Running head: THE BRAZILIAN FEDERAL DATA PROCESSING SERVICE 1

The Brazilian Federal Data Processing Service

CIS512 Advanced Computer Architecture

Albert Dominic
THE BRAZILIAN FEDERAL DATA PROCESSING SERVICE 2

The Brazilian Federal Data Processing Service

In this case study, I will evaluate the pertinent ethical issues as well as the internal architectural

model of the Brazilian Federal Data Processing Service. The study is prompted by the Brazilian

government’s decision to severe ties with the US due to recent findings that the NSA have been

intercepting government communications illegally. The study has multiple objectives: I) analyzing the

types of organizational and computer architectures employed in integrating systems, ii) developing an

enterprise system architecture plan to resolve the identified ethical problem.

Ethical Issues

Currently, the Brazilian Federal Data Processing Service seeks to install new computer systems

to bypass and reduce reliance on the US’s internet services. The Servico Federal de Processamento de

Dados (SERPRO) is a private organization created by the Brazilian government with the objective of

providing networking services and communication facilities to Brazil’s government agencies. The

organization has the resources to fulfill this mandate and is also part of international organizations that

are also against the unwarranted surveillance by the NSA. Since it is feasible to develop the appropriate

communications infrastructure, it is important to assess whether the situation justifies such an

undertaking.

The main driver behind the proposed changes are revelations from leaked NSA documents

which show that the NSA monitored and intercepted email communications from Brazilian agencies.

These actions were in contravention of International Security Law which makes them illegal (Constant,

2013). Therefore, there exists a need to protect government communications from security breaches

which represents the greatest challenge for SERPRO. In addition to the NSA’s surveillance, the leaks

by a former NSA contractor, Edward Snowden also revealed that the Canadian Security Establishment

(CSE) tracked and monitored all emails and phone calls from Brazil’s ministry of Mines and Energy.
THE BRAZILIAN FEDERAL DATA PROCESSING SERVICE 3

The continued surveillance by foreign intelligence agencies breaches international and domestic

laws thus creating an ethical problem for SERPRO which has the mandate of designing and developing

a robust communications system impervious to surveillance (Constant, 2013). The targeting and

monitoring of government communications should be condemned as unethical and illegal as they

violate the International Cyber Security Law and the Computer Fraud and Abuse Act of 1984.

Security Deficiencies in the SERPRO’s System Architecture

Despite being the leading security firm in the country, the Brazilian Federal Data Processing

Service has multiple security flaws in their security and systems architecture (Smith et al. 2011).for

example, the implemented security protocols were not enough to ensure data security in international

communications (Constant, 2013). The transmitted data was easily accessible to third parties leading to

the current situation. Furthermore, SERPRO’s systems could not identify data breaches and locate the

offending parties. Therefore, there is a need to remodel the communications architecture to improve

compliance with Cyber security policies and regulations.

SERPRO’s Proposed Architecture Plan

SERPRO has suggested the implementation of an “anti-spoofing email system” which would

resolve the data breaches from US and Canadian intelligence agencies. The system would be hosted

locally allowing the protection of government and citizen data from prying entities (Constant, 2013). If

implemented correctly, the system can resolve the identified business and ethical issues as the proposed

emailing system will also protect online transactions, tax returns, and Brazilian citizens’ information

through the use of digital certificates and encryption to limit access. The emailing system would limit

access to digital information to pre-authorized parties. Moreover, the pertinent data would be stored in

datacenters located in Brazil to enhance privacy and confidentiality (Constant, 2013).

THE BRAZILIAN FEDERAL DATA PROCESSING SERVICE 4

An alternative to the proposed emailing system is a Secure Email Middleman as proposed by

the National Institute of Health (NIH). The method provides an alternate approach to PKI based

technologies which are increasingly insecure due to technological innovations (Smith et al., 2011). The

secure email system employs non-PKI S/MIME technologies to secure email communications before

transmission.

SERPRO can also implement Data Loss Prevention (DPL) methodologies to secure their

communications (Hornung, 2005). Many organizations and entities such as Trend Micro have

implemented this approach successfully to secure communications from unauthorized access.

Furthermore, a certificate-based or bio-metric authentication system would provide robust security

measures.

Precautions to Mitigate Security Breaches

After assessing different government agencies and leaked NSA documents, it is clear that the

United States government as well as the Canadian Intelligence agencies have implemented effective

measures to prevent security breaches and secure communications. The US government employs two

and three-factor authentication protocols in securing their data to prevent unauthorized access (Smith et

al., 2011). SERPRO can also implement a similar system to give users control of the data available to

third parties.

Furthermore, SERPRO should engage qualified third-parties to conduct periodic and objective

penetration tests on their communication systems. These tests would help in evaluating the security of

established communication systems. Furthermore, they should implement systems to determine human

and social threats to confidential communications.

If one or more of these precautions are implemented, then public and private institutions can

protect their communications in addition to preventing financial and reputational losses associated with
THE BRAZILIAN FEDERAL DATA PROCESSING SERVICE 5

data breaches. Therefore, the government and appropriate legislation bodies should implement

appropriate precautions to secure both local and international communications.

THE BRAZILIAN FEDERAL DATA PROCESSING SERVICE 6

References

Constant, L. (2013). Brazil to fortify government email system following NSA snooping revelations.

The country's Federal Data Processing Service has been tasked with the job. Network World.

Retrieved from: http://www.networkworld.com/article/2170810/security/Brazil-to-fortify-

government-email-system-following-nsa-snooping-revelations.html

Hornung, M. S. (2005). Think before you type: A look at email privacy in the workplace. Fordham J.

Corp. & Fin. L., 11, 115.

Smith, H. J., Dinev, T., & Xu, H. (2011). Information privacy research: an interdisciplinary review. MIS

quarterly, 35(4), 989-1016.