Indian Government To Ban Use of US Email Services For Official Communications

hypnosec writes "The Government of India is planning to ban the use of U.S.-based email services like Gmail for official communications. It will soon send out a formal notification to it half-million officials across the country, asking them to use official email addresses and services provided by India's National Informatics Center. The move is intended to increase the security of confidential government data and protect it from overseas surveillance."

Not seeing a problem with that.

[Kenja]

Frankly, I dont think the US should use gMail etc for governmental communications either.

Re:Not seeing a problem with that.

What's the point? It's not like you can control which packets will and won't be routed through the US.
What they ought to be requiring is encryption, but we all know that's not going to happen.

Re:Not seeing a problem with that.

[ColdWetDog]

Nobody should use email for official anything.

Benjamin Franklin was right. It's the Post Office. I mean, does any email provider say they will deliver through rain, sleet, snow or hail? Do you see that on anybody's TOS? Given the uncertainties of the climate these days, you'd be a fool to do it any other way.

Besides, it will slow the government down. That's always a plus.

Re:Not seeing a problem with that.

[ZombieBraintrust]

American politicians use GMail because goverement accounts are archived and the contents are considered public property and not private communication.

Re:Not seeing a problem with that.

No government should be using a commercial email provider; sunshine laws and records laws exist for a reason. We get an email once a quarter or so pointing out that (for DoD employees), using personal email for official communications is illegal.

Re:Not seeing a problem with that.

I am not a network guy, but I would assume its really easy to lock down the routing of inter-agency email. Not so much for email between an agency and a non-governmental entity but those communications are far less sensitive and often aren't even confidential.

Re:Not seeing a problem with that.

[Archangel+Michael]

And besides, if you're doing nefarious activities, you can avoid subpenas when you appear in front of Congress ... right Lois Learner?

Re:Not seeing a problem with that.

see apocalyptic The Postman http://www.imdb.com/title/tt0119925/

Re:Not seeing a problem with that.

I thought it was already against Federal and most, if not all, state regulations to use private email services to conduct official government business.

Re:Not seeing a problem with that.

Using the power of surveillance it will become public : http://mashable.com/2012/11/13/gmail-petraeus-scandal-security/

Re:Not seeing a problem with that.

[atom1c]

Frankly, I dont think the US should use gMail etc for governmental communications either.

I whole-heartedly agree. Alas, I believe the US Gov't is being too lenient with their communications practices; unlike the 90's where only encrypted BlackBerrys were allowed, today everybody can use their Hotmail, Gmail, or Aol account to conduct official government business.

Instead, they should endorse Lavabit-type services and setup an outbound email transport for any public-private business... not go fully commercial without proper senses of security in place.

Re:Not seeing a problem with that.

[jellomizer]

Packet Sniffing is more of a cheap parlor trick then a good way to collect information.

For the most part our infrastructure has moved from Hubs to Switches so there are a lot less free packets bouncing around the net. Routers have gotten smarter and better so chances are it won't bother sending your packet around the world just just to go to your neighbors.

Re:Not seeing a problem with that.

[Ruprecht+the+Monkeyb]

Clearly you don't live in a large city in the U.S. where mail frequently disappears, often found months (or years) later in a dumpster or a postal workers basement. I'll take the same 99.99% delivery rate and the near-instant turnaround possible with email, thanks.

Re:Not seeing a problem with that.

[gmuslera]

What about the packets that are NOT routed through the US, like i.e. between servers of the same country?. For internal traffic inside a country, specially official communication, it don't need to go thru US inspection and approval. More, if not all, countries should had done the same since long time ago.

Re:Not seeing a problem with that.

[jeffmeden]

Frankly, I dont think the US should use gMail etc for governmental communications either.

The problem I see is that it wasn't discouraged and/or banned earlier. Of COURSE an entity in a different country, with no stated or even implied interest in privacy, is not a good place to conduct your nation's business. Duh! The revelations about Google (and others') cozyness with the NSA should not have been the tipping point.

Re:Not seeing a problem with that.

[jeffmeden]

Packet Sniffing is more of a cheap parlor trick then a good way to collect information.

For the most part our infrastructure has moved from Hubs to Switches so there are a lot less free packets bouncing around the net. Routers have gotten smarter and better so chances are it won't bother sending your packet around the world just just to go to your neighbors.

Route poisoning would like to have a word with you. He is waiting in Room 641A.

Re:Not seeing a problem with that.

just just to go to your neighbors.

Just justly justifying to go to your neighbors.

Re:Not seeing a problem with that.

[ColdWetDog]

Woops. Sorry. The sarcasm / humor tag failed again. Typical Slashdot crap code.

Re:Not seeing a problem with that.

[dreamchaser]

It's most likely going to hit a backbone that the US has control over at some point.

Re:Not seeing a problem with that.

[EmperorArthur]

and?

It's perfectly possible to send E-Mail using SSL between servers. Google even prefers to do this. Use an HTTPS site as an E-Mail portal, and it won't matter if the communication is going through the US.

Unless the NSA has a copy of the site's key or has broken SSL crypto, they can log all the trafic they want. With perfect forward secrecy they can get the key latter, and still not know what's being said.

Note: I'm simplifying how SSL works for the sake of convenience.

Re:Not seeing a problem with that.

[gstoddart]

American politicians use GMail because goverement accounts are archived and the contents are considered public property and not private communication.

Ironic, since the NSA considers GMail to be public property and not private communication as well.

Re:Not seeing a problem with that.

The point is that connections can be encrypted. HTTPS EDHE can't be passively sniffed even if you have the server's private SSL key, you need to do active man-in-the-middle. NSA can't do on a wide scale without being detected. By handing over a plain text copy to Google, you can 100% guarantee another copy is indexed by the NSA. So avoiding US providers is about "having a fighting chance" vs. "making sure they have your data".

Re:Not seeing a problem with that.

[asylumx]

Besides, it will slow the government down. That's always a plus.

Can they really get any slower?

Re:Not seeing a problem with that.

Yeah, great example. Too bad there's no meat to that scandal. But a far right troll doesn't care about finicky little things like the truth, now do you?

And no, I wouldn't buy a car from you, used or new.

Posted AC because I don't want to get in the searchlight of this troll.

Re:Not seeing a problem with that.

I agree - entire bush white house. good thing they only had an entire illegal war to cover for.

Re:Not seeing a problem with that.

[gstoddart]

Unless the NSA has a copy of the site's key or has broken SSL crypto, they can log all the trafic they want.

Um, no. If it's an American owned company (anywhere in the world), or a US based server .. the NSA can walk in and demand the key and the decrypted content.

The only way to (try to) keep data out of the hands of the NSA is to not have it in the hands of a US controlled company, and not on US soil.

Google, Microsoft, Yahoo, Facebook ... every single one of them is covered under the Patriot Act. And any and all data you put in their hands (and many other companies) should be assumed as either in the hands of the NSA, or theirs for the asking.

You don't need to break the crypto when you can threaten them at gun point.

Re:Not seeing a problem with that.

[interkin3tic]

Different tools for different jobs. It depends on what "official" means. Officially ordering troop movement? Of course not, that would be a giant security hazard. Officially seeking bribes or rewriting the Indian equivalent of the constitution? It would be great if they could put that in an e-mail which would be automatically archived in case there was a question of whether it happened.

That's obviously what this is about. Snowden. The government wants the whole team to realize that if there's something that is going to make the government look bad, it better not be somewhere that it could easily be copied and forwarded to reporters.

Re:Not seeing a problem with that.

[Synerg1y]

BGP protocol takes care of this by design by finding the shortest routes for data to travel. Encryption is still a good idea for all the other reasons BGP doesn't address, but India is on the right track here in regards to what they're trying to accomplish.

Re:Not seeing a problem with that.

[adoll]

Frankly, I dont think the US should use gMail etc for governmental communications either.

Correct. Google might outsource the Gmail service to India.

Re:Not seeing a problem with that.

[Immerman]

I think the point is that if the source and destination endpoints are not under US control, and the communication channel between them is secure, then the NSA can watch the encrypted traffic flow through US-controlled nodes all they want without getting much information beyond mail server A transferred X bytes of data to mail server B.

Re:Not seeing a problem with that.

[michrech]

Route poisoning would like to have a word with you. He is waiting in Room 641A.

Are you sure?

Re:Not seeing a problem with that.

[whoever57]

Can they really get any slower?

You have no idea how slow it could be. Compared to the Italian postal service, the USPS is a model of speed and efficiency. So, yes, it could get slower.

Re:Not seeing a problem with that.

Given the lack of restrictions on NSA data gathering and storage, they effectively have an infinite amount of time to decrypt the data. Therefore they will decrypt all the data eventually.

Re:Not seeing a problem with that.

I whole-heartedly agree. Alas, I believe the US Gov't is being too lenient with their communications practices; unlike the 90's where only encrypted BlackBerrys were allowed, today everybody can use their Hotmail, Gmail, or Aol account to conduct official government business.

