這算是這禮拜資安方面比較大的消息吧?蘋果 CEO Tim Cook 前幾天在官方網站上發布公開信反對聯邦調查局 (FBI) 與美國政府以要求協助調查 2015 年 12 月發生於南加州的聖貝納迪諾槍擊案 (San Bernardino) 為由要求蘋果提供「特殊方式」以讓政府部門能夠降低破解兇嫌手機的困難度,以檢查其中是否有與案情相關的證據。
其實一直以來美國政府在資訊安全與隱私方面就有很多讓人懷疑甚至引人非議的做法,特別是由愛德華·史諾登所揭露,從 2007 年開始執行的 PRISM 計畫 (稜鏡計畫 US-984XN),根據被揭露的訊息,幾乎你我每天所使用的科技公司都有被強迫或半強迫加入 PRISM 計畫,美國政府以各種行政手段甚至罰鍰來逼迫各大科技公司提供管道或協助監聽用戶傳遞的所有內容,而由於全世界排行前幾大的網路公司幾乎都在美國,因此這計畫的影響幾乎是全球性的,至今仍然在持續延燒著,而本次蘋果 (根據被洩漏的文件,蘋果當時也有被迫參與 PRISM) 的反撲無疑讓社會大眾再次想起資訊安全的重要性與對個人隱私遭侵犯的警覺。
以下附上蘋果 CEO Tim Cook 發出的公開信並提供站長製作的中文翻譯:
內容目錄
蘋果公開信全文與中文翻譯對照
中文部分由站長翻譯完成,僅供參考,若翻譯後文字與蘋果官方說法有抵觸時請以英文原文為準。
A Message to Our Customers
給客戶的一封公開信
The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.
美國政府對蘋果公司提出了一項前所未見的要求,而這項命令威脅了我們客戶的資料安全。我們已經正式拒絕這項命令,這意味著目前而言,我們正在進行一項違反法令的舉動。
This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake.
此時此刻,我們呼籲社會大眾應該開始討論這件事情,我們希望我們的客戶與美國國民們能夠了解美國政府的舉動正在讓什麼事物瀕臨險境。
The Need for Encryption
加密的必要性之所在
Smartphones, led by iPhone, have become an essential part of our lives. People use them to store an incredible amount of personal information, from our private conversations to our photos, our music, our notes, our calendars and contacts, our financial information and health data, even where we have been and where we are going.
以 iPhone 為首的智慧型手機已經成為你我生活當中不可或缺的一部分。人們使用這些裝置來儲存為數驚人的個人資訊,舉凡私人對話或我們的相片、音樂、筆記、行事曆與聯絡人,與我們的財務資訊與健康紀錄,甚至是你我曾經到過哪些地方、將要去哪些地方的位置紀錄都在其中。
All that information needs to be protected from hackers and criminals who want to access it, steal it, and use it without our knowledge or permission. Customers expect Apple and other technology companies to do everything in our power to protect their personal information, and at Apple we are deeply committed to safeguarding their data.
所有這些資料都必須被嚴加保護以遠離想在未經我們認知或允許的情況下存取或盜取它們的駭客或犯罪者。我們的客戶預期蘋果與其他科技公司會盡一切力量與努力來保護其的個人資料,而在蘋果,我們也始終致力於保護他們的資料。
Compromising the security of our personal information can ultimately put our personal safety at risk. That is why encryption has become so important to all of us.
對個人資料安全的妥協非常可能會使得我們的個人資料被推向險境,這就是為什麼對我們所有人來說,加密變得如此重要的原因。
For many years, we have used encryption to protect our customers’ personal data because we believe it’s the only way to keep their information safe. We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.
許多年來,我們使用加密技術來保護我們客戶的個人資料,因為我們相信這是確保客戶資料安全的唯一方法,我們甚至將那些資料處理到我們自己也無法存取,因為我們認為您的 iPhone 儲存的資料與我們一點關係也沒有,當然也無權存取。
The San Bernardino Case
有關聖貝納迪諾槍擊案
We were shocked and outraged by the deadly act of terrorism in San Bernardino last December. We mourn the loss of life and want justice for all those whose lives were affected. The FBI asked us for help in the days following the attack, and we have worked hard to support the government’s efforts to solve this horrible crime. We have no sympathy for terrorists.
我們對去年十二月發生於聖貝納迪諾的恐怖行動感到震驚與憤慨,我們為生命的消逝哀悼並且希望能夠還給所有受害者正義。因此當聯邦調查局 (FBI) 在該次恐怖攻擊事件發生的幾天之後向我們尋求協助時,我們就非常努力於協助政府偵辦此一恐怖的犯罪行為。我們對恐怖分子沒有任何一絲同情。
When the FBI has requested data that’s in our possession, we have provided it. Apple complies with valid subpoenas and search warrants, as we have in the San Bernardino case. We have also made Apple engineers available to advise the FBI, and we’ve offered our best ideas on a number of investigative options at their disposal.
當聯邦調查局 (FBI) 要求我們提供手上所持有的資料時,我們依照其指示提供了相關的資料。蘋果也如同我們先前在聖貝納迪諾槍擊案偵辦過程中的做法,遵從了傳票與搜索票的指示並讓我們的工程師向 FBI 提供技術方面的支援與建議,也在 FBI 的安排下盡最大的努力提供調查方面的協助。
We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.
