It’s no longer true that society must choose to either weaken everybody’s privacy or let criminals run rampant.
社会不再必须选择削弱每个人的隐私或让犯罪分子猖ramp。
As a staunch privacy advocate, I am excited that law enforcement now has access to tools to decrypt locked smartphones! But, wait! Isn’t that the opposite of privacy? Well, no, if you consider the bigger picture.
作为坚定的隐私权倡导者,我很高兴执法部门现在可以使用工具来解密锁定的智能手机! 可是等等! 这不是隐私的对立面吗? 好吧,不,如果您考虑更大的范围。
There is a battle raging right now with many governments wanting to broadly undermine privacy by weakening allowable algorithms so they can decrypt communication messages over networks and undermine device protections. The primary justification for this has been to track down terrorists and prosecute criminals. Governments contend that without any other means, bad people would be able to communicate and do illicit activities without law enforcement able to gather necessary evidence. The downside is that all people, including the innocent, would be surrendering their privacy and greatly weakening the security of everyday information.
当前,许多政府希望通过削弱允许的算法来广泛破坏隐私,从而使他们可以通过网络解密通信消息并破坏设备保护,这是一场激烈的战斗。 这样做的主要理由是追踪恐怖分子并起诉罪犯。 各国政府争辩说,没有任何其他手段,坏人将能够进行交流和从事非法活动,而执法人员无法收集必要的证据。 不利的一面是所有人,包括无辜者,都将放弃他们的隐私并大大削弱日常信息的安全性。
Many people, including political representatives, are openly maneuvering to enact such laws, which, in my opinion, would weaken everybody’s privacy because all communications could remotely be captured, analyzed, and stored. Additionally, purposely weakening encryption algorithms would undermine the necessary digital security controls that protect our personal, financial, health, employment, and intellectual property. We all need the best security on the Internet to keep cybercriminals at bay. These proposed laws are far-reaching and represent a very dangerous path to pursue as the world continues to embrace digital technology. To intentionally weaken encryption opens the door to many unintended consequences. As Ben Franklin opined: “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.”
许多人,包括政治代表在内,都在公开制定这样的法律,在我看来,这会削弱每个人的隐私,因为所有通信都可以远程捕获,分析和存储。 此外,故意削弱加密算法将破坏保护我们的个人,财务,健康,就业和知识产权的必要数字安全控制。 我们所有人都需要Internet上最好的安全性,以阻止网络犯罪分子。 这些拟议的法律具有深远的意义,并且代表着随着世界继续拥抱数字技术而走的非常危险的道路。 故意削弱加密为许多意外后果打开了大门。 正如本·富兰克林(Ben Franklin)所说:“那些放弃基本的自由,而购买一点临时安全的人,既不应该自由也不应该安全。”
The argument by proponents of more rigid security controls is that society must choose to either to weaken everybody’s privacy or let criminals run rampant. This is a false argument because there are other options. We currently have laws and checks and balances that allow law enforcement to monitor suspects when sufficient evidence has been presented and approved by the judicial branch of government. Wiretaps, search warrants, and evidence collection are a few allowances, but these are very specific powers and must be granted with oversight and accountability. We don’t let police invasively surveil the entire general populace and inspect their property without due cause and approval. However, we do let them investigate individuals when probable cause is present. The key is that they investigate only those who are doing something suspicious and not infringing upon law-abiding citizens.
支持者提出更严格的安全控制的论点是,社会必须选择削弱每个人的隐私或让罪犯猖ramp。 这是一个错误的说法,因为还有其他选择。 当前,我们拥有法律和制衡手段,可以让执法机构在政府司法部门提出并批准足够证据的情况下监视嫌疑犯。 窃听,搜查令和证据收集是一些津贴,但这些都是非常具体的权力,必须给予监督和问责。 我们不允许警察未经正当理由和批准而侵入性地监视整个平民并检查其财产。 但是,当存在可能的原因时,我们确实允许他们调查个人。 关键是他们只调查那些在做可疑行为且不侵犯守法公民的人。
Tech to the RescueWith today’s technology, law enforcement has the tools to conduct pinpoint investigations and gather evidence from devices they collect during the normal investigative process. This largely invalidates the need for broadband surveillance as it restores their powers to previous limits. They can get a warrant to search and seize evidence, including bypassing locks on smartphones, to further their investigation.