It's about efficiency! Who needs a dedicated logging system just for the government communications when you can use gmail and let the NSA grab and store it all for you! Tons of money saved!!

Re:Not seeing a problem with that.

[thej1nx]

NICNET (http://www.nic.in) has long been used in India for government mails and official data. You literally have dedicated VSAT connections etc. to it in offices, and it is a separate network in itself.

The Indian army too for obvious reasons, just like its counterparts everywhere, maintains its own nationwide network, and does not allows internet connections to it.

All they are asking is, that officials use these network, which are NOT public, instead of allowing the data to pass over any backbone that US has control over. And thus no classified data is expected to ever hit any backbone that is in US control.

Re:Not seeing a problem with that.

It should be pretty easy to ensure that an email between two places in India never goes anywhere near a US backbone - no reason for it to ever leave India!

Re:Not seeing a problem with that.

[c-A-d]

BGP links are also engineered and can be preferred. Usually this is done for economic reasons. There is nothing stopping the indian government from routing all its internal communications over a private network with a single internet POP providing internet access to the entire private network thus eliminating any external routing issues and forcing all internal routing through networks they control.

Re:Not seeing a problem with that.

[UnanimousCoward]

Except when it's a matter of national security...they they are not public property...so they are private...so that's that.

Re:Not seeing a problem with that.

[drinkypoo]

I mean, does any email provider say they will deliver through rain, sleet, snow or hail?

Ha ha ha. It's not like that any more. If the weather is that bad they just don't come out.

Re:Not seeing a problem with that.

[EmperorArthur]

Precisely. The other thing is "perfect forward secrecy." It's not perfect, but what it means is the key used to encrypt the traffic is randomly generated. Man in the middle attacks are still an issue, especially if people are dumb enough to use as US based cert authority, but the NSA can never decrypt the traffic after the fact. That still relies on the protocol being secure, and given the amount of money and talent the NSA is throwing at breaking it.... Well, there's a reason why even the US government uses a completely different network for classified info.

Keeping private information in house is almost always a good practice. The always is because it's possible to shift liability to third parties. I sure don't trust my security enough to handle storing Credit Card numbers, and it's cheaper to outsource it. That company even has insurance if they ever has a security breach.

Still, this isn't going to be a popular move in India. The number one reason why people use Gmail is how good it is. Unfortunately, nothing else has the capability that Gmail's labels do. Neither is their web interface as easy to use. Especially in search and creating filters. Seriously, try using Thunderbird and easily edit an E-Mail in multiple folders without it creating completely separate copies for each folder. It also beat the pants off the 7MB E-Mail limit my university had before letting Google handle E-Mail for them.

Re:Not seeing a problem with that.

[Jane+Q.+Public]

"It's not like you can control which packets will and won't be routed through the US."

Yes, it is. To a large degree, anyway. And one way to keep those packets out of the U.S. is to not use gmail.

This *IS* the way (or one way, anyway) to deal with those companies that have "cooperated" with the NSA: hit 'em in the pocketbook.

Re:Not seeing a problem with that.

[Charliemopps]

No I think the point is if the NSA is spending 65 billion dollars to read your emails, there is no longer such a thing as "Secure communications" The real funny part is they think their networks aren't just as compromised as ours are.

Re:Not seeing a problem with that.

[Archangel+Michael]

No meat? Code speak for "we don't want to look". and " There is no scandal. Who cares it is just those evil teabaggers"

Posted AC because like many on the left, they don't have the balls to put their name to their views, and cower in the shadows.

You do realize that Lois Learner did use private email for official purposes? Right? You do know that is illegal, right? No wonder she cried the 5th, which btw, I'm going to do next April 15th, when I sign my tax forms, and they are blank. "I refuse to answer these questions on the grounds that it might incriminate me"

Re:Not seeing a problem with that.

[letherial]

i just set my background to rain, sleet, snow and hail and sent a e-mail to myself after each one, i got a 100% success rate so i assume that its just a given anymore, if your a mail man delivering mail, digital or otherwise, your going to go through some shitty weather.

Re:Not seeing a problem with that.

I have been thinking of an alternative to G/Y/xyz mail providers and here are some high level design ideas:

- A mail server located somewhere and has replicas in multiple countries (lets call it the Server)

- A mail client (open source, of course) or a plugin for any open source mail client which will do the job I have in mind on the client end, lets call this the Client

- The Server can be contacted by e-mail, say smopen@ulrasem.org

- People send their public key(s) to the Server and the Server posts them to public

- When you enter addresses in To, Cc, Bcc etc, the mail client retrieves public keys of these accounts from several of the replicas.

- When you SEND the message, the client encrypts the message once for each recipient with the corresponding public key and sends to the Server

- The Server may, optionally, notify about the pending e-mail to recipients at their other e-mail addresses

- At some time each recipient opens the Client, which contacts the Serer and downloads the encrypted messages, decrypts with private key known only to that recipient

This is probably nothing radically new or clever or ultra user-friendly but it does beat the TLA taking over the Server(s) or tapping the wire etc.

Now how to get it running and how to finance it etc or questions I leave to minds sharper than mine. May be EFF, Wikipedia and the likes can take this idea to implementation and people who subscribe to this service can donate.

Re:Not seeing a problem with that.

[kevmeister]

The USPS does not promise that "they will deliver through rain, sleet, snow or hail". That "promise" was just a phrase carved into the New York City Post Office and 8th and 33rd. The actual sentence is "Neither snow nor rain nor heat nor gloom of night stays these couriers from the swift completion of their appointed rounds."

According to the National Postal Museum , the USPS, the successor to the Post Office Department, has no official motto and there are remarkably few guarantees offered by the quasi-governmental organization.

Re:Not seeing a problem with that.

Sure, with an exponentially growing supply of money and time.

You're assuming wrongly that the NSA does fishing expeditions for fun and has a goal of decrypting everything. If they do monitor something they aren't supposed to, it's usually a mistake, not an attempt to decode everything. Those mistakes may well involve overreach which should be illegal, but it is not actually an attempt to create a panopticon.

The NSA has very little use of information that is ancient history. If it is more than a year or so old, the usefulness degrades considerably. The NSA isn't interested in the historical questions like who killed Jimmy Hoffa, they want to know what is about to happen to stop it, or make use of it in the present.

Re:Not seeing a problem with that.

[tnk1]

Not quite the same thing. They're still public property, they're just public property that you're not allowed to look at until they are declassified. In fifty years. But you will technically be allowed to eventually look at them. You or your grandchildren anyway.

Re:Not seeing a problem with that.

[tnk1]

I thought it was already against Federal and most, if not all, state regulations to use private email services to conduct official government business.

It probably is... but then you need to get your hands on their private email communications, which are not archived, to prove that they are doing that. See how that might be problematic for the prosecution?

Re:Not seeing a problem with that.

[Bert64]

Only SSL is generally based on trusting certificates, based on certificate authorities... There are several certificate authorities which are in the US and thus beholden to the NSA, who could therefore create their own trusted cert for mitm purposes.
You'd have to negotiate your own certs between the parties you wanted to communicate with.

Re:Not seeing a problem with that.

"Besides, it will slow the government down. That's always a plus."

With all of the problems in the world today, why would you want to put more pressure on this wicked-pathetic government? See, this mentality is *THE* fucking problem. I'm all about getting rid of the current governing methods, however, the idea that "if the government gets really overburdened, they'll be better" is just stupid.

Re:Not seeing a problem with that.

[rk]

No wonder she cried the 5th, which btw, I'm going to do next April 15th, when I sign my tax forms, and they are blank. "I refuse to answer these questions on the grounds that it might incriminate me"

Good luck with that.

Re:Not seeing a problem with that.

Why? Email from one provider in India to another, why would that ever be routed out of India? That is inefficient, you know. Or do you mean the U.S. is snooping inside India, possibly due to american-owned service providers? Such things can be nationalized pretty quickly...

Re:Not seeing a problem with that.

[cusco]

Would have thought they'd have gotten the message when Sarah Palin let her Yahoo mail get out into the wild. Guess not.

Re:Not seeing a problem with that.

[cusco]

It was all right when Sarah Palin did it though, wasn't it?

Re:Not seeing a problem with that.

[godel_56]

I think the point is that if the source and destination endpoints are not under US control, and the communication channel between them is secure, then the NSA can watch the encrypted traffic flow through US-controlled nodes all they want without getting much information beyond mail server A transferred X bytes of data to mail server B.

We're talking about government communications in India. I can't think of too many valid reasons why the packets should ever have to leave the country and visit the US.

However I believe there are frequent problems with the way SSL has been implemented in many cases, so it's not as secure as it might be. I think Moxie Marlinspike has had words about this. Encryption of the actual text before sending it is the only way to be completely secure.

Re:Not seeing a problem with that.

[Genda]

There seems to be a point of diminishing return when slowing down Government... (see: U.S. Congress.)

Re:Not seeing a problem with that.

