G20主办方泄露各国领导人的隐私信息

Exclusive: Obama, Putin, Merkel, Cameron, Modi and others kept in the dark after passport numbers and other details were disclosed in Australia's accidental privacy breach

独家新闻：奥巴马，普京，默克尔，卡梅伦，莫迪和其他人等被蒙在鼓里，澳大利亚意外地違反隐私法把各国政要人物的护照号码等详细数据被公开。

Tony Abbott and Vladimir Putin cuddle koalas before the start of the first G20 meeting in November 2014. Photograph: Andrew Taylor/G20 Australia/Getty Imagess

艾伯特和普京在2014年11月第一次G20会议开始之前拥抱考拉。 图片摄影: 安德鲁•泰勒/ G20澳大利亚/盖蒂图片社

The personal details of world leaders at the last G20 summit were accidentally disclosed by the Australian immigration department, which did not consider it necessary to inform those world leaders of the privacy breach.

曾出席刚过去的G20峰会的世界各国领导人之个人资料，被澳大利亚移民部意外地曝露了。就此私隐遭泄露一事官方没考虑需要通知这些世界领导人。

The Guardian can reveal an employee of the agency inadvertently sent the passport numbers, visa details and other personal identifiers of all world leaders attending the summit to the organisers of the Asian Cup football tournament.

卫报披露该机构的一名雇员不慎地把各国出席峰会领导人物之护照号码，签证详细数据等发给了亚洲杯足球锦标赛的组织。

The United States president, Barack Obama, the Russian president, Vladimir Putin, the German chancellor, Angela Merkel, the Chinese president, Xi Jinping, the Indian prime minister, Narendra Modi, the Japanese prime minister, Shinzo Abe, the Indonesian president, Joko Widodo, and the British prime minister, David Cameron, were among those who attended the Brisbane summit in November and whose details were exposed.

美国总统奥巴马，俄罗斯总统普京，德国总理默克尔，中国国家主席Xi，印度总理，纳伦德拉•莫迪，日本首相安倍晋三，印度尼西亚总统佐戈维多多和英国首相戴维•卡梅伦等都参加了布里斯班去年十一月举行的峰会，这些政要的个人资料都被曝露。

The Australian privacy commissioner was contacted by the director of the visa services division of Australia's Department of Immigration and Border Protection to inform them of the data breach on 7 November 2014 and seek urgent advice.

澳大利亚移民和边境保护之签证服务部主管联系了澳大利亚隐私专员，通知他们于十一月七日数据遭到侵害一事, 并寻求紧急建议。

In an email sent to the commissioner's office, obtained under Australia's freedom of information laws, the breach is attributed to an employee who mistakenly emailed a member of the local organising committee of the Asian Cup – held in Australia in January – with the personal information.

据澳大利亚的信息自由法，一封电邮传送至专员办公室，侵害事件归咎于一位雇员错误地把个人资料电邮发给了一位亚洲杯一月份赛事的当地组委会的一位成员。

"The personal information which has been breached is the name, date of birth, title, position nationality, passport number, visa grant number and visa subclass held relating to 31 international leaders (ie prime ministers, presidents and their equivalents) attending the G20 leaders summit," the officer wrote.

"这些已经受侵害的个人信息是31位出席G20峰会的国际领袖（即首相，总统及等份量人物等）的姓名，出生日期，职称，职务国籍，护照号码，签证批次和签证子类等。"专员写道。

"The cause of the breach was human error. 'Redacted' failed to check that the autofill function in Microsoft Outlook had entered the correct person's details into the email ‘To' field. This led to the email being sent to the wrong person.

"违规的原因是人为错误。 在微软的个人信息管理系统Microsoft Outlook 中, 当在收件人字段填入正确的个人资料后, 执行“校订”时检查不出自动填充功能，这导致了电子邮件被发送到错误的收件人。

"The matter was brought to my attention directly by 'redacted' immediately after receiving an email from 'the recipient' informing them that they had sent the email to the wrong person.

一收到“收件人”的电邮通知后就立即“校对”，通知对方他们的电子邮件发错收件人。此事直接引起了我的注意。

"The risk remains only to the extent of human error, but there was nothing systemic or institutional about the breach."

