Chris Anderson: We had Edward Snowden here a couple days ago, and this is response time. And several of you have written to me with questions to ask our guest here from the NSA. So Richard Ledgett is the 15th deputy director of the National Security Agency, and he's a senior civilian officer there, acts as its chief operating officer, guiding strategies, setting internal policies, and serving as the principal advisor to the director. And all being well, welcome, Rick Ledgett, to TED. (Applause)
克里斯‧安德森:爱德华‧斯诺登 数天前在这里发表演说, 现在是应答时间。 我收到来自你们的反馈 有些问题想要询问, 这位来自美国国家安全局的客人。 理查德‧莱杰特是第15任 美国国安局副局长, 他是一名资深的文职官员, 是首席运营官, 指导策略,制定内部政策, 并担任国安局局长的首席顾问。 一切都很顺利, 欢迎理查德‧莱杰特 来到 TED 讲台。 (掌声)
Richard Ledgett: I'm really thankful for the opportunity to talk to folks here. I look forward to the conversation, so thanks for arranging for that.
理查德‧莱杰特: 我非常感谢有这个机会, 能在这里和大家交流。 我非常期待这次的交谈, 谢谢你的安排。
CA: Thank you, Rick. We appreciate you joining us. It's certainly quite a strong statement that the NSA is willing to reach out and show a more open face here. You saw, I think, the talk and interview that Edward Snowden gave here a couple days ago. What did you make of it? RL: So I think it was interesting. We didn't realize that he was going to show up there, so kudos to you guys for arranging a nice surprise like that. I think that, like a lot of the things that have come out since Mr. Snowden started disclosing classified information, there were some kernels of truth in there, but a lot of extrapolations and half-truths in there, and I'm interested in helping to address those. I think this is a really important conversation that we're having in the United States and internationally, and I think it is important and of import, and so given that, we need to have that be a fact-based conversation, and we want to help make that happen.
克里斯‧安德森: 谢谢你,理查德。 我们感到十分荣幸。 这是相当有力的声明 表现出美国国家安全局 是愿意接触公众的, 同时表现出更加开放的态度。 我认为, 几天前在这里, 我们和爱德华‧斯诺登的对谈。 你有怎样的评论呢? 理查德‧莱杰特:我认为这很有趣。 我们没想到他会在那里出现, 感谢你们安排 这样有趣的惊喜。 我认为,像很多的事情爆发出来 自从斯诺登先生 开始披露保密信息资料, 有一些是事实真相, 但也带有大量的猜测 和半真半假的故事, 我很乐意就此提出见解。 我认为这是一个非常重要的对话 对美国 和在国际社会来说都是这样, 我认为这是至关重要的, 因此我们需要的是 基于事实的对话, 我们愿意为此做出努力。
CA: So the question that a lot of people have here is, what do you make of Snowden's motivations for doing what he did, and did he have an alternative way that he could have gone?
克里斯‧安德森: 在这儿,很多人感到好奇的问题是, 你认为斯诺登的动机是什么 他为什么要这样做, 他有其他选择吗?
RL: He absolutely did have alternative ways that he could have gone, and I actually think that characterizing him as a whistleblower actually hurts legitimate whistleblowing activities. So what if somebody who works in the NSA -- and there are over 35,000 people who do. They're all great citizens. They're just like your husbands, fathers, sisters, brothers, neighbors, nephews, friends and relatives, all of whom are interested in doing the right thing for their country and for our allies internationally, and so there are a variety of venues to address if folks have a concern. First off, there's their supervisor, and up through the supervisory chain within their organization. If folks aren't comfortable with that, there are a number of inspectors general. In the case of Mr. Snowden, he had the option of the NSA inspector general, the Navy inspector general, the Pacific Command inspector general, the Department of Defense inspector general, and the intelligence community inspector general, any of whom would have both kept his concerns in classified channels and been happy to address them. (CA and RL speaking at once) He had the option to go to congressional committees, and there are mechanisms to do that that are in place, and so he didn't do any of those things.
理查德‧莱杰特:他绝对有 除此之外的多种选择, 我认为 作为一名歇发者 实际上伤害正当的揭秘活动。 如果一个为美国国家安全局工作的人, 我们有超过 35000 名雇员。 他们都是好公民。 他们只是普通人, 像是你的丈夫,父亲,姐妹们, 兄弟,邻居,侄子,朋友,亲戚, 他们都致力于 为国家 和我们在国际上的盟友效力, 如果工作人员遇到一些困扰 有很多方式可以解决。 首先,他们有上司, 并且通过监管链向上 在他们的组织内部。 如果工作人员对这样的方式 感到不满意, 我们有许多监察人员 可以帮助处理问题。 就斯诺登先生的问题而言, 他可以寻求 美国国家安全局监察长, 海军总监察长, 太平洋司令部监察长, 国防部门监察长, 和情报系统监察长, 他们中的任何一位都会 将这样的问题归类 并且乐于帮助解决。 (CA 和 RL 同时讲话) 他可以选择去国会, 是有解决机制的, 然而他没有寻求 上述任何一种方式。
CA: Now, you had said that Ed Snowden had other avenues for raising his concerns. The comeback on that is a couple of things: one, that he certainly believes that as a contractor, the avenues that would have been available to him as an employee weren't available, two, there's a track record of other whistleblowers, like [Thomas Andrews Drake] being treated pretty harshly, by some views, and thirdly, what he was taking on was not one specific flaw that he'd discovered, but programs that had been approved by all three branches of government. I mean, in that circumstance, couldn't you argue that what he did was reasonable?
克里斯‧安德森:你刚刚说到, 斯诺登有其他的途径 来寻求解决他的问题。 主要有这样几件事情: 首先,他肯定认为, 作为一名合同工, 原本可以追溯的途径 却由于他是雇员而是不可用的, 第二,其他揭发者的记录, 像是 [托马斯‧安德鲁斯‧德雷克] 很多人认为, 受到了不好的对待, 第三,就他所看到的问题 并不是一种具体的缺陷, 而是,这样的程序已全被 三个政府部门批准了。 我的意思是,在这种情况下, 你认为他做的事情 是否合理?