抢救技术借助当今的技术,执法人员拥有进行精确调查并从正常调查过程中收集的设备中收集证据的工具。 由于宽带监视将其功能恢复到以前的极限,因此在很大程度上使宽带监视的需求无效。 他们可以获得搜查和查封证据的手令,包括绕过智能手机的锁,以进一步调查。
Cellebrite, the infamous Israeli company that specializes in hacking hardware that can unlock smartphones, has been providing devices to law enforcement that can unlock all Android and iPhones since last year, including the latest versions, according to some reports. This allows police departments to hack into phones directly for forensic investigation, even when they are locked. In the past, for the devices that could be hacked, agencies had to send the phones directly to Cellebrite but with the new premium hardware, law enforcement agencies are able to do the work themselves, under controlled conditions. This opens up a whole new level of flexibility for criminal investigations.
根据一些报道 , Cellebrite是一家臭名昭著的以色列公司,专门研究可解锁智能手机的硬件,自去年以来一直向执法部门提供可以解锁所有Android和iPhone的设备,包括最新版本。 这样,警察部门即使被锁定,也可以直接闯入电话进行法医调查。 过去,对于可能被黑客入侵的设备,代理机构不得不将手机直接发送给Cellebrite,但是借助新的高级硬件,执法机构可以在受控条件下自行完成工作。 这为刑事调查打开了全新的灵活性。
This capability also has natural boundaries, which limits the potential of abuse. The agencies are vetted, so distribution is limited. The cost is somewhat prohibitive, so there will not be too many devices out there. Additionally, as a requirement from the vendor, the agency must agree to have a designated secure room where the decryption will take place. This means patrol cars won’t have them and wouldn’t be able to break into your phone during a traffic stop, for example.
此功能还具有自然界限,限制了滥用的可能性。 这些机构都经过审查,因此分配受到限制。 成本有点高,所以那里不会有太多设备。 另外,根据供应商的要求,代理商必须同意在指定的安全室进行解密。 例如,这意味着巡逻车将没有它们,并且在交通停车期间将无法闯入您的手机。
Most importantly, the phone must be in the physical possession of the agency. This is not a tracer, bug, or surveillance capability that will remotely monitor thousands or millions of users on a continuous basis. Decryption is directly tied to a specific phone in possession by law enforcement.
最重要的是,电话必须由代理商实际拥有。 这不是跟踪程序,错误或监视功能,不会连续不断地监视成千上万的用户。 解密与执法部门拥有的特定电话直接相关。
We all want and have a right to privacy, but we also want law enforcement to be able to investigate suspected criminals and have the ability to gather the necessary evidence to prosecute them.
我们都希望拥有隐私权,但我们也希望执法部门能够调查可疑犯罪分子,并有能力收集必要的证据起诉他们。
The solution is clear: Keep encryption strong for everyone but allow law enforcement officers the tools to investigate pinpoint situations — for example, where they have a suspect’s phone in custody as part of a legitimate search and seizure. In doing so, we avoid unnecessarily expansive surveillance capabilities and all the problems that accompany weaker digital security for our privacy, finances, and information security. The balance of freedom, justice, and liberty must be preserved.
解决方案很明确:保持所有人的加密强度,但允许执法人员使用这些工具来查明具体情况,例如,作为合法搜索和扣押活动的一部分,他们在拘留嫌疑人的电话的情况下。 这样一来,我们就可以避免不必要的扩展监视功能,以及避免在隐私,财务和信息安全方面数字安全性较弱的所有问题。 必须维护自由,正义与自由之间的平衡。
Originally published on DarkReading
最初发表于DarkReading
翻译自: https://medium.com/@matthew.rosenquist/hacking-phones-how-law-enforcement-is-saving-privacy-5cde10eb4eb
