科技公司不该留"后门"
Should the citizens of a democratic state be free to communicate over electronic networks hardened against any government surveillance? To some the answer will seem obvious: No. Ever since telephony was invented, solving or preventing violent crime has often involved tapping people’s phones. When digital networks replaced mechanical exchanges in the 1990s, governments demanded that they should still be able to listen ing.
David Cameron is among those who argue that the advent of the internet should not upset that apparent balance between security and privacy. Speaking in January, the British prime minister pointed out that it has always been “possible to read someone’s letter, to listen to someone’s call”, and insisted that he was not “going to allow a means of communication where it simply is not possible to do that”. Many understood him to be taking aim at internet communications services that use end-to-end encryption, a now-common technology that makes it impossible to read messages even if they are intercepted in transit.
一些人辩称,互联网的问世不应扰乱安全和隐私之间的明显平衡,英国首相戴维?卡梅伦(David Cameron)就是其中之一。卡梅伦在今年1月发表演讲时指出,“看某人的信件和窃听某人的电话”一直是做得到的,并坚称,他不会“允许阻碍这一点的通信方式”。许多人认为他针对的是使用端到端加密的互联网通信服务。端到端加密是目前普遍使用的一种技术,它让信息在传输过程中即使被拦截也无法读取。Many people will agree with Mr Cameron. True, they will say, the state must respect the rule of law. But they pose a reasonable question: so long as it does, why should new technology trump its demands for information? Here are three reasons why it should.
许多人将会同意卡梅伦的观点。他们会说,没错,政府必须尊重法治,但合理的问题是:只要政府尊重法治,新技术为何应该阻止它对信息的要求呢?这里有三个理由。
First, while legitimate eavesdropping could be implemented without making telephones less useful, there is no way of guaranteeing the state unfettered access to online communications without making the internet vastly less useful even for lawful itional telephone systems were run by large companies or governments themselves. An entire industry was built, in effect, on a single application: letting people speak at a distance. The experience of using a phone in 1990 was little different from 1950. Regulating the unchanging service of a single company can be done without creating much internet has evolved in a wildly different way. It supports applications written by anyone. To restrict how a coder might build an internet application is to place an enormous weight on slender shoulders. Every software developer would have to be a professional operation with an army of compliance lawyers, or risk breaking the rules. In the worst case, software development would be relegated to a handful of government-friendly incumbents. The best case, so far as the advocates of surveillance are concerned, would be one where software developers avoid the lawyers but give up on encryption entirely. But this is a nightmare, from the public’s point of view and even the state’s: it exposes communications to anyone willing to do a bit of hacking. Telephone eavesdropping never ran such risks. For anyone other than the authorised agents of the state, it was comparatively difficult to listen in to someone’s call. Second, on the internet, enabling surveillance means requiring the people who build communications apps and services to make sure they are breakable. But this concession to lawful snoopers would also be a gift to states that do not embrace the rule of law. For the billions of people who live in such countries, western technology has offered a rare glimpse of the freedom to communicate. Authoritarian governments have had to invest enormous effort in trying to connect with the world while still permitting censorship and surveillance. If western governments succeed in shaping our software so that we cannot keep secrets from authorities bearing warrants, they will also stop people keeping secrets from regimes that do not bother with formalities. Third, a more practical point: it is very, very difficult to design a communications system that allows messages to be intercepted by the government but otherwise keeps them secure from prying eyes. The chance of error is high. Then, sensitive information risks falling into the wrong hands — a worse outcome than if the communicating parties had not had access to encryption at all. I understand the imperative to provide security. It makes sense that the boundary between state and citizen should be drawn by a democratic process — not determined by a cat-and-mouse contest between programmers. I sympathise with the alarm that law enforcers feel when communications threaten to “go dark”. But banning strong encryption is no solution. The internet has been a force for modern ity and openness — exactly what those who believe in indiscriminate violence despise. We must not build them a more agreeable network in the name of a short-term imperative to uncover and prevent their worst. The writer is a professor of law and computer science at Harvard University
首先,对于电话网络,可以在不降低电话有用性的同时进行合法的窃听,但对于互联网,如果让政府不受约束地获得通信内容,难免大幅降低互联网(即便用于合法目的)的有用性。传统的电话系统是由大公司或政府自己运营的。实际上,整个行业都建立在一项单一应用的基础之上:让人们远距离通话。在1990年使用电话的经历与1950年没有什么不同。政府可以在不引起多少摩擦的情况下,监管一家公司一成不变的服务。互联网的发展方式截然不同。它支持任何人编写的应用。限定编码人员构建互联网应用的方式,是在让纤细的肩膀挑重担。每个软件开发者将不得不是配备合规律师的专业化运营团队,否则就有可能违规。在最坏的情况下,软件开发将被少数几家与政府关系密切的老牌公司掌控。对赞成窃听的人士来说,最好的情况将是软件开发者不请律师,而是完全放弃加密。但从公众甚至政府的角度来看,这完全是一场噩梦:它会让通信内容暴露于任何想搞黑客活动的人面前。电话窃听从来没有此类风险。对除了政府授权人员以外的任何人来说,窃听某人的电话相对困难。第二,就互联网而言,为监听创造条件,意味着让通信应用和服务开发者确保他们的应用是可以攻破的。但这种对合法窃听者的让步也将有利于不尊重法治的政府。对数十亿生活在此类国家的人们来说,西方技术得以让他们难得地尝到通信自由的滋味。威权政府不得不投入巨大的努力,在与世界连接的同时,仍然能够进行审查和监听。如果西方国家政府成功地影响软件开发,从而让我们无法对获得法庭授权的有关部门保守秘密,同时也将让我们无法对不用费心走法律程序的政权保守秘密。第三点也是更为现实的一点:设计一套能够让政府拦截、但不会让其他人窥探的通信系统是极为困难的。出错的几率非常高。因此,敏感信息很有可能落入不法分子之手,这种结果比通信各方完全不加密更加糟糕。我明白政府有必要保障安全。政府与公民之间的界限应该由民主过程划定,而不是由程序员之间像猫捉老鼠那样的竞争决定,这很有道理。当通信有可能隐藏起来的时候,我同情执法部门的焦虑。但禁止超强加密不是解决办法。联网一直是现代性和开放性的推手,而现代与开放正是那些信奉滥用暴力的人所不愿看到的。我们不能以短期有必要发现和阻止他们的最险恶用心为由,为他们打造一个更容易攻破的网络。