RL: No, I don't agree with that. I think that the — sorry, I'm getting feedback through the microphone there — the actions that he took were inappropriate because of the fact that he put people's lives at risk, basically, in the long run, and I know there's been a lot of talk in public by Mr. Snowden and some of the journalists that say that the things that have been disclosed have not put national security and people at risk, and that is categorically not true. They actually do. I think there's also an amazing arrogance to the idea that he knows better than the framers of the Constitution in how the government should be designed and work for separation of powers and the fact that the executive and the legislative branch have to work together and they have checks and balances on each other, and then the judicial branch, which oversees the entire process. I think that's extremely arrogant on his part.
理查德‧莱杰特: 不,我不同意。 我认为 — — 对不起,我听到 那里的麦克风有些噪音 — — 他的行动是不适当的, 因为他给人们的生活带来风险, 基本上,从长远来看, 我知道在公共场合 斯诺登先生和一些记者 说已披露的事情 没有给国家安全和人民带来风险, 这绝对不是真实的。 事实上是有风险的。 我认为他令人惊异地骄傲自大, 仿佛他比制宪者 知道更多 有关政府该 如何治理与分权。 事实上,行政部门和立法部门 合作同时也彼此制衡, 还有司法部门 负责监督整个过程。 我认为他这样的想法是 非常傲慢自大的。
CA: Can you give a specific example of how he put people's lives at risk?
克里斯‧安德森: 请给出一个具体的例子好吗? 有关他是如何将人们置于危险中的?
RL: Yeah, sure. So the things that he's disclosed, the capabilities, and the NSA is a capabilities-based organization, so when we have foreign intelligence targets, legitimate things of interest -- like, terrorists is the iconic example, but it includes things like human traffickers, drug traffickers, people who are trying to build advanced weaponry, nuclear weapons, and build delivery systems for those, and nation-states who might be executing aggression against their immediate neighbors, which you may have some visibility into some of that that's going on right now, the capabilities are applied in very discrete and measured and controlled ways. So the unconstrained disclosure of those capabilities means that as adversaries see them and recognize, "Hey, I might be vulnerable to this," they move away from that, and we have seen targets in terrorism, in the nation-state area, in smugglers of various types, and other folks who have, because of the disclosures, moved away from our ability to have insight into what they're doing. The net effect of that is that our people who are overseas in dangerous places, whether they're diplomats or military, and our allies who are in similar situations, are at greater risk because we don't see the threats that are coming their way.
理查德‧莱杰特:好,没问题。 他已透露的情报, 国安局的能力, 和美国国家安全局是一个 基于能力的组织, 因此,当我们有境外情报目标, 合法的感兴趣的事 — — 恐怖分子是个标志性的例子, 但它也包括了像是贩卖人口, 贩卖毒品, 建造先进武器, 核武器的人, 为其提供运输途径的人, 那些可能侵犯其近邻的国家, 当发现这样的情况 和正在发生的这样的情况, 我们要让能力得到 分散的,指挥的,受控制的运用。 因此,不受约束地披露这样的能力 就意味着,对手会得到讯息 并意识到,"嘿,我有这个弱点," 他们就会避开, 我们看到恐怖主义的目标, 在民族国家范围, 在各种走私方式, 有些人,得益于这样的能力披露, 得以逃脱我们的视线, 我们很难得到 有关他们行踪的情报。 这样产生的效应是 我们在海外危险地区的工作人员, 无论他们是外交或是军事人员, 还有我们处于同样境地的盟友, 处于更大的风险中, 因为我们无法知晓 即将到来的对他们的威胁。
CA: So that's a general response saying that because of his revelations, access that you had to certain types of information has been shut down, has been closed down. But the concern is that the nature of that access was not necessarily legitimate in the first place. I mean, describe to us this Bullrun program where it's alleged that the NSA specifically weakened security in order to get the type of access that you've spoken of.
克里斯‧安德森: 总的来说,你的回应是 由于他的揭露行为, 你对某些信息的接触管道 被关闭了。 但关注点是,这种接触的性质 首先就不需要是合法的。 我的意思是,请给我们描述一下 这个布尔溪程序, 它宣称美国国家安全局 为了得到你所说的 那种信息的接触管道 是削弱了我们的安全的。
RL: So there are, when our legitimate foreign intelligence targets of the type that I described before, use the global telecommunications system as their communications methodology, and they do, because it's a great system, it's the most complex system ever devised by man, and it is a wonder, and lots of folks in the room there are responsible for the creation and enhancement of that, and it's just a wonderful thing. But it's also used by people who are working against us and our allies. And so if I'm going to pursue them, I need to have the capability to go after them, and again, the controls are in how I apply that capability, not that I have the capability itself. Otherwise, if we could make it so that all the bad guys used one corner of the Internet, we could have a domain, badguy.com. That would be awesome, and we could just concentrate all our efforts there. That's not how it works. They're trying to hide from the government's ability to isolate and interdict their actions, and so we have to swim in that same space. But I will tell you this. So NSA has two missions. One is the Signals Intelligence mission that we've unfortunately read so much about in the press. The other one is the Information Assurance mission, which is to protect the national security systems of the United States, and by that, that's things like the communications that the president uses, the communications that control our nuclear weapons, the communications that our military uses around the world, and the communications that we use with our allies, and that some of our allies themselves use. And so we make recommendations on standards to use, and we use those same standards, and so we are invested in making sure that those communications are secure for their intended purposes.
