly was that what I'm sending is none of your business, and it should be none of your government's business either. Because that's what it's about. It's about privacy. Privacy is nonnegotiable. It should be built in to all the systems we use.
因為我們有一個叫做隱私的東西, 如果你真的沒什麼可隱瞞的, 請馬上告訴我, 這樣我就知道 我不能告訴你任何秘密, 因為很顯然,你不能保密。 人們在網絡上實在是太誠實了, 當這些洩密事件發生後, 很多人問我。 我沒有什麽需要隱瞞。 我沒做任何壞事, 或違法的事。 然而,我也沒啥 特別想要與情報機構分享的, 特別是外國的情報機構。 假設我們真是需要一個大哥, 我更希望找我本國的 而不是外國大哥。 當洩密風波開始時, 我在twitter上發佈的第一條與此相關的推文 是評論為何當你使用搜索引擎, 你已經潛在的洩露信息給 美國情報機構。 2分鐘後我就收到回覆, 是一個叫做Kimberly的美國人 質疑我,問爲什麽我要操這份心? 我發了什麽東西讓我擔心被發現? 我是傳了裸照還是什麽? 我回答Kimberly, 我發什麽都不關你的事, 也跟你們政府沒有任何關係。 這就是事情的本質。 事關隱私。 隱私權是沒什麼好商量的。 它應該存在於一切 我們應用的制度中。
(Applause)
(掌聲)
And one thing we should all understand is that we are brutally honest with search engines. You show me your search history, and I'll find something incriminating or something embarrassing there in five minutes. We are more honest with search engines than we are with our families. Search engines know more about you than your family members know about you. And this is all the kind of information we are giving away, we are giving away to the United States.
我們所有人都得明白 我們在搜尋時都太誠實了。 你把你搜尋紀錄給我看, 我五分鐘就能找到有罪的 或者尷尬的東西 我們對待搜尋引擎 比對家人還實在。 搜尋引擎比你的家人 更了解你。 這些都源於你給出的信息, 我們,給了美國這些信息。
And surveillance changes history. We know this through examples of corrupt presidents like Nixon. Imagine if he would have had the kind of surveillance tools that are available today. And let me actually quote the president of Brazil, Ms. Dilma Rousseff. She was one of the targets of NSA surveillance. Her email was read, and she spoke at the United Nations Headquarters, and she said, "If there is no right to privacy, there can be no true freedom of expression and opinion, and therefore, there can be no effective democracy."
監控改變了歷史。 我們從腐敗的總統尼克森案例可以證實。 想像一下,如果那時候 他有我們當今的監控設備。 我引用巴西總統 Dilma Rousseff 女士的一句話。 她也是美國國家安全局監視對象之一。 她的電子郵件被窺探 她在聯合國總部發言,說道, "如果沒有隱私權, 就沒有真正表達意見的自由, 因此,就沒有真正的民主。"
That's what it's about. Privacy is the building block of our democracies. And to quote a fellow security researcher, Marcus Ranum, he said that the United States is right now treating the Internet as it would be treating one of its colonies. So we are back to the age of colonization, and we, the foreign users of the Internet, we should think about Americans as our masters.
事實如此。 隱私是民主的基礎。 引用一位安全研究員,Marcus Ranum的話, 他說美國對待網絡的態度 就好像對待其殖民地一樣。 我們,回到了殖民時期, 我們,網絡的外國使用者, 應該把美國當做我們的主人。
So Mr. Snowden, he's been blamed for many things. Some are blaming him for causing problems for the U.S. cloud industry and software companies with these revelations -- and blaming Snowden for causing problems for the U.S. cloud industry would be the equivalent of blaming Al Gore for causing global warming.
斯諾登先生因很多事情被譴責。 有些責怪他給美國雲端產業 與這些揭秘相關的軟件公司 造成了那麼多麻煩-- 指責斯諾登給美國雲端產業造成麻煩 跟怪戈爾(美國前副總統)造成了 全球變暖一樣。
(Laughter)
(笑聲)
(Applause)
(掌聲)
So, what is there to be done? Should we worry. No, we shouldn't worry. We should be angry, because this is wrong, and it's rude, and it should not be done. But that's not going to really change the situation. What's going to change the situation for the rest of the world is to try to steer away from systems built in the United States. And that's much easier said than done. How do you do that? A single country, any single country in Europe cannot replace and build replacements for the U.S.-made operating systems and cloud services.
那我們該做些什麽? 我們該擔心嗎? 不,我們不必擔心。 我們應該憤怒, 因為這是錯誤的, 野蠻的,不應該出現的。 但是那也不會改變局面。 世界上其他國家, 要改變這個局面 就要繞過美國 建立的系統。 這個說比做容易。 怎麼做呢? 一個國家,任何一個歐洲的國家 都無法取代,無法創造 美國製造,運行的系統以及雲端服務的代替品。
But maybe you don't have to do it alone. Maybe you can do it together with other countries. The solution is open source. By building together open, free, secure systems, we can go around such surveillance, and then one country doesn't have to solve the problem by itself. It only has to solve one little problem. And to quote a fellow security researcher, Haroon Meer, one country only has to make a small wave, but those small waves together become a tide, and the tide will lift all the boats up at the same time, and the tide we will build with secure, free, open-source systems, will become the tide that will lift all of us up and above the surveillance state.
但是你沒必要自己完成。 你可以和其他國家聯合起來一起做。 辦法就是開放資源。 通過一起建立開放, 自由,安全的系統, 我們可以躲過這些監視, 一個國家不必自己解決這個問題。 他只需要解決一個小問題。 用一個安全研究員Haroon Meer的話, 一個國家只造成一個小浪花, 但是多個小浪花一起就成了潮流, 並且潮會讓所有的船同時上升, 我們建立的大潮 擁有安全,自由,開放的資源體系, 會把我們拖起來, 讓我們越過被監視的狀態。
Thank you very much.
非常感謝。
(Applause)
(掌聲)