威尼斯网站:技术权威称与政府共享加密数据危害巨大 - 威尼斯网站_新威尼斯人_欢迎您

当前位置:首页 > 探索 > 科学


2021-01-12 16:38:01

SAN FRANCISCO — An elite group of security technologists has concluded that the American and British governments cannot demand special access to encrypted communications without putting the world’s most confidential data and critical infrastructure in danger.旧金山——一个由顶尖安全性技术专家构成的团队得出结论,向美国和英国政府获取提供加密通讯的类似手段,势必会令其全球最秘密的数据和至关重要的基础设施陷于危险性境地。A new paper from the group, made up of 14 of the world’s pre-eminent cryptographers and computer scientists, is a formidable salvo in a skirmish between intelligence and law enforcement leaders, and technologists and privacy advocates. After Edward J. Snowden’s revelations — with security breaches and awareness of nation-state surveillance at a record high and data moving online at breakneck speeds — encryption has emerged as a major issue in the debate over privacy rights.在情报和执法人员部门领导人与技术和隐私提倡人士的交锋中,由全球14位著名密码学和计算机科学家构成的团队公布的这篇论文,构成了一次排山倒海的攻势。


在爱德华·J·斯诺登(Edward J. Snowden)透露后,随着网络侵略事件时有发生、对政府监控的戒备意识空前反感,以及数据在网络间的高速传输,加密早已沦为隐私权争辩的一个焦点话题。That has put Silicon Valley at the center of a tug of war. Technology companies including Apple, Microsoft and Google have been moving to encrypt more of their corporate and customer data after learning that the National Security Agency and its counterparts were siphoning off digital communications and hacking into corporate data centers.这竟然硅谷沦为了这场拉锯战的中心。获知美国国家安全局(National Security Agency)及他国情报机构在监听数码通讯,并入侵企业数据中心后,还包括苹果、微软公司和谷歌在内的科技公司早已开始减少对企业和客户数据的加密。

Yet law enforcement and intelligence agency leaders argue that such efforts thwart their ability to monitor kidnappers, terrorists and other adversaries. In Britain, Prime Minister David Cameron threatened to ban encrypted messages altogether. In the United States, Michael S. Rogers, the director of the N.S.A., proposed that technology companies be required to create a digital key to unlock encrypted data, but to divide the key into pieces and secure it so that no one person or government agency could use it alone.然而,执法人员和情报部门领导人指出,这样的措施不会影响他们监控杀害罪、恐怖分子及其他敌人的能力。英国首相戴维·卡梅伦(David Cameron)威胁要全面禁止讯息加密。而在美国,国家安全局局长迈克尔·S·罗杰斯(Michael S. Rogers)建议,科技公司应当制作一种用作中止加密数据瞄准的数码密钥,但是可以把密钥分为多份,分别适当留存,这样没任何个人或单一的政府机构可以独自一人加以用于。

The encryption debate has left both sides bitterly divided and in fighting mode. The group of cryptographers deliberately issued its report a day before James B. Comey Jr., the director of the Federal Bureau of Investigation, and Sally Quillian Yates, the deputy attorney general at the Justice Department, are scheduled to testify before the Senate Judiciary Committee on the concerns that they and other government agencies have that encryption technologies will prevent them from effectively doing their jobs.这场关于加密的争辩使双方产生了极大分歧并正处于对战状态。按计划,联邦调查局(FBI)局长小詹姆斯·B·科米(James B. Comey Jr.)和司法部副部长莎莉·奎利安·耶茨(Sally Quillian Yates)将要参加参议院司法委员会(Senate Judiciary Committee)的听证会,就以下议题讲话:如果他们和其他政府机构用于这种加密技术,就无法有效地已完成工作。

这些密码专家蓄意自由选择在此次听证会的前一天公布了自己的报告。The new paper is the first in-depth technical analysis of government proposals by leading cryptographers and security thinkers, including Whitfield Diffie, a pioneer of public key cryptography, and Ronald L. Rivest, the “R” in the widely used RSA public cryptography algorithm. In the report, the group said any effort to give the government “exceptional access” to encrypted communications was technically unfeasible and would leave confidential data and critical infrastructure like banks and the power grid at risk.这份新的报告,是公共密钥密码学先驱惠特菲尔德·迪菲(Whitfield Diffie)和罗纳德·L·瑞威斯特(Ronald L. Rivest)等知名密码专家和考虑到安全性事宜的人士对政府建议的首次深度技术分析。


普遍用于的RSA公共加密算法里的“R”就来源于瑞威斯特姓氏的首字母。这些专家在报告中回应,任何彰显政府取得加密通讯信息等“类似权限”的作法,从技术层面而言都不具备可行性,而且不会使机密数据及银行和电网等基础设施曝露在风险之下。Handing governments a key to encrypted communications would also require an extraordinary degree of trust. With government agency breaches now the norm — most recently at the United States Office of Personnel Management, the State Department and the White House — the security specialists said authorities could not be trusted to keep such keys safe from hackers and criminals. They added that if the United States and Britain mandated backdoor keys to communications, China and other governments in foreign markets would be spurred to do the same.把提供加密通讯信息的密钥转交政府,必须非同寻常的信任。

鉴于政府机构目前屡屡泄露——最近的泄露事件再次发生在美国人事管理办公室(United States Office of Personnel Management)、国务院和白宫——这些安全性专家回应,他们无法信任当局能确保这些密钥不被黑客和罪犯盗取。他们还回应,如果美国和英国擅自拒绝持有人通讯信息的后门密钥,那么也不会性刺激海外市场上的中国等国家的政府采行某种程度的行径。

