• October 2013
    M T W T F S S
    « Sep   Nov »
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Pages

  • Marginalia

  • Accumulations

FLOSS | The Proposed Brazilian Firewall

95585f3369e2b0dc6b37909372b78b16

Source: Estadão.

Brazilian president Dilma Rousseff said this Sunday that the government will create a national system of encrypted e-mail to prevent the targeting of national authorities for espionage.  The task has been assigned to the Federal Data Processing Service (SERPRO), a state-owned company with ties to the Treasury.

The government IT agency, Serpro, will build upon a pre-existing e-mail security system, Expresso. Skip to the bottom of the page for details.

“This is the first step toward expanding privacy and inviolability of official messages,” the president declared in a post to her official Twitter account. “We must have more e-mail security to prevent possible spying.”

The system will be developed by Serpro in partnership with the postal service and its use in the government will be obligatory. The Ministry of Communications is due to start testing the system sometime this month. Serpro and the postal service are also studying a free, public service of secure e-mail to the population.

What is wrong with PGP — prettty good privacy?

Other measures to secure information have been developed in partnership with the Planalto. The Brazilian Intelligence Service (ABIN) created and is now debugging land-line and cellular telephones that transmit a coded signal and make it difficult to decode sensitive conversations. Though difficult to use, more and more civil servants and ministers are requesting the units from the agency.

ABIN also presented the Planalto Palace with a sort of pen drive that creates secure sectors on computers, peripherals and systems. Documents created in this environment are automatically encrypted and can be safely sent over the Internet.

Ground Control to Major Tom (Jobim)

The government also wants to buy its own satellite, through Telebrás. Currently, data, telephony, pay-TV signals and military traffic pass through an Embratel satellite privatized in 1997 which now belongs to Claro, owned by Mexican tycoon Carlos Slim.

The satellite and technology will be supplied by the Franco-Italian group Thales Alenia Space. Visiona, a JV between Telebrás and Embraer, is in charge of assembling the satellite, while the technology will be assigned to the Brazilian space agency (AEB). At a cost of US$ 600 million,the satellite should enter orbit in 2016.

Last month, articles by journalist Glenn Greenwald showed that President  Rousseff was directly monitored by the U.S. NSA. The agency intercepted phone calls and e-mails sent by Dilma to aides, as well as messages between herself and current Mexican president Enrique Peña Nieto. The reporter based the story on the documents revealed by ex-NSA technician Edward Snowden.

Dilma demanded explanations from U.S. president Obama. Dissatisfied with the answers, she canceled a scheduled official visit to Washington.

Daniel_Stuckey of Slashdot comments

“After discovering that the US government has been invading the privacy of not just Americans, but also Brazilians, Brazil is showing its teeth.

Does Serpro have teeth? Teeth enough to bite the NSA? This is the important question.

The country responded to the spying revelations by declaring it’ll just have to create its own internet.

Presuming that this is no exaggeration — and this should not necessarily be presumed — commentators brought up a comparable case: Internet access in Iran.

In reality, although Brazil President Dilma Rousseff is none too happy with the NSA’s sketchy surveillance practices, Brazil and other up-and-coming economies have been pushing to shift the power dynamics of the World Wide Web away from a US-centric model for years.”

Hugh Pickens notes,

Washington’s efforts to smooth over Brazilian outrage over NSA espionage have so far been rebuffed by Rousseff, who has proposed that Brazil build its own internet infrastructure. ‘Friendly governments and societies that seek to build a true strategic partnership, as in our case, cannot allow recurring illegal actions to take place as if they were normal. They are unacceptable.'”

schwit1:

“Some European leaders are renewing calls for a ‘euro cloud,’ in which consumer data could be shared within Europe but not outside the region. Brazil is fast-tracking a vote on a once-dormant bill that could require that data about Brazilians be stored on servers in the country. And India plans to ban government employees from using email services from Google and Yahoo Inc.

They are using Gmail for government business? Holy Mother of God! They deserve what they get.

In any event, the program will test the experiment with FLOSS technology to which the company — the largest enterprise IT firm in the hemisphere —  has been dedicated since the early Lula years.

Planet Expresso

tela2

Source: Convergência Digital

Expresso, developed by  Serpro, is due to become the secure e-mail solution that the Ministry of Communications wants to see the postal service offering to all Brazilians.

Or at least this was the topic of conversation between minister Paulo Bernardo and Serpro presidentMarcos Mazoni this Tuesday (September 24, 2013).

“We continue to focus on corporations, but IT teams from Serpro and the postal service are going to sit down and work the problem out That  Expresso already works, and is programmed in a modular fashion, is helpful.  It may be possible to make this available by the end of the year,” said Mazoni after the meeting.

Mazoni enumerated the advantages of using a service already in use by government agencies:

  1. It provides secure e-mail

  2. It runs inside Serpro’s own cloud

  3. it is part of the security environment managed by the state-owned company

  4. It is encrypted according to the ICP-Brasil standard.

The advantage of the postal service, Mazoni says, is its capillarity. But this may not be the only way of disseminating “secure e-mail.” “The Digital  Cities program of the Ministry of Communications will likely be used for the offer,” he said.

The question is one of scale, however. The Serpro exec admits that the offer depends on the extent to which other institutions succeed in providing a storage infrastructure. The use of Expresso, though it includes other servicessuch as instant chat and videoconferences, should fit within the Serpro cloud.

“It depends on storage. Along with the postal servce, we have the Bank of Brasil, the Caixa … in short, a hybrid could whose costs would be absorbed by the government and shared by the institutions. We would also not say no to outside partnerships, so long as they present the requisite degree of security relative to Expresso.

Serpro is already thinking about new products. “E-mail can serve asa vehicle of communication with the income tax authority, for example. This might be the form of communication among civil servants. This is another reason we invest so heavily in our “cloud.”

Serpro implemented Expresso 3.0 internally recently and other government agencies are to catch up shortly.

In version 3.0, the German project Tine 2.0 is adopted, unlike version 2.0, which used eGroupWare.