Brazil plans secure email service to thwart cyber-spies By Leo Kelion

Technology reporter Published duration 14 October 2013

image caption President Rousseff told the UN that the interception of its communications was a breach of the law

Brazil has confirmed plans to create a secure email service, following revelations of cyber-surveillance techniques used by the US and UK.

President Dilma Rousseff posted a series of tweets over the weekend, saying the move was required to "prevent possible espionage".

She added the country's Federal Data Processing Service (Serpro) would be charged with developing the system.

One expert said the tech involved was well established but had limitations.

"There's a good precedent for this with the German provider Gmx.de," said Prof Ross Anderson, head of the security research group at the University of Cambridge's computer laboratory.

"They just need to tell a company to keep the servers in Brazil, encrypt all the traffic inside or outside the country, and only give access to Brazilian police and intelligence services.

"Bang, finished, it's trivial. It's a well understood and well solved problem."

He said that the Brazilian system could be designed to interact with Gmx and equivalent encrypted services, in which case the NSA (US National Security Agency) and GCHQ (UK Government Communications Headquarters) would effectively be shut out unless the countries where the relevant servers were based decided to co-operate.

But he added that information could still be intercepted if cyber-spies were able to install malware on their target's computers or if users corresponded with someone using an non-secure email service.

"From the point of view of people writing to each other in Brazil, they have some protection against foreign snooping, however more and more business these days is done internationally," he said.

"With Gmail having something like a third of all email traffic worldwide, that means the Americans will still be able to read an awful lot of messages.

"If you have an email [copied] to a dozen different people there will be a fair chance one of them will be using Google's service."

International summit

President Rousseff's announcement follows allegations that the NSA hacked state-run oil company Petrobras and intercepted billions of emails and calls to Brazilians.

She postponed a state visit to Washington in September after it was alleged that the agency had also targeted her emails and phone calls.

"Without respect for [a nation's] sovereignty, there is no basis for proper relations among nations," she subsequently told the United Nations.

image caption President Rousseff posted three tweets announcing the news on Sunday

"Those who want a strategic partnership cannot possibly allow recurring and illegal action to go on as if they were an ordinary practice."

President Rousseff has also used Twitter to announce plans to host an international summit in 2014 to discuss internet security.

The event may be used as an opportunity to renew calls for Icann (Internet Corporation for Assigned Names and Numbers) and other organisations overseeing the net to pass at least some of their powers to the UN.

At present Icann - which co-ordinates the internet's codes and numbering systems - is officially under the remit of the US Department of Commerce, even though it operates as an arms-length body.

The US has resisted the idea, and a clash of views over the matter contributed to the failure of a treaty being signed at last year's International Telecommunication Union (ITU) conference in Dubai.