Indian Government To Ban Use of US Email Services For Official Communications

hypnosec writes "The Government of India is planning to ban the use of U.S.-based email services like Gmail for official communications. It will soon send out a formal notification to it half-million officials across the country, asking them to use official email addresses and services provided by India's National Informatics Center. The move is intended to increase the security of confidential government data and protect it from overseas surveillance."

Not seeing a problem with that.

[Kenja]

Frankly, I dont think the US should use gMail etc for governmental communications either.

Re:Not seeing a problem with that.

[Anonymous Coward]

What's the point? It's not like you can control which packets will and won't be routed through the US.
What they ought to be requiring is encryption, but we all know that's not going to happen.

Re:

[jellomizer]

Packet Sniffing is more of a cheap parlor trick then a good way to collect information.

For the most part our infrastructure has moved from Hubs to Switches so there are a lot less free packets bouncing around the net. Routers have gotten smarter and better so chances are it won't bother sending your packet around the world just just to go to your neighbors.

Re:

[jeffmeden]

Packet Sniffing is more of a cheap parlor trick then a good way to collect information.

For the most part our infrastructure has moved from Hubs to Switches so there are a lot less free packets bouncing around the net. Routers have gotten smarter and better so chances are it won't bother sending your packet around the world just just to go to your neighbors.

Route poisoning would like to have a word with you. He is waiting in Room 641A.

Re:

[michrech]

Route poisoning would like to have a word with you. He is waiting in Room 641A.

Are you sure?

Re:

[gmuslera]

What about the packets that are NOT routed through the US, like i.e. between servers of the same country?. For internal traffic inside a country, specially official communication, it don't need to go thru US inspection and approval. More, if not all, countries should had done the same since long time ago.

Re:

[dreamchaser]

It's most likely going to hit a backbone that the US has control over at some point.

Re:

[EmperorArthur]

and?

It's perfectly possible to send E-Mail using SSL between servers. Google even prefers to do this. Use an HTTPS site as an E-Mail portal, and it won't matter if the communication is going through the US.

Unless the NSA has a copy of the site's key or has broken SSL crypto, they can log all the trafic they want. With perfect forward secrecy they can get the key latter, and still not know what's being said.

Note: I'm simplifying how SSL works for the sake of convenience.

If the key signing authorities are compromised

[Marrow]

Doesnt that pretty much defeat SSL? And what on earth would make you believe that they weren't compromised.

Re:

[c0lo]

Doesnt that pretty much defeat SSL? And what on earth would make you believe that they weren't compromised.

I can create an uncompromised cert authority in the next 5 min on my laptop, and it would be effective for exchanging communication between us, if you choose to trust it.
And this should be enough as long as the emails are not stored in plain text on servers controlled by US companies. Which seems to me exactly what this ban is about, isn't it?

And does the client cache this key?

[Marrow]

Great, they key is signed and you agree to trust it. Then somebody steps into the middle on the next connection attempt and hands you a new key. Signed by a trusted authority that has been compromised. Does your client check the manually accepted keys before the CA signed keys? Does it do a redundancy check? Or does it just merrily proceed and let you give the MITM your password.
I really dont think the client is checking to see if the key changes. And that would be a very bad thing.

Re:

[whoever57]

I can create an uncompromised cert authority in the next 5 min on my laptop, and it would be effective for exchanging communication between us, if you choose to trust it.

The problem with this approach is that the other person has to stop accepting all other certificate authorities -- otherwise a man-in-the middle attack can be used if any of those certificate authorities can be abused by a government agency.

Ah, you said CA instead of self signed key

[Marrow]

Sorry about my poor reading skills. I dont know enough about a new CA to be able to tell if this would work.

Re:

[gstoddart]

Unless the NSA has a copy of the site's key or has broken SSL crypto, they can log all the trafic they want.

Um, no. If it's an American owned company (anywhere in the world), or a US based server .. the NSA can walk in and demand the key and the decrypted content.

The only way to (try to) keep data out of the hands of the NSA is to not have it in the hands of a US controlled company, and not on US soil.

Google, Microsoft, Yahoo, Facebook ... every single one of them is covered under the Patriot Act. And an

Re:Not seeing a problem with that.

[Immerman]

I think the point is that if the source and destination endpoints are not under US control, and the communication channel between them is secure, then the NSA can watch the encrypted traffic flow through US-controlled nodes all they want without getting much information beyond mail server A transferred X bytes of data to mail server B.

