中英文模式阅读
中文模式阅读
英文模式阅读

• US and UK spy agencies piggyback on commercial data
•美国和英国的间谍机构依赖商业数据
• Details can include age, location and sexual orientation
•详情可包括年龄,地点和性取向
• Documents also reveal targeted tools against individual phones
•文档还显示了针对个人手机的针对性工具Angry Birds
GCHQ documents use Angry Birds -- reportedly downloaded more than 1.7bn times -- as a case study for app data collection.
GCHQ文件使用愤怒的小鸟 - 据报道下载量超过17亿次 - 作为应用数据收集的案例研究。

The
The National Security Agency and its UK counterpart
和它的英国同行GCHQ have been developing capabilities to take advantage of "leaky" smartphone apps, such as the wildly popular Angry Birds game, that transmit users' private information across the internet, according to top secret documents.
根据绝密文件,一直在开发利用"漏洞"智能手机应用程序的功能,例如广受欢迎的愤怒的小鸟游戏,它通过互联网传输用户的私人信息。

The data pouring onto communication networks from the new generation of iPhone and
数据从新一代iPhone和iPhone上涌入通信网络Android apps ranges from phone model and screen size to personal details such as age, gender and location. Some apps, the documents state, can share users' most sensitive information such as sexual orientation -- and one app recorded in the material even sends specific sexual preferences such as whether or not the user may be a swinger.
应用程序的范围从手机型号和屏幕尺寸到个人详细信息,如年龄,性别和位置。一些应用程序,即文档声明,可以共享用户最敏感的信息,如性取向 - 并且材料中记录的一个应用程序甚至发送特定的性偏好,例如用户是否可能是摇摆人。

Many smartphone owners will be unaware of the full extent this information is being shared across the internet, and even the most sophisticated would be unlikely to realise that all of it is available for the spy agencies to collect.
许多智能手机用户将不会意识到这些信息在互联网上的共享范围,即使最复杂的人也不太可能意识到所有这些信息都可供间谍机构收集。

Dozens of classified documents, provided to the Guardian by whistleblower Edward Snowden and reported in partnership with
数十份机密文件,由举报人爱德华·斯诺登提供给"卫报"并与其合作报道the New York Times and
and ProPublica, detail the NSA and GCHQ efforts to piggyback on this commercial data collection for their own purposes.
,详细介绍了NSA和GCHQ为了自己的目的而捎带这个商业数据集的努力。

Scooping up information the apps are sending about their users allows the agencies to collect large quantities of mobile phone data from their existing mass surveillance tools -- such as cable taps, or from international mobile networks -- rather than solely from hacking into individual mobile handsets.
通过挖掘应用程序发送的有关其用户的信息,该机构可以从现有的大规模监控工具(如电缆水龙头或国际移动网络)收集大量移动电话数据,而不仅仅是通过黑客攻击个人手机。

Exploiting phone information and location is a high-priority effort for the intelligence agencies, as terrorists and other intelligence targets make substantial use of phones in planning and carrying out their activities, for example by using phones as triggering devices in conflict zones. The NSA has cumulatively spent more than $1bn in its phone targeting efforts.
利用电话信息和位置是情报机构的一项高度优先工作,因为恐怖分子和其他情报目标大量使用电话来规划和开展活动,例如在冲突地区使用电话作为触发设备。美国国家安全局累计花费超过10亿美元用于电话定位工作。

The disclosures also reveal how much the shift towards smartphone browsing could benefit spy agencies' collection efforts.
这些披露还揭示了向智能手机浏览的转变可以使间谍机构的收集工作受益多少。

One slide from a May 2010 NSA presentation on getting data from smartphones -- breathlessly titled "Golden Nugget!" -- sets out the agency's "perfect scenario": "Target uploading photo to a social media site taken with a mobile device. What can we get?"
2010年5月美国国家安全局关于从智能手机获取数据的演示文稿中的一张幻灯片 - 令人窒息地名为"Golden Nugget!" - 列出该机构的"完美场景":"将照片上传到使用移动设备拍摄的社交媒体网站。我们能得到什么?"

