Slashdot Mirror

← Back to Stories (view on slashdot.org)

Brazil Announces Secure Email To Counter US Spying

Posted by samzenpus on from the keep-your-eyes-on-your-own-paper dept.

Hugh Pickens DOT Com writes "Phys Org reports that Brazilian President Dilma Rousseff has announced her government is creating a secure email system to try and shield official communications from spying by the United States and other countries. 'We need more security on our messages to prevent possible espionage,' Rousseff said on Twitter, ordering the Federal Data Processing Service, or SERPRO, to implement a safe email system throughout the federal government. The move came after Rousseff publicly condemned spying against Brazilian government agencies attributed to the United States and Canada. 'This is the first step toward extending the privacy and inviolability of official posts,' Rousseff said. After bringing her complaints against U.S. intelligence agencies to the United Nations General Assembly last month and canceling a state visit to Washington, Rousseff announced that the country will host an international conference on Internet governance in April."

32 of 165 comments (clear)

  1. Who wants email hosted by Federal Government? by Anonymous Coward · · Score: 3, Insightful

    Not me, no matter which government it is.

    1. Re:Who wants email hosted by Federal Government? by Marxist+Hacker+42 · · Score: 5, Funny

      Especially not a federal government that uses Twitter to plan "secure e-mail"

      --
      SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
    2. Re:Who wants email hosted by Federal Government? by rvw · · Score: 2

      Not me, no matter which government it is.

      Who want email hosted by the Federal Government? Maybe the government itself?!

    3. Re:Who wants email hosted by Federal Government? by gmuslera · · Score: 4, Informative

      The same federal government? And at least tries to provide an alternative to the email controlled by the US federal government (i.e. all the ones of companies that are US based or have their servers there).

      At least for braziians, is the lesser evil, else they will be empowerign the federal government behind overthrowing democratically elected governments all around the world since last century, including the brazilian one, of course.

    4. Re:Who wants email hosted by Federal Government? by interkin3tic · · Score: 2

      Don't knock them: this is probably a PR stunt to keep pressure on the US to drop the spying, keep it in the news.

      I don't know if that's the most effective way Brazil could do such a thing. Threatening sanctions on the US for what seems like an act of war might be biting off more than Brazil could chew. Although with the economic apocalypse scheduled to happen on Thursday, maybe now would be a GREAT time to cut ties with the US.

      Anyway, maybe don't criticize, because I think she's on our side against the NSA.

    5. Re:Who wants email hosted by Federal Government? by Anonymous Coward · · Score: 2

      Which part of "to try and shield official communications from spying" you haven't understood?

    6. Re:Who wants email hosted by Federal Government? by NatasRevol · · Score: 2

      Not ones that are secure enough that another federal government can't break into.

      Or did you miss the point of them doing this?

      --
      There are two types of people in the world: Those who crave closure
    7. Re:Who wants email hosted by Federal Government? by Anonymous Coward · · Score: 3, Informative

      You're right it's a PR stunt, but it's not aimed at the US. The Brazilian Government is not so stupid as to think that it's even possible to create an email system that is secure from NSA spying; no networked system is 100% secure and certainly not from the NSA, who's budget is probably 10X SERPROs. Even if they did, they wouldn't coomunicate it through Twitter, they'd do it through their official channels through their embassy in DC or to our embassy in Rio.

      This was released on Twitter, though, which means the target audience was Dilma Rousseff's followers. The Brazilian populace sees Rousseff as a problem, who can't protect Brazil from outside interference like the US. This when Brazil by all rights should be the dominant player in South America, but they're eclipsed by the US's superior position as the dominant power on the entire Western Hemisphere. So her popularity has crumbled, and Brazil just entered the campaign cycle as elections are in October 2014. There's already a strong coalition formed to unseat her in the election. So this is simply Brazilian campaign fluff as the election cycle heats up; it's targeted at Brazilian voters to make her appear tough on foreign interference.

    8. Re:Who wants email hosted by Federal Government? by the_B0fh · · Score: 4, Insightful

      You may want to re-read it again. She wants to create a secure email system *FOR THE GOVERNMENT AGENCIES* not for home users.

      They have to use it, by law, once it is set up.

    9. Re:Who wants email hosted by Federal Government? by phayes · · Score: 2

      Because, all governments while publicly protesting the existence of being spied upon on the Internet (whether by NSA, FSB, DGSE, ...) all have entities that do the same thing to others?

      --
      Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
    10. Re:Who wants email hosted by Federal Government? by alexgieg · · Score: 2

      If Brazil had a brain amongst them, they would simply focus on having their postal companies offer up security keys per citizen and then use that communications.

      Actually, the Brazilian postal company (singular: it's a government monopoly) sells security keys. Several government websites only offer full functionality if you purchase one and use it to access them. Asking for the government to give those away equals asking them to give up tax revenue. It won't happen.

