蘋果或研發新安全手段抵抗政府侵入

WASHINGTON — Apple engineers have begun developing new security measures that would make it impossible for the government to break into a locked iPhone using methods similar to those now at the center of a court fight in California, according to people close to the company and security experts.

華盛頓——據公司知情人士和安全專家稱，蘋果公司(Apple)的工程師已經開始研發新的安全手段，令政府不可能強行進入一部加鎖的iPhone，新手段使用的方法，和目前捲入加州一場訴訟中的方法類似。

If Apple succeeds in upgrading its security — and experts say it almost surely will — the company will create a significant technical challenge for law enforcement agencies, even if the Obama administration wins its fight over access to data stored on an iPhone used by one of the killers in last year’s San Bernardino, Calif., rampage. If the Federal Bureau of Investigation wanted to get into a phone in the future, it would need a new way to do so. That would most likely prompt a new cycle of court fights and, yet again, more technical fixes by Apple.

爲了進入去年製造加州聖貝納迪諾慘案的一名兇手所使用過的iPhone，獲取存於其中的數據，奧巴馬政府正和蘋果展開鬥爭，而一旦成功進行此次安全升級——專家稱幾乎可以肯定蘋果公司能做到——蘋果將給執法部門製造一個極大的技術難題，即便政府贏得訴訟勝利也無法改變這一點。今後聯邦調查局(FBI)若再要進入一部iPhone，就必須另想辦法。這很有可能將引發又一輪的法庭訴訟，進而令蘋果再做出更多的技術修補。

The only way out of this scenario, experts say, is for Congress to get involved. Federal wiretapping laws require traditional phone carriers to make their data accessible to law enforcement agencies. But tech companies like Apple and Google are not covered, and they have strongly resisted legislation that would place similar requirements on them.

專家稱，這樣的局面下，唯一的出路是讓國會參與進來。聯邦竊聽法要求傳統手機運營商向執法部門提供其持有的數據。但蘋果和谷歌(Google)這樣的科技公司並不在規定範圍內，它們此前也曾強烈反對通過立法對它們做出同樣的要求。

“We are in for an arms race unless and until Congress decides to clarify who has what obligations in situations like this,” said Benjamin Wittes, a senior fellow at the Brookings Institution.

“我們這是在展開一場軍備競賽，唯有等國會出來明確，像這樣的情況下，各方應該盡何種義務，”布魯金斯學會(Brookings Institution)高級研究員本傑明·維茨(Benjamin Wittes)說。

Companies have always searched for software bugs and patched holes to keep their code secure from hackers. But since the revelations of government surveillance made by Edward J. Snowden, companies have been retooling their products to protect against government intrusion.

企業從來都會搜尋軟件臭蟲(bug)，修補漏洞，以讓自己的代碼免遭黑客侵擾。但自愛德華·J·斯諾登(Edward J. Snowden)披露政府的監控措施以來，各公司便開始更新其產品，防禦政府的侵入。

For Apple, security is also a global marketing strategy. New security measures would not only help the company in its fight with the government, but also reassure investors and customers.

對蘋果來說，安全還是一項全球市場戰略。新的安全手段不但能幫助公司與政府展開對抗，還能增強投資人和顧客的信心。

“For all of those people who want to have a voice but they’re afraid, we are standing up, and we are standing up for our customers because protecting them we view as our job,” Apple’s chief executive, Timothy D. Cook, said on Wednesday in an interview with ABC News.

“爲了那些出於恐懼不敢發聲的人，我們決定挺身上前，我們要爲用戶而戰，因爲保護他們是我們的職責，”蘋果首席執行官蒂莫西·D·庫克(Timothy D. Cook)週三在ABC新聞頻道(ABC News)接受採訪時說。

The company first raised the prospect of a security update last week in a phone call with reporters, who asked why the company would allow firmware — the software at the heart of the iPhone — to be modified without requiring a user password.

安全升級的打算是上週在一次記者電話會議上首次提出的，當時記者問爲什麼公司可以在不需要用戶密碼的情況下改動固件——iPhone的核心軟件。

One senior executive, speaking on the condition of anonymity, replied that it was safe to bet that security would continue to improve. Separately, a person close to the company, who also spoke on the condition of anonymity, confirmed this week that Apple engineers had begun work on a solution even before the San Bernardino attack. A company spokeswoman declined to comment on what she called rumors and speculation.