理查德‧莱杰特:是的,当我们 有我之前描述过的类型的 合法的外国情报目标, 使用全球电信系统 作为他们的通信方式, 他们这样做是因为 这是一个很棒的系统, 它是人类所能设计出来的 最复杂的系统, 它是一个奇迹, 很多工作人员在房间里 负责创造 和增强其应用 它是很好的系统。 但是用他的人也包括那些 对抗我们和我们盟友的人。 因此,如果我们要去追击他们, 就需要具备这样那样的能力 去找到他们, 再重申一次,将控件的 我该如何运用这种能力, 不是我本身所拥有的能力。 不然,如果我们能这样做 所有使用互联网的坏人 我们可以有个域名,badguy.com。 这会很棒, 我们可以把所有的心血专注于此。 可惜并不是这样。 他们试图 躲避政府 隔离并阻截他们的能力, 所以我们必须在 同一空间内活动。 我要说的是, 美国国家安全局有两个任务。 一是的信号情报任务 很遗憾,我们从媒体上读到了很多。 另一个是信息安全保障任务, 这是为了保护美国的国家安全系统, 我们所保护的通信包括下列这些 美国总统的通信往来, 管理核武器的通信, 我们世界范围内的军事通信, 我们与盟友共同使用的通信, 盟友间的通信。 所以我们提出 使用标准的建议, 我们也使用相同的标准, 我们投入 以确保使这些通信 是安全的。
CA: But it sounds like what you're saying is that when it comes to the Internet at large, any strategy is fair game if it improves America's safety. And I think this is partly where there is such a divide of opinion, that there's a lot of people in this room and around the world who think very differently about the Internet. They think of it as a momentous invention of humanity, kind of on a par with the Gutenberg press, for example. It's the bringer of knowledge to all. It's the connector of all. And it's viewed in those sort of idealistic terms. And from that lens, what the NSA has done is equivalent to the authorities back in Germany inserting some device into every printing press that would reveal which books people bought and what they read. Can you understand that from that viewpoint, it feels outrageous?
克里斯‧安德森: 你的意思是, 以互联网整体来看, 任何战略都是公平的游戏 只要它提高了美国的安全水平。 我想这就是出现 不同观点的部分, 很多人,包括这个房间里 和世界各地的人们 对互联网有不同看法。 他们认为互联网是重大的 人类发明, 可以与古腾堡印刷机相提并论。 它是人类知识的使者。 它是一切的连接器。 从那些有点理想主义的角度来看。 从那个角度看来, 美国国家安全局做的事相当于 德国当局 在每个印刷机里装上设备 了解人们买了哪些书 和他们所阅读的内容。 从这样的观点看来, 国安局的行为有些粗暴?
RL: I do understand that, and I actually share the view of the utility of the Internet, and I would argue it's bigger than the Internet. It is a global telecommunications system. The Internet is a big chunk of that, but there is a lot more. And I think that people have legitimate concerns about the balance between transparency and secrecy. That's sort of been couched as a balance between privacy and national security. I don't think that's the right framing. I think it really is transparency and secrecy. And so that's the national and international conversation that we're having, and we want to participate in that, and want people to participate in it in an informed way. So there are things, let me talk there a little bit more, there are things that we need to be transparent about: our authorities, our processes, our oversight, who we are. We, NSA, have not done a good job of that, and I think that's part of the reason that this has been so revelational and so sensational in the media. Nobody knew who we were. We were the No Such Agency, the Never Say Anything. There's takeoffs of our logo of an eagle with headphones on around it. And so that's the public characterization. And so we need to be more transparent about those things. What we don't need to be transparent about, because it's bad for the U.S., it's bad for all those other countries that we work with and that we help provide information that helps them secure themselves and their people, it's bad to expose operations and capabilities in a way that allows the people that we're all working against, the generally recognized bad guys, to counter those.
理查德‧莱杰特: 我明白并且同意互联网的功能, 我想说它比互联网更大。 它是一个全球电信系统。 互联网是其中的一个大块, 但还有更多。 我认为人们有正当理由关注 透明度和秘密的平衡。 这种表达也指 隐私和国家安全间的平衡。 这不认为这是正确的框架。 我认为它真的是透明且保密的。 我们正在讨论的 有关国家和国际的对话, 和我们想要参加其中, 希望人们了解。 所以有些事情, 让我扩展一下, 有件事情是需要保持透明的: 我们的当局,我们的流程, 我们的监督,我们是谁。 我们,美国国家安全局, 在这方面做得不够好, 我认为其中的原因 已经被媒体揭示 并引起轰动。 没人知道我们是谁。 我们是“没听过的机构”,“沉默的机构”。 我们标志里的老鹰起飞了 这只鹰还带着耳机。 这就是公共属性。 因此我们需要将这些事情透明化。 我们不需要保持透明的是 那些对美国来说不利的事情, 那些对与我们有合作的 接受我们信息的国家不利 这会帮助他们保护自己 以及人民的安全, 公开运作和能力是不利的行为 如果这样做将会使得那些 我们反对的人, 一般公认的坏人们, 能够有办法对付我们。
CA: But isn't it also bad to deal a kind of body blow to the American companies that have essentially given the world most of the Internet services that matter? RL: It is. It's really the companies are in a tough position, as are we, because the companies, we compel them to provide information, just like every other nation in the world does. Every industrialized nation in the world has a lawful intercept program where they are requiring companies to provide them with information that they need for their security, and the companies that are involved have complied with those programs in the same way that they have to do when they're operating in Russia or the U.K. or China or India or France, any country that you choose to name. And so the fact that these revelations have been broadly characterized as "you can't trust company A because your privacy is suspect with them" is actually only accurate in the sense that it's accurate with every other company in the world that deals with any of those countries in the world. And so it's being picked up by people as a marketing advantage, and it's being marketed that way by several countries, including some of our allied countries, where they are saying, "Hey, you can't trust the U.S., but you can trust our telecom company, because we're safe." And they're actually using that to counter the very large technological edge that U.S. companies have in areas like the cloud and Internet-based technologies.