      --
      Conservatism: (n.) love of the existing evils. Liberalism: (n.) desire to substitute new evils for the existing ones.
    11. Re:Who wants email hosted by Federal Government? by ewibble · · Score: 4, Insightful

      Budget is not everything, Lets assume it actually takes the NSA (there is no back door) a reasonable amount of resource to decrypt each message, if every message is encrypted then it will may make it significantly harder spy on Brasil. You will not just be able to look at a message and say that's encrypted lets decode it, all messages are encrypted.

      Brazil should be able to implement an encryption algorithm with no back door (as long as there is no US agent creating it)

      Also the US is spying on many countries not just Brazil.

      I am not saying that it will make it impossible to spy, just harder, and that is enough, no security is 100%. If the US really wanted information they could always send a team of spies to apply advanced integration techniques on the right people.

      If every person encrypted every email as standard, it would severely impact on the NSAs ability to spy.

    12. Re:Who wants email hosted by Federal Government? by SethJohnson · · Score: 4, Interesting

      So, let's suppose SERPRO has a very generous $50 million available to spare to this kind of stuff. That's 200x less than NSA's budget. In short, whatever SERPRO manages to do the NSA will be able to break in a matter of weeks, if not days.

      No disrespect intended, but I suspect you hastily assembled this post from off-the-shelf thoughts.

      Crypto and security in general do not have a $1=$1 relationship to the resources required to defeat it. Even in the physical world, most padlocks are cheaper than the bolt crackers or angle grinders required to cut them. In terms of cryptography, a budget of $50 million could EASILY produce a system that would cost the NSA $TRILLIONS to break. I highly doubt an NSA-defeating system would cost $50 million to build from scratch.

      --
      $5 / month hosted VPS on linux = awesome!
  2. Good Luck With That by seven+of+five · · Score: 3, Insightful

    Unless they can invent their own crypto hardware and software from scratch guaranteed to have no backdoors, I am skeptical about the prospects for success.

    1. Re:Good Luck With That by jbolden · · Score: 2, Insightful

      Algorithms for crypto are well known the math is public and not very complex. Brazil does have programmers and number theorists. Why can't they do this?

    2. Re:Good Luck With That by Nerdfest · · Score: 2

      Since PGP based email encryption will solve their problem quite nicely, their chances of success are pretty much guaranteed. I'm hoping their not trying to come up with something where the government can read everyone's messages though, as that will end poorly.

    3. Re:Good Luck With That by wiggles · · Score: 4, Insightful

      Depends on whether or not you believe the NSA has proven P=nP

    4. Re:Good Luck With That by click2005 · · Score: 3, Interesting

      If I was the NSA I'd get anti-virus vendors to add backdoors. Its software that routinely accesses all your files at odd hours of the night.

      --
      I am a free slashdotter. I will not be modded, blogged, DRM'd, patented, podcasted or RFID'd. My life is my own.
  3. Good luck with that. by jeffb+(2.718) · · Score: 2

    I'm sure the NSA is happy to see lots of people adopting popular systems that include NSA backdoors (explicit or implicit), and would rather not see lots of new systems that don't natively support NSA access.

    However, I'm also sure that building a system that effectively blocks the NSA is a pretty tall order. You need algorithms that the NSA can't crack, and you need personnel that the NSA (and affiliated agencies) can't suborn.

    I'm sure it'll be quite straightforward to develop a system that seems secure from NSA snooping. Something that provides actual security, rather than empty reassurance? That's a taller order.

    1. Re:Good luck with that. by Marxist+Hacker+42 · · Score: 4, Interesting

      Here's one. Take a list of crypto algorithms not recommended by the NSA (there are hundreds). Create an interface object, that calls underlying overloaded crypto algorithms at random, with a secret signature that only the library knows for which crypto algorithm was used. On decrypt, check the signature, and decrypt using the correct algorithm. Regularly seed honeypot false information messages through the system, and if any honeypot is acted upon by an outside agency, remove that encryption scheme from the DLL, re-randomize the crypto list, and release a new DLL to all authorized systems- can use the opportunity to add new routines in as well.

      --
      SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
    2. Re:Good luck with that. by swillden · · Score: 5, Insightful

      with a secret signature that only the library knows for which crypto algorithm was used

      Heh. Typical amateur security protocol design... can't even make it to the end of the second sentence of the description without handwaving some security through obscurity.

      More importantly, your proposal addresses the part of the problem that isn't a problem -- the ciphers -- and ignores all of the rest, which is where the cracks show up: key management, protocol design, implementation quality and personnel. Much better to pick a small number of well-respected ciphers and then focus on all of the rest. You're still likely to fail against an adversary like the NSA, assuming they really care to put the effort in to read your mail, but you can make them work for it, and you can limit the amount of data they can get.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  4. The irony by sl4shd0rk · · Score: 3, Insightful

    If this trend continues the only people which the NSA will be able to spy on will be Americans. Precisely the populace it said it would not be spying on in the first place.

    --
    Join the Slashcott! Feb 10 thru Feb 17!
    1. Re:The irony by Anonymous Coward · · Score: 2, Interesting

      Ultimately they don't really care who they spy on, or even if they spy at all. What they care about is landing a budget worth hundreds of billions of dollars.