The question is answered in the notes to the slide: from that event alone, the agency said it could obtain a "possible image", email selector, phone, buddy lists, and "a host of other social working data as well as location".
幻灯片的注释中回答了这个问题:仅从该事件中,该机构表示可以获得"可能的图像",电子邮件选择器,电话,好友列表以及"其他一系列社交工作数据以及位置" 。

In practice, most major social media sites, such as Facebook and Twitter, strip photos of identifying location metadata (known as EXIF data) before publication. However, depending on when this is done during upload, such data may still, briefly, be available for collection by the agencies as it travels across the networks.
在实践中,大多数主要社交媒体网站(例如Facebook和Twitter)在发布之前剥离了识别位置元数据(称为EXIF数据)的照片。但是,根据在上传过程中何时完成此操作,这些数据可能仍然可以短暂地由代理商在网络中传输时收集。

Depending on what profile information a user had supplied, the documents suggested, the agency would be able to collect almost every key detail of a user's life: including home country, current location (through geolocation), age, gender, zip code, marital status -- options included "single", "married", "divorced", "swinger" and more -- income, ethnicity, sexual orientation, education level, and number of children.
根据用户提供的个人资料信息,建议的文件,该机构几乎可以收集用户生活的每个关键细节:包括本国,当前位置(通过地理位置),年龄,性别,邮政编码,婚姻状况 - 选项包括"单身","已婚","离婚","摇摆"等 - 收入,种族,性取向,教育程度和儿童人数。

The agencies also made use of their mobile interception capabilities to collect location information in bulk, from Google and other mapping apps. One basic effort by
这些机构还利用其移动拦截功能从谷歌和其他地图应用程序中批量收集位置信息。一个基本的努力GCHQ and the NSA was to build a database geolocating every mobile phone mast in the world -- meaning that just by taking tower ID from a handset, location information could be gleaned.
美国国家安全局将建立一个地理定位世界上每个移动电话桅杆的数据库 - 这意味着只需从手机获取塔ID,就可以收集到位置信息。

A more sophisticated effort, though, relied on intercepting Google Maps queries made on smartphones, and using them to collect large volumes of location information.
然而,更复杂的努力依赖于拦截在智能手机上进行的Google地图查询,并使用它们来收集大量的位置信息。

So successful was this effort that one 2008 document noted that "[i]t effectively means that anyone using Google Maps on a smartphone is working in support of a GCHQ system."
2008年的一份文件指出,这种努力非常成功,"这实际上意味着在智能手机上使用Google地图的任何人都在支持GCHQ系统。"

The information generated by each app is chosen by its developers, or by the company that delivers an app's adverts. The documents do not detail whether the agencies actually collect the potentially sensitive details some apps are capable of storing or transmitting, but any such information would likely qualify as content, rather than metadata.
每个应用程序生成的信息由其开发人员或提供应用程序广告的公司选择。这些文件没有详细说明代理商是否实际收集了某些应用程序能够存储或传输的潜在敏感信息,但任何此类信息都可能被视为内容而非元数据。

Data collected from smartphone apps is subject to the same laws and minimisation procedures as all other NSA activity -- procedures that the US president, Barack Obama, suggested may be subject to reform
从智能手机应用程序收集的数据受到与所有其他NSA活动相同的法律和最小化程序 - 美国总统巴拉克•奥巴马(Barack Obama)建议的程序可能会受到改革in a speech 10 days ago. But the president focused largely on the NSA's collection of the metadata from US phone calls and made no mention in his address of the large amounts of data the agency collects from smartphone apps.
。但总统主要关注美国国家安全局从美国电话中收集的元数据,并没有在他的地址中提及该机构从智能手机应用程序中收集的大量数据。

The latest disclosures could also add to mounting public concern about how the technology sector collects and uses information, especially for those outside the US, who enjoy fewer privacy protections than Americans. A January poll for the Washington Post showed 69% of US adults were already concerned about how tech companies such as Google used and stored their information.
最新的披露还可能增加公众对技术部门如何收集和使用信息的担忧,特别是对于美国以外的人,他们享受的隐私保护比美国人少。华盛顿邮报1月份的一项民意调查显示,69%的美国成年人已经关注谷歌等科技公司如何使用和存储他们的信息。