[Genda]

It would take submerging them in a Bose-Einstein Condensate...

Re:Not seeing a problem with that.

[Archangel+Michael]

Justifying bad behavior by pointing to other bad behavior? Does that work in your circles?

Re:Not seeing a problem with that.

[wooferhound]

Encryption of the actual text before sending it is the only way to be completely secure.

But there may be a NSA backdoor to any encryption that you may use.

Re:Not seeing a problem with that.

[cusco]

Nah, just pointing out the hypocrisy of neo-cons who thought it was abominable that anyone would object to Palin doing it, but now shriek that Learner should be imprisoned for doing the same thing. No idea if you're in that group, but most of the posters in other forums that bother bringing her up are.

Re:Not seeing a problem with that.

No it's not. Most countries have internal traffic exchange points. If for nothing else, then simply for money. It actually costs money to send data overseas, and if the same data is just coming back the next millisecond there is no point in doing that. Unless you were talking aboutthese exchange points. Which may or may not be controlled by someone, or not.

Re:Not seeing a problem with that.

Unless the NSA has a copy of the site's key or has broken SSL crypto,

Don't you think Versign and every other key signer is in the NSA's back pocket? Think about it.

Most likely the only near secure key these days are self-signed for SSL. Unless you hold the private key you can't be sure of encryption these days.

how many recipients are on gmail?

[peter303]

I bet plenty

Re:how many recipients are on gmail?

[aeranvar]

This doesn't really matter. I can't believe this move is really about improving security. To paraphrase someone above in another thread, no email is truly secure. This is probably about sending a message to US tech companies and, indirectly, Congress by cancelling contracts.

Re:how many recipients are on gmail?

What contracts? The government of India already provides email addresses to their employees. They're saying "Hey, stupid employee, use this email, don't go off making a Gmail account for official business!"

Re:how many recipients are on gmail?

[SolitaryMan]

I think the irony is that this move will likely make their email communication *less* secure and more easily accessible by foreign intel.

Re:how many recipients are on gmail?

[quintus_horatius]

It doesn't matter which email service(s) a foreign government uses, or where the mail is stored. What matters is where the email is routed on its way from sender to recipient. There's nothing to stop the NSA from reading the email if the messages or network packets are "accidentally" routed through the US on their way from one foreign address to another. Not even laws protecting citizens, since it's not a citizen's data.

Re:how many recipients are on gmail?

This is probably about sending a message to US tech companies and, indirectly, Congress by cancelling contracts.

No, it's not. The title of the submission is just another example of bullshit Slashdot sensationalism.

What India actually said, is to only use the official Indian email system.
But when you put up a title which says "Indian government to Ban Use of Estonian Email" or "Indian Government to Ban Use of Chinese Email" or "Indian government to Ban use of Some random dickhead's Email" it doesn't get shitloads of views from anti-US fucktards looking for an anti-US story to digitally masturbate to.

Re:how many recipients are on gmail?

[DexterIsADog]

Right, using an email provider that does not cooperate with the NSA will be less secure than using a U.S. provider who follows orders like a good doggie.

Re:how many recipients are on gmail?

I think the irony is that this move will likely make their email communication *less* secure and more easily accessible by foreign intel.

What exactly do you mean with "*less*"?

We have definitive proof that the mails are compromised with when US companies are involved. How can it be less secure than 100% compromised?
The only way I can think of is to decide that half of their government should use a US mail server and the other half should use Putin's personal mail server.

That way the communication will be 140% compromised.

Re:how many recipients are on gmail?

[SolitaryMan]

I'd be curious to see that proof, because I work for one of the US email provider and we don't have any evidence that we are "compromised".

Interesting Headline

[assertation]

Interesting headline given the level of corruption in the Indian Government. Given that, the headline makes sense. More secrets to keep.

Re:Interesting Headline

[gmuslera]

So if you want to hide something you must be guilty? Considering the level of secrecy (even secret laws) and the level of persecution on possible leakers that could exist, the US government should make the dark in any foreing government shine in white light compared with the tar pit that it must have.

Re:Interesting Headline

[only_human]

Also interesting is that India stopped telegram service only about 45 days ago.

Re:Interesting Headline

[ShanghaiBill]

So if you want to hide something you must be guilty?

If you are a government official in a democratic country, and you are trying to hide your official activities, then yes, it is a reasonable assumption that you are corrupt. With very few exceptions, government business should be conducted in public and transparently.

Re:Interesting Headline

Yes and it shows in the level of discourse we are now having. Stop.

Re:Interesting Headline

[gmuslera]

So is pretty convenient that US is not a democracy.

Re:Interesting Headline

the headline makes sense

Exactly.
India is banning ALL systems other than their official email system, they are NOT banning use of US systems specifically.

-1 Inflammatory Headline.

Re:Interesting Headline

[letherial]

while i tend to agree with this guy, he makes claims and doesn't back them up with anything. Kinda shitty for a MIT professor...i highly doubt he would let any student write a report about something and then not prove it, yet he thinks he can write a article and not prove anything. I am interested in knowing if we really dropped bombs on damns in N korea, and i would like to read more about it, as he put it, but his lazy ass didnt provide any links...so much for references

Point is, without anything backing up his claims and me to lazy to go do the research myself i am putting him in the possible crackpot category. Next time mr professor, practice what you preach

Re:Interesting Headline

On the other hand, officials may have been using gMail because they didn't want their superiors knowing their corruption.

Re:Interesting Headline

[godel_56]

On the other hand, officials may have been using gMail because they didn't want their superiors knowing their corruption.

. . . and asking for a cut.

Good

Diversification is good. For all the death, destruction, and injustice resulting from a world of 200 distinct governments, it would be orders of magnitude worse if there were only one. So let's keep them seperate, for the same reason you don't invest all your assets in a single company: the risk of disaster would be through the roof.

Indian govt is just jealous

[hsmith]

That they can't be the ones spying. Corrupt govt hating on another corrupt govt.

Re:Indian govt is just jealous

[cdrudge]

That was my first thought too. It's a double win for the Indian government. They reduce the opportunity of the US spying on their communications while at the same time increase their opportunity.

Re:Indian govt is just jealous

[zlives]

i think they are just the first one to voice their jealousy...

Re:Indian govt is just jealous

[hilather]

That they can't be the ones spying. Corrupt govt hating on another corrupt govt.

It's hardly hating. Given the circumstances, this will likely become the norm for all governments and quite likely businesses that don't feel like being spied on. I'd like to think this is a wake up call for all those people that want to throw their data into the cloud without giving it a second thought, but it looks like for the most part nobody cares. And apparently, anyone who does care and takes a pro-active approach will be labelled as a hater.

Re:Indian govt is just jealous

[oag2]

They're spying, too (http://www.wired.co.uk/news/archive/2013-07/11/blackberry-india)--they just want to be the only ones.

Re:Indian govt is just jealous

Hardly more secure, though. Like most things Indian, the quality of the NIC sucks. They'll be sitting ducks for the Chinese hackers.

Re:Indian govt is just jealous

Well, this is a directive that effects only India's governmental bodies, not the general populace. IOW they are doing what the US and other governments around the world are doing, making sure official government communications stay within official government channels.

Re:Indian govt is just jealous

[gmuslera]

Probably they have far more right on spying their own citizens, after all they elected them, than a foreing government, specially if that foreing government is known to infiltrate in social networks to influence people according to their own "defense" programs, like incitate revolutions and social unrest.

Re:Indian govt is just jealous

[WindBourne]

Pretty much. Had they REALLY been concerned about security, they would be pushing encryption of the email as opposed to keeping it cleartext.

Makes sense to me....

This seems total sensible, after all if you let a foreign entity run your email you don't really own the data and any data that you don't own is at risk. The real surprise is that it took the Indian government this long to realize that. Even the company I work for only lets employees use there email servers for official communications.

a good idea.

[Gravis+Zero]

it seems like a prudent move on behalf of the indian government considering the NSA has all but said they were spying on other governments. though there is the question of what system the indian government will switch to and if it gets hacked by other governments. realistically, they should be using encryption on 100% of their emails.

Re:a good idea.

Using email for official communications or for any important message is stupid. Email is not designed to be secure. The only messages sent by Email should be the ones that the sender would not care if read aloud using a bullhorn in the center of any major city.

Re:a good idea.

[CrimsonAvenger]

considering the NSA has all but said they were spying on other governments

Since NSA's job is to spy on other governments, I'm not sure why they needed to "all but say they were spying on other governments".

It should be a given - "Our job is to spy on other governments. We do our job."

As a US based programmer

Thanks Obama.

Re:As a US based programmer

[fredrated]

Figure it out, this goes way beyond Obama.

Re:As a US based programmer

[Archangel+Michael]

Yeah, this is true. However, if this exposure happened under GWB, he would be crucified. Quit given Obama a pass. Treat him exactly as you would have treated GWB.

Re:As a US based programmer

Thanks Obama.

