近日，拥有20亿用户的Facebook卷入了史上最大个人信息泄露丑闻之一。据媒体曝光，5000万用户个人信息数据的泄露，导致Facebook市值蒸发500亿美元。与此同时，Twitter、Snapchat等社交媒体公司股票，也被殃及大跌。

在大数据时代，个人信息成了价值巨大的数据资源，由此而导致的信息泄露频频发生，人们称之为个人信息的“裸奔时代”。本期为“双语•智库”第二十期，为您解读当前Facebook丑闻的来龙去脉，以及“裸奔时代”的信息安全问题。

Consultants working for Donald Trump's presidential campaign exploited the personal Facebook data of millions.

唐纳德·特朗普总统竞选团队雇佣的咨询公司利用了数千万Facebook用户的数据。

That's the key message in March 17 stories by The New York Times and the UK's Guardian and Observer newspapers, as well as in statements from Facebook. The stories and statements indicate the social networking giant was duped by researchers, who reportedly gained access to the data of more than 50 million Facebook users, which was then misused for political ads during the 2016 US presidential election.

这是《纽约时报》、英国《卫报》和《观察家报》3月17日报道的重磅消息，也是Facebook发表声明中的主要信息。这些报道和声明指出，社交网络巨头Facebook受到研究人员欺骗。报道称，研究人员获得了超过5000万Facebook用户的数据。在2016年美国总统选举期间，他们使用了这些数据推送政治广告。

Until now, most of what you've heard about Facebook and the 2016 election has been focused on meddling by Russian operatives. Those efforts are being investigated by the FBI and the US Senate.

到目前为止，大部分关于Facebook和2016年大选的报道都集中在俄罗斯干预上。联邦调查局和美国参议院正在努力调查这些事项。

▲Facebook CEO马克·扎克伯格

Data consultancy Cambridge Analytica represents a different problem. The UK-based company reportedly acquired data about millions of Facebook users in a way that violated the social network's policies. It then tapped that information to build psychographic profiles of users and their friends, which were utilized for targeted political ads in the UK's Brexit referendum campaign, as well as by Trump's team during the 2016 US election.

数据咨询公司“剑桥分析”涉及到的是另一个问题。报道称，这家英国公司以违反社交网络制度的方式获取了数千万Facebook用户的数据，然后利用这些信息来建立用户及其朋友的心理档案。这些数据曾在英国脱欧公投活动中被用于推送政治广告，也在2016年美国总统竞选期间被特朗普团队所用。

Facebook says it told Cambridge Analytica to delete the data, but also that reports suggest the info wasn't destroyed. Cambridge Analytica says it complies with the social network's rules, only receives data "obtained legally and fairly," and did wipe out the data Facebook is worried about.

Facebook表示曾告知剑桥分析公司删除这些数据，但也有报道称这些信息没有被销毁。剑桥分析公司表示遵守社交网络的规则，只接收“合法、公平”获取的数据，并删除了Facebook所担心的这些数据。

Here's what you need to know：

以下是此事件中你需要知道的：

Cambridge Analytica is a UK-based data analytics firm, whose parent company is Strategic Communication Laboratories. Cambridge Analytica helps political campaigns reach potential voters online. The firm combines data from multiple sources, including online information and polling, to build "profiles" of voters. The company then uses computer programs to predict voter behavior, which then could be influenced through specialized advertisements aimed at the voters.

剑桥分析是一所英国数据分析公司，母公司是战略沟通实验室（SCL）。剑桥分析帮助潜在选民在线参与政治活动。该公司综合在线信息、投票等多重来源的数据，建立选民档案，利用计算机程序预测选民行为，然后通过针对选民的特定广告来影响选民行为。

Facebook said in a statement late on Friday, March 16, that Cambridge Analytica received user data from Aleksandr Kogan, a lecturer at the University of Cambridge. Kogan reportedly created an app called "this is your digital life" that ostensibly offered personality predictions to users while calling itself a research tool for psychologists.