The documents do not make it clear how much of the information that can be taken from apps is routinely collected, stored or searched, nor how many users may be affected. The NSA says it does not target Americans and its capabilities are deployed only against "valid foreign intelligence targets".
这些文件没有明确说明可以从应用程序中获取的信息有多少是经常收集,存储或搜索的,也不会有多少用户受到影响。美国国家安全局表示,它不针对美国人,其能力只针对"有效的外国情报目标"。

The documents do set out in great detail exactly how much information can be collected from widely popular apps. One document held on GCHQ's internal Wikipedia-style guide for staff details what can be collected from different apps. Though it uses Android apps for most of its examples, it suggests much of the same data could be taken from equivalent apps on
这些文件确实详细列出了可以从广受欢迎的应用程序中收集多少信息。一份关于GCHQ内部维基百科风格指南的文件,详细介绍了可从不同应用程序收集的内容。虽然它在大多数示例中都使用Android应用程序,但它表明大部分相同的数据可以从相应的应用程序中获取iPhone or other platforms.
或其他平台。

The GCHQ documents set out examples of what information can be extracted from different ad platforms, using perhaps the most popular mobile phone game of all time,
GCHQ文件列出了可以从不同的广告平台中提取哪些信息的示例,使用了有史以来最流行的手机游戏,Angry Birds -- which has reportedly been downloaded more than 1.7bn times -- as a case study.

  • 作为一个案例研究,据报道已被下载超过17亿次。

From some app platforms, relatively limited, but identifying, information such as exact handset model, the unique ID of the handset, software version, and similar details are all that are transmitted.
从一些应用平台,相对有限但可识别的信息,例如精确的手机型号,手机的唯一ID,软件版本和类似的细节都是传输的。

Other apps choose to transmit much more data, meaning the agency could potentially net far more. One mobile ad platform, Millennial Media, appeared to offer particularly rich information. Millennial Media's website states it has partnered with Rovio on a special edition of Angry Birds; with Farmville maker Zynga; with Call of Duty developer Activision, and many other major franchises.
其他应用程序选择传输更多数据,这意味着该机构可能会净得多。一个移动广告平台Millennial Media似乎提供了特别丰富的信息。 Millennial Media的网站声称它与Rovio合作推出了一本特别版的"愤怒的小鸟";与Farmville制造商Zynga;与使命召唤开发商Activision,以及许多其他主要特许经营权。

Rovio, the maker of Angry Birds, said it had no knowledge of any NSA or GCHQ programs looking to extract data from its apps users.
愤怒的小鸟制造商Rovio表示,它不知道有任何NSA或GCHQ计划希望从应用程序用户那里提取数据。

"Rovio doesn't have any previous knowledge of this matter, and have not been aware of such activity in 3rd party advertising networks," said Saara Bergström, Rovio's VP of marketing and communications. "Nor do we have any involvement with the organizations you mentioned [NSA and GCHQ]."
Rovio市场营销与传播副总裁SaaraBergström表示,"Rovio之前对此事没有任何了解,也没有意识到第三方广告网络中的此类活动。" "我们也没有参与你提到的组织[NSA和GCHQ]。"

Millennial Media did not respond to a request for comment.
Millennial Media没有回复评论请求。

In December,
In December, the Washington Post reported on how the NSA could make use of advertising tracking files generated through normal internet browsing -- known as cookies -- from Google and others to get information on potential targets.
关于国家安全局如何利用谷歌和其他人通过正常互联网浏览产生的广告跟踪文件(称为cookie)来获取有关潜在目标的信息。

However, the richer personal data available to many apps, coupled with real-time geolocation, and the uniquely identifying handset information many apps transmit give the agencies a far richer data source than conventional web-tracking cookies.
然而,许多应用程序可用的更丰富的个人数据,加上实时地理定位,以及许多应用程序传输的唯一识别手机信息,为代理商提供了比传统网络跟踪cookie更丰富的数据源。

Almost every major website uses cookies to serve targeted advertising and content, as well as streamline the experience for the user, for example by managing logins. One GCHQ document from 2010 notes that cookie data -- which generally qualifies as metadata -- has become just as important to the spies. In fact, the agencies were sweeping it up in such high volumes that their were struggling to store it.
几乎每个主要网站都使用cookie来提供有针对性的广告和内容,并简化用户的体验,例如通过管理登录。 2010年的一份GCHQ文件指出,通常有资格作为元数据的cookie数据对于间谍来说同样重要。事实上,这些机构正在大量扫地,以至于他们正在努力储存它。

