2021-02-01 01:21:02
本文摘要:WASHINGTON — Apple engineers have begun developing new security measures that would make it impossible for the government to break into a locked iPhone using methods similar to those now at the center of a court fight in California, according to people close to the company and security experts.华盛顿——据公司知情人士和安全性专家称之为,苹果公司(Apple)的工程师早已开始研发新的安全性手段,令其政府不有可能强行进入一部加锁的iPhone,新的手段用于的方法,和目前接踵而来加州一场诉讼中的方法类似于。

WASHINGTON — Apple engineers have begun developing new security measures that would make it impossible for the government to break into a locked iPhone using methods similar to those now at the center of a court fight in California, according to people close to the company and security experts.华盛顿——据公司知情人士和安全性专家称之为,苹果公司(Apple)的工程师早已开始研发新的安全性手段,令其政府不有可能强行进入一部加锁的iPhone,新的手段用于的方法,和目前接踵而来加州一场诉讼中的方法类似于。If Apple succeeds in upgrading its security — and experts say it almost surely will — the company will create a significant technical challenge for law enforcement agencies, even if the Obama administration wins its fight over access to data stored on an iPhone used by one of the killers in last year’s San Bernardino, Calif., rampage. If the Federal Bureau of Investigation wanted to get into a phone in the future, it would need a new way to do so. That would most likely prompt a new cycle of court fights and, yet again, more technical fixes by Apple.为了转入去年生产加州圣贝纳迪诺惨案的一名凶手所用于过的iPhone,提供存于其中的数据,奥巴马政府于是以和苹果进行斗争,而一旦顺利展开此次安全性升级——专家称之为完全可以认同苹果公司能做——苹果将给执法人员部门生产一个很大的技术难题,即便政府夺得诉讼胜利也无法转变这一点。今后联邦调查局(FBI)若再行要转入一部iPhone,就必需另想办法。

这很有可能将引起又一轮的法庭诉讼,进而令其苹果再行作出更好的技术修复。The only way out of this scenario, experts say, is for Congress to get involved. Federal wiretapping laws require traditional phone carriers to make their data accessible to law enforcement agencies. But tech companies like Apple and Google are not covered, and they have strongly resisted legislation that would place similar requirements on them.专家称之为,这样的局面下,唯一的决心是让国会参予进去。联邦监听法拒绝传统手机运营商向执法人员部门获取其持有人的数据。但苹果和谷歌(Google)这样的科技公司并不在规定范围内,它们此前也曾反感赞成通过法律对它们作出某种程度的拒绝。

“We are in for an arms race unless and until Congress decides to clarify who has what obligations in situations like this,” said Benjamin Wittes, a senior fellow at the Brookings Institution.“我们这是在进行一场军备竞赛,唯有等国会出来具体,像这样的情况下,各方应当尽何种义务,”布鲁金斯学会(Brookings Institution)高级研究员本杰明·维茨(Benjamin Wittes)说道。Companies have always searched for software bugs and patched holes to keep their code secure from hackers. But since the revelations of government surveillance made by Edward J. Snowden, companies have been retooling their products to protect against government intrusion.企业根本都会搜索软件臭虫(bug),修复漏洞,以让自己的代码免受黑客袭扰。

但自爱德华·J·斯诺登(Edward J. Snowden)透露政府的监控措施以来,各公司之后开始改版其产品,防卫政府的入侵。For Apple, security is also a global marketing strategy. New security measures would not only help the company in its fight with the government, but also reassure investors and customers.对苹果来说,安全性还是一项全球市场战略。新的安全性手段不但能协助公司与政府进行对付,还能强化投资人和顾客的信心。