This NSA mess is not a result of anything Obama has done.

The NSA has been spying like this since it has existed. Echelon
and other signals traffic intercept arrangements have been in place
for decades.

If you actually believe that a different president will change ANYTHING with respect
to what the NSA does, you are tragically naive and myopic in a manner which is usually
seen in people who believe that Rush Limbaugh is a credible news source.

Re:As a US based programmer

[jd.schmidt]

Actually no, GWB would only have been attacked by the Left for the most part, the Right mostly would have defended GWB for doing what was needed to protect our country. The response from the pro defense politicians is decidedly mute, they are simply choosing not to defend he President, at least not very much.

These intrusions by the NSA are a lot like things that have been going on all along (note I did not say it was good). Basically the opportunity for progress on this issue is precisely because Obama is the President, the Left is naturally suspicious of police and spying, while the Right is simply suspicious of Obama. (FYI, my favorite story about this is back when GWB was in power the Left would complain, what if someone you didnâ(TM)t like had this kind of power, and all too often the Right would reply, but I trust the people on power right nowâ¦)

Re:As a US based programmer

No thank the lazy American public - you killed your own Democracy with as long as Im allright I dont care what the ruling class get up to.

Re:As a US based programmer

[0123456]

Actually no, GWB would only have been attacked by the Left for the most part

Like, you know, almost the entire mass media.

he Left is naturally suspicious of police and spying

Tell that to the Stasi.

The left are only suspicious of police and spies they don't control. They love police and spies who can be used against their opponents.

Re:As a US based programmer

[WindBourne]

If you think that Obama is responsible for this AND you are American educated, then you are far more indicative of a horrible education, combined with neo-con/tea-bagger propaganda.

Re:As a US based programmer

[WindBourne]

I worked on this shit under W. And I can tell you that you neo-cons would be screaming that this was all good. The one being crucified is O for the shit that you neo-cons (and in this particular case, myself), did.

Re:As a US based programmer

Mod parent up

Re:As a US based programmer

[jd.schmidt]

FYI, in communist countries Right wing is the communist and pro-government party, you are comparing apples and oranges. Actually when you do a survey of people self-proclaimed leanings and opinions, right wing tends to mean accepts authority and left wing tends to mean helping people as individuals.

I am pretty sure I hear plenty of complaints about the NSA out of so called left wing media, the only different is I hear it out of right wing media also now.

Where did you get the idea the mass media is all left wing, was it because you were told so by Fox, Limbaugh, Glen Beck, the Wall Street Journal.... ...really how many TV, news papers and radio stations does right wing need to be mass media too?

Re:As a US based programmer

[Archangel+Michael]

I'm a libertarian. Not a "neo-con" I can't stand the neo-cons and more than I can stand the neo-communists of the left.

I can assure you, that I opposed the patriot act, and still do, for exactly the reason we find in the NSA scandal of today. Those who give up liberties for securities.... and all that.

Re:As a US based programmer

[jd.schmidt]

Then you of all people should know the pro defense element of the Republicans would absolutely have come to GWB defense, and in fact did while the Democrats were complaining about the Patriot act in the first place. BTW, they are kind of coming to defend the program under Obama also, just not very strongly, and the libertarian wing is much more emboldened

The leopards have not changed their spots. Take the Tea Party for example, it is not that they were somehow pro deficit and tax during the Bush years, it is that they did not see their way clear to grabbing their muskets, tri-corner hats and protesting in public until Obama. This is kind of the same thing. I will agree that Left wingers are not as noisy as they would have been with Bush, but there is no doubt they have been complaining about the NSA also. OTOH the Republicans are doing the same thing in reverse. It is more of a volume control thing on both sides.

What is key is no one, right now, is willing to invest in supporting Obama on NSA spying. His own party dislikes it and the natural allies of defense, defense minded Republicans, wonâ(TM)t help. Thus this is a good chance to get something done on the issue.

Protect from international surveillance

[fishwallop]

And centralize for national surveillance

Re:Protect from international surveillance

[grumpy_old_grandpa]

The summary says the requirement is for official communication. Presumably, inter-department, but still intra-government. So if one part of the Indian government has to spy on another to get information, instead of just requesting it, that's a sad state of affairs, but less of a security or privacy problem for the common citizen.

Smoke screen

[nurb432]

Its not to 'protect the data' it's to get people to use services that they have direct access too.

Every government does this.

Meanwhile at the White house

"So now we have 1.2 bilion terrorists in India"

Missing the point

[elloGov]

USA's authoritarian, Orwellian stance is hurting American companies' ability to compete in the global market, domestic and international. It hurts the American economy.

Re:Missing the point

[dywolf]

thats the best way to make the point really. start hurting some wallets, and you'll see change a lot faster.

Re:Missing the point

[bill_mcgonigle]

USA's authoritarian, Orwellian stance is hurting American companies' ability to compete in the global market, domestic and international. It hurts the American economy.

I'm not sure who the subject of 'missing the point' is here, so I can't address that, but yeah - I suspect India knows that by doing this, they may spur some competitive enterprises in India to fill the gap. I'm all for world trade and such, but for Pete^W Lakshmi's sake, India's own government should be patronizing its businesses, not foreign corporations.

Re:Missing the point

[jd.schmidt]

OK, so which couintry exactly would YOU trust to host your data and no spy on it.

FFS, all goverments should have official email only on goverment controled system. That is not 100% safe, but why make it easier than you have to?

Re:Missing the point

[atom1c]

Uhh, yeah... like Google is hemorrhaging cash in their efforts to stay in business... NOT!

Re:Missing the point

[atom1c]

OK, more seriously... the Indian gov't is claiming that the US Gov't practices interfere with their sense of security... yet Indian businesses rely on American companies' increasing demand for IT labor just to stay afloat. The Indian gov't is being greedy and speaking out of both sides of their mouth.

If the Indian Gov't was "all that", then there should already be 99.997% uptime Indian businesses that provide all of the commercial capabilities of Gmail service and price competitiveness without depending on the US economy to keep it afloat. Such domestic players would only be subject to Indian Gov't practices and interference, but then the Indian Gov't wouldn't have a way of blaming the rest of the world for their own malpractices -- should such malpractices interfere with their commercial businesses' livelihoods.

But, no. Instead of encouraging countries to rely on their own darn selves, let's instead blame larger economies for somehow being the source of all ills. Either way you slice it, nobody should ever interpret such foreign governmental statements as jabs against other sovereign nations. Rather, they should be seen as words of encouragement that foreign nations should demonstrate their IT savvy by truly being independent from any other foreign business entities.

Re:Missing the point

Ohhh cry me a river as opposed to American businesses Using the NSA to conduct shady business.

Re:Missing the point

It hurts the American economy.

If by American you mean those who own companies or derive their living from stocks and investment in companies, then yeah, you're right.

If by American you mean the people who work for those companies, then no. It's more accurate to say that they are part of the Indian economy who will be hurt.

The economy of American (ex-)workers who make up the rest of the American population will remain about the same - just as bad as before. And these people will keep voting for the status quo as they fear losing whatever welfare they're getting today.

Now here's the ingenious part: the American investors and business owners whose economy is hurt? They're being indoctrinated to hate the American (ex-)workers, instead of their government. This same government is the one terrorizing (yes, as in terrorism) the American (ex-)workers to vote for the status quo.

Re:Missing the point

[gmuslera]

Missing the point 2: Is not just watching what they are doing in foreing countries, is attack too, active attacks, the surveillance gives them just base data to infiltrate, corrupt, extort, steal IP, or incite unrest. It will hurt all world population, maybe less to american people, maybe more, but other countries must defend themselves against this after US started the fire.

Re:Missing the point

USA's authoritarian, Orwellian stance is hurting American companies' ability to compete in the global market, domestic and international. It hurts the American economy.

...and therefore national security.

Re:Missing the point

[gstoddart]

OK, so which couintry exactly would YOU trust to host your data and no spy on it.

If you are a government, YOU are the only ones you can trust to host your data.

If you are a company, YOU are the only ones you can trust to host your data.

Having another company or country host your data was NEVER a good idea, and some of us have been saying so for some time. But all of a sudden people are realizing just how bad of an idea that was, and they're pulling back from it.

Re:Missing the point

[sydneyfong]

That seems a bit extreme to assume all companies need to go that far. If I opened a small hardware shop on the corner of the street, and wanted to have an email address, do I hire a whole IT department to set up an email address for me?

Re:Missing the point

[c0lo]

USA's authoritarian, Orwellian stance is hurting American companies' ability to compete in the global market, domestic and international. It hurts the American economy.

Yes, but... albeit hurt, doesn't the economy feel safe now?

Re:Missing the point

[gstoddart]

f I opened a small hardware shop on the corner of the street, and wanted to have an email address, do I hire a whole IT department to set up an email address for me?

You don't have to. But if you have someone else set it up for you and host it, you don't control it.

If you're willing to say "I don't care", then have at it and do it however you like.