Re:

[EmperorArthur]

Precisely. The other thing is "perfect forward secrecy." It's not perfect, but what it means is the key used to encrypt the traffic is randomly generated. Man in the middle attacks are still an issue, especially if people are dumb enough to use as US based cert authority, but the NSA can never decrypt the traffic after the fact. That still relies on the protocol being secure, and given the amount of money and talent the NSA is throwing at breaking it.... Well, there's a reason why even the US government

Re:Not seeing a problem with that.

[thej1nx]

NICNET (http://www.nic.in) has long been used in India for government mails and official data. You literally have dedicated VSAT connections etc. to it in offices, and it is a separate network in itself.

The Indian army too for obvious reasons, just like its counterparts everywhere, maintains its own nationwide network, and does not allows internet connections to it.

All they are asking is, that officials use these network, which are NOT public, instead of allowing the data to pass over any backbone that US has control over. And thus no classified data is expected to ever hit any backbone that is in US control.

Re:

[Synerg1y]

BGP protocol takes care of this by design by finding the shortest routes for data to travel. Encryption is still a good idea for all the other reasons BGP doesn't address, but India is on the right track here in regards to what they're trying to accomplish.

Re:Not seeing a problem with that.

[ColdWetDog]

Nobody should use email for official anything.

Benjamin Franklin was right. It's the Post Office. I mean, does any email provider say they will deliver through rain, sleet, snow or hail? Do you see that on anybody's TOS? Given the uncertainties of the climate these days, you'd be a fool to do it any other way.

Besides, it will slow the government down. That's always a plus.

Re:Not seeing a problem with that.

[Ruprecht the Monkeyb]

Clearly you don't live in a large city in the U.S. where mail frequently disappears, often found months (or years) later in a dumpster or a postal workers basement. I'll take the same 99.99% delivery rate and the near-instant turnaround possible with email, thanks.

Re:

[ColdWetDog]

Woops. Sorry. The sarcasm / humor tag failed again. Typical Slashdot crap code.

Re:

[asylumx]

Besides, it will slow the government down. That's always a plus.

Can they really get any slower?

Re:

[interkin3tic]

Different tools for different jobs. It depends on what "official" means. Officially ordering troop movement? Of course not, that would be a giant security hazard. Officially seeking bribes or rewriting the Indian equivalent of the constitution? It would be great if they could put that in an e-mail which would be automatically archived in case there was a question of whether it happened.

That's obviously what this is about. Snowden. The government wants the whole team to realize that if there's so

Re:Not seeing a problem with that.

[ZombieBraintrust]

American politicians use GMail because goverement accounts are archived and the contents are considered public property and not private communication.

Re:Not seeing a problem with that.

[Archangel Michael]

And besides, if you're doing nefarious activities, you can avoid subpenas when you appear in front of Congress ... right Lois Learner?

Re:Not seeing a problem with that.

[gstoddart]

American politicians use GMail because goverement accounts are archived and the contents are considered public property and not private communication.

Ironic, since the NSA considers GMail to be public property and not private communication as well.

Re:

[atom1c]

Frankly, I dont think the US should use gMail etc for governmental communications either.

I whole-heartedly agree. Alas, I believe the US Gov't is being too lenient with their communications practices; unlike the 90's where only encrypted BlackBerrys were allowed, today everybody can use their Hotmail, Gmail, or Aol account to conduct official government business.

Instead, they should endorse Lavabit-type services and setup an outbound email transport for any public-private business... not go fully commercial without proper senses of security in place.

Re:

[jeffmeden]

Frankly, I dont think the US should use gMail etc for governmental communications either.

The problem I see is that it wasn't discouraged and/or banned earlier. Of COURSE an entity in a different country, with no stated or even implied interest in privacy, is not a good place to conduct your nation's business. Duh! The revelations about Google (and others') cozyness with the NSA should not have been the tipping point.

Re:

[adoll]

Frankly, I dont think the US should use gMail etc for governmental communications either.

Correct. Google might outsource the Gmail service to India.

how many recipients are on gmail?

[peter303]

I bet plenty

Re:

[quintus_horatius]

It doesn't matter which email service(s) a foreign government uses, or where the mail is stored. What matters is where the email is routed on its way from sender to recipient. There's nothing to stop the NSA from reading the email if the messages or network packets are "accidentally" routed through the US on their way from one foreign address to another. Not even laws protecting citizens, since it's not a citizen's data.