克里斯▪安德森: 但是, 是不是也不好应对 惨败的美国公司 这些公司提供了世界上 大部分的互联网服务? 理查德▪莱杰特:是的。 确实这些公司都处于 一个艰难的位置,如同我们, 因为是我们 强迫这些公司提供信息, 就像在世界的每个其他国家一样。 世界上的每个工业化国家 都有一套合法截取信息的程序 他们要求公司 为他们提供用以保障安全 的信息, 这次事件所涉及的公司 都遵从这些程序 他们也要从事同样的活动 当营运在俄罗斯或英国 或中国或印度或法国, 你能说出的任何国家。 这些揭示 被广泛地描绘成 "你不能信任A公司,因为 您的隐私是不受他们保护的" 在某种意义上这是准确的 世界上的任何其他公司 在处理与任何国家间关系的时候。 这被人们用来 作为一个市场营销策略, 几个国家都在推销着 包括一些与我们联盟的国家, 他们说, “嘿,你不能信任美国, 但你可以信赖我们的通信公司, 因为我们保障用户的安全。” 实际上他们在用这个营销策略 来与美国的公司竞争 美国公司在云技术和 基于互联网的技术领域 有很大的技术优势。
CA: You're sitting there with the American flag, and the American Constitution guarantees freedom from unreasonable search and seizure. How do you characterize the American citizen's right to privacy? Is there such a right?
克里斯▪安德森: 你身后有美国国旗, 美国宪法保障了公民的 不遭受不合理的搜查和扣押的自由。 你是如何描述 美国公民隐私权的? 有这样的一种权利吗?
RL: Yeah, of course there is. And we devote an inordinate amount of time and pressure, inordinate and appropriate, actually I should say, amount of time and effort in order to ensure that we protect that privacy. and beyond that, the privacy of citizens around the world, it's not just Americans. Several things come into play here. First, we're all in the same network. My communications, I'm a user of a particular Internet email service that is the number one email service of choice by terrorists around the world, number one. So I'm there right beside them in email space in the Internet. And so we need to be able to pick that apart and find the information that's relevant. In doing so, we're going to necessarily encounter Americans and innocent foreign citizens who are just going about their business, and so we have procedures in place that shreds that out, that says, when you find that, not if you find it, when you find it, because you're certain to find it, here's how you protect that. These are called minimization procedures. They're approved by the attorney general and constitutionally based. And so we protect those. And then, for people, citizens of the world who are going about their lawful business on a day-to-day basis, the president on his January 17 speech, laid out some additional protections that we are providing to them. So I think absolutely, folks do have a right to privacy, and that we work very hard to make sure that that right to privacy is protected.
理查德▪莱杰特: 是的,当然有。 我们投入大量的时间和精力, 我是指,过度却又适当的, 时间和努力,以确保 我们保护公民隐私。 我们也保护, 不只是美国人,而是 世界各地公民的隐私权。 可以用几件事情来论述这点。 第一,我们都使用同一个网络。 我的通讯, 我是某个电子邮件公司的用户 这个是全球恐怖分子 首选的公司。 在互联网中,我的邮件账户就在 他们的电子邮件账户隔壁。 因此我们需要把这些信息拆分, 找出相关的信息。 要这样做,一定会遇到 美国人和无辜的外国公民 那些只是在忙各自事物的人。 因此,我们有操作程序 将那些事情分别出来, 也就是说,当你发现它, 不是如果你发现它,而是当你找到它, 因为你无法避免会发现它 这是你如何保护它的程序。 这些被称为,最小化程序。 他们是由联邦司法部批准 并且是基于宪法规定的。 于是,我们保护这样的信息。 对人们来说,世界上的公民 那些在处理其合法的业务 日常工作的, 总统在他1月17日的演讲中提到, 会有额外的保护措施 能提供给他们。 所以我绝对认为, 人们是有隐私权的, 我们非常努力工作以确保 这样的隐私权受到保护。
CA: What about foreigners using American companies' Internet services? Do they have any privacy rights?
克里斯‧安德森:那么当外国人使用 美国公司的互联网服务 他们有任何隐私权吗?
RL: They do. They do, in the sense of, the only way that we are able to compel one of those companies to provide us information is when it falls into one of three categories: We can identify that this particular person, identified by a selector of some kind, is associated with counterterrorist or proliferation or other foreign intelligence target.
理查德‧莱杰特: 他们有。 他们有,从某种意义上说, 只有这样,我们才能够强迫 某一家公司为我们提供信息 是当他属于下列 三个类别之一的情况下: 我们可以确定,这个特定的人, 被挑选出来认为 与反恐怖主义或者 核扩散或其他境外情报目标。
CA: Much has been made of the fact that a lot of the information that you've obtained through these programs is essentially metadata. It's not necessarily the actual words that someone has written in an email or given on a phone call. It's who they wrote to and when, and so forth. But it's been argued, and someone here in the audience has talked to a former NSA analyst who said metadata is actually much more invasive than the core data, because in the core data you present yourself as you want to be presented. With metadata, who knows what the conclusions are that are drawn? Is there anything to that?
克里斯‧安德森: 事实上, 你们已经通过这些计划 获得了很多信息, 本质上是元数据。 它不一定是实际的语词, 像是某人电子邮件中写的内容 或是一通电话里说的话。 而是收件方是谁,什么时候写的,等等。 但有人一直认为, 这座观众中有人与 前美国国家安全局分析师交谈过 那位分析师说 元数据实际上 比核心数据更具有攻击性, 因为在核心数据 你表现出的是你希望展现的样子。 而元数据,谁知道会被得出 怎样的结论? 是这样吗?
