Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Communications Government Security

Indian Government To Ban Use of US Email Services For Official Communications 219

hypnosec writes "The Government of India is planning to ban the use of U.S.-based email services like Gmail for official communications. It will soon send out a formal notification to it half-million officials across the country, asking them to use official email addresses and services provided by India's National Informatics Center. The move is intended to increase the security of confidential government data and protect it from overseas surveillance."
This discussion has been archived. No new comments can be posted.

Indian Government To Ban Use of US Email Services For Official Communications

Comments Filter:
  • by Kenja ( 541830 ) on Friday August 30, 2013 @11:00AM (#44717325)
    Frankly, I dont think the US should use gMail etc for governmental communications either.
    • by Anonymous Coward on Friday August 30, 2013 @11:03AM (#44717371)

      What's the point? It's not like you can control which packets will and won't be routed through the US.
      What they ought to be requiring is encryption, but we all know that's not going to happen.

      • Packet Sniffing is more of a cheap parlor trick then a good way to collect information.

        For the most part our infrastructure has moved from Hubs to Switches so there are a lot less free packets bouncing around the net. Routers have gotten smarter and better so chances are it won't bother sending your packet around the world just just to go to your neighbors.

        • Packet Sniffing is more of a cheap parlor trick then a good way to collect information.

          For the most part our infrastructure has moved from Hubs to Switches so there are a lot less free packets bouncing around the net. Routers have gotten smarter and better so chances are it won't bother sending your packet around the world just just to go to your neighbors.

          Route poisoning would like to have a word with you. He is waiting in Room 641A.

      • by gmuslera ( 3436 )
        What about the packets that are NOT routed through the US, like i.e. between servers of the same country?. For internal traffic inside a country, specially official communication, it don't need to go thru US inspection and approval. More, if not all, countries should had done the same since long time ago.
    • by ColdWetDog ( 752185 ) on Friday August 30, 2013 @11:03AM (#44717373) Homepage

      Nobody should use email for official anything.

      Benjamin Franklin was right. It's the Post Office. I mean, does any email provider say they will deliver through rain, sleet, snow or hail? Do you see that on anybody's TOS? Given the uncertainties of the climate these days, you'd be a fool to do it any other way.

      Besides, it will slow the government down. That's always a plus.

      • by Ruprecht the Monkeyb ( 680597 ) on Friday August 30, 2013 @11:32AM (#44717671)
        Clearly you don't live in a large city in the U.S. where mail frequently disappears, often found months (or years) later in a dumpster or a postal workers basement. I'll take the same 99.99% delivery rate and the near-instant turnaround possible with email, thanks.
      • by asylumx ( 881307 )

        Besides, it will slow the government down. That's always a plus.

        Can they really get any slower?

      • Different tools for different jobs. It depends on what "official" means. Officially ordering troop movement? Of course not, that would be a giant security hazard. Officially seeking bribes or rewriting the Indian equivalent of the constitution? It would be great if they could put that in an e-mail which would be automatically archived in case there was a question of whether it happened.

        That's obviously what this is about. Snowden. The government wants the whole team to realize that if there's so
    • by ZombieBraintrust ( 1685608 ) on Friday August 30, 2013 @11:10AM (#44717435)
      American politicians use GMail because goverement accounts are archived and the contents are considered public property and not private communication.
    • by atom1c ( 2868995 )

      Frankly, I dont think the US should use gMail etc for governmental communications either.

      I whole-heartedly agree. Alas, I believe the US Gov't is being too lenient with their communications practices; unlike the 90's where only encrypted BlackBerrys were allowed, today everybody can use their Hotmail, Gmail, or Aol account to conduct official government business.

      Instead, they should endorse Lavabit-type services and setup an outbound email transport for any public-private business... not go fully commercial without proper senses of security in place.

    • Frankly, I dont think the US should use gMail etc for governmental communications either.

      The problem I see is that it wasn't discouraged and/or banned earlier. Of COURSE an entity in a different country, with no stated or even implied interest in privacy, is not a good place to conduct your nation's business. Duh! The revelations about Google (and others') cozyness with the NSA should not have been the tipping point.

    • by adoll ( 184191 )

      Frankly, I dont think the US should use gMail etc for governmental communications either.

      Correct. Google might outsource the Gmail service to India.