Re:

[Anonymous Coward]

What contracts? The government of India already provides email addresses to their employees. They're saying "Hey, stupid employee, use this email, don't go off making a Gmail account for official business!"

Re:

[SolitaryMan]

I think the irony is that this move will likely make their email communication *less* secure and more easily accessible by foreign intel.

Re:

[DexterIsADog]

Right, using an email provider that does not cooperate with the NSA will be less secure than using a U.S. provider who follows orders like a good doggie.

Interesting Headline

[assertation]

Interesting headline given the level of corruption in the Indian Government. Given that, the headline makes sense. More secrets to keep.

Re:

[gmuslera]

So if you want to hide something you must be guilty? Considering the level of secrecy (even secret laws) and the level of persecution on possible leakers that could exist, the US government should make the dark in any foreing government shine in white light compared with the tar pit that it must have.

Re:Interesting Headline

[ShanghaiBill]

So if you want to hide something you must be guilty?

If you are a government official in a democratic country, and you are trying to hide your official activities, then yes, it is a reasonable assumption that you are corrupt. With very few exceptions, government business should be conducted in public and transparently.

Re:

[gmuslera]

So is pretty convenient that US is not a democracy [salon.com].

Re:

[only_human]

Also interesting is that India stopped telegram service only about 45 days ago.

Indian govt is just jealous

[hsmith]

That they can't be the ones spying. Corrupt govt hating on another corrupt govt.

Re:

[cdrudge]

That was my first thought too. It's a double win for the Indian government. They reduce the opportunity of the US spying on their communications while at the same time increase their opportunity.

Re:

[WindBourne]

Pretty much. Had they REALLY been concerned about security, they would be pushing encryption of the email as opposed to keeping it cleartext.

Re:

[zlives]

i think they are just the first one to voice their jealousy...

Re:

[hilather]

That they can't be the ones spying. Corrupt govt hating on another corrupt govt.

It's hardly hating. Given the circumstances, this will likely become the norm for all governments and quite likely businesses that don't feel like being spied on. I'd like to think this is a wake up call for all those people that want to throw their data into the cloud without giving it a second thought, but it looks like for the most part nobody cares. And apparently, anyone who does care and takes a pro-active approach will be labelled as a hater.

Re:

[oag2]

They're spying, too (http://www.wired.co.uk/news/archive/2013-07/11/blackberry-india)--they just want to be the only ones.

Re:

[gmuslera]

Probably they have far more right on spying their own citizens, after all they elected them, than a foreing government, specially if that foreing government is known to infiltrate in social networks to influence people according to their own "defense" programs, like incitate revolutions and social unrest.

a good idea.

[Gravis Zero]

it seems like a prudent move on behalf of the indian government considering the NSA has all but said they were spying on other governments. though there is the question of what system the indian government will switch to and if it gets hacked by other governments. realistically, they should be using encryption on 100% of their emails.

Re:

[CrimsonAvenger]

considering the NSA has all but said they were spying on other governments

Since NSA's job is to spy on other governments, I'm not sure why they needed to "all but say they were spying on other governments".

It should be a given - "Our job is to spy on other governments. We do our job."

Protect from international surveillance

[fishwallop]

And centralize for national surveillance

Smoke screen

[nurb432]

Its not to 'protect the data' it's to get people to use services that they have direct access too.

Every government does this.

Missing the point

[elloGov]

USA's authoritarian, Orwellian stance is hurting American companies' ability to compete in the global market, domestic and international. It hurts the American economy.

Re:

[dywolf]

thats the best way to make the point really. start hurting some wallets, and you'll see change a lot faster.

Re:

[93 Escort Wagon]

It is an unfortunate truth that our government is more responsive to the desires and needs of our corporations than it is to the rights of our citizens.

Re:

[gstoddart]

That's because corporations are now effectively 'citizens', and they contribute more to campaigns.

So their wishes matter more.

Re:

[bill_mcgonigle]

USA's authoritarian, Orwellian stance is hurting American companies' ability to compete in the global market, domestic and international. It hurts the American economy.