一位要求匿名的高管答稱，可以十分肯定地說，安全將會不斷得到改進。一位同樣要求匿名的公司知情人士本週在另一場合表示，蘋果工程師的確在聖貝納迪諾襲擊之前就已經着手於一個解決方案。蘋果公司一名女發言人稱這些都是傳聞和猜測，並拒絕置評。

Independent experts say they have held informal conversations with Apple engineers over the last week about the vulnerability. Exactly how Apple will address the issue is unclear. Security experts who have been studying Apple’s phone security say it is technically possible to fix.

一些獨立專家稱，上週他們和蘋果工程師就安全防禦弱點進行了非正式的討論。蘋果具體會如何處理這一問題尚不得而知。研究蘋果手機安全的安全專家稱，技術上講這些弱點是可以修補的。

“There are probably 50 different ideas we have all sent to Apple,” said Jonathan Zdziarski, a security researcher.

“我們大概總共向蘋果提了50個不同的想法，”安全研究員喬納森·茲阿爾斯基(Jonathan Zdziarski)說。

Apple built its recent operating systems to protect customer information. As Mr. Cook wrote in a recent letter to customers, “We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.”

蘋果從保護用戶信息的角度開發了近年的操作系統。庫克近日在一封致顧客的公開信中說，“我們甚至把數據放在了我們自己都無法取得的地方，因爲我們相信，你們放在iPhone中的內容不關我們的事。”

But there is a catch. Each iPhone has a built-in troubleshooting system that lets the company update the system software without the need for a user to enter a passcode. Apple designed that feature to make it easier to repair malfunctioning phones.

但這裏面有一個問題。每部iPhone都有一個內置的故障排除系統，讓公司可以在無需用戶輸入口令的情況下更新系統軟件。蘋果設計這個特性的目的是方便維修運轉失常的手機。

In the San Bernardino case, the F.B.I. wants to exploit that troubleshooting system by forcing Apple to write and install new software that strips away several security features, making it much easier for the government to hack into the phone. The phone in that case is an old model, but experts and former Apple employees say that a similar approach could also be used to alter software on newer phones. That is the vulnerability Apple is working to fix.

在聖貝納迪諾案中，FBI希望利用這個故障排除系統，爲此他們強迫蘋果編寫和安裝新的軟件，把多個安全特性去掉，大大降低政府侵入該手機的難度。本案涉及的是一部老款iPhone，但專家和前蘋果僱員說，類似手法可以用於改動更新的型號。這就是蘋果打算修補的薄弱環節。

Apple regularly publishes security updates and gives credit to researchers who hunt for bugs in the company’s software. “Usually, bug reports come in an email saying, ‘Dear Apple Security, we’ve discovered a flaw in your product,’ ” said Chris Soghoian, a technology analyst with the American Civil Liberties Union. “This bug report has come in the form of a court order.”

蘋果定期發佈安全升級，並在公司的軟件中明確那些找到臭蟲的研究人員的貢獻。“通常來說，臭蟲報告就是一封郵件，說‘親愛的蘋果安全部門，我們在你們的產品裏發現了一個缺陷，’”美國公民自由聯盟(American Civil Liberties Union)技術分析師克里斯托弗·索戈延(Christopher Soghoian)說。“這次的臭蟲報告是一紙法庭判令。”

The court order to which Mr. Soghoian referred was issued last week by a federal judge magistrate, and tells Apple to write and install the code sought by the F.B.I. Apple has promised to challenge that order. Its lawyers have until Friday to file its opposition in court.

索戈延提到的判令是上週由一名聯邦治安法官發出的，命令要求蘋果編寫和安裝FBI所需的代碼。蘋果已經承諾要挑戰該命令。公司律師需在週五前向法院遞交異議書。

In many ways, Apple’s response continues a trend that has persisted in Silicon Valley since Mr. Snowden’s revelations. Yahoo, for instance, left its email service unencrypted for years. After Mr. Snowden revealed the National Security Agency surveillance, the company quickly announced plans to encrypt email. Google similarly moved to fix a vulnerability that the government was using to hack into company data centers.