Facebook在3月16日中的一份声明中说，剑桥分析公司收到了剑桥大学讲师亚历山大·科根的用户数据。据报道，科根创建了一款名为"这是你的数字化生活"的app，表面上为用户提供性格测试分析，并称其为心理学家的研究工具。

The app asked users to log in using their Facebook account. As part of the login process, it asked for access to users' Facebook profiles, locations, what they liked on the service, and importantly, their friends' data as well.

这款app要求用户使用Facebook账号登录。在登录过程中，还要求访问用户的Facebook资料、地理位置、点赞记录，最关键的是，该app还能访问用户好友的数据。

The problem, Facebook says, is that Kogan then sent this user data to Cambridge Analytica without user permission, something that's against the social network's rules.

Facebook称，问题在于科根在未经用户许可的情况下将这些数据发送给了剑桥 分析公司，这违反了社交网络的规则。

The Trump campaign hired Cambridge Analytica to run data operations during the 2016 election. Steve Bannon, who eventually became Trump's chief strategist, was also reportedly vice president of Cambridge Analytica's board. The company helped the campaign identify voters to target with ads, and gave advice on how best to focus its approach, such as where to make campaign stops. It also helped with strategic communication, like what to say in speeches.

在2016年大选期间，特朗普竞选团队雇佣了剑桥分析公司提供数据支持。据报道，最终成为特朗普首席战略师的史蒂夫·班农也是剑桥分析公司的董事会副总裁。该公司帮助竞选团队确定选民以向其推送竞选广告，并就如何使竞选手段最优化提出建议，比如在哪里举行竞选活动。同时，该公司也帮助进行战略沟通，如在演讲中说什么内容。

The White House didn't respond to a request for comment.

白宫未对此事回应记者的置评请求。

▲特朗普竞选团队负责人史蒂夫·班农（Steve Bannon）

Facebook said Cambridge Analytica "certified" three years ago it had deleted the information, as did Kogan. But since then, Facebook said, it's received reports that not all the user data was deleted. The New York Times reported at the outset of this controversy that at least some of it remains.

Facebook表示剑桥分析公司在三年前“证实”了其像科根一样删除了用户信息。但此后，Facebook表示，收到的报告显示并非所有用户数据都被删除。在这场争端开始时，《纽约时报》报道称至少有一些数据依然存在。

Cambridge Analytica said in a statement that it deleted all the data and is in contact with Facebook about the issue.

但剑桥分析公司在一份声明中称，公司删除了所有数据，并与Facebook就这一问题进行了交涉。

The New York Times characterizes this as a data "breach" and says it's "one of the largest data leaks in the social network's history."

纽约时报称其为数据“泄露”，并称这是“社交网络历史上最大的数据泄露事件之一”。

Facebook, however, says that while Kogan mishandled its data, all the information Kogan got was accessed legally and within its rules. The problem is that Kogan was supposed to hold on to the information himself, not hand it over to Cambridge Analytica or anyone else. So Facebook disputes that the incident was a data breach, because the information was accessed through normal means -- using an app that asked people for access to their information, which they then agreed to.

然而，Facebook表示，尽管科根对用户数据处理不当，但他获得的所有信息都是合法的，并且在规定范围内。问题在于科根应该自己掌握这些信息，而不是把它们交给剑桥分析公司或其他人。因此，Facebook称这起事件不是数据“泄露”，因为信息是通过正常方式访问的——用户使用的这款app向用户征求访问其信息，然后用户也同意这样做。

The social network argued its point even further in an update to its March 16 statement, saying that calling this episode a "breach" is "false."

当地时间3月16日，Facebook在一份声明中进一步表明，称这一事件为“泄露”是“错误”的。

"People knowingly provided their information, no systems were infiltrated, and no passwords or sensitive pieces of information were stolen or hacked," the company said.

Facebook称：“人们在知情的前提下提供了个人信息，没有任何系统被侵入，也没有任何密码或敏感信息被窃取。”

Zuckerberg himself said it might.