I'm not sure who the subject of 'missing the point' is here, so I can't address that, but yeah - I suspect India knows that by doing this, they may spur some competitive enterprises in India to fill the gap. I'm all for world trade and such, but for Pete^W Lakshmi's sake, India's own government should be patronizing its businesses, not forei

Re:

[jd.schmidt]

OK, so which couintry exactly would YOU trust to host your data and no spy on it.

FFS, all goverments should have official email only on goverment controled system. That is not 100% safe, but why make it easier than you have to?

Re:Missing the point

[gstoddart]

OK, so which couintry exactly would YOU trust to host your data and no spy on it.

If you are a government, YOU are the only ones you can trust to host your data.

If you are a company, YOU are the only ones you can trust to host your data.

Having another company or country host your data was NEVER a good idea, and some of us have been saying so for some time. But all of a sudden people are realizing just how bad of an idea that was, and they're pulling back from it.

Re:

[sydneyfong]

That seems a bit extreme to assume all companies need to go that far. If I opened a small hardware shop on the corner of the street, and wanted to have an email address, do I hire a whole IT department to set up an email address for me?

Re:

[gstoddart]

f I opened a small hardware shop on the corner of the street, and wanted to have an email address, do I hire a whole IT department to set up an email address for me?

You don't have to. But if you have someone else set it up for you and host it, you don't control it.

If you're willing to say "I don't care", then have at it and do it however you like.

If you decide that on principle, or because you have some specific need, that you aren't willing to have this ... then the only secure way is to host it your own

Re:

[gmuslera]

Missing the point 2: Is not just watching what they are doing in foreing countries, is attack too [schneier.com], active attacks, the surveillance gives them just base data to infiltrate, corrupt, extort, steal IP, or incite unrest. It will hurt all world population, maybe less to american people, maybe more, but other countries must defend themselves against this after US started the fire.

Re:

[c0lo]

USA's authoritarian, Orwellian stance is hurting American companies' ability to compete in the global market, domestic and international. It hurts the American economy.

Yes, but... albeit hurt, doesn't the economy feel safe now?

Re:

[WindBourne]

That is true. Of course, for a nation to jump over to China is just about as stupid as you can get, but hey, that is up to India.

Do you speak English?

[Overzeetop]

If you're still speaking English, I can assure you that the intelligence and military complex are doing their job adequately.

And the backlash cometh

[cookYourDog]

Reap what you sow, Google. As an American, I can't wait until Startmail or another non-U.S. email provider provides a decent alternative. GMail's days are numbered for me.

Re:

[93 Escort Wagon]

I am looking for the same thing - but, in the meantime, I've already moved my personal mail off Gmail. While the ideal scenario is to have no one sniffing around in my email; since at the moment I can't do much about the government, I can at least keep Google out of it.

Traitorous NSA

[TrumpetPower!]

Here we see the beginnings of real, hard evidence of just how disastrous the NSA's recent actions are to the best interests of the country.

It used to be that American IT companies were the gold standard, to the point that there almost wasn't even any pretense of competition. Google, IBM, Microsoft, Apple, Facebook -- American companies ruled the Internet.

And the NSA has turned that all to shit. Now, you'd have to be an idiot to trust any American company not to hand your data over to the NSA. And the NSA has most emphatically been demonstrated that it cannot, under any circumstances, be trusted with that data; just look at not only the overt corporate espionage, but the pervy stalking culture of the degenerates working there. Even if not for official policy directives, you can bet that some low-level flunky at the NSA will be placing insider trades based on what he reads in your executive's emails.

In other words, the NSA has utterly devastated the greatest industry the United States has ever created, and the very backbone of our economy. It's worse than if they had bombed all our ball bearing plants; infrastructure can be rebuilt, but trust? How the fuck are we supposed to rebuild that? ...and the corporate heads and legal departments wonder why they shouldn't have refused to play with the NSA and gone public at the first hint of this malfeasance, writs of classification be damned. Had Google insisted it be taken down swinging rather than play lapdog to the NSA, their brand would have been unimpeachable; rather, it is untouchable.

Cheers,

b&

Re:Traitorous NSA

[LordThyGod]

Here we see the beginnings of real, hard evidence of just how disastrous the NSA's recent actions are to the best interests of the country.

It used to be that American IT companies were the gold standard, to the point that there almost wasn't even any pretense of competition. Google, IBM, Microsoft, Apple, Facebook -- American companies ruled the Internet.