    • It doesn't matter which email service(s) a foreign government uses, or where the mail is stored. What matters is where the email is routed on its way from sender to recipient. There's nothing to stop the NSA from reading the email if the messages or network packets are "accidentally" routed through the US on their way from one foreign address to another. Not even laws protecting citizens, since it's not a citizen's data.
  • Interesting headline given the level of corruption in the Indian Government. Given that, the headline makes sense. More secrets to keep.

    • by gmuslera ( 3436 )
      So if you want to hide something you must be guilty? Considering the level of secrecy (even secret laws) and the level of persecution on possible leakers that could exist, the US government should make the dark in any foreing government shine in white light compared with the tar pit that it must have.
    • Also interesting is that India stopped telegram service only about 45 days ago.

  • by hsmith ( 818216 ) on Friday August 30, 2013 @11:04AM (#44717387)
    That they can't be the ones spying. Corrupt govt hating on another corrupt govt.
    • by cdrudge ( 68377 )

      That was my first thought too. It's a double win for the Indian government. They reduce the opportunity of the US spying on their communications while at the same time increase their opportunity.

      • Pretty much. Had they REALLY been concerned about security, they would be pushing encryption of the email as opposed to keeping it cleartext.
    • by zlives ( 2009072 )

      i think they are just the first one to voice their jealousy...

    • That they can't be the ones spying. Corrupt govt hating on another corrupt govt.

      It's hardly hating. Given the circumstances, this will likely become the norm for all governments and quite likely businesses that don't feel like being spied on. I'd like to think this is a wake up call for all those people that want to throw their data into the cloud without giving it a second thought, but it looks like for the most part nobody cares. And apparently, anyone who does care and takes a pro-active approach will be labelled as a hater.

    • by oag2 ( 2854559 )
      They're spying, too (http://www.wired.co.uk/news/archive/2013-07/11/blackberry-india)--they just want to be the only ones.
    • by gmuslera ( 3436 )
      Probably they have far more right on spying their own citizens, after all they elected them, than a foreing government, specially if that foreing government is known to infiltrate in social networks to influence people according to their own "defense" programs, like incitate revolutions and social unrest.
  • it seems like a prudent move on behalf of the indian government considering the NSA has all but said they were spying on other governments. though there is the question of what system the indian government will switch to and if it gets hacked by other governments. realistically, they should be using encryption on 100% of their emails.

    • considering the NSA has all but said they were spying on other governments

      Since NSA's job is to spy on other governments, I'm not sure why they needed to "all but say they were spying on other governments".

      It should be a given - "Our job is to spy on other governments. We do our job."

  • by fishwallop ( 792972 ) on Friday August 30, 2013 @11:08AM (#44717421)
    And centralize for national surveillance
  • Smoke screen (Score:4, Insightful)

    by nurb432 ( 527695 ) on Friday August 30, 2013 @11:08AM (#44717423) Homepage Journal

    Its not to 'protect the data' it's to get people to use services that they have direct access too.

    Every government does this.

  • Missing the point (Score:5, Insightful)

    by elloGov ( 1217998 ) on Friday August 30, 2013 @11:12AM (#44717477)
    USA's authoritarian, Orwellian stance is hurting American companies' ability to compete in the global market, domestic and international. It hurts the American economy.
    • by dywolf ( 2673597 )

      thats the best way to make the point really. start hurting some wallets, and you'll see change a lot faster.

      • It is an unfortunate truth that our government is more responsive to the desires and needs of our corporations than it is to the rights of our citizens.

        • That's because corporations are now effectively 'citizens', and they contribute more to campaigns.

          So their wishes matter more.

    • USA's authoritarian, Orwellian stance is hurting American companies' ability to compete in the global market, domestic and international. It hurts the American economy.

      I'm not sure who the subject of 'missing the point' is here, so I can't address that, but yeah - I suspect India knows that by doing this, they may spur some competitive enterprises in India to fill the gap. I'm all for world trade and such, but for Pete^W Lakshmi's sake, India's own government should be patronizing its businesses, not forei

    • OK, so which couintry exactly would YOU trust to host your data and no spy on it.

      FFS, all goverments should have official email only on goverment controled system. That is not 100% safe, but why make it easier than you have to?

      • by gstoddart ( 321705 ) on Friday August 30, 2013 @12:09PM (#44718049) Homepage

        OK, so which couintry exactly would YOU trust to host your data and no spy on it.

        If you are a government, YOU are the only ones you can trust to host your data.

        If you are a company, YOU are the only ones you can trust to host your data.