扎克伯格表示很有可能。

"I'm actually not sure we shouldn't be regulated," he said in an interview with CNN Wednesday. "The question is what is the right regulation."

21日，他在接受CNN采访时说：“我认为我们应该接受监管，但问题是怎样的监管才是正确的。”

One thing we do know for sure: The honeymoon between the tech industry and government is over. After decades of tech companies (mostly) being treated as favored children, legislators and government regulators are increasingly taking a tougher stance against them.

我们可以确定一点：技术行业和政府之间的蜜月期已经结束。几十年来，（大部分）技术公司被视为“宠儿”，但以后立法者和政府监管机构对他们采取越来越强硬的立场。

Already, this scandal has renewed calls for more regulation.

而这起丑闻又引发人们再次呼吁加强监管。

In Washington, lawmakers and other officials were quick to demand that Facebook CEO Mark Zuckerberg testify before Congress.

在华盛顿，立法委员和其他官员即刻要求Facebook CEO马克·扎克伯格在国会作证。

Meanwhile, Facebook could face an investigation by the Federal Trade Commission over whether it violated a 2011 consent decree, according to Bloomberg News. The consent decree required that Facebook must get users to agree to and be notified about the social network sharing their data. Facebook separately told The Washington Post that it rejected "any suggestion of violation of the consent decree."

与此同时，据彭博新闻，联邦贸易委员会或将调查Facebook是否违反了2011年的和解令。和解令要求Facebook在社交媒体分享用户数据时必须征得用户同意并加以告知。在单独接受华盛顿邮报采访时，Facebook表示拒绝“任何认为我们违反和解令的指控”。

Zuckerberg said in an interview with Wired on Wednesday that if he believes he is the best person to testify before legislators, and it's "substantive," he'll "happily do that."

扎克伯格在21日接受Wired杂志采访时说，如果他认为自己是在立法者面前作证的最佳人选，而且是“实质性的”，他将“责无旁贷”。

After five long days, Zuckerberg broke his silence Wednesday with a nearly 1,000-word post on his Facebook page. The post was his first since March 2, when he shared a photo of his family celebrating the Jewish holiday of Purim.

长达五天之后，扎克伯格终于在当地时间21日用一篇将近1000字的推文打破沉默。这是继3月2日以来，他分享了全家庆祝犹太教节日——普珥节的照片之后发出的第一条推文。

Zuckerberg acknowledged that Facebook had made mistakes with users' information. "We have a responsibility to protect your data," he wrote. "And if we can't then we don't deserve to serve you."

扎克伯格承认Facebook 在用户信息方面有所过失，“我们有责任保护你们的数据”，他在推文中写道，“如果我们没做到，就不配为你们服务。”

He also pledged an investigation into apps that had access to "large amounts of information" before the company made changes to how much information third-party apps could access in 2018. Facebook will conduct a full audit of apps that exhibit suspicious behavior and bar developers who don't agree to audits.

他还承诺2018年，在公司对第三方app可访问的信息量做出调整之前，调查那些可访问“大量信息”的app。 Facebook将对有可疑行为的app展开全面审查，并剔除掉那些不同意进行审查的开发商。

Facebook is also planning to restrict the how much access developers have to your information, limiting the information it gives apps to your name, photo and email address. It will also revoke an app's access to your data if you haven't used it for three months.

Facebook还计划限制开发者对用户信息的访问权限，只能为app提供用户的姓名、照片以及电子邮件。如果用户已经三个月没有使用某个程序，就将撤销该程序对用户数据的访问权限。

Lastly, Facebook will begin displaying a gauge at the top of your News Feed that lets you know which apps you've used and let you revoke their permissions.

