来源:《华盛顿邮报》
刊登日期:2021年4月17日
A deadlock between Apple and the FBI more than five years ago seemed to present an impossible choice: Deny law enforcement the ability fully to investigate a terrorist attack that killed 14, or force a private company to write software that would destroy the security of its own devices. That choice, as it turns out, was false.
五年多前,苹果(Apple)与联邦调查局(FBI)之间的僵局似乎给出了一个不可能的二选一:要么剥夺执法部门对一起导致14人死亡的恐怖袭击进行全面调查的能力,要么强迫一家私营公司编写会破坏其设备安全性的软件。事实证明,这个二选一是错误的。
According to a report this week, Azimuth Security secretly aided the Justice Department in breaking into the iPhone of one of the shooters in the 2015 San Bernardino massacre. Apple had refused to unlock the phone on the grounds that it could not do so without putting others’ information at risk; the FBI sought a court order that it eventually dropped when Azimuth helped the agency access the system. This Australian outfit, known as a poster child for so-called white-hat hacks, is devoted to studying and disclosing software vulnerabilities. The firm says it sells its services only to democratic governments. This ending is perhaps the happiest possible to an event that might otherwise have set a troubling precedent for privacy and security worldwide.
据本周的一篇报道称,Azimuth安全公司秘密协助司法部破解了2015年圣贝纳迪诺枪击案中一名枪手的iPhone。苹果拒绝解锁手机,理由是这样做会将他人的信息置于危险之中;联邦调查局曾寻求法院命令,但最终在Azimuth帮助FBI进入iOS后放弃了。这个澳大利亚团队被称为“白帽黑客”的典型代表,致力于研究和披露软件漏洞。该公司表示,它只向民主政府出售服务。对于一件可能会在全球范围内为隐私和安全树立一个令人不安的先例的事件来说,这样的结局或许是最幸福的。
The Apple-FBI dispute always came with competing equities. U.S. officials, armed with a warrant, have a legitimate interest in accessing data in criminal investigations. There are cases when this need may be especially urgent, with lives under time-sensitive threat. Indeed, in such situations Apple already routinely hands over what data it can without cracking its own code. Yet the Justice Department’s demand that Apple build a backdoor into its product for law enforcement to walk through presented a threat of its own: Any flaw that helps the good guys get in can let the bad guys in, too. The court-ordered entry the FBI was seeking might have set the stage for future overreach here in the United States, and there was also the chance that other governments less subject to the rule of law would demand similar treatment — exploiting the case to bully all manner of companies into violating civilians’ civil liberties.
苹果与FBI之间的纠纷总是伴随着相互冲突的权益。拥有授权令的美国官员有权在刑事调查中获取数据。在有些情况下,这种需要可能特别紧迫,因为人们的生命随时面临着威胁。事实上,在这种情况下,苹果通常会在不破解自己的代码的情况下交出自己能交出的数据。然而,司法部要求苹果在其产品中设置一个后门,供执法部门进入,这本身就构成了一种威胁:任何有助于好人进来的漏洞,都可能让坏人进来。联邦调查局(FBI)正在寻求的法院授权访问,可能为美国政府未来的越权行为埋下了伏笔,而且其他不太受法治约束的政府也有可能要求类似的待遇——利用这一案件,欺负各种各样的公司,侵犯平民的公民自由。
The FBI was relieved but also somewhat disappointed by the solution to its problem, having hoped a favorable ruling by a judge would bring “legal clarity” to its authority to compel companies to break encryption. Apple, meanwhile, is suing another firm in the bug-hunting business, arguing that all security researchers should reveal their findings to manufacturers. Yet Apple, too, ought to be relieved that such firms are in business — not disappointed. By commissioning a reputable consultancy to help unlock the phone using an existing vulnerability, law enforcement did what it could to make the country safer, and Apple didn’t have to make users’ data any less safe.
FBI松了一口气,但对解决问题的方案也有些失望,它曾希望有法官做出有利的裁决,将为其迫使企业破解加密的权力带来“法律明朗化”。与此同时,苹果公司正在起诉另一家从事漏洞追踪业务的公司,声称所有的安全研究人员都应该向制造商披露他们的发现。然而,苹果也应该对这些公司经营这样的业务感到宽慰,而不是失望。通过委托一家信誉良好的咨询公司利用现有的漏洞帮助解锁手机,执法部门尽其所能让国家更安全,苹果也没有让用户的数据变得更不安全。
The outcome should serve as a reminder that in the continuing controversy over encryption the country need not choose between two bad choices. There is often a third way.
这一结果应该提醒人们,在围绕加密的持续争论中,美国不必在两个糟糕的选项之间做出选择。通常还有第三条路。