And the NSA has turned that all to shit. Now, you'd have to be an idiot to trust any American company not to hand your data over to the NSA. And the NSA has most emphatically been demonstrated that it cannot, under any circumstances, be trusted with that data; just look at not only the overt corporate espionage, but the pervy stalking culture of the degenerates working there. Even if not for official policy directives, you can bet that some low-level flunky at the NSA will be placing insider trades based on what he reads in your executive's emails.

In other words, the NSA has utterly devastated the greatest industry the United States has ever created, and the very backbone of our economy. It's worse than if they had bombed all our ball bearing plants; infrastructure can be rebuilt, but trust? How the fuck are we supposed to rebuild that? ...and the corporate heads and legal departments wonder why they shouldn't have refused to play with the NSA and gone public at the first hint of this malfeasance, writs of classification be damned. Had Google insisted it be taken down swinging rather than play lapdog to the NSA, their brand would have been unimpeachable; rather, it is untouchable.

Cheers,

b&

Exactly! Its not a done deal yet, but they are gutting a very significant industry. This is a very costly fuck up. It would be one thing if we knew the world was a *better* or safer place as a result, but I can't see how to draw that conclusion. Au contraire, they just spend a boatload of money, muddy the waters, and gut a vital industry. You can't believe anything the NSA says since being really good liars is a valued trade asset, and there is no real oversight.

Re:

[thoth]

So where exactly are you guaranteed to have your data left alone? China? Russia? Israel? France?

If it's that important, encrypt before it leaves your control. No matter what the terms of service say.

Re:Traitorous NSA

[TrumpetPower!]

Whilst I certainly wouldn't disagree with you over the importance of encryption...well, put it this way: when was the last time you encrypted a letter you dropped in the mailbox?

The point is that it's about as much hassle for somebody at the post office to steam-open an envelope with nobody being none the wiser for it as it is for an ISP to snoop on people's mail.

People have historically been just fine with sending the most private of letters protected by nothing more than the seal of the envelope because the United States Postal Service has a well-deserved unimpeachable reputation for being the hardest of hard-cases about protecting the sanctity of the mail.

It's not surprising that people carried that same trust over to email; it's an almost instinctual conclusion to assume the one is every bit like the other save for the mechanisms of delivery.

And, had they done it right, Google could have earned the world's trust by self-policing with the same vigilance the USPS does.

But they blew it.

Royally, and spectacularly, they blew it.

But what remains most troubling about it is that it was an official government agency that twisted their arm, even if Google shouldn't have put up with the arm-twisting.

Cheers,

b&

Re:

[RoTNCoRE]

What if you tape an encrypted microSD card to the folded paper in the envelope?

Re:

[Kazoo the Clown]

Ahm, steaming open, scanning and OCR'ing every piece of paper mail is a LOT more hassle than copying email off google's servers. And recording every search term you enter can be pretty revealing as well, of things you might not ever write in a letter or email.

Re:

[Ioldanach]

Whilst I certainly wouldn't disagree with you over the importance of encryption...well, put it this way: when was the last time you encrypted a letter you dropped in the mailbox?

The point is that it's about as much hassle for somebody at the post office to steam-open an envelope with nobody being none the wiser for it as it is for an ISP to snoop on people's mail.

...

It is just as much hassle to open a letter passing through the post office by steaming it open as it is for a lawyer somewhere to subpoena and get the contents of an email you sent through gmail.

However, it is much easier for the NSA to use their backdoor into gmail to make an automated request for all of a person's emails and all of the emails of everyone that emailed them and store that information. Even if they decide that they don't need that information, it will still get stored, and that stored info

Bad news

[Overzeetop]

You know why the NSA has gone to wiretapping US communications? Because they're done tapping into all of the international communications.

Re:

[c0lo]

Here we see the beginnings of real, hard evidence of just how disastrous the NSA's recent actions are to the best interests of the country.

Sorry, but this is all Snowden's fault. If it hadn't been for him everything would still be working as designed and no one would be (provably anyway) the wiser.

"A wrong is right if not known"? Like: the wife-cheater is not to blame for the divorce, the snitch is?
If that's what you say, you may continue to be sorry.

As if that makes a difference.

[goffster]

The NSA has a lot fewer legal problems intercepting foreign mail than
it does domestic.

Only now, it simply means they wont have good spam filters,
and money will now be flowing out of india to nigeria $26,000,000 at a time.

