Академический Документы
Профессиональный Документы
Культура Документы
Albert Dominic
THE BRAZILIAN FEDERAL DATA PROCESSING SERVICE 2
In this case study, I will evaluate the pertinent ethical issues as well as the internal architectural
model of the Brazilian Federal Data Processing Service. The study is prompted by the Brazilian
government’s decision to severe ties with the US due to recent findings that the NSA have been
intercepting government communications illegally. The study has multiple objectives: I) analyzing the
types of organizational and computer architectures employed in integrating systems, ii) developing an
Ethical Issues
Currently, the Brazilian Federal Data Processing Service seeks to install new computer systems
to bypass and reduce reliance on the US’s internet services. The Servico Federal de Processamento de
Dados (SERPRO) is a private organization created by the Brazilian government with the objective of
providing networking services and communication facilities to Brazil’s government agencies. The
organization has the resources to fulfill this mandate and is also part of international organizations that
are also against the unwarranted surveillance by the NSA. Since it is feasible to develop the appropriate
undertaking.
The main driver behind the proposed changes are revelations from leaked NSA documents
which show that the NSA monitored and intercepted email communications from Brazilian agencies.
These actions were in contravention of International Security Law which makes them illegal (Constant,
2013). Therefore, there exists a need to protect government communications from security breaches
which represents the greatest challenge for SERPRO. In addition to the NSA’s surveillance, the leaks
by a former NSA contractor, Edward Snowden also revealed that the Canadian Security Establishment
(CSE) tracked and monitored all emails and phone calls from Brazil’s ministry of Mines and Energy.
THE BRAZILIAN FEDERAL DATA PROCESSING SERVICE 3
The continued surveillance by foreign intelligence agencies breaches international and domestic
laws thus creating an ethical problem for SERPRO which has the mandate of designing and developing
a robust communications system impervious to surveillance (Constant, 2013). The targeting and
violate the International Cyber Security Law and the Computer Fraud and Abuse Act of 1984.
Despite being the leading security firm in the country, the Brazilian Federal Data Processing
Service has multiple security flaws in their security and systems architecture (Smith et al. 2011).for
example, the implemented security protocols were not enough to ensure data security in international
communications (Constant, 2013). The transmitted data was easily accessible to third parties leading to
the current situation. Furthermore, SERPRO’s systems could not identify data breaches and locate the
offending parties. Therefore, there is a need to remodel the communications architecture to improve
SERPRO has suggested the implementation of an “anti-spoofing email system” which would
resolve the data breaches from US and Canadian intelligence agencies. The system would be hosted
locally allowing the protection of government and citizen data from prying entities (Constant, 2013). If
implemented correctly, the system can resolve the identified business and ethical issues as the proposed
emailing system will also protect online transactions, tax returns, and Brazilian citizens’ information
through the use of digital certificates and encryption to limit access. The emailing system would limit
access to digital information to pre-authorized parties. Moreover, the pertinent data would be stored in
the National Institute of Health (NIH). The method provides an alternate approach to PKI based
technologies which are increasingly insecure due to technological innovations (Smith et al., 2011). The
secure email system employs non-PKI S/MIME technologies to secure email communications before
transmission.
SERPRO can also implement Data Loss Prevention (DPL) methodologies to secure their
communications (Hornung, 2005). Many organizations and entities such as Trend Micro have
measures.
After assessing different government agencies and leaked NSA documents, it is clear that the
United States government as well as the Canadian Intelligence agencies have implemented effective
measures to prevent security breaches and secure communications. The US government employs two
and three-factor authentication protocols in securing their data to prevent unauthorized access (Smith et
al., 2011). SERPRO can also implement a similar system to give users control of the data available to
third parties.
Furthermore, SERPRO should engage qualified third-parties to conduct periodic and objective
penetration tests on their communication systems. These tests would help in evaluating the security of
established communication systems. Furthermore, they should implement systems to determine human
If one or more of these precautions are implemented, then public and private institutions can
protect their communications in addition to preventing financial and reputational losses associated with
THE BRAZILIAN FEDERAL DATA PROCESSING SERVICE 5
data breaches. Therefore, the government and appropriate legislation bodies should implement
References
Constant, L. (2013). Brazil to fortify government email system following NSA snooping revelations.
The country's Federal Data Processing Service has been tasked with the job. Network World.
government-email-system-following-nsa-snooping-revelations.html
Hornung, M. S. (2005). Think before you type: A look at email privacy in the workplace. Fordham J.
Smith, H. J., Dinev, T., & Xu, H. (2011). Information privacy research: an interdisciplinary review. MIS