Slashdot Mirror
Brazil Announces Secure Email To Counter US Spying
Hugh Pickens DOT Com writes "Phys Org reports that Brazilian President Dilma Rousseff has announced her government is creating a secure email system to try and shield official communications from spying by the United States and other countries. 'We need more security on our messages to prevent possible espionage,' Rousseff said on Twitter, ordering the Federal Data Processing Service, or SERPRO, to implement a safe email system throughout the federal government. The move came after Rousseff publicly condemned spying against Brazilian government agencies attributed to the United States and Canada. 'This is the first step toward extending the privacy and inviolability of official posts,' Rousseff said. After bringing her complaints against U.S. intelligence agencies to the United Nations General Assembly last month and canceling a state visit to Washington, Rousseff announced that the country will host an international conference on Internet governance in April."
Not me, no matter which government it is.
Unless they can invent their own crypto hardware and software from scratch guaranteed to have no backdoors, I am skeptical about the prospects for success.
here come the conservative whiners to support the USA and oppose Brazil's effort to protect its own rational self interests.
I'm sure the NSA is happy to see lots of people adopting popular systems that include NSA backdoors (explicit or implicit), and would rather not see lots of new systems that don't natively support NSA access.
However, I'm also sure that building a system that effectively blocks the NSA is a pretty tall order. You need algorithms that the NSA can't crack, and you need personnel that the NSA (and affiliated agencies) can't suborn.
I'm sure it'll be quite straightforward to develop a system that seems secure from NSA snooping. Something that provides actual security, rather than empty reassurance? That's a taller order.
here comes someone that tries to be free from group-thinking, to compliment you on your effort to make more people realize the madness in it.
Here comes the groupthink that is exactly the OPPOSITE of what it should be.
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
If this trend continues the only people which the NSA will be able to spy on will be Americans. Precisely the populace it said it would not be spying on in the first place.
Join the Slashcott! Feb 10 thru Feb 17!
This is not "a foreign nations efforts against us".
This is "a foreign nations efforts to counter our efforts against them"
See the difference?
"dumbass Americans who think we are always in the wrong and actually go out of their way to SUPPORT a foreign nations efforts against us."
The idea of routing all your information through a "secret" and LYING government agency appeals to you, eh?
Speaking of DUMBASS AMERICANS, thanks for making an EXAMPLE OUT OF YOURSELF.
I didn't read the article (who does?), but the summary makes no mention of them offering this as a service. Quite the contrary, in fact. It refers to it as being used for "official communications", "throughout the federal government", and for "extending the privacy and inviolability of official posts". Basically, this is a secure e-mail system for Brazil's government, by Brazil's government, and not something for use by normal citizens or residents in the country. As such, I don't see why this would be a boon whatsoever.
here come the liberal whiners to support Brazil and oppose the USA's effort to protect its own rational self interests.
here come the conservative whiners to support the USA and oppose Brazil's effort to protect its own rational self interests.
Hey, you know what? Fuck both of you for being part of the problem.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
The US could have helped Brazil by exposing cronyism and kickbacks, which is why they lag economically, much to the puzzlement of Western scientists who point out they are as large as the US in size and population, with even more resources, said scientists deliberately putting on blinders that it's about government and its abuse like a mafia, not resources, that determines the wealth of a civilization.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
This could be a boon for Brazil in tech. Offering services that are free of surveillance could make Brazil a tech powerhouse.
It already is.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
Brazil wants to centralize "secure" email, run by the government. How long until the Brazilian government itself decides it wants a back door? I'm betting it will happen before the first end user signs up.
Any centralized system, once it reaches a critical mass, will become a very attractive target to the spies. Only decentralized systems--where NO ONE has the master key--have half a chance. A PGP-type system could come close, if somebody could figure out how to make it easy enough for non-technical users to use!
Who thinks the NSA can't breach Brazilian security?
And what is more... who thinks the Brazilians won't peek into the email of users?
So what does this actually accomplish? Stupidity.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
Because if you're not for us you're against us, and other mental distortions... You do realize that many of the countries spied on are friends and allies, right? Or were. A great way to lose friends quickly of course is to treat them like an enemy.