"They are gathered in bulk, and are currently our single largest type of events," the document stated.
该文件指出:"它们是大量聚集的,目前是我们最大的一类活动。"

The ability to obtain targeted intelligence by hacking individual handsets has been well documented, both through several years of hacker conferences and previous NSA disclosures in
通过黑客会议和之前的NSA披露,已经充分记录了通过黑客手机获取目标智能的能力。Der Spiegel, and both the NSA and GCHQ have extensive tools ready to deploy against iPhone, Android and other phone platforms.
NSA和GCHQ都有大量工具可以针对iPhone,Android和其他手机平台进行部署。

GCHQ's targeted tools against individual smartphones are named after characters in the TV series The Smurfs. An ability to make the phone's microphone 'hot', to listen in to conversations, is named "Nosey Smurf". High-precision geolocation is called "Tracker Smurf", power management -- an ability to stealthily activate an a phone that is apparently turned off -- is "Dreamy Smurf", while the spyware's self-hiding capabilities are codenamed "Paranoid Smurf".
GCHQ针对个人智能手机的针对性工具以电视剧"蓝精灵"中的角色命名。能够使手机的麦克风"热",听取对话的能力被命名为"Nosy Smurf"。高精度地理定位被称为"Tracker Smurf",电源管理 - 一种隐身激活显然被关闭的手机的能力 - 是"Dreamy Smurf",而间谍软件的自我隐藏功能代号为"Paranoid Smurf"。

Those capability names are set out in a much broader 2010 presentation that sheds light on spy agencies' aspirations for mobile phone interception, and that less-documented mass-collection abilities.
这些能力名称载于更广泛的2010年演示文稿中,该演示文稿阐明了间谍机构对手机拦截的期望,以及较少记录的大规模收集能力。

The cover sheet of the document sets out the team's aspirations:
该文件的封面列出了团队的愿望:

Another slide details weak spots in where data flows from mobile phone network providers to the wider internet, where the agency attempts to intercept communications. These are locations either within a particular network, or international roaming exchanges (known as GRXs), where data from travellers roaming outside their home country is routed.
另一张幻灯片详细介绍了数据从移动电话网络提供商流向更广泛的互联网的弱点,该机构试图拦截通信。这些是位于特定网络内的位置,或国际漫游交换机(称为GRX),其中来自在其本国之外漫游的旅行者的数据被路由。

These are particularly useful to the agency as data is often only weakly encrypted on such networks, and includes extra information such as handset ID or mobile number -- much stronger target identifiers than usual IP addresses or similar information left behind when PCs and laptops browse the internet.
这些对于该机构特别有用,因为数据通常仅在这些网络上进行弱加密,并且包括诸如手机ID或手机号码之类的额外信息 - 比通常的IP地址或PC和笔记本电脑浏览时留下的类似信息强得多的目标标识符。互联网。

The NSA said its phone interception techniques are only used against valid targets, and are subject to stringent legal safeguards.
国家安全局表示,其电话拦截技术仅用于有效目标,并受到严格的法律保障。

"The communications of people who are not valid foreign intelligence targets are not of interest to the National Security Agency," said a spokeswoman in a statement.
一位发言人在一份声明中说:"国家安全局不关心那些不是有效的外国情报目标的人的通信。"

"Any implication that NSA's foreign intelligence collection is focused on the smartphone or social media communications of everyday Americans is not true. Moreover, NSA does not profile everyday Americans as it carries out its foreign intelligence mission. We collect only those communications that we are authorized by law to collect for valid foreign intelligence and counterintelligence purposes -- regardless of the technical means used by the targets.
"美国国家安全局的外国情报收集专注于日常美国人的智能手机或社交媒体传播的任何暗示都是不正确的。此外,美国国家安全局不会描述日常美国人执行其外国情报任务的情况。我们只收集那些我们获得授权的通信根据法律收集有效的外国情报和反间谍目的 - 无论目标使用何种技术手段。