        Having another company or country host your data was NEVER a good idea, and some of us have been saying so for some time. But all of a sudden people are realizing just how bad of an idea that was, and they're pulling back from it.

        • That seems a bit extreme to assume all companies need to go that far. If I opened a small hardware shop on the corner of the street, and wanted to have an email address, do I hire a whole IT department to set up an email address for me?

          • f I opened a small hardware shop on the corner of the street, and wanted to have an email address, do I hire a whole IT department to set up an email address for me?

            You don't have to. But if you have someone else set it up for you and host it, you don't control it.

            If you're willing to say "I don't care", then have at it and do it however you like.

            If you decide that on principle, or because you have some specific need, that you aren't willing to have this ... then the only secure way is to host it your own

    • by gmuslera ( 3436 )
      Missing the point 2: Is not just watching what they are doing in foreing countries, is attack too [schneier.com], active attacks, the surveillance gives them just base data to infiltrate, corrupt, extort, steal IP, or incite unrest. It will hurt all world population, maybe less to american people, maybe more, but other countries must defend themselves against this after US started the fire.
    • by c0lo ( 1497653 )

      USA's authoritarian, Orwellian stance is hurting American companies' ability to compete in the global market, domestic and international. It hurts the American economy.

      Yes, but... albeit hurt, doesn't the economy feel safe now?

    • That is true. Of course, for a nation to jump over to China is just about as stupid as you can get, but hey, that is up to India.
    • If you're still speaking English, I can assure you that the intelligence and military complex are doing their job adequately.

  • by cookYourDog ( 3030961 ) on Friday August 30, 2013 @11:17AM (#44717521)
    Reap what you sow, Google. As an American, I can't wait until Startmail or another non-U.S. email provider provides a decent alternative. GMail's days are numbered for me.
    • I am looking for the same thing - but, in the meantime, I've already moved my personal mail off Gmail. While the ideal scenario is to have no one sniffing around in my email; since at the moment I can't do much about the government, I can at least keep Google out of it.

  • Traitorous NSA (Score:5, Insightful)

    by TrumpetPower! ( 190615 ) <ben@trumpetpower.com> on Friday August 30, 2013 @11:18AM (#44717529) Homepage

    Here we see the beginnings of real, hard evidence of just how disastrous the NSA's recent actions are to the best interests of the country.

    It used to be that American IT companies were the gold standard, to the point that there almost wasn't even any pretense of competition. Google, IBM, Microsoft, Apple, Facebook -- American companies ruled the Internet.

    And the NSA has turned that all to shit. Now, you'd have to be an idiot to trust any American company not to hand your data over to the NSA. And the NSA has most emphatically been demonstrated that it cannot, under any circumstances, be trusted with that data; just look at not only the overt corporate espionage, but the pervy stalking culture of the degenerates working there. Even if not for official policy directives, you can bet that some low-level flunky at the NSA will be placing insider trades based on what he reads in your executive's emails.

    In other words, the NSA has utterly devastated the greatest industry the United States has ever created, and the very backbone of our economy. It's worse than if they had bombed all our ball bearing plants; infrastructure can be rebuilt, but trust? How the fuck are we supposed to rebuild that? ...and the corporate heads and legal departments wonder why they shouldn't have refused to play with the NSA and gone public at the first hint of this malfeasance, writs of classification be damned. Had Google insisted it be taken down swinging rather than play lapdog to the NSA, their brand would have been unimpeachable; rather, it is untouchable.

    Cheers,

    b&

    • Re:Traitorous NSA (Score:4, Insightful)

      by LordThyGod ( 1465887 ) on Friday August 30, 2013 @11:34AM (#44717697)

      Here we see the beginnings of real, hard evidence of just how disastrous the NSA's recent actions are to the best interests of the country.

      It used to be that American IT companies were the gold standard, to the point that there almost wasn't even any pretense of competition. Google, IBM, Microsoft, Apple, Facebook -- American companies ruled the Internet.

      And the NSA has turned that all to shit. Now, you'd have to be an idiot to trust any American company not to hand your data over to the NSA. And the NSA has most emphatically been demonstrated that it cannot, under any circumstances, be trusted with that data; just look at not only the overt corporate espionage, but the pervy stalking culture of the degenerates working there. Even if not for official policy directives, you can bet that some low-level flunky at the NSA will be placing insider trades based on what he reads in your executive's emails.