Seven puppies were harmed during the making of this post.
...that the Brazilian Government will move from hosting its mail on Google to private servers...
Donte Alistair Anderson Roberts - hi son!
Karma: Chameleon
It's not all about you (or in this case it's not all about USA). I don't have to support my country just because it's my country, particularly if it's in the wrong. Patriotism is not about supporting your country right or wrong. A true patriot will criticise their own country, because a true patriot wants their country to be the best and therefore demands better of it when it isn't.
Sorry to pop the hope bubble, but that is not going to happen.
First, as stated above, this is a government-only (for now, at least) project. They think they can do it, and I'm sure they will unload tons of public money into it.. But I bet the result will not be nearly as effective as they say they will get, or that the money spent should have bought. That's just how things work in Brazil.
Secondly, to move from a gov-only project to something being sold to third parties, you'd need a sort of tech, infrastructure and skilled manpower that currently don't exist here. Brazil imports the vast majority of its tech (including almost all of IT), infrastructure is entirely imported and skilled manpower exists, but not in high enough numbers (and specially, willing to work for the government) to make that happen.
As a side note.. I worked for the government here (state, not federal) and left after 4 years. I couldn't stand the bullshit and the excessive slowness for everything, the pay was extremely low (I was part of the gov that actually worked [as a slave, almost], to make up for those who do not work and make shit tons of money) and the workload was higher than I currently have working for one of the world's biggest corporations.
Consider if a hacker was breaking into a corporation's systems, monitoring all their data, storing every communication they made and breaking their encryption. And then, the company found out about it and identified the hacker. What do you think would happen to that hacker in our modern court systems? Would the excuse "Oh they should have secured things better!" work and let the hacker off the hook, or would the DoJ pursue ridiculous fines and a life sentence? I am willing to bet the latter. So why does the US government get a free pass here? They are essentially hacking everyone on the planet, they should have the same ridiculous charges placed on them that the CFAA & Holder has brought up on "hackers".
And don't give me that bullshit "It is ok, since they are the government." excuse. IMO, the surest sign of a failing government is when they start picking and choosing which laws apply, because the laws have grown so out of control and ridiculous that they are incompatible with each other. That is exactly what is happening right now.
If that is true, that's a huge pity. I don't have any experience with Brazil's government so I can't comment knowledgeably.
All governments have secure internal communications systems. I'm not sure what's newsworthy about Brazil doing what it probably has always been doing.
Well said. Besides, even if the Brazilians were doing exactly the same things on a remotely comparable scale, the US government is the one you, if you are a US citizen, could help change -- in theory, at least.
Gosh, thanks. That must be why the other ships call me Meatfucker -- GCU Grey Area (Eccentric)
Brazil keeps forgetting about something I like to call the rest of the world. It's easy to find. Grab and atlas and look at everything that isn't labeled "USA". Give or take your talking about roughly 200 countries that have an interest in spying as it is in the interest of every government to know what is going on with every other government.
Now figure that your system magically works against the NSA with faerie dust and a good dose of anti-US propaganda. Nevermind the technicalities, just go with it for a moment and look back at that list of 200 countries. A fair number of those countries could be thought of as technically incompetent, but then again many a third world country has managed to develop hackers as they are relatively about the cheapest form of espionage that you can get. They also have this wonderful ability not to get imprisoned when they get caught by the country their spying on (entire dossiers are available on certain Chinese or Pakistani state hackers, you'll note they still remain happily out of prison).
So let's go back to all of these other countries that now have a technical challenge that is keeping the NSA out. If it's good enough to keep the NSA out, than it's good enough to attract their attention for the express reason that it can keep the NSA out. That means there's a lot to learn about security there and that makes it an attractive target of it's own right, even if you could care less about the contents what lies within.
The hard reality is that all of the naive anti-US sentiment in the world isn't going to save you from the fact that the rest of the world has people that are perfectly intelligent, capable, willing to act. It's ivory tower thinking to believe that only a given country has the intellect and capacity to develop minds that can do something.
