科技公司不該留"後門"
Should the citizens of a democratic state be free to communicate over electronic networks hardened against any government surveillance? To some the answer will seem obvious: No. Ever since telephony was invented, solving or preventing violent crime has often involved tapping people’s phones. When digital networks replaced mechanical exchanges in the 1990s, governments demanded that they should still be able to listen ing.
David Cameron is among those who argue that the advent of the internet should not upset that apparent balance between security and privacy. Speaking in January, the British prime minister pointed out that it has always been “possible to read someone’s letter, to listen to someone’s call”, and insisted that he was not “going to allow a means of communication where it simply is not possible to do that”. Many understood him to be taking aim at internet communications services that use end-to-end encryption, a now-common technology that makes it impossible to read messages even if they are intercepted in transit.
一些人辯稱,互聯網的問世不應擾亂安全和隱私之間的明顯平衡,英國首相戴維?卡梅倫(David Cameron)就是其中之一。卡梅倫在今年1月發表演講時指出,“看某人的信件和竊聽某人的電話”一直是做得到的,並堅稱,他不會“允許阻礙這一點的通信方式”。許多人認爲他針對的是使用端到端加密的互聯網通信服務。端到端加密是目前普遍使用的一種技術,它讓信息在傳輸過程中即使被攔截也無法讀取。Many people will agree with Mr Cameron. True, they will say, the state must respect the rule of law. But they pose a reasonable question: so long as it does, why should new technology trump its demands for information? Here are three reasons why it should.
許多人將會同意卡梅倫的觀點。他們會說,沒錯,政府必須尊重法治,但合理的問題是:只要政府尊重法治,新技術爲何應該阻止它對信息的要求呢?這裏有三個理由。
First, while legitimate eavesdropping could be implemented without making telephones less useful, there is no way of guaranteeing the state unfettered access to online communications without making the internet vastly less useful even for lawful itional telephone systems were run by large companies or governments themselves. An entire industry was built, in effect, on a single application: letting people speak at a distance. The experience of using a phone in 1990 was little different from 1950. Regulating the unchanging service of a single company can be done without creating much internet has evolved in a wildly different way. It supports applications written by anyone. To restrict how a coder might build an internet application is to place an enormous weight on slender shoulders. Every software developer would have to be a professional operation with an army of compliance lawyers, or risk breaking the rules. In the worst case, software development would be relegated to a handful of government-friendly incumbents. The best case, so far as the advocates of surveillance are concerned, would be one where software developers avoid the lawyers but give up on encryption entirely. But this is a nightmare, from the public’s point of view and even the state’s: it exposes communications to anyone willing to do a bit of hacking. Telephone eavesdropping never ran such risks. For anyone other than the authorised agents of the state, it was comparatively difficult to listen in to someone’s call. Second, on the internet, enabling surveillance means requiring the people who build communications apps and services to make sure they are breakable. But this concession to lawful snoopers would also be a gift to states that do not embrace the rule of law. For the billions of people who live in such countries, western technology has offered a rare glimpse of the freedom to communicate. Authoritarian governments have had to invest enormous effort in trying to connect with the world while still permitting censorship and surveillance. If western governments succeed in shaping our software so that we cannot keep secrets from authorities bearing warrants, they will also stop people keeping secrets from regimes that do not bother with formalities. Third, a more practical point: it is very, very difficult to design a communications system that allows messages to be intercepted by the government but otherwise keeps them secure from prying eyes. The chance of error is high. Then, sensitive information risks falling into the wrong hands — a worse outcome than if the communicating parties had not had access to encryption at all. I understand the imperative to provide security. It makes sense that the boundary between state and citizen should be drawn by a democratic process — not determined by a cat-and-mouse contest between programmers. I sympathise with the alarm that law enforcers feel when communications threaten to “go dark”. But banning strong encryption is no solution. The internet has been a force for modern ity and openness — exactly what those who believe in indiscriminate violence despise. We must not build them a more agreeable network in the name of a short-term imperative to uncover and prevent their worst. The writer is a professor of law and computer science at Harvard University
首先,對於電話網絡,可以在不降低電話有用性的同時進行合法的竊聽,但對於互聯網,如果讓政府不受約束地獲得通信內容,難免大幅降低互聯網(即便用於合法目的)的有用性。傳統的電話系統是由大公司或政府自己運營的。實際上,整個行業都建立在一項單一應用的基礎之上:讓人們遠距離通話。在1990年使用電話的經歷與1950年沒有什麼不同。政府可以在不引起多少摩擦的情況下,監管一家公司一成不變的服務。互聯網的發展方式截然不同。它支持任何人編寫的應用。限定編碼人員構建互聯網應用的方式,是在讓纖細的肩膀挑重擔。每個軟件開發者將不得不是配備合規律師的專業化運營團隊,否則就有可能違規。在最壞的情況下,軟件開發將被少數幾家與政府關係密切的老牌公司掌控。對贊成竊聽的人士來說,最好的情況將是軟件開發者不請律師,而是完全放棄加密。但從公衆甚至政府的角度來看,這完全是一場噩夢:它會讓通信內容暴露於任何想搞黑客活動的人面前。電話竊聽從來沒有此類風險。對除了政府授權人員以外的任何人來說,竊聽某人的電話相對困難。第二,就互聯網而言,爲監聽創造條件,意味着讓通信應用和服務開發者確保他們的應用是可以攻破的。但這種對合法竊聽者的讓步也將有利於不尊重法治的政府。對數十億生活在此類國家的人們來說,西方技術得以讓他們難得地嚐到通信自由的滋味。威權政府不得不投入巨大的努力,在與世界連接的同時,仍然能夠進行審查和監聽。如果西方國家政府成功地影響軟件開發,從而讓我們無法對獲得法庭授權的有關部門保守祕密,同時也將讓我們無法對不用費心走法律程序的政權保守祕密。第三點也是更爲現實的一點:設計一套能夠讓政府攔截、但不會讓其他人窺探的通信系統是極爲困難的。出錯的機率非常高。因此,敏感信息很有可能落入不法分子之手,這種結果比通信各方完全不加密更加糟糕。我明白政府有必要保障安全。政府與公民之間的界限應該由民主過程劃定,而不是由程序員之間像貓捉老鼠那樣的競爭決定,這很有道理。當通信有可能隱藏起來的時候,我同情執法部門的焦慮。但禁止超強加密不是解決辦法。聯網一直是現代性和開放性的推手,而現代與開放正是那些信奉濫用暴力的人所不願看到的。我們不能以短期有必要發現和阻止他們的最險惡用心爲由,爲他們打造一個更容易攻破的網絡。
