慘絕人寰的巴黎恐怖襲擊引發(fā)了一系列國家安全問題，其中一項便是網絡安全。目前，針對政府是否應該以國家安全之名，輕易突破保護公民通信和交易隱私的技術這一問題，各界正在展開激烈的討論。

巴黎恐怖事件將這一問題推到了世人面前，因為人們首先想到的一個問題是，恐怖分子是如何策劃，并執(zhí)行了一場如此復雜的襲擊，又是如何避開了情報部門偵察的。答案或許就在于加密技術。事實上，專家們提出了三種可能性：（1）恐怖分子使用了強大的場外加密技術；（2）他們借助黑暗網絡完成分工協(xié)作；（3）準備工作達到一定程度之后，他們便停止使用技術手段進行聯(lián)系。

首先，我們必須了解現(xiàn)代加密技術的工作原理，以及這項技術為什么會突然引起關注。數(shù)百年來，人類一直在使用加密技術保證信息傳輸?shù)陌踩?，但高級加密技巧和技術從未像現(xiàn)在這樣被如此廣泛地使用，同時也變得更加復雜。

簡而言之，加密就是將信息或數(shù)據(jù)轉換成一組代碼的過程，讓信息變得晦澀難懂，無法讀取，只有使用正確的密鑰（或多個密鑰）才能破譯或解密信息。今天，世界上任何一個人都可以輕松購買和使用高度復雜的256位AES加密技術——這種加密技術非常強大，美國政府自2002年起也采用這種加密標準。

一般企業(yè)每天也都在使用加密技術，防止身份盜竊和其他犯罪。例如，捕獲和傳輸非加密狀態(tài)下進行支付的信用卡信息，曾經是一種非常普遍的作法。道高一尺，魔高一丈。網絡犯罪分子現(xiàn)在開始想方設法在支付過程的某個節(jié)點竊取這些信息。之后，他們會利用這些信用卡信息進行牟利。

意識到這個問題之后，支付處理商就部署了許多不同類型的加密技術，讓傳輸?shù)男畔⒆兊酶y攔截或牟利。雖然加密通信可以解密，但這需要時間和計算能力。此外，在我們的私人生活和商業(yè)生活當中，加密設備與通信已經變得非常普遍。

事實上，恐怖分子很容易便能找到安全的通信方式。為了保護我們的隱私和個人信息，我們今天使用的許多手機應用均支持加密通信。我們購買的許多設備，例如智能手機，也會出于同樣的原因，對數(shù)據(jù)進行加密。因此，我們的數(shù)據(jù)在源頭（設備）、傳輸過程和接收設備上均經過了加密。問題在于，這意味著恐怖分子的設備和通信同樣如此。

當然，加密技術僅是其中之一。除此之外，還有通過各種方式保護隱私的軟件和服務。比如，讓我們可以匿名使用互聯(lián)網的軟件——當用戶使用這些軟件和服務登錄互聯(lián)網時，犯罪分子和情報人員都無法識別用戶身份或鎖定他所在的位置。

巴黎恐怖襲擊發(fā)生之后，全世界都已經注意到了這個問題——恐怖分子和其他犯罪分子可以使用這些普遍可用的技術，造成巨大的危害?，F(xiàn)在，我們需要密切關注爭論的方向及結果是否會發(fā)生轉變。

例如，隨著加密通信的日益普遍，執(zhí)法部門和情報機構一直在要求植入“后門”，從而使執(zhí)法機構可以繞開加密。某些科技公司和隱私倡議者強烈反對，因為他們擔心政府會干擾人們的私人生活。就在上個月，白宮駁回了執(zhí)法部門要求科技公司植入后門的請求。

值得注意的是，白宮給出的結論是，植入后門將導致美國公民更易受到外國政府、網絡犯罪和恐怖分子的侵擾。

巴黎恐怖襲擊能否改變白宮的看法，我們拭目以待。更廣泛地說，圍繞著加密技術和其他隱私技術而展開的爭斗，將日益反映出一個更加寬泛的政策辯題：如何平衡國家安全與公民自由。