If you decide that on principle, or because you have some specific need, that you aren't willing to have this ... then the only secure way is to host it your own damned self.

If you're an American company, well, the NSA can come into your shop and demand it anyway. If you're not an American company ... you need to make your own decision.

You can't trust the US based/owned company, and you need to decide how you feel about that. You can decide to do it anyway, or you can decide "fuck that", and kick the US company to the curb.

Nobody is saying you have to do anything, but you should at least be aware of what it is you're deciding and the risks involved.

To me, any foreign government using any form of cloud service from a US controlled company is stupid, because you've more or less given the NSA free run of your data.

But, make no mistake about it, as a direct consequence of the Patriot Act and this spying, foreign entities have zero basis to put any trust in a US based company hosting their data for them. Because, by US law, they simply can't be trusted, and you can't make them sign enough of a contract to change that -- because the Patriot Act is interpreted as trumping anything else.

Re:Missing the point

[WindBourne]

That is true. Of course, for a nation to jump over to China is just about as stupid as you can get, but hey, that is up to India.

Re:Missing the point

[93+Escort+Wagon]

It is an unfortunate truth that our government is more responsive to the desires and needs of our corporations than it is to the rights of our citizens.

Re:Missing the point

[gstoddart]

That's because corporations are now effectively 'citizens', and they contribute more to campaigns.

So their wishes matter more.

Re:Makes sense to me.... FTFY

[zlives]

This seems total sensible, after all if you let a foreign entity. on the cloud, run your email you don't really own the data and any data that you don't own is at risk. The real surprise is that it took the business world this long to realize.

And the backlash cometh

[cookYourDog]

Reap what you sow, Google. As an American, I can't wait until Startmail or another non-U.S. email provider provides a decent alternative. GMail's days are numbered for me.

Re:And the backlash cometh

[93+Escort+Wagon]

I am looking for the same thing - but, in the meantime, I've already moved my personal mail off Gmail. While the ideal scenario is to have no one sniffing around in my email; since at the moment I can't do much about the government, I can at least keep Google out of it.

Traitorous NSA

[TrumpetPower!]

Here we see the beginnings of real, hard evidence of just how disastrous the NSA's recent actions are to the best interests of the country.

It used to be that American IT companies were the gold standard, to the point that there almost wasn't even any pretense of competition. Google, IBM, Microsoft, Apple, Facebook -- American companies ruled the Internet.

And the NSA has turned that all to shit. Now, you'd have to be an idiot to trust any American company not to hand your data over to the NSA. And the NSA has most emphatically been demonstrated that it cannot, under any circumstances, be trusted with that data; just look at not only the overt corporate espionage, but the pervy stalking culture of the degenerates working there. Even if not for official policy directives, you can bet that some low-level flunky at the NSA will be placing insider trades based on what he reads in your executive's emails.

In other words, the NSA has utterly devastated the greatest industry the United States has ever created, and the very backbone of our economy. It's worse than if they had bombed all our ball bearing plants; infrastructure can be rebuilt, but trust? How the fuck are we supposed to rebuild that? ...and the corporate heads and legal departments wonder why they shouldn't have refused to play with the NSA and gone public at the first hint of this malfeasance, writs of classification be damned. Had Google insisted it be taken down swinging rather than play lapdog to the NSA, their brand would have been unimpeachable; rather, it is untouchable.

Cheers,

b&

Re:Traitorous NSA

Mod this up! USA got fucked by NSA.

Re:Traitorous NSA

[LordThyGod]

Here we see the beginnings of real, hard evidence of just how disastrous the NSA's recent actions are to the best interests of the country.

It used to be that American IT companies were the gold standard, to the point that there almost wasn't even any pretense of competition. Google, IBM, Microsoft, Apple, Facebook -- American companies ruled the Internet.

And the NSA has turned that all to shit. Now, you'd have to be an idiot to trust any American company not to hand your data over to the NSA. And the NSA has most emphatically been demonstrated that it cannot, under any circumstances, be trusted with that data; just look at not only the overt corporate espionage, but the pervy stalking culture of the degenerates working there. Even if not for official policy directives, you can bet that some low-level flunky at the NSA will be placing insider trades based on what he reads in your executive's emails.

In other words, the NSA has utterly devastated the greatest industry the United States has ever created, and the very backbone of our economy. It's worse than if they had bombed all our ball bearing plants; infrastructure can be rebuilt, but trust? How the fuck are we supposed to rebuild that? ...and the corporate heads and legal departments wonder why they shouldn't have refused to play with the NSA and gone public at the first hint of this malfeasance, writs of classification be damned. Had Google insisted it be taken down swinging rather than play lapdog to the NSA, their brand would have been unimpeachable; rather, it is untouchable.

Cheers,

b&

Exactly! Its not a done deal yet, but they are gutting a very significant industry. This is a very costly fuck up. It would be one thing if we knew the world was a *better* or safer place as a result, but I can't see how to draw that conclusion. Au contraire, they just spend a boatload of money, muddy the waters, and gut a vital industry. You can't believe anything the NSA says since being really good liars is a valued trade asset, and there is no real oversight.

Re:Traitorous NSA

[thoth]

So where exactly are you guaranteed to have your data left alone? China? Russia? Israel? France?

If it's that important, encrypt before it leaves your control. No matter what the terms of service say.

Re:Traitorous NSA

[TrumpetPower!]

Whilst I certainly wouldn't disagree with you over the importance of encryption...well, put it this way: when was the last time you encrypted a letter you dropped in the mailbox?

The point is that it's about as much hassle for somebody at the post office to steam-open an envelope with nobody being none the wiser for it as it is for an ISP to snoop on people's mail.

People have historically been just fine with sending the most private of letters protected by nothing more than the seal of the envelope because the United States Postal Service has a well-deserved unimpeachable reputation for being the hardest of hard-cases about protecting the sanctity of the mail.

It's not surprising that people carried that same trust over to email; it's an almost instinctual conclusion to assume the one is every bit like the other save for the mechanisms of delivery.

And, had they done it right, Google could have earned the world's trust by self-policing with the same vigilance the USPS does.

But they blew it.

Royally, and spectacularly, they blew it.

But what remains most troubling about it is that it was an official government agency that twisted their arm, even if Google shouldn't have put up with the arm-twisting.

Cheers,

b&

Re:Traitorous NSA

PKB. All governments everywhere are doing exactly the same thing, in or out of collusion with the NSA, to the extent they are able or can compel or buy. The Indian government in particular demanded Skype, et all allow them not just metadata, but content, on Indian telecoms. China is historically notorious for spying on its citizens. And so on. Really unfair to single out the NSA here. Perhaps it couldn't be helped; the NSA had been forced to start sharing intelligence data with the party hacks and law enforcement (DEA, FBI, IRS, HHS, DHS, Customs/ICE, etc). and so on down to the county DFCS, the city dog catcher, used car lots, and collection agencies. Maybe something had to be done, but it could have been done in a lot better way, and I'm not faulting Snowden alone here, although I pissed beyond words he's not spilling his guts to a Federal grand jury right now. ( On second thought, he probably would be dead in about 10 min. if he tried that.) Safe to say though the current administration could not do a better job of sabotaging US national interests if it were trying. Yeah you can say that about the last one, which is where the wholesale corruption of a questionable practice began (but remember it was Sen. Kennedy who hepherded Patriot Act through committee) but this one is just over the top in it's passive-aggressive double-talk, bs, and lies, along with "our turn now" complete lack of understanding.

Fucking joke is what it is. Yeah, impeach this clown, but don't stop with him.

Re:Traitorous NSA

I'm sorry to disappoint, but GERMANY used to be the gold standard for data centric applications.
Round comes the USA and fuc*s us over, and the administration complies. Now you never know who you can trust.

Re:Traitorous NSA

Ok, btw, don't call me cracker. I was for the guy initially, up until that asinine and insulting event in Colorado where he came off like some kind of Roman emperor-godling. I had caught too many lies by then. Yeah, pols bs and spin, but these were just bald-faced, read-my-lips-but-watch-what-I-do-cuz-I-mean-exactly-the-opposite *lies*.

Same old shit, just in blackface, used to override perfectly rational objections. Very dangerous. Like the stupid war he wants. Lefty tool of the end-times, as it were.

The shame of it is, he's smart enough to know better. That means he knows what he's doing. Think about that, folks.

Re:Traitorous NSA

[Ravaldy]

Yeah, because I'm sure the Russian version of these companies is going to be so much more ethical. At least we are talking about a government here, not an individual marketing the data back for money.

People who are truly concerned about the privacy of their communication don't leave 100% of the control in other companies hands.

Re:Traitorous NSA

Here we see the beginnings of real, hard evidence of just how disastrous the NSA's recent actions are to the best interests of the country.

Sorry, but this is all Snowden's fault. If it hadn't been for him everything would still be working as designed and no one would be (provably anyway) the wiser.

Or in short: Ignorance is strength.

Don't forget the two other wisdoms: War is peace, and freedom is slavery.

