G20主辦方泄露各國領導人的隱私信息

Exclusive: Obama, Putin, Merkel, Cameron, Modi and others kept in the dark after passport numbers and other details were disclosed in Australia's accidental privacy breach

獨家新聞：奧巴馬，普京，默克爾，卡梅倫，莫迪和其他人等被矇在鼓裏，澳大利亞意外地違反隱私法把各國政要人物的護照號碼等詳細數據被公開。

Tony Abbott and Vladimir Putin cuddle koalas before the start of the first G20 meeting in November 2014. Photograph: Andrew Taylor/G20 Australia/Getty Imagess

艾伯特和普京在2014年11月第一次G20會議開始之前擁抱考拉。 圖片攝影: 安德魯•泰勒/ G20澳大利亞/蓋蒂圖片社

The personal details of world leaders at the last G20 summit were accidentally disclosed by the Australian immigration department, which did not consider it necessary to inform those world leaders of the privacy breach.

曾出席剛過去的G20峯會的世界各國領導人之個人資料，被澳大利亞移民部意外地曝露了。就此私隱遭泄露一事官方沒考慮需要通知這些世界領導人。

The Guardian can reveal an employee of the agency inadvertently sent the passport numbers, visa details and other personal identifiers of all world leaders attending the summit to the organisers of the Asian Cup football tournament.

衛報披露該機構的一名僱員不慎地把各國出席峯會領導人物之護照號碼，簽證詳細數據等發給了亞洲盃足球錦標賽的組織。

The United States president, Barack Obama, the Russian president, Vladimir Putin, the German chancellor, Angela Merkel, the Chinese president, Xi Jinping, the Indian prime minister, Narendra Modi, the Japanese prime minister, Shinzo Abe, the Indonesian president, Joko Widodo, and the British prime minister, David Cameron, were among those who attended the Brisbane summit in November and whose details were exposed.

美國總統奧巴馬，俄羅斯總統普京，德國總理默克爾，中國國家主席Xi，印度總理，納倫德拉•莫迪，日本首相安倍晉三，印度尼西亞總統佐戈維多多和英國首相戴維•卡梅倫等都參加了布里斯班去年十一月舉行的峯會，這些政要的個人資料都被曝露。

The Australian privacy commissioner was contacted by the director of the visa services division of Australia's Department of Immigration and Border Protection to inform them of the data breach on 7 November 2014 and seek urgent advice.

澳大利亞移民和邊境保護之簽證服務部主管聯繫了澳大利亞隱私專員，通知他們於十一月七日數據遭到侵害一事, 並尋求緊急建議。

In an email sent to the commissioner's office, obtained under Australia's freedom of information laws, the breach is attributed to an employee who mistakenly emailed a member of the local organising committee of the Asian Cup – held in Australia in January – with the personal information.

據澳大利亞的信息自由法，一封電郵傳送至專員辦公室，侵害事件歸咎於一位僱員錯誤地把個人資料電郵發給了一位亞洲盃一月份賽事的當地組委會的一位成員。

"The personal information which has been breached is the name, date of birth, title, position nationality, passport number, visa grant number and visa subclass held relating to 31 international leaders (ie prime ministers, presidents and their equivalents) attending the G20 leaders summit," the officer wrote.

"這些已經受侵害的個人信息是31位出席G20峯會的國際領袖（即首相，總統及等份量人物等）的姓名，出生日期，職稱，職務國籍，護照號碼，簽證批次和簽證子類等。"專員寫道。

"The cause of the breach was human error. 'Redacted' failed to check that the autofill function in Microsoft Outlook had entered the correct person's details into the email ‘To' field. This led to the email being sent to the wrong person.

"違規的原因是人爲錯誤。 在微軟的個人信息管理系統Microsoft Outlook 中, 當在收件人字段填入正確的個人資料後, 執行“校訂”時檢查不出自動填充功能，這導致了電子郵件被髮送到錯誤的收件人。

"The matter was brought to my attention directly by 'redacted' immediately after receiving an email from 'the recipient' informing them that they had sent the email to the wrong person.

一收到“收件人”的電郵通知後就立即“校對”，通知對方他們的電子郵件發錯收件人。此事直接引起了我的注意。

"The risk remains only to the extent of human error, but there was nothing systemic or institutional about the breach."