“For all of those people who want to have a voice but they’re afraid, we are standing up, and we are standing up for our customers because protecting them we view as our job,” Apple’s chief executive, Timothy D. Cook, said on Wednesday in an interview with ABC News.“为了那些出于不安不肯倾听的人,我们要求挺身而出上前,我们要为用户而战,因为维护他们是我们的职责,”苹果首席执行官蒂莫西·D·库克(Timothy D. Cook)周三在ABC新闻频道(ABC News)拒绝接受专访时说。The company first raised the prospect of a security update last week in a phone call with reporters, who asked why the company would allow firmware — the software at the heart of the iPhone — to be modified without requiring a user password.安全性升级的想是上周在一次记者电话会议上首次明确提出的,当时记者问为什么公司可以在不必须用户密码的情况下改动固件——iPhone的核心软件。One senior executive, speaking on the condition of anonymity, replied that it was safe to bet that security would continue to improve. Separately, a person close to the company, who also spoke on the condition of anonymity, confirmed this week that Apple engineers had begun work on a solution even before the San Bernardino attack. A company spokeswoman declined to comment on what she called rumors and speculation.一位拒绝电子邮件的高管答称,可以十分认同地说道,安全性将不会大大获得改良。



Independent experts say they have held informal conversations with Apple engineers over the last week about the vulnerability. Exactly how Apple will address the issue is unclear. Security experts who have been studying Apple’s phone security say it is technically possible to fix.一些独立国家专家称之为,上周他们和苹果工程师就安全性防卫弱点展开了非正式的辩论。苹果明确不会如何处置这一问题尚能不得而知。

研究苹果手机安全性的安全性专家称之为,技术上谈这些弱点是可以修复的。“There are probably 50 different ideas we have all sent to Apple,” said Jonathan Zdziarski, a security researcher.“我们大约总共向苹果托了50个有所不同的点子,”安全性研究员乔纳森·兹阿尔斯恩(Jonathan Zdziarski)说道。Apple built its recent operating systems to protect customer information. As Mr. Cook wrote in a recent letter to customers, “We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.”苹果从维护用户信息的角度研发了近年的操作系统。

库克近日在一封致顾客的公开信中说道,“我们甚至把数据放到了我们自己都无法获得的地方,因为我们坚信,你们放到iPhone中的内容不关口我们的事。”But there is a catch. Each iPhone has a built-in troubleshooting system that lets the company update the system software without the need for a user to enter a passcode. Apple designed that feature to make it easier to repair malfunctioning phones.但这里面有一个问题。

每部iPhone都有一个内置的故障回避系统,让公司可以在需要用户输出口令的情况下改版系统软件。苹果设计这个特性的目的是便利修理运转紊乱的手机。In the San Bernardino case, the F.B.I. wants to exploit that troubleshooting system by forcing Apple to write and install new software that strips away several security features, making it much easier for the government to hack into the phone. The phone in that case is an old model, but experts and former Apple employees say that a similar approach could also be used to alter software on newer phones. That is the vulnerability Apple is working to fix.在圣贝纳迪诺案中,FBI期望利用这个故障回避系统,为此他们强制苹果撰写和加装新的软件,把多个安全性特性去除,大大降低政府入侵该手机的可玩性。

本案牵涉到的是一部老款iPhone,但专家和前苹果雇员说道,类似于手法可以用作改动改版的型号。这就是苹果想修复的薄弱环节。Apple regularly publishes security updates and gives credit to researchers who hunt for bugs in the company’s software. “Usually, bug reports come in an email saying, ‘Dear Apple Security, we’ve discovered a flaw in your product,’ ” said Chris Soghoian, a technology analyst with the American Civil Liberties Union. “This bug report has come in the form of a court order.” 苹果定期公布安全性升级,并在公司的软件中具体那些寻找臭虫的研究人员的贡献。“一般来说来说,臭虫报告就是一封邮件,说道‘亲爱的苹果安全部门,我们在你们的产品里找到了一个缺失,’”美国公民自由联盟(American Civil Liberties Union)技术分析师克里斯托弗·索戈延(Christopher Soghoian)说道。

“这次的臭虫报告是一纸法庭判令。”The court order to which Mr. Soghoian referred was issued last week by a federal judge magistrate, and tells Apple to write and install the code sought by the F.B.I. Apple has promised to challenge that order. Its lawyers have until Friday to file its opposition in court.索戈延提及的判令是上周由一名联邦治安法官收到的,命令拒绝苹果撰写和加装FBI所需的代码。


苹果早已允诺要挑战该命令。公司律师需在周五前向法院提交异议书。In many ways, Apple’s response continues a trend that has persisted in Silicon Valley since Mr. Snowden’s revelations. Yahoo, for instance, left its email service unencrypted for years. After Mr. Snowden revealed the National Security Agency surveillance, the company quickly announced plans to encrypt email. Google similarly moved to fix a vulnerability that the government was using to hack into company data centers.从许多方面看,苹果的反应沿袭了硅谷自斯诺登透露以来的一种趋势。