RL: I don't really understand that argument. I think that metadata's important for a couple of reasons. Metadata is the information that lets you find connections that people are trying to hide. So when a terrorist is corresponding with somebody else who's not known to us but is engaged in doing or supporting terrorist activity, or someone who's violating international sanctions by providing nuclear weapons-related material to a country like Iran or North Korea, is trying to hide that activity because it's illicit activity. What metadata lets you do is connect that. The alternative to that is one that's much less efficient and much more invasive of privacy, which is gigantic amounts of content collection. So metadata, in that sense, actually is privacy-enhancing. And we don't, contrary to some of the stuff that's been printed, we don't sit there and grind out metadata profiles of average people. If you're not connected to one of those valid intelligence targets, you are not of interest to us.
理查德‧莱杰特: 我不是很明白这一论点。 我认为元数据的重要性 有下列几个原因。 元数据可以让你找到 人们试图隐藏的关系。 因此当一名恐怖分子在回应 某个我们不知道的人, 而这人从事或支持恐怖活动, 这人或许违反了国际制裁 提供与核武器相关的材料 给伊朗或朝鲜这样的国家, 正试图隐藏这种活动, 因为它是非法的。 元数据在这种时候就能帮你 连接这些资讯。 供替代的做法 是一种效率较低的 并且更加侵犯隐私权的方式, 那将是数量庞大的内容集合。 因此元数据,在这个意义上, 其实是加强隐私的。 我们不像报道中 所说的那样, 我们不会坐在那里 查看普罗大众的元数据文件。 如果你没有与那些 有根据的情报目标有联系, 我们对你并不感兴趣。
CA: So in terms of the threats that face America overall, where would you place terrorism?
克里斯‧安德森:总地来说 以美国所面临的威胁, 你认为恐怖主义的重要性在哪个位置?
RL: I think terrorism is still number one. I think that we have never been in a time where there are more places where things are going badly and forming the petri dish in which terrorists take advantage of the lack of governance. An old boss of mine, Tom Fargo, Admiral Fargo, used to describe it as arcs of instability. And so you have a lot of those arcs of instability in the world right now, in places like Syria, where there's a civil war going on and you have massive numbers, thousands and thousands of foreign fighters who are coming into Syria to learn how to be terrorists and practice that activity, and lots of those people are Westerners who hold passports to European countries or in some cases the United States, and so they are basically learning how to do jihad and have expressed intent to go out and do that later on in their home countries. You've got places like Iraq, which is suffering from a high level of sectarian violence, again a breeding ground for terrorism. And you have the activity in the Horn of Africa and the Sahel area of Africa. Again, lots of weak governance which forms a breeding ground for terrorist activity. So I think it's very serious. I think it's number one. I think number two is cyber threat. I think cyber is a threat in three ways: One way, and probably the most common way that people have heard about it, is due to the theft of intellectual property, so basically, foreign countries going in, stealing companies' secrets, and then providing that information to state-owned enterprises or companies connected to the government to help them leapfrog technology or to gain business intelligence that's then used to win contracts overseas. That is a hugely costly set of activities that's going on right now. Several nation-states are doing it. Second is the denial-of-service attacks. You're probably aware that there have been a spate of those directed against the U.S. financial sector since 2012. Again, that's a nation-state who is executing those attacks, and they're doing that as a semi-anonymous way of reprisal. And the last one is destructive attacks, and those are the ones that concern me the most. Those are on the rise. You have the attack against Saudi Aramco in 2012, August of 2012. It took down about 35,000 of their computers with a Wiper-style virus. You had a follow-on a week later to a Qatari company. You had March of 2013, you had a South Korean attack that was attributed in the press to North Korea that took out thousands of computers. Those are on the rise, and we see people expressing interest in those capabilities and a desire to employ them.
理查德‧莱杰特: 我认为 恐怖主义仍是第一位的。 我们从来没有过在一段时间内 有越来越多的地方 事情变得越来越糟糕, 恐怖分子利用政府的治理漏洞 来制造恐怖活动培养皿。 我的老领导,汤姆·法戈,法戈上将, 用不稳定的弧线描述它。 当今世界上,有很多 这样不稳定的因素, 在叙利亚,正在进行一次内战 你会得到大量的数字, 成千上万的外国武装分子 正在前往叙利亚 去了解如何成为恐怖分子 实践恐怖活动, 那些人中的很多是西方人 持有欧洲国家的护照 或在某些情况下,美国护照, 他们去学习如何参与圣战, 表达了走出去 以后在自己的国家实践 这样的意图。 像伊拉克这样的地方 遭受着更高水平的宗派暴力事件, 于是再一次成为 恐怖主义的滋生地。 一些活动发生在非洲之角 和非洲的萨赫勒地区。 再次,许多政府治理的薄弱性 造就了恐怖活动的温床。 因此我认为这是非常严重的。 我认为它是我国面临的首要威胁。 第二个是网络安全威胁。 我认为网络是安全威胁 表现在三个方面: 方式一,也是人们听说过 最常见的方式, 是盗窃知识产权, 基本上,外国进入网络, 窃取公司机密, 然后将该信息 提供给国有企业 或是与政府有关系的公司 以帮助他们跨越技术的鸿沟 或者是获得商业情报 用于赢得境外合同。 这是一套非常昂贵的活动。 几个民族国家正在进行这样的活动。 第二是阻绝服务攻击。 你可能注意到自2012年起 已经出现一连串针对 美国金融业的攻击。 再次,执行这些攻击的,是某一个国家, 他们一直在这样做, 作为一种半匿名式的报复。 最后一个是破坏性的攻击, 这是我最担心的。 这些行动有上升的趋势。 在2012年有针对 沙特阿美石油公司的攻击, 那是在2012年的8月。 大约35,000台电脑遭到 雨刷风格的病毒攻击。 一周后延续到 一家卡塔尔公司。 在2013年3月, 一场针对韩国的攻击, 新闻界将其归功于朝鲜, 当时数千台计算机遭到攻击。 这些行动出现的频率正在上升, 我们感到人们正在 对这样的行为表示兴趣 并且有实施这一行为的愿望。
CA: Okay, so a couple of things here, because this is really the core of this, almost. I mean, first of all, a lot of people who look at risk and look at the numbers don't understand this belief that terrorism is still the number one threat. Apart from September 11, I think the numbers are that in the last 30 or 40 years about 500 Americans have died from terrorism, mostly from homegrown terrorists. The chance in the last few years of being killed by terrorism is far less than the chance of being killed by lightning. I guess you would say that a single nuclear incident or bioterrorism act or something like that would change those numbers. Would that be the point of view?