隨著下一個十年的到來，我們將迎來更強大的計算能力，尤其是隨著量子計算技術的普遍應用，每個人都將有能力對自己的通信進行難以破解的高級別加密。到時候，這場爭論將會變得更加激烈。（財富中文網）

本文作者戴維?伯格為普華永道的全球網絡安全負責人。

譯者: 劉進龍/汪皓

審校：任文科

The horrendous Paris attacks raise a number of national security issues, including one involving cybersecurity, and the debate over whether governments should have easy ways to break through technology that safeguards the privacy of our communications and transactions — all in the name of national security.

Paris thrusts this issue onto the front pages because one of the big questions that quickly emerged was how a group could execute such a complex attack while evading detection from intelligence services. Encryption is one potential answer. Indeed, experts hypothesize three different possibilities: (1) the attackers used powerful over-the-counter encryption; (2) they collaborated on the dark web; (3) they stopped using technology for coordination once they reached a certain level of operational readiness.

Let’s be sure we understand how modern encryption technologies work and why they are now springing to the forefront. Though encryption technologies have been used to securely transmit information for hundreds of years, never before have advanced encryption techniques and technology been so widely available and so sophisticated.

Simply put, encryption is the process of converting information or data into a code that obscures information so it cannot be read without the correct key (or keys) used to decipher or decrypt the message. Today, anyone around the world can easily purchase and use highly-sophisticated, 256 bit AES encryption technologies – encryption that is so strong that it has been the U.S. Government standard since 2002.

Businesses use encryption every day to prevent identity theft and other crimes. For example, it was once common to capture and transmit credit card information in an unencrypted state to process payments. Cybercriminals knew this and found ways to copy the information at specific points in the payment process lifecycle. They were then able to use the payment card information and monetize it.

Recognizing the problem, payment processors deployed a number of different encryption technologies, rendering the transmitted information far more difficult to intercept and monetize. While encrypted communications can be decrypted, doing so requires time and computing power. And encrypted devices and communications are now common throughout our personal and commercial lives.

Indeed, terrorists need not look far to find secure ways to communicate. Many apps that we use every day enable encrypted communications to protect our privacy and personal information. And, many of the devices we buy – such as our smartphones – encrypt he data on it for the same reasons. Thus, our data is encrypted at the source (our devices), as its communicated in transit, and at the receiving device. The issue is, such is the case for terrorists’ devices and communications as well.

This, of course, is just encryption. On top of it are software and services that protect privacy in other ways, such as those enabling us to use the Internet anonymously – bad actors and intelligence services alike are unable to identify a user or his location when he goes on the Internet using such software and services.

After the Paris attacks, the world is already seeing heightened attention to the way terrorists and other bad actors can use this commonly-available technology to help them inflict enormous harm. We will need to watch closely to see whether the debate and its outcomes shift.

For example, as the use of encrypted communication has spread, law enforcement and intelligence agencies have pushed for “back doors” – ways to enable law enforcement to bypass the encryption. Some technology companies and privacy advocates have opposed them, fearing government intrusion into their personal lives. And, just last month, the White House overruled law enforcement’s request to push tech companies to create such back doors.

Notably, the White House concluded that creating such back doors would increase U.S. citizens’ vulnerability to foreign government, cyber criminal, and terrorist intrusions.

Time will tell whether the Paris attacks change the White House’s calculus. More broadly, the battle over encryption and other privacy-related technologies will increasingly reflect the larger public policy debates we have seen that balance national security with civil liberties. As we move in the next decade into a world where far more powerful computing capability will come on line, specifically as quantum computing becomes widely available, the ability for every man and woman to encrypt their communications at levels that may not be able to be decrypted will only help sharpen that debate.

David Burg is the global cybersecurity leader at PricewaterhouseCoopers.