Re:

[EmperorArthur]

That's true. While the US is getting a ton of flac from every direction, those of us in the US are primarily worried about domestic spying. Anything outside the US is their jurisdiction by law. On the other hand, there are valid reasons for India to do what they are doing.

The two things India is trying to do are send a message and secure their communications. The message part is pretty obvious, but the security part is still there. They know that the NSA has access to Gmail. Anything home grown might

Re:

[WindBourne]

The fact that India is worried about the routing and not the security of the content and continue to run Windows, tells me that they have fools in their gov. IT.

Indian Central Monitoring System

[TheSync]

Of course India is setting up the Central Monitoring System (CMS) [medianama.com] essentially India's version of PRISM:

Starting from this month, all telecommunications and Internet communications in India will be analysed by the government and its agencies. This means that everything we say or text over the phone, write, post or browse over the Internet will be centrally monitored by Indian authorities. This totalitarian type of surveillance will be incorporated in none other than the Central Monitoring System (CMS)...

...the CMS was prepared by the Telecom Enforcement, Resource and Monitoring (TREM) and the Centre for Development of Telematics (C-DoT) and is being manned by the Intelligence Bureau.... ...The Information Technology Amendment Act 2008 enables e-surveillance. The government plans to create a platform that will include all the service providers in Delhi, Haryana and Karnataka creating central and regional databases to help central and state level law enforcement agencies in interception and monitoring. Without any manual intervention from telecom service providers, CMS will equip government agencies with Direct Electronic Provisioning, filter and provide Call Data Records (CDR) analysis and data mining to identify the personal information and provide alerts of the target numbers.

The estimated cost of CMS is Rs. 4 billion. It will be connected with the Telephone Call Interception System (TCIS) which will help monitor voice calls, SMS and MMS, fax communications on landlines, CDMA, video calls, GSM and 3G networks. Agencies which will have access to the CMS include the Research and Analysis Wing (R&AW), the Central Bureau of Investigation (CBI), the National Investigation Agency (NIA), the Central Board of Direct Taxes (CBDT), the Narcotics Control Bureau, and the Enforcement Directorate (ED). Last October, the NIA approached the Department of Telecom requesting for connection with the CMS to help it intercept phone calls and monitor social networking sites without the cooperation of telcos. NIA is currently monitoring eight out of 10,000 telephone lines and if connected with the CMS, NIA will also get access to e-mails and other social media platforms. Essentially, CMS will be converging all the interception lines at one location for Indian law enforcement agencies to access them.

Re:

[asylumx]

Ya, but there's a difference (from their perspective) between India monitoring the activity of Indians, and the US monitoring the activity of Indians. As much as you don't like the NSA monitoring you for no reason, wouldn't you feel worse about it if you know another country was monitoring you for no reason?

Re:

[WindBourne]

Not really. Any place that they can tap will be scoped. And yes, they will be spying on our embassies if they have an opportunity.

Nobody should be surprised ...

[gstoddart]

The reality is, I expect to see more governments doing this.

With the Patriot Act and all of the revelations about the NSA spying, American companies are not things you can trust. All of the cloud services ran by US companies are covered by the same thing.

I've said it before, but when you turn your corporations into arms of your security apparatus, those corporations cease to be trustworthy.

So in a few months when US companies start feeling the pinch as people do stuff like this, when they start whining abo

Re:

[WindBourne]

Give me a break. All nations spy on each other. The 5 eyes spy on each other to some degree (but share the intel; IOW, we know that we are spying on each other). Hell, the Germans and French know that we spied on them as they spied on the rest of the west.

The problem becomes when you have a nation like China that is spying on everybody but working fervishly to block all others.

Re:

[gstoddart]

Give me a break. All nations spy on each other.

Sure they do, but if a government sets themselves up using a US owned/based service, they're inviting them in the front door.

Knowing the other countries are doing it doesn't mean you bring in someone who you know is under the sway of the people spying on you.

The problem becomes when you have a nation like China that is spying on everybody but working fervishly to block all others.

What, you mean like the US is?

It wasn't all that long ago the US was trying to ch

it all depends on who's spying department

[swschrad]

most tin-star sheriffs don't want anybody else doing their snooping. lot of that going on in the InterClouds these days.