“Such access will open doors through which criminals and malicious nation-states can attack the very individuals law enforcement seeks to defend,” the report said. “The costs would be substantial, the damage to innovation severe and the consequences to economic growth hard to predict. The costs to the developed countries’ soft power and to our moral authority would also be considerable.”“这种权限将对犯罪分子和不怀好意的国家敞开大门,使他们需要反击执法人员部门企图维护的那些个人,”报告称之为。“代价将不会相当大,创意将受到相当严重压制,对经济快速增长的影响也将难以预料。

发达国家的软实力和我们的道德权威也将受到根本性影响。”A spokesman for the F.B.I. declined to comment ahead of Mr. Comey’s appearance before the Senate Judiciary Committee hearings on Wednesday. Mr. Comey recently told CNN, “Our job is to find needles in a nationwide haystack, needles that are increasingly invisible to us because of end-to-end encryption.”FBI的一个发言人拒绝接受在科米周三参加参议院司法委员会的听证会前公开发表评论。

科米最近告诉他CNN,“我们的工作就是在整个国家的这片大海中炒针,因为末端到端的加密,这些针现在更加难找了。”A Justice Department official, who spoke on the condition of anonymity before the hearing, said that the agency supported strong encryption, but that certain uses of the technology — notably end-to-end encryption that forces law enforcement to go directly to the target rather than to technology companies for passwords and communications — interfered with the government’s wiretap authority and created public safety risks.司法部的一名官员在听证会前电子邮件回应,司法部反对强有力的加密,但是这种技术的某些用于——特别是在是末端到端的加密——不会影响政府的监听权限,从而带给公共安全隐患,因为它不会被迫执法人员部门必要去找目标,而不是去找技术公司索取密码和通讯信息。Paul Kocher, the president of the Rambus Cryptography Research Division, who did not write the paper, said it shifted the debate over encryption from how much power intelligence agencies should have to the technological underpinnings of gaining special access to encrypted communications.兰巴斯密码研究公司(Rambus Cryptography Research Division)总裁保罗·科克(Paul Kocher)并没参予这篇论文的编写。他回应,论文把针对加密的争辩对象,从情报机构到底应当享有多大权限,变为了提供加密通讯信息的类似权限的技术基础。


The paper “details multiple technological reasons why mandatory government back doors are technically unworkable, and how encryption regulations would be disastrous for computer security,” Mr. Kocher said. “This report ought to put to rest any technical questions about ‘Would this work?’ ”论文“获取了多个技术原因,详尽说明了为何强制性的政府后门在技术上权宜之计,以及加密法规为何不会给计算机安全带给灾难性的影响,”科克说道。“这篇报告应当不会中止一切关于‘这样否不切实际’的技术问题。”The group behind the report has previously fought proposals for encryption access. In 1997, it analyzed the technical risks and shortcomings of a proposal in the Clinton administration called the Clipper chip. Clipper would have poked a hole in cryptographic systems by requiring technology manufacturers to include a small hardware chip in their products that would have ensured that the government would always be able to unlock scrambled communications.编写报告的这些人此前也曾赞成过关于取得加密权限的建议。1997年,他们分析了克林顿政府一个被称作“曲别针芯片”(Clipper Chip)的建议项目的技术风险和缺点。

曲别针项目不会通过拒绝科技产品制造商在产品中重新加入一个小型芯片硬件,在加密系统里构成一个漏洞,以此确保政府总能解密简单的通讯信息。The government abandoned the effort after an analysis by the group showed it would have been technically unworkable. The final blow was the discovery by Matt Blaze, then a 32-year-old computer scientist at ATT Bell Laboratories and one of the authors of the new paper, of a flaw in the system that would have allowed anyone with technical expertise to gain access to the key to Clipper-encrypted communications.在该团队的分析表明曲别针项目在技术上权宜之计后,政府退出了这一建议。马特·布拉兹(Matt Blaze)的找到对该建议构成了最后一击。他当时32岁,是ATT贝尔实验室(ATT Bell Laboratories)的一名计算机科学家,他也是这篇新的论文的作者之一。


他找到,系统里不存在一个漏洞,任何享有专业技术技能的人,都能取得曲别针加密通讯信息的密钥。Now the group has convened again for the first time since 1997. “The decisions for policy makers are going to shape the future of the global Internet and we want to make sure they get the technology analysis right,” said Daniel J. Weitzner, head of the MIT Cybersecurity and Internet Policy Research Initiative and a former deputy chief technology officer at the White House, who coordinated the latest report.现在,该团队开会了自1997年来的第一次会议。

“政策制定者的要求将转变全球网络的未来,我们期望保证他们搞懂了涉及技术分析,”麻省理工学院网络安全与网络政策研究行动(MIT Cybersecurity and Internet Policy Research Initiative)负责人、前白宫副首席技术官丹尼尔· J ·魏茨纳(Daniel J. Weitzner)说道。魏茨纳负责管理协商整理了这份近期的报告。“The government’s proposals for exceptional access are wrong in principle and unworkable in practice,” said Ross Anderson, a professor of security engineering at the University of Cambridge and the paper’s sole author in Britain. “That is the message we are going to be hammering home again and again over the next few months as we oppose these proposals in your country and in ours.”“政府有关类似权限的建议不存在实质错误,而且也不不切实际,” 剑桥大学(University of Cambridge)安全工程教授、该报告唯一的英国作者罗斯·安德森(Ross Anderson)说道。