克里斯‧安德森:一些事情, 因为这几乎是真正的核心部分。 我的意思是,首先, 很多人看到风险 再看到数字 不明白仍将恐怖主义 视为头号威胁的原因。 除了911事件之外, 数据表明在过去的 30年或40年间 美国约有500人死于恐怖主义, 绝大多数死于本土恐怖分子手中。 在过去的几年中 死于恐怖主义的几率 是远小于被雷电击中的几率的。 我猜你会解释说某一起核事故 或生化恐怖主义行为或类似的事情 就能改变这些数字。 是这样吗?
RL: Well, I'd say two things. One is, the reason that there hasn't been a major attack in the United States since 9/11, that is not an accident. That's a lot of hard work that we have done, that other folks in the intelligence community have done, that the military has done, and that our allies around the globe have done. You've heard the numbers about the tip of the iceberg in terms of numbers of terrorist attacks that NSA programs contributed to stopping was 54, 25 of those in Europe, and of those 25, 18 of them occurred in three countries, some of which are our allies, and some of which are beating the heck out of us over the NSA programs, by the way. So that's not an accident that those things happen. That's hard work. That's us finding intelligence on terrorist activities and interdicting them through one way or another, through law enforcement, through cooperative activities with other countries and sometimes through military action. The other thing I would say is that your idea of nuclear or chem-bio-threat is not at all far-fetched and in fact there are a number of groups who have for several years expressed interest and desire in obtaining those capabilities and work towards that.
理查德‧莱杰特: 好吧, 我主要说两件事。 其中一个就是, 美国自9/11以来 并未遭受重大的恐怖袭击 不是偶然的。 因为我们很努力地工作, 那些在情报系统 任职的工作人员的工作成果, 那些军队的工作成果, 和我们全球各地的盟友的工作成果。 那些数字 只是冰山一角, 美国国家安全局项目 成功阻止了54场恐怖袭击, 25起在欧洲, 那25起中的, 18起出现在三个国家, 其中包括我们的盟友, 顺便说一下,其中有些打败了 美国国家安全局的程序。 因此,那些事情发生不是偶然的。 是辛苦工作的成果。 我们寻找 关于恐怖活动的情报 通过这样那样的方式封锁他们, 通过诉诸法律, 通过与其他国家通力合作 有时候会采取军事行动。 我想说的另一件事是 有关核武器或生化武器的想法 绝不牵强, 确实有一些团体 常年保有希望获得 这样能力的兴趣, 并且已经在付诸行动。
CA: It's also been said that, of those 54 alleged incidents, that as few as zero of them were actually anything to do with these controversial programs that Mr. Snowden revealed, that it was basically through other forms of intelligence, that you're looking for a needle in a haystack, and the effects of these programs, these controversial programs, is just to add hay to the stack, not to really find the needle. The needle was found by other methods. Isn't there something to that?
克里斯‧安德森:也有人说, 那54起的指控, 和斯诺登先生透露的 饱受争议的项目 之间的联系 趋拘于零, 那是通过其他形式的情报工作, 如同你在干草堆中寻找一根针, 这些项目的影响 这些有争议的项目, 只是往干草堆中添加干草, 而非找到那根针。 针是通过其他方式发现的。 请问你要如何回应?
RL: No, there's actually two programs that are typically implicated in that discussion. One is the section 215 program, the U.S. telephony metadata program, and the other one is popularly called the PRISM program, and it's actually section 702 of the FISA Amendment Act. But the 215 program is only relevant to threats that are directed against the United States, and there have been a dozen threats where that was implicated. Now what you'll see people say publicly is there is no "but for" case, and so there is no case where, but for that, the threat would have happened. But that actually indicates a lack of understanding of how terrorist investigations actually work. You think about on television, you watch a murder mystery. What do you start with? You start with a body, and then they work their way from there to solve the crime. We're actually starting well before that, hopefully before there are any bodies, and we're trying to build the case for who the people are, what they're trying to do, and that involves massive amounts of information. Think of it is as mosaic, and it's hard to say that any one piece of a mosaic was necessary to building the mosaic, but to build the complete picture, you need to have all the pieces of information. On the other, the non-U.S.-related threats out of those 54, the other 42 of them, the PRISM program was hugely relevant to that, and in fact was material in contributing to stopping those attacks.
理查德‧莱杰特:不,实际上两个程序 涉及到这方面的讨论。 一是章节215项目, 美国电话系统元数据的程序, 另一个是 俗称的棱镜门程序, 它是外国情报监听法 修正案第702条。 但是215程序 只与直接针对美国的 行动有关, 受此牵连的 有十几个威胁。 现在你会看到人们公开说 是有没有",但却"的情况下, 所以有没有什么地方,但为此, 威胁将会发生。 但是,实际上表明了一种无知, 人们不了解调查恐怖分子 的工作是如何完成的。 你想到在电视上, 看到一个神秘的谋杀。 你是如何开始?开始于一个人, 他们解决犯罪。 实际上我们在那之前就开始工作了, 希望在任何机构前工作, 我们试图建立档案 这些人是谁,他们想做些什么, 这就涉及到大量的信息。 把它想作是马赛克, 很难说,马赛克中任何一片 对建筑马赛克至关重要, 但是为了建立完整的图片, 你需要有所有的信息片段。 另一方面,那54起 并非与美国相关的威胁 其中的42件, 棱镜项目与其非常相关, 事实上是在提供材料 以阻止这些攻击。
CA: Snowden said two days ago that terrorism has always been what is called in the intelligence world "a cover for action," that it's something that, because it invokes such a powerful emotional response in people, it allows the initiation of these programs to achieve powers that an organization like yours couldn't otherwise have. Is there any internal debate about that?