“人爲風險仍然只是在某程度上而已，有關之違規行爲亦無關於體系的或制度的問題。”

The officer wrote that it was "unlikely that the information is in the public domain", and said the absence of other personal identifiers "limits significantly" the risk of the breach. The unauthorised recipient had deleted the email and "emptied their deleted items folder".

這位專員寫道，"這些數據是不太可能存在公共範圍的"，並表示在個人認鑑之侵權風險方面缺乏"明確的界限"。未經授權的收件人已刪除電子郵件並且"清空已刪除的郵件活頁夾"。

"The Asian Cup local organising committee do not believe the email to be accessible, recoverable or stored anywhere else in their systems," the letter said.

"亞洲盃當地組委會不相信，在他們的系統中，此封電郵還可點開查看、可恢復或存儲在其他地方。"信中說。

The immigration officer then recommended that the world leaders not be made aware of the breach of their personal information.

移民官則建議不要讓世界各國領導人意識到他們的個人信息私隱權遭到侵害。

"Given that the risks of the breach are considered very low and the actions that have been taken to limit the further distribution of the email, I do not consider it necessary to notify the clients of the breach," she wrote.

"鑑於受侵害的風險被認爲是非常低，並已採取行動限制電子郵件的進一步分發，我不認爲有必要通知受侵害的當事人。"她寫道。

The recommendation not to disclose the breach to the world leaders may be at odds with privacy law in some of their countries.

此不向各國領導人披露侵害事件之建議，可能與這些國家本國的私隱法不一致。

Britain, Germany and France all have different forms of mandatory data breach notification laws that require individuals affected by data breaches to be informed.

英國，德國和法國的義務性數據泄露通知法都有不同形式，這需要個人受到數據泄露影響纔會予以通報。

It is not clear whether the immigration department subsequently notified the world leaders of the breach after the initial assessment.

目前尚不清楚移民部門在初步評估後，是否隨後通知受侵害的世界各國領導人。

The office of the Australian immigration minister, Peter Dutton, did not respond to questions.

澳大利亞移民部長彼得•達頓辦公室沒有響應此問題。

Australia's deputy opposition leader, Tanya Plibersek, called on Tony Abbott to explain why the world leaders were not notified of the breach.

澳大利亞反對黨副領袖Tanya Plibersek，呼籲總理艾伯特解釋爲什麼世界各國領導人都沒有就此侵害事件得到通知。

"The prime minister and the immigration minister must explain this serious incident and the decision not to inform those affected," she said.

"沒有告知受影響的決定，總理和移民部長必須解釋這一嚴重事件。"她說。

Disclosure of the data breach is likely to embarrass the Australian government after controversial mandatory data retention laws were passed last week.

在有爭議的義務性數據保留法律於上週通過後，曝出數據泄露事件可能讓澳大利亞政府感覺難堪。

The passage of the laws – which require telecommunications companies to store certain types of phone and web data for two years – has been marked by concerns about the adequacy of privacy safeguards by companies and government agencies that will handle the data.

此法案的通過，要求電信公司存儲某些類型的電話和網絡兩年數據，這己經給企業和政府機構的私隱防護造成擔憂，他們將要處理相關的數據。

The Greens senator Sarah Hanson-Young said: "Only last week the government was calling on the Australian people to trust them with their online data, and now we find out they have disclosed the details of our world leaders.

綠黨參議員莎拉•漢森 - 楊說："就在上週，政府正在呼籲澳洲民衆相信他們與他們的在線數據，現在我們發現他們泄露了我們的世界領導者的詳細信息。

"This is another serious gaffe by an incompetent government."

"這是一個不稱職的政府的再一次嚴重出醜。"

Australia's immigration department was also responsible for the country's largest ever data breach by a government agency.

澳大利亞移民部應爲此政府機構的全國有史以來最大的數據泄露事件負有責任。

In February 2014 the Guardian revealed the agency had inadvertently disclosed the personal details of almost 10,000 people in detention – many of whom were asylum seekers – in a public file on its website.

衛報在2014年2月透露，在其網站上公開的文件中，該機構已在不經意間披露了近一萬個被拘留人的個人信息， 當中許多是尋求庇護者。