Brazil Announces Secure Email To Counter US Spying

Hugh Pickens DOT Com writes "Phys Org reports that Brazilian President Dilma Rousseff has announced her government is creating a secure email system to try and shield official communications from spying by the United States and other countries. 'We need more security on our messages to prevent possible espionage,' Rousseff said on Twitter, ordering the Federal Data Processing Service, or SERPRO, to implement a safe email system throughout the federal government. The move came after Rousseff publicly condemned spying against Brazilian government agencies attributed to the United States and Canada. 'This is the first step toward extending the privacy and inviolability of official posts,' Rousseff said. After bringing her complaints against U.S. intelligence agencies to the United Nations General Assembly last month and canceling a state visit to Washington, Rousseff announced that the country will host an international conference on Internet governance in April."

Re:Who wants email hosted by Federal Government?

[Marxist+Hacker+42]

Especially not a federal government that uses Twitter to plan "secure e-mail"

Re:Who wants email hosted by Federal Government?

[gmuslera]

The same federal government? And at least tries to provide an alternative to the email controlled by the US federal government (i.e. all the ones of companies that are US based or have their servers there).

At least for braziians, is the lesser evil, else they will be empowerign the federal government behind overthrowing democratically elected governments all around the world since last century, including the brazilian one, of course.

Re: brace yourselves

This is not "a foreign nations efforts against us".

This is "a foreign nations efforts to counter our efforts against them"

See the difference?

Re:Good luck with that.

[Marxist+Hacker+42]

Here's one. Take a list of crypto algorithms not recommended by the NSA (there are hundreds). Create an interface object, that calls underlying overloaded crypto algorithms at random, with a secret signature that only the library knows for which crypto algorithm was used. On decrypt, check the signature, and decrypt using the correct algorithm. Regularly seed honeypot false information messages through the system, and if any honeypot is acted upon by an outside agency, remove that encryption scheme from the DLL, re-randomize the crypto list, and release a new DLL to all authorized systems- can use the opportunity to add new routines in as well.

Re:Good Luck With That

[wiggles]

Depends on whether or not you believe the NSA has proven P=nP

Re:brace yourselves

[CanHasDIY]

here come the liberal whiners to support Brazil and oppose the USA's effort to protect its own rational self interests.

here come the conservative whiners to support the USA and oppose Brazil's effort to protect its own rational self interests.

Hey, you know what? Fuck both of you for being part of the problem.

Re:Good luck with that.

[swillden]

with a secret signature that only the library knows for which crypto algorithm was used

Heh. Typical amateur security protocol design... can't even make it to the end of the second sentence of the description without handwaving some security through obscurity.

More importantly, your proposal addresses the part of the problem that isn't a problem -- the ciphers -- and ignores all of the rest, which is where the cracks show up: key management, protocol design, implementation quality and personnel. Much better to pick a small number of well-respected ciphers and then focus on all of the rest. You're still likely to fail against an adversary like the NSA, assuming they really care to put the effort in to read your mail, but you can make them work for it, and you can limit the amount of data they can get.

Re:Who wants email hosted by Federal Government?

[the_B0fh]

You may want to re-read it again. She wants to create a secure email system *FOR THE GOVERNMENT AGENCIES* not for home users.

They have to use it, by law, once it is set up.

Re:Who wants email hosted by Federal Government?

[ewibble]

Budget is not everything, Lets assume it actually takes the NSA (there is no back door) a reasonable amount of resource to decrypt each message, if every message is encrypted then it will may make it significantly harder spy on Brasil. You will not just be able to look at a message and say that's encrypted lets decode it, all messages are encrypted.

Brazil should be able to implement an encryption algorithm with no back door (as long as there is no US agent creating it)

Also the US is spying on many countries not just Brazil.

I am not saying that it will make it impossible to spy, just harder, and that is enough, no security is 100%. If the US really wanted information they could always send a team of spies to apply advanced integration techniques on the right people.

If every person encrypted every email as standard, it would severely impact on the NSAs ability to spy.

Re:Who wants email hosted by Federal Government?

[SethJohnson]

So, let's suppose SERPRO has a very generous $50 million available to spare to this kind of stuff. That's 200x less than NSA's budget. In short, whatever SERPRO manages to do the NSA will be able to break in a matter of weeks, if not days.

No disrespect intended, but I suspect you hastily assembled this post from off-the-shelf thoughts.

Crypto and security in general do not have a $1=$1 relationship to the resources required to defeat it. Even in the physical world, most padlocks are cheaper than the bolt crackers or angle grinders required to cut them. In terms of cryptography, a budget of $50 million could EASILY produce a system that would cost the NSA $TRILLIONS to break. I highly doubt an NSA-defeating system would cost $50 million to build from scratch.