我們非常尊重 FBI 的專業,並且相信他們的立意是良善的。基於這樣的認知,我們已在我們力所能及且合法的範圍內提供我們所能提供的所有協助。但美國政府現在卻要求我們提供一樣我們根本沒有的工具、同時也是一項我們認為被創造出來之後會帶來極大危險的工具-他們要求我們在 iPhone 上建立一道後門。
Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.
確切地說,FBI 希望我們能製作一個特別的 iPhone 作業系統版本,能夠安裝於調查過程中所取得的 iPhone 上,讓調查人員能夠繞過幾項重要的安全功能。然而一但這項軟體 (目前為止還不存在) 落入他人手中,就可能會導致當任何 iPhone 落入某人手中時,就能夠輕易將其解鎖的情況。
The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.
FBI 或許會使用不同的言詞來描述這項工具,但可別誤會了:以此方式創造一個能夠繞過安全功能的 iOS 版本的行為就是創造後門的事實是不容否認的。儘管政府可能表示這項工具只會被用於這個案件上,但沒有任何方式能夠真正確保一切情況都能在控制中。
The Threat to Data Security
對資料安全的威脅
Some would argue that building a backdoor for just one iPhone is a simple, clean-cut solution. But it ignores both the basics of digital security and the significance of what the government is demanding in this case.
某些人或許會認為在 iPhone 上創造一個後門是簡單俐落的解決方案,但這樣的想法忽略的數位資料安全性的根本原則與政府在此事件中提出如此要求的實際意義。
In today’s digital world, the “key” to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.
在當今的數位世界中,對加密系統來說「鑰匙」是一段可以用於解鎖資料的資訊,而加密資訊的安全性也就僅止於對金鑰的保護有多少。一但用於解鎖資料的資訊被得知,或是能夠繞過密碼的方式被揭露,這道加密就能被任何具有相關資訊的人輕而易舉地破解。
The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.
政府建議我們將這項工具設計為每台手機只能使用一次,但這是不切實際的。一但這項技術被創造出來,就能夠被一再的在任意數量的裝置上重複使用。在現實世界中可以被類比為萬能鑰匙,能夠用來打開數以萬計的鎖-舉凡餐廳、銀行到商店或住家。任何明理的人都會發現這是不能被接受的。
The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.
政府正在要求蘋果入侵我們自己的用戶並摧毀數十年來為了從網路犯罪者或駭客手中保護我們的客戶 (包含了成千上萬的美國公民) 而生的安全技術強化。極為諷刺地,無數在 iPhone 上創造這些強大加密技術的工程師,今天卻被要求弱化這些保護以讓我們的客戶不再安全。
We can find no precedent for an American company being forced to expose its customers to a greater risk of attack. For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data. Criminals and bad actors will still encrypt, using tools that are readily available to them.
我們未能找到任何美國公司被強迫將其客戶暴露於巨大的攻擊威脅中的先例。多年來,密碼學家與國家安全專家們對加密手段的弱化提出警告,這麼做只會傷害到那些依賴像是蘋果等公司保護其資料的善良公民,而罪犯們卻會繼續使用這些已存在的工具來加密他們的資料。
A Dangerous Precedent
危險的先例
Rather than asking for legislative action through Congress, the FBI is proposing an unprecedented use of the All Writs Act of 1789 to justify an expansion of its authority.
FBI 選擇史無前例地運用 1789 年的 All Writs Act 法案來為其行為提供授權基礎,而不是請求國會動用立法權。
The government would have us remove security features and add new capabilities to the operating system, allowing a passcode to be input electronically. This would make it easier to unlock an iPhone by “brute force,” trying thousands or millions of combinations with the speed of a modern computer.
政府要求我們移除某些安全功能並對作業系統加入一些新的能力,以允許透過電子方式自動輸入密碼,這會使得使用暴力破解法 (使用現代電腦的性能來嘗試數百萬組的密碼組合) 來解鎖 iPhone 變得容易許多。
The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.
政府的這項命令所帶來的影響是令人不寒而慄的,如果政府能夠運用 All Writs Act 法案來降低解鎖您 iPhone 的難度,政府將擁有足以進入任何人的裝置並擷取其資料的力量。且政府將能夠延伸其對保密性的妨害並要求蘋果設計能夠側錄您的訊息、存取您的健康紀錄或財務資料、追蹤您的位置甚至在未知會您的情況下存取您手機的麥克風或相機的程式。
Opposing this order is not something we take lightly. We feel we must speak up in the face of what we see as an overreach by the U.S. government.
對抗這一命令對我們來說並不是一件小事。我們認為我們必須向美國政府當面表示他們的要求在我們眼中已經是踰矩的舉動。
We are challenging the FBI’s demands with the deepest respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications.
我們為了我們對美國民主最深刻的信念與對國家的愛而反抗 FBI 的要求。我們相信若每個人都能退一步並思考這件事情帶來的影響會帶來最好的結果。
While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.
儘管我們相信 FBI 的立意是良善的,但政府要求我們在我們的產品中創造後門的行為是錯誤的。而我們最擔憂的則是,這樣的要求將摧毀我們的政府理應為人民守護的自由。
Tim Cook