從許多方面看，蘋果的反應延續了硅谷自斯諾登披露以來的一種趨勢。比如，雅虎(Yahoo)的郵件服務多年來一直是不加密的。在斯諾登披露國家安全局(National Security Agency)的監控後，該公司很快宣佈了對電子郵件進行加密的計劃。谷歌也同樣採取行動，修補了一個政府用來潛入公司數據中心的安全薄弱環節。

Apple’s showdown with the Justice Department is different in one important way. Now that the government has tried to force Apple to hack its own code, security officials say, the company must view itself as the vulnerability.

但蘋果與司法部(Justice Department)的對決有一個非常重要的不同之處。安全官員說，現在政府要強迫蘋果去破解自己的代碼，公司必須把自己當做一個薄弱環節來看待。

“This is the first time that Apple has been included in their own threat model,” Mr. Zdziarski said. “I don’t think Apple ever considered becoming a compelled arm of the government.”

“這是蘋果第一次被納入到他們自己的威脅模型中，”茲阿爾斯基說。“我認爲蘋果肯定不希望被逼着成爲政府的一個附屬機構。”

The F.B.I. director, James B. Comey Jr., signaled this week that he expected Apple to change its security, saying that the phone-cracking tool the government sought in the San Bernardino case was “increasingly obsolete.” He said that supported the government’s argument that it was not seeking a skeleton key to hack into all iPhones.

FBI局長小詹姆斯·B·科米(James B. Comey Jr.)本週表示，他希望蘋果改變其安全策略，並稱政府在聖貝納迪諾案中尋求獲取的手機破解工具已經“越來越過時了”。他的言論支持了政府的主張，即它並不打算得到一把能破解所有iPhone的萬能鑰匙。

Apple, though, says the case could set a precedent for forcing company engineers to write code to help the government break into any iPhone. “The U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create,” Mr. Cook said in his letter.

不過蘋果認爲該案會創下強迫公司工程師編寫代碼，幫助政府侵入任一iPhone的先例。“美國政府要求我們拿出的東西，是我們沒有的，也是我們認爲不該去創造的，因爲它們太過危險，”庫克在信中說。

The heated back-and-forth between the government and technology companies is, at least in part, a function of the Obama administration’s strategy. The White House has said it will not ask Congress to pass a law requiring tech companies to give the F.B.I. a way to gain access to customer data. That has left the Justice Department to fight for access one phone at a time, in court cases that often go unnoticed.

這場政府和科技公司的激烈交鋒，至少在一定程度上是奧巴馬政府的策略造成的。白宮此前表示不會請求國會通過法律，要求科技公司向FBI提供獲取用戶數據的方式。這就讓司法部通過一些往往無人關注的訴訟，去逐個爭取進入這些手機的辦法。

While it is generally accepted that Silicon Valley’s tech giants can outgun the government in a technical fight, the companies do face one important limitation. Security features often come at the expense of making products slower or clunkier.

人們普遍認爲，硅谷科技巨頭在一場技術爭議中可以壓制政府，但企業也面臨着一個重要的限制。追求安全特性，往往要付出產品變得更慢、更遲鈍的代價。

Apple’s brand is built around creating products that are sleek and intuitive. A security solution that defeats the F.B.I. is unworkable if it frustrates consumers. One of the impediments to encrypting all the data in Apple’s iCloud servers, for instance, has been finding a way to ensure that customers can easily retrieve and recover photos and other information stored there.

蘋果通過創造流暢且順應直覺的產品來建立其品牌形象。如果一個能擊敗FBI的安全解決方案會令消費者感到困擾，那就是不可取的。例如，將蘋果iCloud服務器上的所有數據加密就會造成困難，其中一點是要找到一種辦法，讓用戶可以方便地找回密碼，恢復存儲於其中的照片和其他信息。

“Telling a member of the public that they’re going to lose all the family photos they’ve ever taken because they forgot their password is a really tough sell,” Mr. Soghoian said. “A company wants to sell products to the public.”

“要對一個公衆人士說，由於他們忘記了密碼，他們迄今爲止拍下的家庭照片將全部丟失，那可是說不過去的，”索戈延說。“企業終歸是要向公衆出售產品。”