Professional Documents
Culture Documents
Cyber security or online security has the potential to impose borderless challenges and
threats to any nation, while the responses remain overpoweringly national in scope (Smith,
Dinev & Xu, 2011). Hence, these cyber security breaches and threats can only be mitigated or at
least reduced by the confrontation provided by government and legislative bodies in terms of
technical as well as governance capabilities (Smith, Dinev & Xu, 2011). The first and foremost
business ethical problem faced by Brazilian Federal Data Processing Service is the electronic
various intelligence agencies, while breaching the International Security Law, which is purely an
illegal activity (Constant, 2013). Hence, the exchange of information through government
network need to be protected from security breaches and this was the most difficult challenge for
SERPRO (another name for Brazilian Federal Data Processing Service) (Smith, Dinev & Xu,
2011). In addition to NSA spying revelations, the Canadian Security Establishment (CSE)
tracked and targeted all the important emails and phone calls to and from Brazil’s Ministry mines
and energy.
This is the most critical ethical and legal problem faced by SERPRO, as they were
assigned a job to design and develop a robust emailing system to mitigate all types of security
breaches (Constant, 2013). In my opinion, all the above described issues should be ethically and
legally condemned as these activities are against the International Cyber Security Law and
Computer Fraud and Abuse Act of 1984 (Smith, Dinev & Xu, 2011). Hence, all these problems
are purely unethical, which should be corrected and resolved by strengthening Internet
governance and reliance on U.S. and other nations in terms of information exchange.
THE BRAZILIAN FEDERAL DATA PROCESSING SERVICE
3
Despite that Brazilian Federal Data Processing Service is the leading security firm in
Brazil which ensures robust security solutions; there are several security flaws or deficiencies in
their original systems and security architecture (Smith, Dinev & Xu, 2011). For instance, security
protocols were not adequate enough to provide comprehensive and long-term security (Constant,
2013). Information was easily accessible, open and transparent that allows offenders to commit
security breaches (Hornung, 2005). It was difficult for the agency to identify the offenders and
their current location (Constant, 2013). The original architecture need to be well-complied with
Canadian spying revelations (Smith, Dinev & Xu, 2011). This system will be locally hosted and
is aimed to protect government related and citizen’s critical data and information, as US
government has been targeting and tracking citizens’ data, including the Brazilian President
(Constant, 2013). The proposed plan for developing anti-spoofing and advanced emailing
services is a quality idea. The Brazilian Federal Data Processing Service is aimed to design an
emailing system for government use, online transactions, tax returns and citizens’ information,
which will use digital certificates and encryption to prevent information leakage by blocking the
access.
With this emailing system, no one can read the content and access information without
being digitally certified (Smith, Dinev & Xu, 2011). However, intended data and recipients will
be hosted in datacenters, located in Brazil (Constant, 2013). The other possible solutions that can
be adopted by SERPRO is the Secure Email Middleman which has been proposed for National
THE BRAZILIAN FEDERAL DATA PROCESSING SERVICE
4
Health of Institute (NIH) (Hornung, 2005). The method provides an alternative approach to PKI
based technologies, as they are impractical (Smith, Dinev & Xu, 2011). This secure email pattern
uses non-PKI S/MIME technologies and solutions to secure email exchange before transmitting
over the network. See appendix for the secure email pattern built for NIH.
Another possible solution could be the utilization for DPL (Data Loss Prevention) to
secure email content and communications (Hornung, 2005). Many agencies, governments and
organizations like Trend Micro have been using this tool to secure emails from unauthorized
access (Hornung, 2005). Further, a robust password manager should be deployed to secure email
communications by asking for multiple passwords for robust authentication (Smith, Dinev & Xu,
2011). In my opinion, all these solutions can be considered by SERPRO to secure Brazil email
communications.
After analyzing different governments and intelligence agencies, it has been found that
United States government have taken many serious and effective precautions to mitigate
information leakage and security breaches and secure email privacy (Smith, Dinev & Xu, 2011).
U.S. government announced to deploy two factor authentications to secure email and other
accounts to prevent unauthorized access (Smith, Dinev & Xu, 2011). The users will log in
personal details in the same manner, but there is an additional step which calls or send message
Another agency working on the same issue is the Space Labs which has developed its
own solution and cracking tools (Embassy, 2012). These email cracking tools can help
well as personal emails (Embassy, 2012). Further, with this cracking tool, it would become easier
THE BRAZILIAN FEDERAL DATA PROCESSING SERVICE
5
to track and test the emails of the vendors and associated which organizations serve (Embassy,
2012). This email cracking system not only helps detect the vulnerabilities of email servers and
account information, but this system also helps identify human as well as social threats.
These were some precautions taken by various government and agencies to take
precautions against the same event that was experienced by the British Federal Data Processing
Service (Embassy, 2012). If these precautions were not taken to secure against the email security
breach, then there are many other effective solutions to protect and sustain email privacy
(Embassy, 2012). New Delhi government announced to use static IP addresses, one time
passwords and virtual networks to secure government communications (Embassy, 2012). If any
user needs to access the email services, he or she has to undergo the above protective systems.
can effectively protect their email services and communications (Hornung, 2005). It is because
great financial losses have been reported due to security breaches and malware of critical
information and data (Hornung, 2005). It is therefore important for the government and
legislative bodies to take appropriate precautions to secure the private communications, most
businesses and government related operations are usually conducted through emails.
THE BRAZILIAN FEDERAL DATA PROCESSING SERVICE
6
References
Constant, L. (2013). Brazil to fortify government email system following NSA snooping
revelations. The country's Federal Data Processing Service has been tasked with the job.
http://www.networkworld.com/article/2170810/security/brazil-to-fortify-
government-email-system-following-nsa-snooping-revelations.html
Embassy, U. S. (2012). Security Message: Election Security Precautions. Data retrieved from:
http://thejns.org/doi/abs/10.3171/jns.1974.41.3.0394
Hornung, M. S. (2005). Think before you type: A look at email privacy in the workplace.
Fordham J. Corp. & Fin. L., 11, 115. Data retrieved from:
http://ir.lawnet.fordham.edu/cgi/viewcontent.cgi?article=1205&context=jcfl&sei-
redir=1&referer=http%3A%2F%2Fscholar.google.com.pk%2Fscholar%3Fq%3Demail
%2Bprivacy%26btnG%3D%26hl%3Den%26as_sdt%3D0%252C5#search=%22email
%20privacy%22
Smith, H. J., Dinev, T., & Xu, H. (2011). Information privacy research: an interdisciplinary
ftp://96.230.5.13/MotiShare/Luvai/Documents/Research/PrivacyValuation/ExtRsrch/SMI
TH,%20XU%20-%20INFORMATION%20PRIVACY%20RESEARCH%20AN
%20INTERDISCIPLINARY%20REVIEW%20MISQ.pdf