Wednesday, 12 June 2013

Across Asia, officials’ e-mails may be vulnerable to eavesdropping

Government and security officials in parts of Asia have been sending sensitive information and policy documents via e-mail services offered by US Web giants, and concerns are spreading that these may have been monitored and collected by the National Security Agency (NSA).

2 comments:

Guanyu said...

Across Asia, officials’ e-mails may be vulnerable to eavesdropping

Reuters
12 June 2013

Government and security officials in parts of Asia have been sending sensitive information and policy documents via e-mail services offered by US Web giants, and concerns are spreading that these may have been monitored and collected by the National Security Agency (NSA).

The official name cards of several directors at Indonesia’s ministry of foreign affairs, for example, give only Yahoo or Gmail addresses. One researcher who deals regularly with Indonesian security and police officials said all of them used Gmail or Yahoo to communicate often sensitive information.

Mr Gatot Dewa Broto, a spokesman for Indonesia’s Ministry of Communications and Informatics, acknowledged that officials had long been aware that public e-mail addresses were “prone to trespassing” but said it was hard to enforce use of official e-mail accounts.

“Sometimes we have difficulties sending large e-mails with photos, file or video attachments, and are forced to use a public e-mail account. But we have reiterated that public e-mail should not be used for highly confidential matters,” he said, adding that he had used Gmail “in emergencies”.

Revelations this week by NSA contractor Edward Snowden of a programme called Prism to sift data from US Web companies has raised fears of a close relationship between the companies and the NSA, something denied by both sides. Whatever the truth, the reliance of Asian officials on such services highlights how vulnerable they are to eavesdropping.

At a recent conference of the United Nations Economic and Social Commission for Asia and the Pacific in Bangkok, for example, officials from 20 of 33 Asian countries represented included Gmail, Hotmail or Yahoo addresses on their contact forms.

Of 18 Thai officials attending, only six gave only their official e-mail address. This was despite all government officials being issued secure e-mail addresses.

“Government officials use the Web domain go.th and we can vouch that this is secure,” government spokesman Theerat Rattanasewee, however, said.

Officials around the world use personal e-mail addresses for personal matters, but in parts of Asia some have little choice but to use them for official business. Some ministries and agencies have no domain of their own, while those that do are poorly serviced or cannot be accessed via smartphones, officials say.

A former Laotian government employee said most official agencies and ministries had their own websites “but they are not really convenient. Sometimes they break down, are slow and have very low qualified service”.

Mr Marek Bialoglowy, Jakarta-based security consultant and chief technology officer at Itsec Asia, said: “Government employees in Asia-Pacific countries often ask to send e-mails to Gmail or Yahoo, because their official e-mail rejects large or encrypted attachments.

“Highly sensitive information could be accessible to anyone with access to such personal e-mail accounts, either Prism staff or someone who just cracked a shared password.”

Some countries, however, are firm in applying rules. In Singapore, senior officials use separate computers to access the Web and for internal communications.

Spokesmen at Japan’s foreign and defence ministries said transmitting work-related information through Web-based e-mail services was strictly prohibited.

“There has been a long-established rule within the foreign ministry against using such services as Gmail and Yahoo mail for work, and as a matter of fact we are not using them,” said the director of the foreign ministry’s international press division Masaru Sato.

Chief Cabinet Secretary Yoshihide Suga told reporters on Wednesday: “Apart from (what’s happened in) the United States, the Japanese government intends to review and reinforce information security, which has been a matter of importance in many ways.”

Guanyu said...

Other nations in the region have taken a more flexible approach. Indian government officials said any eavesdropping on their Web-based communications would not be a problem, because they used their official accounts for all internal communications and commercial services only to communicate with journalists and the outside world.

“I don’t care if the Americans are watching that,” one official said. “If I am sending it by Gmail, I want the world to know.”