饶谨的博客 Rao Jin's Website

美国国安局或助谷歌抵御网络攻击

By Ellen Nakashima
Thursday, February 4, 2010

The world's largest Internet search company and the world's most powerful electronic surveillance organization are teaming up in the name of cybersecurity.
世界最大的网络搜索商和世界最强大的电子监控组织正为网络安全而协作。
This Story
Google to enlist NSA to ward off attacks
Poll: Will a Google-NSA alliance make you feel safer online?
Under an agreement that is still being finalized, the National Security Agency would help Google analyze a major corporate espionage商业间谍行为 attack that the firm said originated in China and targeted its computer networks, according to cybersecurity experts familiar with the matter. The objective is to better defend Google -- and its users -- from future attack.

美国国家安全局可能将帮助谷歌分析一起重大商业间谍攻击。谷歌公司称，相关领域网络安全专家分析这次是一起来自中国、以公司电脑网络为目标的攻击。这一协定目的是更好地保护谷歌和它的用户，使他们今后不受攻击之扰。此协议正待最终确定。

Google and the NSA declined to comment on the partnership. But sources with knowledge of the arrangement, speaking on the condition of anonymity, said the alliance is being designed to allow the two organizations to share critical information without violating Google's policies or laws that protect the privacy of Americans' online communications. The sources said the deal does not mean the NSA will be viewing users' searches or e-mail accounts or that Google will be sharing proprietary data.

谷歌和美国国家安全局对此次合作均拒绝评论。有消息称，在隐私保护方面，此次合作双方会在不触犯谷歌的政策和在线通信隐私法的前提下共享一些关键情报。这一协议并不意味着美国国家安全局可以察看用户的搜索记录或者邮件账户，谷歌也不会分享私人数据。

The partnership strikes at the core of one of the most sensitive issues for the government and private industry in the evolving world of cybersecurity: how to balance privacy and national security interests. On Tuesday, Director of National Intelligence Dennis C. Blair called the Google attacks, which the company acknowledged in January, a "wake-up call." Cyberspace cannot be protected, he said, without a "collaborative effort that incorporates both the U.S. private sector and our international partners."

此次合作涉及在网络安全方面如何平衡隐私和国家安全的问题，这对私人企业和政府来说都是最敏感的问题之一。周二，国家情报总监丹尼斯布莱尔认为对谷歌公司的攻击是敲响了警钟，他说，“网络空间的保护需要美国企业和我们的国际伙伴的共同努力。”

But achieving collaboration is not easy, in part because private companies do not trust the government to keep their secrets and in part because of concerns that collaboration can lead to continuous government monitoring of private communications. Privacy advocates, concerned about a repeat of the NSA's warrantless interception of Americans' phone calls and e-mails after the Sept. 11, 2001, terrorist attacks, say information-sharing must be limited and closely overseen.

但是达成合作并不容易。一方面因为私人企业不信任政府会为他们保守秘密，另外也担心合作带来持续的政府监管。因为担心911之后政府唐而皇之地截取美国公民电话和电子邮件的情况重演，倡导隐私权的人士指出，信息共享必须是有监督的、有限制的。

"The critical question is: At what level will the American public be comfortable with Google sharing information with NSA?" said Ellen McCarthy, president of the Intelligence and National Security Alliance, an organization of current and former intelligence and national security officials that seeks ways to foster greater sharing of information between government and industry.

情报与国家安全联盟的主席海伦麦卡锡说，“关键的问题是美国公众可以接收谷歌与美股国家安全局多大程度上的信息共享。”情报与国家安全联盟是由现任和前任情报和国家安全官员组成的组织，目的是设法促成政府和产业更大规模地交流信息。

On Jan. 12, Google took the rare step of announcing publicly that its systems had been hacked in a series of intrusions beginning in December.

一月十二日，谷歌少见地公布了它从12月初开始受到一系列入侵，其系统被黑。

The intrusions, industry experts said, targeted Google source code -- the programming language underlying Google applications -- and extended to more than 30 other large tech, defense, energy, financial and media companies. The Gmail accounts of human rights activists in Europe, China and the United States were also compromised.

行业专家说，这次入侵针对的是谷歌的源编码（谷歌应用程序的程序语言），进而扩展到超过30家其他大型科技、国防、能源、金融和媒体公司。受危及的还有在欧洲、中国和美国的民主人士的谷歌邮箱帐户。

So significant was the attack that Google threatened to shutter its business operation in China if the government did not agree to let the firm operate an uncensored search engine there. That issue is still unresolved.

鉴于此次攻击问题重大，谷歌公司威胁说，如果中国政府不让其在中国运营一个不受审查的搜索引擎，谷歌将关闭其在中国的业务。

Google approached the NSA shortly after the attacks, sources said, but the deal is taking weeks to hammer out, reflecting the sensitivity of the partnership. Any agreement would mark the first time that Google has entered a formal information-sharing relationship with the NSA, sources said. In 2008, the firm stated that it had not cooperated with the NSA in its Terrorist Surveillance Program.