Re:Traitorous NSA

Whilst I certainly wouldn't disagree with you over the importance of encryption...well, put it this way: when was the last time you encrypted a letter you dropped in the mailbox?

Do you write your letters on the outside of your envelopes?

Looks at address line, presses down arrow, reads email...

What... email is different because it's inside a computer?

Re:Traitorous NSA

[RoTNCoRE]

What if you tape an encrypted microSD card to the folded paper in the envelope?

Re:Traitorous NSA

[c0lo]

Here we see the beginnings of real, hard evidence of just how disastrous the NSA's recent actions are to the best interests of the country.

Sorry, but this is all Snowden's fault. If it hadn't been for him everything would still be working as designed and no one would be (provably anyway) the wiser.

"A wrong is right if not known"? Like: the wife-cheater is not to blame for the divorce, the snitch is?
If that's what you say, you may continue to be sorry.

Re:Traitorous NSA

[WindBourne]

Total BS. NSA is NOT traitorous. They have been asked to connect the dots WRT terrorists. That is what they did. The issue here is that we did NOT put in decent safeguards. NSA is not traitorous. Individuals within NSA, who chose to spy on Americans without cause, are the traitors. Likewise, so is manning and snowden. And snowden continues to get worse.

Re:Traitorous NSA

You... partially miss the point with steaming envelopes. I have grandparents and great grandparents mail from WW1 and WW2.

The envelopes /were/ cut open. And everyone knew it.

Letters -- are more of a 'seal' than a 'encryption' problem.

When opened, you see obvious signs of tampering andknow.

Now -- you're quite correct, you can steam things open ("The Agency" in fact, has or had a fairly renouned signs and seals division).

But this was...prohibitively costly and time consuming.

It's not that people carried over the same trust, it's that the nature of the package made 'unsealing'... trivially cheap (because in email there is no package of course...)

I don't think the US (in general) would mind having email surveiled if we were 100% truthful in it nationally. However, having lied about it--the dilemma is not that people need to be punished.

We can't cut their pensions or vote out appointed positions, so the only real thing left to do is take away their toys for good.

But don't think the USPS self polices -- there's verified loggers and interceptors in the US mail system. It's just that it isn't economical to do anything other than record the address information.

Re:Traitorous NSA

[Kazoo+the+Clown]

Ahm, steaming open, scanning and OCR'ing every piece of paper mail is a LOT more hassle than copying email off google's servers. And recording every search term you enter can be pretty revealing as well, of things you might not ever write in a letter or email.

Re:Traitorous NSA

[Ioldanach]

Whilst I certainly wouldn't disagree with you over the importance of encryption...well, put it this way: when was the last time you encrypted a letter you dropped in the mailbox?

The point is that it's about as much hassle for somebody at the post office to steam-open an envelope with nobody being none the wiser for it as it is for an ISP to snoop on people's mail.

...

It is just as much hassle to open a letter passing through the post office by steaming it open as it is for a lawyer somewhere to subpoena and get the contents of an email you sent through gmail.

However, it is much easier for the NSA to use their backdoor into gmail to make an automated request for all of a person's emails and all of the emails of everyone that emailed them and store that information. Even if they decide that they don't need that information, it will still get stored, and that stored information could be leaked. Just the other day we heard about how Snowden used the "brilliant" tactic of privilege elevation and masquerading as other users to get data. If the NSA's system is designed such that one person can do this, you can bet that there are plenty more who do it and put the information to their own use without feeling the need to go public with it.

Re:Traitorous NSA

[Ioldanach]

Here we see the beginnings of real, hard evidence of just how disastrous the NSA's recent actions are to the best interests of the country.

Sorry, but this is all Snowden's fault. If it hadn't been for him everything would still be working as designed and no one would be (provably anyway) the wiser.

I think this is sarcasm, but my sarcasm and bullshitium detector has been on the fritz ever since Snowden's documents went live and the NSA started the spin machine.

Re:Traitorous NSA

Not to mention, the process would be sure to leave signs on at least some of the letters opened in this way.

Re:Traitorous NSA

You didn't understand a word of the OPs post, did you? That's OK, I can tell you aren't new here.

Re:Traitorous NSA

What do you think Santa's elves do all year when they aren't making toys? That's why you always send your LSD through the mail during Christmas.

Re:Traitorous NSA

when was the last time you encrypted a letter you dropped in the mailbox?

Never did that.

Then again, I haven't put a letter in the mailbox for over a decade now, and I don't have any plans to do so in the future, either. Sensitive emails are handled inside a virtual machine for that purpose, encrypted, using a dedicated address, as well as communicated via a VPN connection with its end-point "elsewhere".

Everyday stuff I don't encrypt, since the important information to be had from that is the parties I communicate with, and hiding all that is too much hassle.

Also, the stuff I need to encrypt typically isn't for the people I communicate with everyday, either.

I'm well aware that the above is not very accessible to everyone, yet. It seems to me that there's a trend in that direction in the making, though. We'll see.

Pariah

[fnj]

Since we have to live with what was once a great nation now fallen in corruption, at least we should have some fun with it.

The old meme "in soviet union" is becoming obsolete. I suggest we start a new meme: "in nazi america".

Re:Pariah

[LordThyGod]

Since we have to live with what was once a great nation now fallen in corruption, at least we should have some fun with it.

The old meme "in soviet union" is becoming obsolete. I suggest we start a new meme: "in nazi america".

And remember now, "war is peace".

Re:Pariah

The old meme "in soviet union" is becoming obsolete. I suggest we start a new meme: "in nazi america".

"In post-9/11 America."

The Revolution was the thing that changed Russia into the Union of Soviet Socialist Republics, and the kids of the 1920s may have even had an "In Tsarist Russia" meme (at least until they wound up in the gulags)

Our revolution was 9/11. We were always at risk of becoming a surveillance state, but it wasn't until 9/11 that it became a cultural thing to say "if you have nothing to hide you have nothing to fear" with sincerity rather than irony. Because, and I paraphrase damn near every lawmaker at the federal, state, and local level, along with half the soccer moms and helicopter parents of America, "9/11 changed everything."

That was also about the time it became technically possible to acheive "In post-9/11 America, TV watches you." (Not in the sense of a camera, but the first-round of privacy concerns over TIVO and bidirectional cable boxes that were capable of monitoring real-time ratings data.)

It wasn't commies. It wasn't nazis. And it sure as hell wasn't the terrists, who despite their best efforts, haven't managed to more than a few dozen US civilians in the Continental United States since 9/12. It was us.. We, Republicrat and Demoblican alike, created post-9/11 America. The time marker was 9/11, and it had nothing to do with religion or politics.

Yakov Smirnoff showed us the only nonviolent way to deal with totalitarians: it starts by mocking them and reminding others of the contrast between totalitarianism and freedom. The meme must be "In post-9/11 America..."

tl;dr:

"In pre-9/11 America, I was free to express political opinions using my own nickname instead of being anonymous coward! In post-9/11 America, we're all free to express opinions using our real names, even when we post as anonymous cowards! What a country!"

Re:Pariah

[SirGarlon]

I suggest we start a new meme: "in nazi america".

"NSA America" or "fascist America" would be better. Some people get justifiably offended when one throws around causal references to the Nazis. It desensitizes people to the Holocaust and their mass murders of Roma, Slavs, homosexuals, etc.

The Nazis were a special breed, much worse than anything that exists in our privileged world today, except perhaps in Syria and a few other places. To compare modern states to theirs is disingenuous.

Re:Pariah

[WindBourne]

LOL; Yeah, lets see. The USA spies on less than .01% of their citizens, and yet, it is nazi america, while China, germany, india, etc attempt to spy on 100% of their citizens and other nations, but they are free. Yup, makes sense their comrade.

Re:Pariah

[WindBourne]

Sadly, there is a strong truth to what you are saying. We are no where near as bad as China, Iran, venezuela, Germany, Italy, etc. in terms of spying on our citizens. IOW, nearly all other nations are closer to 'nazi' than is America.
However, there is no doubt that America IS controlled by businesses and wealthy, which really is as close to fascism as it comes.

Re:Pariah

Either you are a moron, a retard or a plant of some TLA, or all of these. What you are missing or obscuring is the fact that if the USA has had the level of terrorism for as long as India has, the USA would have been completely clamped down so much so that USSR, China, NK, Nazi Germany would be paradise in comparison.

A exploding pressure cooker was enough to lock down entire Boston while there is some bombing going on almost on a daily basis in India. But you head is buried deep inside somebody's ass to notice the difference in India's response and US response.

Re:Pariah

"except perhaps in Syria"

Aren't you proud of your country? We supply the best of the best of the best terrorists who are on par with the special breed, yes, "except perhaps in Syria"!

Re:Pariah

[fnj]

Under advisement; both are perfectly serviceable substitutes and sidestep invocation of Godwin's idiotic law.