“人为风险仍然只是在某程度上而已，有关之违规行为亦无关于体系的或制度的问题。”

The officer wrote that it was "unlikely that the information is in the public domain", and said the absence of other personal identifiers "limits significantly" the risk of the breach. The unauthorised recipient had deleted the email and "emptied their deleted items folder".

这位专员写道，"这些数据是不太可能存在公共范围的"，并表示在个人认鉴之侵权风险方面缺乏"明确的界限"。未经授权的收件人已删除电子邮件并且"清空已删除的邮件活页夹"。

"The Asian Cup local organising committee do not believe the email to be accessible, recoverable or stored anywhere else in their systems," the letter said.

"亚洲杯当地组委会不相信，在他们的系统中，此封电邮还可点开查看、可恢复或存储在其他地方。"信中说。

The immigration officer then recommended that the world leaders not be made aware of the breach of their personal information.

移民官则建议不要让世界各国领导人意识到他们的个人信息私隐权遭到侵害。

"Given that the risks of the breach are considered very low and the actions that have been taken to limit the further distribution of the email, I do not consider it necessary to notify the clients of the breach," she wrote.

"鉴于受侵害的风险被认为是非常低，并已采取行动限制电子邮件的进一步分发，我不认为有必要通知受侵害的当事人。"她写道。

The recommendation not to disclose the breach to the world leaders may be at odds with privacy law in some of their countries.

此不向各国领导人披露侵害事件之建议，可能与这些国家本国的私隐法不一致。

Britain, Germany and France all have different forms of mandatory data breach notification laws that require individuals affected by data breaches to be informed.

英国，德国和法国的义务性数据泄露通知法都有不同形式，这需要个人受到数据泄露影响才会予以通报。

It is not clear whether the immigration department subsequently notified the world leaders of the breach after the initial assessment.

目前尚不清楚移民部门在初步评估后，是否随后通知受侵害的世界各国领导人。

The office of the Australian immigration minister, Peter Dutton, did not respond to questions.

澳大利亚移民部长彼得•达顿办公室没有响应此问题。

Australia's deputy opposition leader, Tanya Plibersek, called on Tony Abbott to explain why the world leaders were not notified of the breach.

澳大利亚反对党副领袖Tanya Plibersek，呼吁总理艾伯特解释为什么世界各国领导人都没有就此侵害事件得到通知。

"The prime minister and the immigration minister must explain this serious incident and the decision not to inform those affected," she said.

"没有告知受影响的决定，总理和移民部长必须解释这一严重事件。"她说。

Disclosure of the data breach is likely to embarrass the Australian government after controversial mandatory data retention laws were passed last week.

在有争议的义务性数据保留法律于上周通过后，曝出数据泄露事件可能让澳大利亚政府感觉难堪。

The passage of the laws – which require telecommunications companies to store certain types of phone and web data for two years – has been marked by concerns about the adequacy of privacy safeguards by companies and government agencies that will handle the data.

此法案的通过，要求电信公司存储某些类型的电话和网络两年数据，这己经给企业和政府机构的私隐防护造成担忧，他们将要处理相关的数据。

The Greens senator Sarah Hanson-Young said: "Only last week the government was calling on the Australian people to trust them with their online data, and now we find out they have disclosed the details of our world leaders.

绿党参议员莎拉•汉森 - 杨说："就在上周，政府正在呼吁澳洲民众相信他们与他们的在线数据，现在我们发现他们泄露了我们的世界领导者的详细信息。

"This is another serious gaffe by an incompetent government."

"这是一个不称职的政府的再一次严重出丑。"

Australia's immigration department was also responsible for the country's largest ever data breach by a government agency.

澳大利亚移民部应为此政府机构的全国有史以来最大的数据泄露事件负有责任。

In February 2014 the Guardian revealed the agency had inadvertently disclosed the personal details of almost 10,000 people in detention – many of whom were asylum seekers – in a public file on its website.

卫报在2014年2月透露，在其网站上公开的文件中，该机构已在不经意间披露了近一万个被拘留人的个人信息， 当中许多是寻求庇护者。