Across Asia, officials' e-mails may be vulnerable
JAKARTA/BANGKOK (Reuters) - Government and security officials in parts of Asia have been sending sensitive information and policy documents via e-mail services offered by U.S. web giants, and concerns are spreading that these may have been monitored and collected by the National Security Agency (NSA).
The official name cards of several directors at Indonesia's ministry of foreign affairs, for example, give only Yahoo or Gmail addresses, services provided by Yahoo Inc and Google Inc. One researcher who deals regularly with Indonesian security and police officials said all of them used Gmail or Yahoo to communicate often sensitive information.
Gatot S. Dewa Broto, spokesman for Indonesia's Ministry of Communications and Informatics, acknowledged that officials had long been aware that public e-mail addresses were "prone to trespassing" but said it was hard to enforce use of official e-mail accounts.
"Sometimes we have difficulties sending large e-mails with photos, file or video attachments, and are forced to use a public e-mail account. But we have reiterated that public e-mail should not be used for highly confidential matters," he said, adding that he used Gmail "in emergencies."
Revelations this week by NSA contractor Edward Snowden of a program called Prism to sift data from U.S. web companies has raised fears of a close relationship between the companies and the NSA, something denied by both sides. Whatever the truth, the reliance of Asian officials on such services highlights how vulnerable they are to eavesdropping.
At a recent conference of the United Nations Economic and Social Commission for Asia and the Pacific in Bangkok, for example, officials from 20 of 33 Asian countries represented included Gmail, Hotmail or Yahoo addresses on their contact forms.
Of 18 Thai officials attending, only six gave only their official email address. This was despite all government officials being issued secure e-mail addresses.
"Government officials use the web domain go.th and we can vouch that this is secure," government spokesman Theerat Rattanasewee however said.
Officials around the world use personal e-mail addresses for personal matters, but in parts of Asia some have little choice but to use them for official business. Some ministries and agencies have no domain of their own, while those that do are poorly serviced or cannot be accessed via smartphones, officials say.
A former Laotian government employee said most official agencies and ministries had their own websites "but they are not really convenient. Sometimes they break down, are slow and have very low qualified service."
Marek Bialoglowy, Jakarta-based security consultant and chief technology officer at ITSEC Asia, said: "Government employees in Asia-Pacific countries often ask to send e-mails to Gmail or Yahoo, because their official e-mail rejects large or encrypted attachments.
"Highly sensitive information could be accessible to anyone with access to such personal e-mail accounts, either Prism staff or someone who just cracked a shared password."
Some countries, however are firm in applying rules. In Singapore, senior officials use separate computers to access the Web and for internal communications.
Spokesmen at Japan's foreign and defense ministries said transmitting work-related information through web-based e-mail services was strictly prohibited.
"There has been a long-established rule within the foreign ministry against using such services as Gmail and Yahoo mail for work, and as a matter of fact we are not using them," said Masaru Sato, director of the foreign ministry's international press division.
Chief Cabinet Secretary Yoshihide Suga told reporters on Wednesday: "Apart from (what's happened in) the United States, the Japanese government intends to review and reinforce information security, which has been a matter of importance in many ways."
Other nations in the region have taken a more flexible approach. Indian government officials said any eavesdropping on their web-based communications would not be a problem, because they used their official accounts for all internal communications and commercial services only to communicate with journalists and the outside world.
"I don't care if the Americans are watching that," one official said. "If I am sending it by Gmail, I want the world to know."