      In other words, the NSA has utterly devastated the greatest industry the United States has ever created, and the very backbone of our economy. It's worse than if they had bombed all our ball bearing plants; infrastructure can be rebuilt, but trust? How the fuck are we supposed to rebuild that? ...and the corporate heads and legal departments wonder why they shouldn't have refused to play with the NSA and gone public at the first hint of this malfeasance, writs of classification be damned. Had Google insisted it be taken down swinging rather than play lapdog to the NSA, their brand would have been unimpeachable; rather, it is untouchable.

      Cheers,

      b&

      Exactly! Its not a done deal yet, but they are gutting a very significant industry. This is a very costly fuck up. It would be one thing if we knew the world was a *better* or safer place as a result, but I can't see how to draw that conclusion. Au contraire, they just spend a boatload of money, muddy the waters, and gut a vital industry. You can't believe anything the NSA says since being really good liars is a valued trade asset, and there is no real oversight.

    • by thoth ( 7907 )

      So where exactly are you guaranteed to have your data left alone? China? Russia? Israel? France?

      If it's that important, encrypt before it leaves your control. No matter what the terms of service say.

      • Re:Traitorous NSA (Score:5, Insightful)

        by TrumpetPower! ( 190615 ) <ben@trumpetpower.com> on Friday August 30, 2013 @11:53AM (#44717885) Homepage

        Whilst I certainly wouldn't disagree with you over the importance of encryption...well, put it this way: when was the last time you encrypted a letter you dropped in the mailbox?

        The point is that it's about as much hassle for somebody at the post office to steam-open an envelope with nobody being none the wiser for it as it is for an ISP to snoop on people's mail.

        People have historically been just fine with sending the most private of letters protected by nothing more than the seal of the envelope because the United States Postal Service has a well-deserved unimpeachable reputation for being the hardest of hard-cases about protecting the sanctity of the mail.

        It's not surprising that people carried that same trust over to email; it's an almost instinctual conclusion to assume the one is every bit like the other save for the mechanisms of delivery.

        And, had they done it right, Google could have earned the world's trust by self-policing with the same vigilance the USPS does.

        But they blew it.

        Royally, and spectacularly, they blew it.

        But what remains most troubling about it is that it was an official government agency that twisted their arm, even if Google shouldn't have put up with the arm-twisting.

        Cheers,

        b&

        • What if you tape an encrypted microSD card to the folded paper in the envelope?

        • Ahm, steaming open, scanning and OCR'ing every piece of paper mail is a LOT more hassle than copying email off google's servers. And recording every search term you enter can be pretty revealing as well, of things you might not ever write in a letter or email.
        • Whilst I certainly wouldn't disagree with you over the importance of encryption...well, put it this way: when was the last time you encrypted a letter you dropped in the mailbox?

          The point is that it's about as much hassle for somebody at the post office to steam-open an envelope with nobody being none the wiser for it as it is for an ISP to snoop on people's mail.

          ...

          It is just as much hassle to open a letter passing through the post office by steaming it open as it is for a lawyer somewhere to subpoena and get the contents of an email you sent through gmail.

          However, it is much easier for the NSA to use their backdoor into gmail to make an automated request for all of a person's emails and all of the emails of everyone that emailed them and store that information. Even if they decide that they don't need that information, it will still get stored, and that stored info

    • You know why the NSA has gone to wiretapping US communications? Because they're done tapping into all of the international communications.

  • by goffster ( 1104287 ) on Friday August 30, 2013 @11:28AM (#44717623)

    The NSA has a lot fewer legal problems intercepting foreign mail than
    it does domestic.

    Only now, it simply means they wont have good spam filters,
    and money will now be flowing out of india to nigeria $26,000,000 at a time.

    • That's true. While the US is getting a ton of flac from every direction, those of us in the US are primarily worried about domestic spying. Anything outside the US is their jurisdiction by law. On the other hand, there are valid reasons for India to do what they are doing.

      The two things India is trying to do are send a message and secure their communications. The message part is pretty obvious, but the security part is still there. They know that the NSA has access to Gmail. Anything home grown might

      • The fact that India is worried about the routing and not the security of the content and continue to run Windows, tells me that they have fools in their gov. IT.
  • by TheSync ( 5291 ) on Friday August 30, 2013 @11:33AM (#44717683) Journal

    Of course India is setting up the Central Monitoring System (CMS) [medianama.com] essentially India's version of PRISM:

    Starting from this month, all telecommunications and Internet communications in India will be analysed by the government and its agencies. This means that everything we say or text over the phone, write, post or browse over the Internet will be centrally monitored by Indian authorities. This totalitarian type of surveillance will be incorporated in none other than the Central Monitoring System (CMS)...