      At the top of the power pyramid, it doesn't matter where the money goes. What matters is that it passes through your hands, giving you the chance to leverage that cash flow for personal gain. A person who desires such power over other (supposedly equal) human beings cannot logically be "working for" the same people he tramples on. He works purely in self-interest.

  5. Re: brace yourselves by Anonymous Coward · · Score: 5, Insightful

    This is not "a foreign nations efforts against us".

    This is "a foreign nations efforts to counter our efforts against them"

    See the difference?

  6. Re:Good for Brazil by Anubis+IV · · Score: 2

    I didn't read the article (who does?), but the summary makes no mention of them offering this as a service. Quite the contrary, in fact. It refers to it as being used for "official communications", "throughout the federal government", and for "extending the privacy and inviolability of official posts". Basically, this is a secure e-mail system for Brazil's government, by Brazil's government, and not something for use by normal citizens or residents in the country. As such, I don't see why this would be a boon whatsoever.

  7. Re:brace yourselves by CanHasDIY · · Score: 5, Insightful

    here come the liberal whiners to support Brazil and oppose the USA's effort to protect its own rational self interests.

    here come the conservative whiners to support the USA and oppose Brazil's effort to protect its own rational self interests.

    Hey, you know what? Fuck both of you for being part of the problem.

    --
    An enigma, wrapped in a riddle, shrouded in bacon and cheese
  8. Re: brace yourselves by Anonymous Coward · · Score: 3, Insightful

    It's not all about you (or in this case it's not all about USA). I don't have to support my country just because it's my country, particularly if it's in the wrong. Patriotism is not about supporting your country right or wrong. A true patriot will criticise their own country, because a true patriot wants their country to be the best and therefore demands better of it when it isn't.

  9. Re:brace yourselves by blackiner · · Score: 2

    Consider if a hacker was breaking into a corporation's systems, monitoring all their data, storing every communication they made and breaking their encryption. And then, the company found out about it and identified the hacker. What do you think would happen to that hacker in our modern court systems? Would the excuse "Oh they should have secured things better!" work and let the hacker off the hook, or would the DoJ pursue ridiculous fines and a life sentence? I am willing to bet the latter. So why does the US government get a free pass here? They are essentially hacking everyone on the planet, they should have the same ridiculous charges placed on them that the CFAA & Holder has brought up on "hackers".

    And don't give me that bullshit "It is ok, since they are the government." excuse. IMO, the surest sign of a failing government is when they start picking and choosing which laws apply, because the laws have grown so out of control and ridiculous that they are incompatible with each other. That is exactly what is happening right now.

  10. Re:Nah, they're right, must be something else by fnj · · Score: 2

    ... as large as the US in size and population, with even more resources

    In some strange alternate universe that might be true. It would be more true to say the size is comparable, the population is 2/3, and the proven resources are largely trivial. Brazil grows vast amounts of sugar cane to process it into a (very poor) substitute for gasoline and diesel fuel for motor vehicles. As it is, Brazil's economy outweighs that of all other latin american countries, and it is a net external creditor. Unemployment is very low. Brazil is doing quite well, but comparable to the US it is decidedly not.

    Brazil: population 201 million, land area 8.5 million km^2, crude oil production 2.1 million bpd, proven reserves 14 billion barrels, natural gas production 515 billion cu ft, proven reserves 15 trillion cu ft, coal production 6 million short tons

    US: population 317 million, land area 9.8 million km^2, crude oil production 5.7 million bpd, proven reserves 23 billion barrels, natural gas production 22,900 billion cu ft, proven reserves 304 trillion cu ft, coal production 1094 million short tons

    References:
    Brazil population and area
    Brazil energy
    US population and area
    US energy

  11. Re:Nah, they're right, must be something else by higuita · · Score: 3, Insightful

    right, everybody knowns that all resources you will ever need is oil, gas and coal !!!! let me guess... you are from the USA, right!?!

    and by the way, having less production doesn't mean that they are at the max production, actually mean that they had little investment on the past. Only in the last few years they have invested more in prospecting new reserves and extracting then. For sure there is still many places not even tested that can be full of oil and gas... can you say the same thing on the USA?

    --
    Higuita
  12. Good luck with that / This just in... by AlienSexist · · Score: 3, Funny

    NSA bribes a Brazilian IT worker involved in the Brazilian Federal Secure Email System.

  13. missing functionality by SgtChaireBourne · · Score: 2

    There is so much essential functionality missing from key management and encrypted e-mail, that it is in a barely usable state. For the Brazilian government, or any government for that matter, to provide end-to-end email encrytption for their own workers, so much more needs to be done.

    Name me even one mail client or plug-in that can search encrypted messages, the body not just the metadata. Or how about re-keying stored messages? Federal employees often have an obligation to archive communications, but how will that fit with the recommended practice of re-keying? The list goes on.

    E-mail encryption has been rather thoroughly thought through at the protocol level (thanks, Phil!) but when it comes to how it can be made to fit in with normal workflow, practically nothing has been done yet.

    --
    Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.