Secure email service planned for Brazil to thwart GCHQ and NSA spies
14 October 2013 Last updated at 12:26 Share this pageEmailPrint
Brazil plans secure email service to thwart cyber-spies
By Leo Kelion
Brazil has confirmed plans to create a secure email service, following revelations of cyber-surveillance techniques used by the US and UK.
President Dilma Rousseff posted a series of tweets over the weekend, saying the move was required to “prevent possible espionage”.
She added the country’s Federal Data Processing Service (Serpro) would be charged with developing the system.
One expert said the tech involved was well established but had limitations.
“There’s a good precedent for this with the German provider Gmx.de,” said Prof Ross Anderson, head of the security research group at the University of Cambridge’s computer laboratory.
“They just need to tell a company to keep the servers in Brazil, encrypt all the traffic inside or outside the country, and only give access to Brazilian police and intelligence services.
“Bang, finished, it’s trivial. It’s a well understood and well solved problem.”
He said that the Brazilian system could be designed to interact with Gmx and equivalent encrypted services, in which case the NSA (US National Security Agency) and GCHQ (UK Government Communications Headquarters) would effectively be shut out unless the countries where the relevant servers were based decided to co-operate.
But he added that information could still be intercepted if cyber-spies were able to install malware on their target’s computers or if users corresponded with someone using an non-secure email service.
“From the point of view of people writing to each other in Brazil, they have some protection against foreign snooping, however more and more business these days is done internationally,” he said.
“With Gmail having something like a third of all email traffic worldwide, that means the Americans will still be able to read an awful lot of messages.
“If you have an email [copied] to a dozen different people there will be a fair chance one of them will be using Google’s service.”
President Rousseff’s announcement follows allegations that the NSA hacked state-run oil company Petrobras and intercepted billions of emails and calls to Brazilians.
She postponed a state visit to Washington in September after it was alleged that the agency had also targeted her emails and phone calls.
“Without respect for [a nation’s] sovereignty, there is no basis for proper relations among nations,” she subsequently told the United Nations.
“Those who want a strategic partnership cannot possibly allow recurring and illegal action to go on as if they were an ordinary practice.”
President Rousseff has also used Twitter to announce plans to host an international summit in 2014 to discuss internet security.
The event may be used as an opportunity to renew calls for Icann (Internet Corporation for Assigned Names and Numbers) and other organisations overseeing the net to pass at least some of their powers to the UN.
At present Icann – which co-ordinates the internet’s codes and numbering systems – is officially under the remit of the US Department of Commerce, even though it operates as an arms-length body.
The US has resisted the idea, and a clash of views over the matter contributed to the failure of a treaty being signed at last year’s International Telecommunication Union (ITU) conference in Dubai.
Last week – following a meeting between Icann’s president, Fadi Chehade, and President Rousseff – Icann itself backed calls for the accelerated globalisation of its functions ” towards an environment in which all stakeholders, including all governments, participate on an equal footing”.