"Because some data of US persons may at times be incidentally collected in NSA's lawful foreign intelligence mission, privacy protections for US persons exist across the entire process concerning the use, handling, retention, and dissemination of data. In addition, NSA actively works to remove extraneous data, to include that of innocent foreign citizens, as early as possible in the process.
"由于美国人的某些数据有时可能会在美国国家安全局的合法外国情报任务中被偶然收集,因此在整个过程中存在关于数据的使用,处理,保留和传播的隐私保护。此外,NSA积极致力于在此过程中尽早删除无关数据,包括无辜外国公民的数据。

"Continuous and selective publication of specific techniques and tools lawfully used by NSA to pursue legitimate foreign intelligence targets is detrimental to the security of the United States and our allies -- and places at risk those we are sworn to protect."
"持续和有选择地公布国家安全局合法使用的特定技术和工具,以追求合法的外国情报目标,这对美国和我们的盟友的安全是不利的 - 并且使我们发誓要保护的人处于危险之中。"

The NSA declined to respond to a series of queries on how routinely capabilities against apps were deployed, or on the specific minimisation procedures used to prevent US citizens' information being stored through such measures.
美国国家安全局拒绝回应有关如何部署应用程序的常规能力的一系列问题,或者用于防止通过此类措施存储美国公民信息的特定最小化程序。

GCHQ declined to comment on any of its specific programs, but stressed all of its activities were proportional and complied with UK law.
GCHQ拒绝对其任何具体计划发表评论,但强调其所有活动都是按比例的,并符合英国法律。

"It is a longstanding policy that we do not comment on intelligence matters," said a spokesman.
"这是一项长期政策,我们不会就情报问题发表评论,"一位发言人说。

"Furthermore, all of GCHQ's work is carried out in accordance with a strict legal and policy framework that ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee. All our operational processes rigorously support this position."
"此外,GCHQ的所有工作都是按照严格的法律和政策框架进行的,以确保我们的活动得到授权,必要和相称,并且有严格的监督,包括国务大臣,拦截和情报服务专员和议会情报和安全委员会。我们所有的业务流程都严格支持这一立场。"

• A separate disclosure on Wednesday, published by
•周三公布的单独披露,由Glenn Greenwald and NBC News, gave examples of how GCHQ was making use of its cable-tapping capabilities to monitor YouTube and social media traffic in real-time.
,举例说明GCHQ如何利用其有线电视功能实时监控YouTube和社交媒体流量。

GCHQ's cable-tapping and internet buffering capabilities , codenamed Tempora, were
GCHQ的电缆窃听和互联网缓冲功能,代号Tempora,是disclosed by the Guardian in June, but the new documents published by NBC from a GCHQ presentation titled "Psychology: A New Kind of SIGDEV" set out a program codenamed Squeaky Dolphin which gave the British spies "broad real-time monitoring" of "YouTube Video Views", "URLs 'Liked' on Facebook" and "Blogspot/Blogger Visits".
但NBC在GCHQ发表的题为"心理学:一种新的SIGDEV"的演讲中发表的新文件提出了一个代号为Squeaky Dolphin的节目,该节目让英国间谍"广泛实时监控""YouTube视频观看","URL"喜欢'在Facebook上'和'Blogspot / Blogger访问'。

A further slide noted that "passive" -- a term for large-scale surveillance through cable intercepts -- give the agency "scalability".
另一张幻灯片指出,"被动" - 通过电缆拦截进行大规模监视的术语 - 赋予该机构"可扩展性"。

The means of interception mean GCHQ and NSA could obtain data without any knowledge or co-operation from the technology companies. Spokespeople for the NSA and GCHQ told NBC all programs were carried out in accordance with US and UK law.
拦截手段意味着GCHQ和NSA可以在没有任何技术公司知识或合作的情况下获取数据。美国国家安全局和GCHQ的发言人告诉NBC,所有计划都是按照美国和英国的法律进行的。

• This article was amended on 28 January 2014. It referred to martial status, instead of marital status. This has been corrected.
•本文于2014年1月28日修订。它提到的是军事地位,而不是婚姻状况。这已得到纠正。

中英文模式阅读
中文模式阅读
英文模式阅读

查看英文原文

查看更多文章

公众号:银河系1号
公众号:银河系1号

联系邮箱:public@space-explore.com
联系邮箱:public@space-explore.com

(未经同意,请勿转载)
(未经同意,请勿转载)