消息称，谷歌在受到攻击后很快就找到了美国国家安全局，但是协议要好几周才能达成。这反映了此次合作的敏感性。任何协议都将是谷歌首次正式与美国国家安全局的共享情报。2008年，谷歌曾声明不会就恐怖分子监视计划与美国国家安全局合作。

Sources familiar with the new initiative said the focus is not figuring out who was behind the recent cyberattacks -- doing so is a nearly impossible task after the fact -- but building a better defense of Google's networks, or what its technicians call "information assurance."

据了解新计划的消息称，找出近来网络攻击的幕后黑手几乎是不可能的，这也不是此次的重点。重点是为谷歌网络建立更好的防御，其技术人员称之为“信息保障”。
One senior defense official, while not confirming or denying any agreement the NSA might have with any firm, said: "If a company came to the table and asked for help, I would ask them . . . 'What do you know about what transpired in your system? What deficiencies do you think they took advantage of? Tell me a little bit about what it was they did.' " Sources said the NSA is reaching out to other government agencies that play key roles in the U.S. effort to defend cyberspace and might be able to help in the Google investigation.

对于美国国家安全局可能会和任何公司达成协议，一位高级国防官员既不证实也不否认，他/她说，如果一个公司来寻求帮助，我会问他们“对你系统泄露的 东西你了解什么？你认为他们利用了你们什么漏洞？给我讲讲他们做了什么。”消息称，美国国家安全局正在接触其他网络安全方面的政府关键部门。那些部门也许 将有助于谷歌的调查。

Google to enlist NSA to help it ward off cyberattacks

美国国安局或助谷歌抵御网络攻击

These agencies include the FBI and the Department of Homeland Security.

这些机构包括联邦调查局和国土安全部。

This Story
Google to enlist NSA to ward off attacks
Poll: Will a Google-NSA alliance make you feel safer online?
Over the past decade, other Silicon Valley companies have quietly turned to the NSA for guidance in protecting their networks.

近几十年来，其他的硅谷公司都悄悄归顺了国安局，以获得网络安全指导。

"As a general matter," NSA spokeswoman Judi Emmel said, "as part of its information-assurance mission, NSA works with a broad range of commercial partners and research associates to ensure the availability of secure tailored solutions for Department of Defense and national security systems customers."

国安局女发言人Judi Emmel说，“一般来说，作为情报保障任务的一部分，国安局会与一大批商业合作伙伴和研究协会合作，以确保为国防部和国家安全系统提供合适的安全定制解决方案。”

Despite such precedent, Matthew Aid, an expert on the NSA, said Google's global reach makes it unique.

虽然有例在先，一位国安局的专家Matthew Aid说谷歌的全球触角让这件事非同小可。

"When you rise to the level of Google . . . you're looking at a company that has taken great pride in its independence," said Aid, author of "The Secret Sentry," a history of the NSA. "I'm a little uncomfortable with Google cooperating this closely with the nation's largest intelligence agency, even if it's strictly for defensive purposes."

《绝密哨兵》被认为是国安局的一部历史，其作者Aid说“当你上升到谷歌的层面的时候，你面前是一个以自身独立为豪的公司。即使是为了防御目的，谷歌如此亲密地与国家最大的情报机构合作也让我觉得很不安，”

The pact would be aimed at allowing the NSA help Google understand whether it is putting in place the right defenses by evaluating vulnerabilities in hardware and software and to calibrate how sophisticated the adversary is. The agency's expertise is based in part on its analysis of cyber-"signatures" that have been documented in previous attacks and can be used to block future intrusions.

协定将允许国安局通过评估硬件和软件的脆弱性以及标定对手的精密度来帮助谷歌得当防御。国安的一个专长就是分析“网络签名”。之前攻击中的“网络签名”可用于阻止今后的入侵。

The NSA would also be able to help the firm understand what methods are being used to penetrate its system, the sources said. Google, for its part, may share information on the types of malicious code seen in the attacks -- without disclosing proprietary data about what was taken, which would concern shareholders, sources said.

消息称，美国国安也将帮助谷歌理解侵入系统的方法。消息还指出，谷歌方面也许会将攻击中看到的恶意的编码提供给美国国安，但不会泄露私人信息，因为也不会让股东担心。

Greg Nojeim, senior counsel for the Center for Democracy & Technology, a privacy advocacy group, said companies have statutory authority to share information with the government to protect their rights and property.

民主与科学中心是一个隐私倡导组织，其高级顾问Greg Nojeim说，公司有法定的权利去与政府共享信息以捍卫他们自己的权利和财产。