Actually, pretty stupid

[WindBourne]

This explains why so many nations are behind.
Instead of worrying about the routing, they should be pushing for all clients to encrypt the contents (not web-based either). Worse, they should be getting off windows and Macs, and moving to Open Source such as Linux and BSD. In addition, the hardware should be produced in their own nations with Logic chips from their nation or the west, instead of China. The bios should be openbios on flash ram that was produced local.

But focusing on the server shows how p

Email sucks ass

[WaffleMonster]

Of all the inherently useless and broken protocols in use today SMTP email takes the cake.

Anyone can impersonate anyone else with impunity. Phishing and PC zombification via Email is boundless.

Anyone can send you whatever useless garbage they want without your consent.

No useful security of any kind.

Inability to transmit large content and no way to facilitate realtime communication.

Message delivery is a crapshoot thanks to hapazard proliferation of automated filters with minds of their owns.

The failure of SMTP on all levels and massive operational costs it has incurred for administrators and users is mind boggling.

Re:

[fredrated]

Figure it out, this goes way beyond Obama.

Re:

[Archangel Michael]

Yeah, this is true. However, if this exposure happened under GWB, he would be crucified. Quit given Obama a pass. Treat him exactly as you would have treated GWB.

Re:

[jd.schmidt]

Actually no, GWB would only have been attacked by the Left for the most part, the Right mostly would have defended GWB for doing what was needed to protect our country. The response from the pro defense politicians is decidedly mute, they are simply choosing not to defend he President, at least not very much.

These intrusions by the NSA are a lot like things that have been going on all along (note I did not say it was good). Basically the opportunity for progress on this issue is precisely because Obama is

Re:

[0123456]

Actually no, GWB would only have been attacked by the Left for the most part

Like, you know, almost the entire mass media.

he Left is naturally suspicious of police and spying

Tell that to the Stasi.

The left are only suspicious of police and spies they don't control. They love police and spies who can be used against their opponents.

Re:

[WindBourne]

I worked on this shit under W. And I can tell you that you neo-cons would be screaming that this was all good. The one being crucified is O for the shit that you neo-cons (and in this particular case, myself), did.

Re:

[WindBourne]

If you think that Obama is responsible for this AND you are American educated, then you are far more indicative of a horrible education, combined with neo-con/tea-bagger propaganda.

Re:Makes sense to me.... FTFY

[zlives]

This seems total sensible, after all if you let a foreign entity. on the cloud, run your email you don't really own the data and any data that you don't own is at risk. The real surprise is that it took the business world this long to realize.

Re:

[Holi]

I disagree, in the US Copyright is automatic and thus you do own the data, any unauthorized use by the ISP's should open them up for civil damages based on unlicensed use of copyrighted material.

Re:

[zlives]

great Indian gov't is worried falsely US ISP's would never share data with anyone and all the hops going through other countries are just as safe as in US... o wait.

Re:

[LordThyGod]

Since we have to live with what was once a great nation now fallen in corruption, at least we should have some fun with it.

The old meme "in soviet union" is becoming obsolete. I suggest we start a new meme: "in nazi america".

And remember now, "war is peace".

Re:

[SirGarlon]

I suggest we start a new meme: "in nazi america".

"NSA America" or "fascist [wikipedia.org] America" would be better. Some people get justifiably offended when one throws around causal references to the Nazis. It desensitizes people to the Holocaust and their mass murders of Roma, Slavs, homosexuals, etc.

The Nazis were a special breed, much worse than anything that exists in our privileged world today, except perhaps in Syria and a few other places [wikipedia.org]. To compare modern states to theirs is disingenuous.

Re:

[WindBourne]

Sadly, there is a strong truth to what you are saying. We are no where near as bad as China, Iran, venezuela, Germany, Italy, etc. in terms of spying on our citizens. IOW, nearly all other nations are closer to 'nazi' than is America.
However, there is no doubt that America IS controlled by businesses and wealthy, which really is as close to fascism as it comes.

Re:

[WindBourne]

LOL; Yeah, lets see. The USA spies on less than .01% of their citizens, and yet, it is nazi america, while China, germany, india, etc attempt to spy on 100% of their citizens and other nations, but they are free. Yup, makes sense their comrade.

Re:

[WindBourne]

EXACTLY. Their email will still be clear-text, which is how foolish these ppl are. Heck, they still have a boat load of chinese networking equipment in their telcos.