克里斯‧安德森:斯诺登两天前说 恐怖主义一直 在情报系统称之为 "行动的幌子", 这是重要的, 因为它会调动人们 强大的情绪反应, 它允许这些程序启动, 让像你们这样的机构本拥有 本不该有的权利。 关于这个话题你们有内部辩论吗?
RL: Yeah. I mean, we debate these things all the time, and there is discussion that goes on in the executive branch and within NSA itself and the intelligence community about what's right, what's proportionate, what's the correct thing to do. And it's important to note that the programs that we're talking about were all authorized by two different presidents, two different political parties, by Congress twice, and by federal judges 16 different times, and so this is not NSA running off and doing its own thing. This is a legitimate activity of the United States foreign government that was agreed to by all the branches of the United States government, and President Madison would have been proud.
理查德‧莱杰特:是的。 我的意思是,我们时常 在辩论这些问题, 在行政部门还有 持续不断的讨论 在美国国家安全局内部 和情报系统 关于什么是正确的,什么是相称的, 什么是正确的事情。 重点提一下这些 我们正在谈论的项目 是被两个不同的总统授权的, 两个不同的政党, 两次经手国会, 由联邦法官16次不同时间, 所以这不是美国国家安全局 自编自导自演的。 这是一项合法的活动, 让美国国外政府, 美国政府的 所有分支, 和麦迪逊总统感到自豪。
CA: And yet, when congressmen discovered what was actually being done with that authorization, many of them were completely shocked. Or do you think that is not a legitimate reaction, that it's only because it's now come out publicly, that they really knew exactly what you were doing with the powers they had granted you?
克里斯‧安德森:然而, 当国会议员们发现 在授权情况下实际上的行为, 他们中的很多都完全惊呆了。 或者,你认为那不是一个合理的反应, 它是因为公开在民众眼前, 他们才真的知道你们在做什么 在他们授予的权力之下?
RL: Congress is a big body. There's 535 of them, and they change out frequently, in the case of the House, every two years, and I think that the NSA provided all the relevant information to our oversight committees, and then the dissemination of that information by the oversight committees throughout Congress is something that they manage. I think I would say that Congress members had the opportunity to make themselves aware, and in fact a significant number of them, the ones who are assigned oversight responsibility, did have the ability to do that. And you've actually had the chairs of those committees say that in public. CA: Now, you mentioned the threat of cyberattacks, and I don't think anyone in this room would disagree that that is a huge concern, but do you accept that there's a tradeoff between offensive and defensive strategies, and that it's possible that the very measures taken to, "weaken encryption," and allow yourself to find the bad guys, might also open the door to forms of cyberattack?
理查德‧莱杰特:国会是一个巨大的组织, 国会议员有535名, 人员经常变动, 众议院每隔两年变动, 我认为美国国家安全局提供了 监督委员会所需的所有相关信息, 然后这些信息的传播 通过整个国会监督委员会 是他们管理的东西。 我会说,国会议员 有机会让自己意识到这些, 事实上他们中的大多数, 那些被分配有监督责任的人 没有能力做到这一点。 委员会主席在公共场合说过多次。 克里斯‧安德森:你所提到 网络攻击的威胁 我认为在场所有人都同意 这是一个巨大的关注点, 但你是否认为有个权衡点 在进攻性和防御性战略之间, 和它是可能,而采取的非常措施 以"削弱加密" 允许你自己找到的坏家伙, 可能还敞开一扇门招致网络攻击吗?
RL: So I think two things. One is, you said weaken encryption. I didn't. And the other one is that the NSA has both of those missions, and we are heavily biased towards defense, and, actually, the vulnerabilities that we find in the overwhelming majority of cases, we disclose to the people who are responsible for manufacturing or developing those products. We have a great track record of that, and we're actually working on a proposal right now to be transparent and to publish transparency reports in the same way that the Internet companies are being allowed to publish transparency reports for them. We want to be more transparent about that. So again, we eat our own dog food. We use the standards, we use the products that we recommend, and so it's in our interest to keep our communications protected in the same way that other people's need to be.
理查德‧莱杰特:我想说两件事情。 一是你说的削弱加密。我没有。 那是另一个 美国国家安全局 同时具有这些特派团, 我们都严重偏向于防御, 实际上,我们发现的漏洞 在绝大多数情况下, 我们向那些负责任的人披露 那些人负责制造或开发这些产品。 我们有记录, 我们实际上正在建议 要透明,透明度报告发布 与互联网公司同样 都允许发布透明度报告。 我们想要变得更加透明。 同样的我们吃我们自己的狗食。 我们使用同样的标准, 我们使用同样的产品 我们建议, 所以这是我们的利益所在 以保护我们的通信 以其他人所需要的同样的方式。
CA: Edward Snowden, when, after his talk, was wandering the halls here in the bot, and I heard him say to a couple of people, they asked him about what he thought of the NSA overall, and he was very complimentary about the people who work with you, said that it's a really impassioned group of employees who are seeking to do the right thing, and that the problems have come from just some badly conceived policies. He came over certainly very reasonably and calmly. He didn't come over like a crazy man. Would you accept that at least, even if you disagree with how he did it, that he has opened a debate that matters?
克里斯‧安德森:爱德华‧斯诺登 在他的谈话之后通过机器人 在这里徘徊, 我听到几个人 问他对于美国国安局 总的看法, 他对那些与你共事的人 称赞有加, 他说这些是 充满干劲的员工, 这些员工在做正确的事, 而问题只是来自于 错误构想的政策。 他的表现非常合理并且冷静。 他不是个疯子。 你会接受这样的看法吗, 即使你不同意他的作法, 但他开启了一场重要辩论?