Parenthetically, the persons you mention as being offended can, with all due respect, stuff it. The horrors perpetrated by the Nazis were anything but exclusive. Talking about the Armenian Genocide or the Rwandan Massacre does not desensitize rational people about the Jewish Genocide; rather the contrary IMO. Calling an officious prick a Nazi does not trivialize Nazism.

It is crucial that we never regard the Nazis as some kind of unique aberration. 1930s-1940s Germany was anything but a unique situation which "regular good people" need not fear will ever happen "at home". Not recognizing this makes it more likely that the societal train wreck seen there recurs - as it has ("precurred" as well as recurred) all too often.

Re:Obligatory xkcd

[atom1c]

First Post FAIL.

As if that makes a difference.

[goffster]

The NSA has a lot fewer legal problems intercepting foreign mail than
it does domestic.

Only now, it simply means they wont have good spam filters,
and money will now be flowing out of india to nigeria $26,000,000 at a time.

Re:As if that makes a difference.

[EmperorArthur]

That's true. While the US is getting a ton of flac from every direction, those of us in the US are primarily worried about domestic spying. Anything outside the US is their jurisdiction by law. On the other hand, there are valid reasons for India to do what they are doing.

The two things India is trying to do are send a message and secure their communications. The message part is pretty obvious, but the security part is still there. They know that the NSA has access to Gmail. Anything home grown might have plenty of backdoors, but it should at least make the NSA work for it. Maybe not very hard, but at least harder than a National Security Letter written on a postit note. After all, you'd think that vacuuming up the entire E-Mail database might leave some kind of trail.

At this point I'd make a comment about Indian IT, but I've seen some good people from there. It's just like China, I've worked with someone who knew nothing, and I've worked with people who are amazing. The trick is most companies hire cheap, and that goes double for outsourcing companies. Here's hoping that the Indian government doesn't go that route. If they do, they will at least be able to understand their workers, but the quality will be as bad as a typical US contractor.

Re:As if that makes a difference.

[WindBourne]

The fact that India is worried about the routing and not the security of the content and continue to run Windows, tells me that they have fools in their gov. IT.

Re:As if that makes a difference.

The NSA has a lot fewer legal problems intercepting foreign mail than
it does domestic.

And what exactly will be the use of encrypted data? It isn't uncommon to use SSL to transfer email from one server to another.

band aid

Using regional based email providers won't solve anything if your data is traversing circuits of ISP's and telecoms that are co-operating with a the NSA or other foreign intelligence agencies.

Re:band aid

[WindBourne]

EXACTLY. Their email will still be clear-text, which is how foolish these ppl are. Heck, they still have a boat load of chinese networking equipment in their telcos.

Indian Central Monitoring System

[TheSync]

Of course India is setting up the Central Monitoring System (CMS) essentially India's version of PRISM:

Starting from this month, all telecommunications and Internet communications in India will be analysed by the government and its agencies. This means that everything we say or text over the phone, write, post or browse over the Internet will be centrally monitored by Indian authorities. This totalitarian type of surveillance will be incorporated in none other than the Central Monitoring System (CMS)...

...the CMS was prepared by the Telecom Enforcement, Resource and Monitoring (TREM) and the Centre for Development of Telematics (C-DoT) and is being manned by the Intelligence Bureau.... ...The Information Technology Amendment Act 2008 enables e-surveillance. The government plans to create a platform that will include all the service providers in Delhi, Haryana and Karnataka creating central and regional databases to help central and state level law enforcement agencies in interception and monitoring. Without any manual intervention from telecom service providers, CMS will equip government agencies with Direct Electronic Provisioning, filter and provide Call Data Records (CDR) analysis and data mining to identify the personal information and provide alerts of the target numbers.

The estimated cost of CMS is Rs. 4 billion. It will be connected with the Telephone Call Interception System (TCIS) which will help monitor voice calls, SMS and MMS, fax communications on landlines, CDMA, video calls, GSM and 3G networks. Agencies which will have access to the CMS include the Research and Analysis Wing (R&AW), the Central Bureau of Investigation (CBI), the National Investigation Agency (NIA), the Central Board of Direct Taxes (CBDT), the Narcotics Control Bureau, and the Enforcement Directorate (ED). Last October, the NIA approached the Department of Telecom requesting for connection with the CMS to help it intercept phone calls and monitor social networking sites without the cooperation of telcos. NIA is currently monitoring eight out of 10,000 telephone lines and if connected with the CMS, NIA will also get access to e-mails and other social media platforms. Essentially, CMS will be converging all the interception lines at one location for Indian law enforcement agencies to access them.

Re:Indian Central Monitoring System

[asylumx]

Ya, but there's a difference (from their perspective) between India monitoring the activity of Indians, and the US monitoring the activity of Indians. As much as you don't like the NSA monitoring you for no reason, wouldn't you feel worse about it if you know another country was monitoring you for no reason?

Re:Indian Central Monitoring System

the local government has much more interest in and means to persecute its own citizens so no quite the opposite

Re:Indian Central Monitoring System

[WindBourne]

Not really. Any place that they can tap will be scoped. And yes, they will be spying on our embassies if they have an opportunity.

Re:Indian Central Monitoring System

No, I'd worry much less if a foreign government, whose jurisdiction I'm not subject to, was reading my emails. Foreign governments can't arrest me, tax me or take my stuff.

Re:Makes sense to me.... FTFY

[Holi]

I disagree, in the US Copyright is automatic and thus you do own the data, any unauthorized use by the ISP's should open them up for civil damages based on unlicensed use of copyrighted material.

Nobody should be surprised ...

[gstoddart]

The reality is, I expect to see more governments doing this.

With the Patriot Act and all of the revelations about the NSA spying, American companies are not things you can trust. All of the cloud services ran by US companies are covered by the same thing.

I've said it before, but when you turn your corporations into arms of your security apparatus, those corporations cease to be trustworthy.

So in a few months when US companies start feeling the pinch as people do stuff like this, when they start whining about it (and the state department starts trying to pressure those countries into buying it again) ... the only reasonable response will be "sorry, but given your current laws we simply can't do that".

Re:Nobody should be surprised ...

[WindBourne]

Give me a break. All nations spy on each other. The 5 eyes spy on each other to some degree (but share the intel; IOW, we know that we are spying on each other). Hell, the Germans and French know that we spied on them as they spied on the rest of the west.

The problem becomes when you have a nation like China that is spying on everybody but working fervishly to block all others.

Re:Nobody should be surprised ...

total internet dragnet is without precedence and not simply spying

Re:Nobody should be surprised ...

[gstoddart]

Give me a break. All nations spy on each other.

Sure they do, but if a government sets themselves up using a US owned/based service, they're inviting them in the front door.

Knowing the other countries are doing it doesn't mean you bring in someone who you know is under the sway of the people spying on you.

The problem becomes when you have a nation like China that is spying on everybody but working fervishly to block all others.

What, you mean like the US is?

It wasn't all that long ago the US was trying to chastise other countries for spying on their citizens. Now we know they do it to as much of an extent as anybody else.

But, no matter how much you try, you can't make it out like hosting your data with a US controlled entity means you can even remotely have any data security. Because the reality is, you won't and you can't.

If the US has decided to make these cloud service offerings something they will exert control over, simply not using them is the only choice unless you have decided it's easier to let the US spy on you.

If the US businesses suffer as a result of US foreign policy causing them to lose customers -- too fucking bad.

Let's just call this a 'market solution' to the problem of US spying -- if nobody buys products from companies they know are obligated to hand over data to the US government, then it's one less way the US government can access that data.

Re:Nobody should be surprised ...

[WindBourne]

Wrong. It is exactly what China's famous firewall does.

Re:Nobody should be surprised ...

[WindBourne]

Let's back up here. How much spying on our citizens is going on? Very little. far less than what other nations do. The federal gov. is NOT spying on individual Americans without cause. However, some NSA agents have done so (i.e. LOVEINT), but these ppl should be put in prison.

Now, as to spying on other nations, that is the fed's job. That is part of security. However, the real issue is not that the feds are spying. It is the fact that we have not locked down the data. For example, why are 99% of all emails sent clear text? Just plain foolish.

If the key signing authorities are compromised

[Marrow]

Doesnt that pretty much defeat SSL? And what on earth would make you believe that they weren't compromised.

Re:If the key signing authorities are compromised

[c0lo]

Doesnt that pretty much defeat SSL? And what on earth would make you believe that they weren't compromised.

I can create an uncompromised cert authority in the next 5 min on my laptop, and it would be effective for exchanging communication between us, if you choose to trust it.
And this should be enough as long as the emails are not stored in plain text on servers controlled by US companies. Which seems to me exactly what this ban is about, isn't it?

Re:If the key signing authorities are compromised

[whoever57]

I can create an uncompromised cert authority in the next 5 min on my laptop, and it would be effective for exchanging communication between us, if you choose to trust it.

The problem with this approach is that the other person has to stop accepting all other certificate authorities -- otherwise a man-in-the middle attack can be used if any of those certificate authorities can be abused by a government agency.