比如,雅虎(Yahoo)的邮件服务多年来仍然是不加密的。在斯诺登透露国家安全局(National Security Agency)的监控后,该公司迅速宣告了对电子邮件展开加密的计划。谷歌也某种程度采取行动,修复了一个政府用来藏身公司数据中心的安全性薄弱环节。

Apple’s showdown with the Justice Department is different in one important way. Now that the government has tried to force Apple to hack its own code, security officials say, the company must view itself as the vulnerability.但苹果与司法部(Justice Department)的决斗有一个十分最重要的不同之处。安全性官员说道,现在政府要强制苹果去密码自己的代码,公司必需把自己当作一个薄弱环节来看来。“This is the first time that Apple has been included in their own threat model,” Mr. Zdziarski said. “I don’t think Apple ever considered becoming a compelled arm of the government.”“这是苹果第一次被划入到他们自己的威胁模型中,”兹阿尔斯基说。


“我指出苹果认同不期望被逼着沦为政府的一个附属机构。”The F.B.I. director, James B. Comey Jr., signaled this week that he expected Apple to change its security, saying that the phone-cracking tool the government sought in the San Bernardino case was “increasingly obsolete.” He said that supported the government’s argument that it was not seeking a skeleton key to hack into all iPhones.FBI局长小詹姆斯·B·科米(James B. Comey Jr.)本周回应,他期望苹果转变其安全策略,相提并论政府在圣贝纳迪诺案中谋求提供的手机密码工具早已“更加过时了”。

他的言论反对了政府的主张,即它并不想获得一把能密码所有iPhone的万能钥匙。Apple, though, says the case could set a precedent for forcing company engineers to write code to help the government break into any iPhone. “The U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create,” Mr. Cook said in his letter.不过苹果指出该案不会刷新强制公司工程师撰写代码,协助政府入侵任一iPhone的先例。“美国政府拒绝我们拿走的东西,是我们没的,也是我们指出不应去建构的,因为它们过于过危险性,”库克在信中说道。

The heated back-and-forth between the government and technology companies is, at least in part, a function of the Obama administration’s strategy. The White House has said it will not ask Congress to pass a law requiring tech companies to give the F.B.I. a way to gain access to customer data. That has left the Justice Department to fight for access one phone at a time, in court cases that often go unnoticed.这场政府和科技公司的白热化交锋,最少在一定程度上是奥巴马政府的策略导致的。白宫此前回应会催促国会通过法律,拒绝科技公司向FBI获取提供用户数据的方式。

这竟然司法部通过一些往往无人注目的诉讼,去逐一谋求转入这些手机的办法。While it is generally accepted that Silicon Valley’s tech giants can outgun the government in a technical fight, the companies do face one important limitation. Security features often come at the expense of making products slower or clunkier.人们普遍认为,硅谷科技巨头在一场技术争议中可以压制政府,但企业也面对着一个最重要的容许。执着安全性特性,往往要代价产品显得更快、更加幼稚的代价。

Apple’s brand is built around creating products that are sleek and intuitive. A security solution that defeats the F.B.I. is unworkable if it frustrates consumers. One of the impediments to encrypting all the data in Apple’s iCloud servers, for instance, has been finding a way to ensure that customers can easily retrieve and recover photos and other information stored there.苹果通过建构简洁且迎合直觉的产品来创建其品牌形象。如果一个能打败FBI的安全性解决方案会令消费者深感后遗症,那就是不是非的。例如,将苹果iCloud服务器上的所有数据加密就不会导致艰难,其中一点是要寻找一种办法,让用户可以便利地寻回密码,完全恢复存储于其中的照片和其他信息。

“Telling a member of the public that they’re going to lose all the family photos they’ve ever taken because they forgot their password is a really tough sell,” Mr. Soghoian said. “A company wants to sell products to the public.”“要对一个公众人士说道,由于他们记得了密码,他们迄今为止拍到的家庭照片将全部遗失,那可是说不过去的,”索戈延说道。“企业终归是要向公众出售产品。