    ...the CMS was prepared by the Telecom Enforcement, Resource and Monitoring (TREM) and the Centre for Development of Telematics (C-DoT) and is being manned by the Intelligence Bureau.... ...The Information Technology Amendment Act 2008 enables e-surveillance. The government plans to create a platform that will include all the service providers in Delhi, Haryana and Karnataka creating central and regional databases to help central and state level law enforcement agencies in interception and monitoring. Without any manual intervention from telecom service providers, CMS will equip government agencies with Direct Electronic Provisioning, filter and provide Call Data Records (CDR) analysis and data mining to identify the personal information and provide alerts of the target numbers.

    The estimated cost of CMS is Rs. 4 billion. It will be connected with the Telephone Call Interception System (TCIS) which will help monitor voice calls, SMS and MMS, fax communications on landlines, CDMA, video calls, GSM and 3G networks. Agencies which will have access to the CMS include the Research and Analysis Wing (R&AW), the Central Bureau of Investigation (CBI), the National Investigation Agency (NIA), the Central Board of Direct Taxes (CBDT), the Narcotics Control Bureau, and the Enforcement Directorate (ED). Last October, the NIA approached the Department of Telecom requesting for connection with the CMS to help it intercept phone calls and monitor social networking sites without the cooperation of telcos. NIA is currently monitoring eight out of 10,000 telephone lines and if connected with the CMS, NIA will also get access to e-mails and other social media platforms. Essentially, CMS will be converging all the interception lines at one location for Indian law enforcement agencies to access them.

    • by asylumx ( 881307 )
      Ya, but there's a difference (from their perspective) between India monitoring the activity of Indians, and the US monitoring the activity of Indians. As much as you don't like the NSA monitoring you for no reason, wouldn't you feel worse about it if you know another country was monitoring you for no reason?
      • Not really. Any place that they can tap will be scoped. And yes, they will be spying on our embassies if they have an opportunity.
  • The reality is, I expect to see more governments doing this.

    With the Patriot Act and all of the revelations about the NSA spying, American companies are not things you can trust. All of the cloud services ran by US companies are covered by the same thing.

    I've said it before, but when you turn your corporations into arms of your security apparatus, those corporations cease to be trustworthy.

    So in a few months when US companies start feeling the pinch as people do stuff like this, when they start whining abo

    • Give me a break. All nations spy on each other. The 5 eyes spy on each other to some degree (but share the intel; IOW, we know that we are spying on each other). Hell, the Germans and French know that we spied on them as they spied on the rest of the west.

      The problem becomes when you have a nation like China that is spying on everybody but working fervishly to block all others.
      • Give me a break. All nations spy on each other.

        Sure they do, but if a government sets themselves up using a US owned/based service, they're inviting them in the front door.

        Knowing the other countries are doing it doesn't mean you bring in someone who you know is under the sway of the people spying on you.

        The problem becomes when you have a nation like China that is spying on everybody but working fervishly to block all others.

        What, you mean like the US is?

        It wasn't all that long ago the US was trying to ch

  • most tin-star sheriffs don't want anybody else doing their snooping. lot of that going on in the InterClouds these days.

  • This explains why so many nations are behind.
    Instead of worrying about the routing, they should be pushing for all clients to encrypt the contents (not web-based either). Worse, they should be getting off windows and Macs, and moving to Open Source such as Linux and BSD. In addition, the hardware should be produced in their own nations with Logic chips from their nation or the west, instead of China. The bios should be openbios on flash ram that was produced local.

    But focusing on the server shows how p
  • by WaffleMonster ( 969671 ) on Friday August 30, 2013 @01:55PM (#44719099)

    Of all the inherently useless and broken protocols in use today SMTP email takes the cake.

    Anyone can impersonate anyone else with impunity. Phishing and PC zombification via Email is boundless.

    Anyone can send you whatever useless garbage they want without your consent.

    No useful security of any kind.

    Inability to transmit large content and no way to facilitate realtime communication.

    Message delivery is a crapshoot thanks to hapazard proliferation of automated filters with minds of their owns.

    The failure of SMTP on all levels and massive operational costs it has incurred for administrators and users is mind boggling.

Keep up the good work! But please don't ask me to help.

Working...