Re:If the key signing authorities are compromised

So now you stop trusting US-base Certificate Authorities, and the domestic spying program costs the US even more technological leadership.

it all depends on who's spying department

[swschrad]

most tin-star sheriffs don't want anybody else doing their snooping. lot of that going on in the InterClouds these days.

Snail mail please.

[mynameiskhan]

I agree. It is despicable that my boss can order me about via email.

Re:Obligatory xkcd

I would have posted first, but the NSA is spying on my connection and caused me to have 10ms of latency which made me late to post.

Common gmail Ads for Indian government workers

[JoeyRox]

"Maximizing graft in your new government position"

"Deodorant: Learn it, Love it"

"Danger for Jitney drivers: Yaks in the Middle of the Road"

"5 steps for rising above abject poverty to just poverty"

"Writing obfuscated code the Indian way"

"Coming trends in 2030: Indoor plumbing"

"Call Center University: How to sound like a dumb Texan in 30 days"

"10 Fun vacations in Kashmir"

"Saving money on sundries: Using Rupees for toilet paper"

This is not news

There is so much spin in that headline I am doing a barrel roll.

Consider a growing company trying to play with the bigger dogs. As this company establishes it's presence, people are going to do everything they can to keep progress. If this means setting up a throw away gmail account while internal company infrastructure is developed so you can keep in touch with clients, then you setup up a throw away gmail account. Eventually a memo comes out telling everyone to start using their company provided email.

The fact this is a government company instead of a corporate company is the only reason they were able to spin the "hey, we got a memo" story into a headline that feeds off the distrust of the NSA.

Actually, pretty stupid

[WindBourne]

This explains why so many nations are behind.
Instead of worrying about the routing, they should be pushing for all clients to encrypt the contents (not web-based either). Worse, they should be getting off windows and Macs, and moving to Open Source such as Linux and BSD. In addition, the hardware should be produced in their own nations with Logic chips from their nation or the west, instead of China. The bios should be openbios on flash ram that was produced local.

But focusing on the server shows how poorly thought out their IT is.

And does the client cache this key?

[Marrow]

Great, they key is signed and you agree to trust it. Then somebody steps into the middle on the next connection attempt and hands you a new key. Signed by a trusted authority that has been compromised. Does your client check the manually accepted keys before the CA signed keys? Does it do a redundancy check? Or does it just merrily proceed and let you give the MITM your password.
I really dont think the client is checking to see if the key changes. And that would be a very bad thing.

Re:And does the client cache this key?

[noh8rz10]

my perspective? nsa has two operations - dragnet and deep inspection. if they target you with deep inspection, then forget it, they'll get your calls, emails, downloads, everything. but for the dragnet, you can do a couple things to reduce your exposure. don't use gmail or any of the companies where nsa has a direct api into the servers. at least this way the nsa lackey can't directly find you or your keywords using the nsa search box.

Re:And does the client cache this key?

[HJED]

Yes, Yes it does. (Note that is not its main functionality, but it does do it.)

Re:And does the client cache this key?

[Sami+Lehtinen]

That doesn't work, if you have chosen to trust only the original key and it's fingerprint. I've done that with all of my friends, and it works very well. As well it prevents man in the middle attacks, and totally blocks any also CA abuse attempts. Don't to trust CAs, trust only predefined fingerprints.

Re:Makes sense to me.... FTFY

[zlives]

great Indian gov't is worried falsely US ISP's would never share data with anyone and all the hops going through other countries are just as safe as in US... o wait.

Ah, you said CA instead of self signed key

[Marrow]

Sorry about my poor reading skills. I dont know enough about a new CA to be able to tell if this would work.

Do you speak English?

[Overzeetop]

If you're still speaking English, I can assure you that the intelligence and military complex are doing their job adequately.

Re:Do you speak English?

What does speaking English have to do with all this? I don't get your point.

Re:Do you speak English?

Do you eat turd?

I speak (read/write/execute, if you will) half a dozen languages apart from English, so what is your fucking point about fucking military complex? I didn't know Vietnam, Cambodia, North Korea, Iran, Iraq, Syria, Afghanistan, Libya, Sudan, entire south America waged a major war against the US and it was bravely nullified by our military.

Re:Do you speak English?

If you're still speaking English, I can assure you that the intelligence and military complex are doing their job adequately.

Since you do not comprehend higher English it doesn't matter that he is speaking it. Now fuck off fascist before someone loses their temper and shows you what they're saying :)

Now you can go crawling back to your “masters” and complain that they're starting to threaten you. Not that anyone needs to as you're already in the process of dying by your very own hand since you are too dumb to realize what you're doing. But you have the opportunity you wanted and can use it to further your false hope while you continue licking the boot.

The primary threat to the NSA is the people in charge of and running the NSA. All systems want to survive. Anyone in proximity to the system are important targets for control, manipulation, and elimination, far more so than anyone else.

The individuals on top of the organizational charts have not been in power or had any functional capacity for a long time, they're nothing but macabre brain-dead meat puppets that serve as passive expendable “political” cannon-fodder.

Bad news

[Overzeetop]

You know why the NSA has gone to wiretapping US communications? Because they're done tapping into all of the international communications.

Obama is doing this

Obama's actions and the actions of Congress are detroying the United States, and that is clearly their goal.

It's time somebody stepped up and put an end to it.

So what's a good foreign-based free email with SSL

What alternatives to gmail, yahoo and hotmail are there that are not based in the US or its intelligence-sharing partners, and offer encrypted connections?

Not so here

American politicians use GMail because goverement accounts are archived and the contents are considered public property and not private communication.

Not here in Ontario, the premier and his accomplices deleted all their e-mails and wiped out their computers. Since there were no backups several multi-million dollar fraud charges couldn't be pressed. So yeah, no use of GMail or Hotmail for crooked politicians (excuse my pleonasm) here in Canada.

Re:Makes sense to me.... FTFY

[DanielRavenNest]

This leads to a new avenue of attack on NSA snooping. Presumably some of the data being intercepted is copyrighted works belonging to big media. So all we have to do is convince the media companies that massive copyright infringement is happening, sit back, and enjoy the popcorn.

Email sucks ass

[WaffleMonster]

Of all the inherently useless and broken protocols in use today SMTP email takes the cake.

Anyone can impersonate anyone else with impunity. Phishing and PC zombification via Email is boundless.

Anyone can send you whatever useless garbage they want without your consent.

No useful security of any kind.

Inability to transmit large content and no way to facilitate realtime communication.

Message delivery is a crapshoot thanks to hapazard proliferation of automated filters with minds of their owns.

The failure of SMTP on all levels and massive operational costs it has incurred for administrators and users is mind boggling.

Re:Email sucks ass

Come on, it can't be worse than Text Messaging and Phone Calls.

At least with email, you still have the control.

When I get a phone call, it's ringing and the sound is so annoying. When I answer, a fucking robot is telling me I won a vacation trip to the Caribbean. When I get a text message, it's a jerk that I dont even know harrassing me, sending me pictures of his girlfriend, using my data. If my phone is locked with a PIN, anyone can still answer the phone if it's ringing (WTF?), if my mother calls me and I'm at a party, I leave my phone on the table somewhere, a drunk guy answers the phone and starts saying nasty things to my mom... if someone sends an email to you, the email doesn't bypass the security of your inbox usually.

Anyway, yeah it doesn't suck more than Text Messages and Phone Calls.

LOL

[santosh.k83]

Spy on me all you want (my own govt, NSA, whomever)... Nothing's gonna happen except losing some storage and time! As for the laws that allow these kinds of unethical behaviour to go on, as long as we (people of the world) remain ignorant and divided by and large, there's nothing that can really be done. We *need* carrot-and-stick rulers and hence that's what we get. If the world were to become all nice and a paradise tomorrow it'll be too good for most of us, and we'd fuck it up and bring it down to the current level soon enough. So meanwhile people are fighting with various means to educate and enlighten on the one hand, and take corporates and governments to courts on the other hand, but this is going to be a long struggle. Unethical digital behaviour is *nothing* compared to the unethical real-world behaviour and no one's even been able to do anything about the latter yet...

who cares

personally i could care less what this bunch of idiots do. Hopefully they are thankfull for all the jobs their 3rd world country has that were outsourced from the good ole USA

Following law and common sense

[Max_W]

Was it a problem to follow a common sense and an accepted international laws? To wiretap only the criminals on a court order? With discipline and self-restraint?

Such irresponsible behavior harms the US companies and the Internet network in general.

"Others do it..", but the USA is the leader, it had to show an example.

Every regime fears transparency

[NewYork]

Every regime fears transparency and hates people who can think out of the box. http://www.thehindu.com/news/national/other-states/untouched-by-justice/article4340725.ece

next up

[KingBenny]

split internet per major power. There have already been voices in europe about this, this might give a little more incentive and fuel that fire again. Wether thats a good or bad thing my crystal ball wont say