First thing the federal email system will do is determine how to snoop on email messages.... hehe
That's nice. So your position is that all the countries should just bend over and take it without lube and close all their counterintelligence offices?
That position is just as stupid as the one where everyone closes all their intelligence offices.
If I have been able to see further than others, it is because I bought a pair of binoculars.
Let's hope that they use PGP or S/MIME and that this motivates other ISPs to roll it out as well. This would hopefully motivate GMail to at least make it compatible in some way. (I mean checking signatures etc)
I didn't know if I should mod parent up as Funny or down as Overrated, so I left it at Score:0, and wrote this instead :)
here come the conservative whiners to support the USA and oppose Brazil's effort to protect its own rational self interests.
I don't find it in the "rational self interests" of my government to be archiving all my phone calls and emails, any more than I feel that it's in the rational self-interest of the local police to install spy cameras inside my home (though I'm sure many a local police department would be happy to make the case as to why it would be).
The cow says "Moo." The dog says "Woof." The Timothy says "Thanks, valued customer. We appreciate your input."
Can they read it? Yes, they can. Now that doesn't mean there is always someone out there reading your email. With millions of people on the Internet, our individual messages likely get lost in a crowd. But you've got to realized that once email leaves your system, it may sit on another computer hundreds or thousands of miles away, and you have no control over who has access to it. What if that computer has a liberal security policy, or is full of security holes? The best thing to do is realize that your email is not going to be secure and avoid transmitting sensitive material, as already recommended in Chapter 3. Even if no one reads your email in transit, the recipient could forward the message on to whomever he or she pleases.
It is possible to physically "tap" networks, just like tapping phone lines. And if someone is able to do that, he can read anything going across those wires. But all hope is not lost: There are ways to make your email more secure. One is to encrypt it before it leaves your computer. Encrypt means simply that it's encoded into something that no one else can read without the proper key. Upon receipt, the message must be decrypted on the the recipient's machine.
The Internet Companion: A Beginner's Guide to Global Networking, Tracy LaQuey, 1993, p.122.
NSA bribes a Brazilian IT worker involved in the Brazilian Federal Secure Email System.
How will it be secured? Client-to-client encryption using GPG or similar product? Or just TLS-protected communications for cleartext messages?
And how do they address NSA ability to compromise clients?
There is so much essential functionality missing from key management and encrypted e-mail, that it is in a barely usable state. For the Brazilian government, or any government for that matter, to provide end-to-end email encrytption for their own workers, so much more needs to be done.
Name me even one mail client or plug-in that can search encrypted messages, the body not just the metadata. Or how about re-keying stored messages? Federal employees often have an obligation to archive communications, but how will that fit with the recommended practice of re-keying? The list goes on.
E-mail encryption has been rather thoroughly thought through at the protocol level (thanks, Phil!) but when it comes to how it can be made to fit in with normal workflow, practically nothing has been done yet.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
The problem here is that the "hacker" is friends with the judge.
Yeah, I know, separation of powers... but nowadays that book is filed under science fiction.
The system is already in use in about 20% of the government agencies and will be mandatory by the end of 2014. It is based on http://www.tine20.com/en/, and will save some millions on software licenses. Currently Brazil has a mix of IBM and Microsoft servers and president Rouseff herself uses Outlook to check her email . Not very smart to give out this information to the public, right? :)
What i don't get is that they plan to offer this service to the public and it will be managed by the Postal Service! Am i the only one that sees no relation with the service provided by the postal service and email services?
All nations and all companies need to think hard about their communication
strategies.
Back in the old dot dash days companies had thick code books and
code protocols.
Nations like Japan in WWII had serious codes for their navy (Purple)
and the Germans had Enigma.
Cracking them was key to the outcome of the war and almost
exposed the attack on Perl in time to act.
Any nation needs some control over their communications.
The troubling bit to many might be the man in the middle attacks
where web content is rewritten or simply exposed via a wide open
leak.
Companies with old school processes still on file should take
note.
Truth is stranger than fiction, but it is because Fiction is obliged to stick to possibilities; Truth isn't. Mark Twain.