最后，Facebook将着手在动态新闻上置顶一个小工具，让用户知道自己使用了哪些app，并让用户可以撤销其访问权限。

其实，此次Facebook数据泄露事件并非互联网数据泄露首例，谷歌、亚马逊等互联网巨头都有类似问题。为此，欧盟甚至出台了专项法规，整治数据收集乱象。

This data life isn’t limited to Facebook. Google, famously, is in the same basic business, although the company is a bit more transparent about it. And Amazon is building a modern surveillance panopticon, replete with an always-on microphone for your kitchen and a jaunty camera for your bedroom, purely to sell you more stuff.

此类数据问题不仅限于Facebook，知名的谷歌公司也在从事同样的基础性业务，尽管后者的做法更透明一些。亚马逊则在建立一套现代化的“圆形监狱”监控体系，比如安在你家厨房的微型麦克风和卧室里的轻型摄像机，只是为了向你推销更多商品。（译者注：“圆形监狱”由英国哲学家杰里米·边沁于1785年提出。这样的设计使得一个监视者就可以监视所有的犯人，而犯人却无法确定他们是否受到监视。）

Richard Stallman has been warning of this state of affairs since before Zuckerberg even touched his first computer. The veteran computer scientist, creator of the GNU operating system and leader of the Free Software Movement, warns that “the only database that is not dangerous is the one that is never collected”.

理查德·斯托曼是经验丰富的计算机科学家、GNU操作系统的创造者、自由软件运动的领导者，早在扎克伯格首次接触电脑之前，他就一直在警示人们这种数据乱象。斯托曼提醒道：“数据库没有不存在风险的，除非不收集数据。”

▲计算机科学家、GNU操作系统的创造者、自由软件运动的领导者理查德·斯托曼（Richard Stallman）

“Any database of personal data will be misused, if a misuse can be imagined by humans. It can be misused by the organisation that collects the data. In many cases, the purpose of collecting it is to misuse it, as in the case of Facebook, but also in the case of Amazon, Google to some extent, and thousands of smaller companies as well. It can also be misused by rogue employees of the company and it can also be stolen by some third party and misused.”

“只要能想得出方法，任何个人信息数据库都可以被滥用。收集数据的机构可能会滥用数据，很多情况下，收集的目的就是滥用，不仅Facebook如此，某种程度上亚马逊、谷歌和成千上万的小企业都是如此。数据还可能被公司里别有用心的员工滥用，或者被第三方窃取后滥用。”

People may regularly be accepting terms and conditions that require them to give up their data, but that doesn’t mean they read them. Legal documents are not written to be read by humans, and certainly not to be read back-to-back in a harrowing marathon of End-User Licence Agreements. The modern notion of consent upon which the entire data edifice is built has the shakiest of foundations.

人们经常会接受要求提供个人数据的条款和协议，但并不意味着他们阅读了这些条款。法律文件写出来不是给人看的，折磨人的终端用户许可协议接踵而至，当然不会一个接一个地看完。整个数据大厦建立在“同意”的现代概念基础上，而这种概念根本站不住脚。

Change is coming. In the EU, the General Data Protection Regulation – GDPR – overhauls a continent’s worth of rules around a clear principle that the only person who can ever own an individual’s data is that individual.

这种局势将被改变。在欧盟，《全面数据保护法规》围绕“只有本人可以持有其个人数据”的明确原则，新修订了具有全洲效力的规定。

Stallman wants to go one step further. “I recommend a law prohibiting any system that collects data,” he says, “no matter who runs it, whether it’s a company, some non-profit organisation, or a public agency, whatever, that they are not allowed to collect data unless they can justify it as absolutely necessary for the function to be done.”

斯托曼还想再往前推进一步。他说：“我建议制定一部法律，取缔所有收集数据的系统。不论系统的运营者是谁——企业也好，非营利组织、公共机构也罢，都不允许收集数据，除非能证明这样做对保障其功能运作是绝对必要的。”

It would be a huge step, and one that is unlikely to come without a radical change in how the public views mass data collection.

这将迈出很大一步，但或许不会实现，除非公众对海量数据采集的观念发生根本转变。