RL: So I think that the discussion is an important one to have. I do not like the way that he did it. I think there were a number of other ways that he could have done that that would have not endangered our people and the people of other nations through losing visibility into what our adversaries are doing. But I do think it's an important conversation.
理查德‧莱杰特:我认为, 讨论是重要的。 我不喜欢他那样的处理方式。 我认为有多种其他的方法 可供选择, 那些方法不会危及我们的人民 和其他国家的人民, 失去看到我们对手 在做什么的能力。 但我认为它是一个重要的谈话。
CA: It's been reported that there's almost a difference of opinion with you and your colleagues over any scenario in which he might be offered an amnesty deal. I think your boss, General Keith Alexander, has said that that would be a terrible example for others; you can't negotiate with someone who's broken the law in that way. But you've been quoted as saying that, if Snowden could prove that he was surrendering all undisclosed documents, that a deal maybe should be considered. Do you still think that?
克里斯‧安德森:报道称 你和你的同事们 有着几乎不同的意见 在何种情况下, 他可能会提出大赦协议。 我想,你的老板, 基思‧亚历山大将军, 说过这这将是一个对他人的 糟糕示范; 你不能与那些已经 已经触犯了法律的人商谈。 但你曾说过, 如果斯诺登交出 所有未披露的文件, 这样的交易也许应该可以考虑。 你仍然这样认为吗?
RL: Yeah, so actually, this is my favorite thing about that "60 Minutes" interview was all the misquotes that came from that. What I actually said, in response to a question about, would you entertain any discussions of mitigating action against Snowden, I said, yeah, it's worth a conversation. This is something that the attorney general of the United States and the president also actually have both talked about this, and I defer to the attorney general, because this is his lane. But there is a strong tradition in American jurisprudence of having discussions with people who have been charged with crimes in order to, if it benefits the government, to get something out of that, that there's always room for that kind of discussion. So I'm not presupposing any outcome, but there is always room for discussion.
理查德‧莱杰特:是的,实际上, 这是我最喜欢的《60分钟》 采访, 一切都是值得。 我在回答如下问题, 你愿意包容 有关减轻对斯诺登采取行动的讨论吗? 我说是的, 它是值得的一次谈话。 这些事情美国的司法部长 和总统都 谈到过这样的问题, 我遵从司法部长, 因为这是他的领域。 但是美国法律界 较强的传统是 与那些被控有罪 但可能对政府有益的人 进行交谈协商, 以得到一些东西, 总会有这种讨论的余地。 所以我不会假设任何结果, 但总是会有讨论的空间。
CA: To a lay person it seems like he has certain things to offer the U.S., the government, you, others, in terms of putting things right and helping figure out a smarter policy, a smarter way forward for the future. Do you see, has that kind of possibility been entertained at all? RL: So that's out of my lane. That's not an NSA thing. That would be a Department of Justice sort of discussion. I'll defer to them.
克里斯‧安德森:在非专业人士看来 他有一些东西可以提供给美国, 政府,你,其他人, 以纠正错误 并帮助找出一个更优异的政策, 和走向未来的好方法。 你认为这种可能性 会被包容吗? 理查德‧莱杰特:这已超出我领域。 这不是一个美国国家安全局的事情。 这将是司法部的 研究讨论。 我会听从他们。
CA: Rick, when Ed Snowden ended his talk, I offered him the chance to share an idea worth spreading. What would be your idea worth spreading for this group?
克里斯‧安德森:理查德, 当斯诺登结束讲话的时候, 我请他分享 值得传播的想法。 你值得传播的想法 是什么呢?
RL: So I think, learn the facts. This is a really important conversation, and it impacts, it's not just NSA, it's not just the government, it's you, it's the Internet companies. The issue of privacy and personal data is much bigger than just the government, and so learn the facts. Don't rely on headlines, don't rely on sound bites, don't rely on one-sided conversations. So that's the idea, I think, worth spreading. We have a sign, a badge tab, we wear badges at work with lanyards, and if I could make a plug, my badge lanyard at work says, "Dallas Cowboys." Go Dallas. I've just alienated half the audience, I know. So the lanyard that our people who work in the organization that does our crypto-analytic work have a tab that says, "Look at the data." So that's the idea worth spreading. Look at the data.
理查德‧莱杰特:我认为是,了解事实。 这是一个非常重要的谈话, 它的影响涉及极广, 不只是有关于美国国家安全局, 不是只有关于政府, 它有关于你,它有关于互联网公司。 隐私和个人数据的问题 比政府多得多, 所以了解事实。 不要依赖头条新闻, 不要依赖于大众评论, 不要依赖于片面的看法。 这就是我认为,值得推广的想法。 我们有一个标志, 一个徽章, 我们在工作时 用挂袋佩戴徽章, 如果我能制作一个插头, 证件挂绳上写着, "达拉斯牛仔队"。 去达拉斯。 我已经疏远了一半的观众,我知道。 所以我们员工 那些在工作中 处理密码分析的员工 有一个挂绳标签, 写着“看看这些数据”。 这就是值得传播的思想。 看看数据。
CA: Rick, it took a certain amount of courage, I think, actually, to come and speak openly to this group. It's not something the NSA has done a lot of in the past, and plus the technology has been challenging. We truly appreciate you doing that and sharing in this very important conversation. Thank you so much.
克里斯‧安德森:理查德, 这需要很大的勇气, 我认为,来到这里 公开演讲。 这不只关于美国国家安全局 过去的工作成就, 这也涉及了对技术水平的挑战。 我们真的很感激你来到这里 与我们大家共享非常重要的演说。 非常感谢。
RL: Thanks, Chris.
理查德‧莱杰特:谢谢你,克里斯。
(Applause)
(掌声)