NIS admits to packet tapping Gmail

Posted on : 2011-09-16 11:46 KST Modified on : 2019-10-19 20:29 KST
If proven, international fallout could occur over insecurity of the HTTP Secure system
(Photo by Park Jong-shik)
2010. (Photo by Park Jong-shik)

By Noh Hyung-woong 


It has come to light that the National Intelligence Service has been using a technique known as “packet tapping” to spy on emails sent and received using Gmail, Google’s email service. This is expected to have a significant impact, as it proves that not even Gmail, previously a popular “cyber safe haven” because of its reputation for high levels of security, is safe from tapping.

The NIS itself disclosed that Gmail tapping was taking place in the process of responding to a constitutional appeal filed by 52-year-old former teacher Kim Hyeong-geun, who was the object of packet tapping, in March this year.

As part of written responses submitted recently to the Constitutional Court, the NIS stated, “Mr. Kim was taking measures to avoid detection by investigation agencies, such as using a foreign mail service [Gmail] and mail accounts in his parents’ names, and deleting emails immediately after receiving or sending them. We therefore made the judgment that gathering evidence through a conventional search and seizure would be difficult, and conducted packet tapping.”

The NIS went on to explain, “[Some Korean citizens] systematically attempt so-called ‘cyber asylum,’ in ways such as using foreign mail services (Gmail, Hotmail) that lie beyond the boundaries of Korea‘s investigative authority, making packet tapping an inevitable measure for dealing with this.”

The NIS asserted the need to tap Gmail when applying to a court of law for permission to also use communication restriction measures [packet tapping]. The court, too, accepted the NIS’s request at the time and granted permission for packet tapping.

Unlike normal communication tapping methods, packet tapping is a technology that allows a real-time view of all content coming and going via the Internet. It opens all packets of a designated user that are transmitted via the Internet. This was impossible in the early days of the Internet, but monitoring and vetting of desired information only from among huge amounts of packet information became possible with the development of “deep packet inspection” technology. Deep packet inspection technology is used not only for censorship, but also in marketing such as custom advertising on Gmail and Facebook.

The fact that the NIS taps Gmail, which uses HTTP Secure, a communication protocol with reinforced security, means that it possesses the technology to decrypt data packets transmitted via Internet lines after intercepting them.

“Gmail has changed its default setting to an encrypted protocol (HTTPs) since 2010, right after it was revealed that Chinese security services had been tapping it,” said one official from a software security company.

“Technologically, decrypting it is known to be almost impossible. If it turns out to be true [that the NIS has been packet tapping], this could turn into an international controversy.”

Google Korea spokesperson said, "We employ email security technologies that go beyond the industry standard."

“The revelation of the possibility that Gmail may have been tapped is truly shocking,” said Jang Yeo-gyeong, an activist at “It has shown once again that the secrets of people’s private lives can be totally violated.”

Lawyer Lee Gwang-cheol of MINBYUN-Lawyers for a Democratic Society, who has taken on Kim’s case, said, “I think it is surprising, and perhaps even good, that the NIS itself has revealed that it uses packet tapping on Gmail. I hope the Constitutional Court will use this appeal hearing to decide upon legitimate boundaries for investigations, given that the actual circumstances of the NIS’s packet tapping have not been clearly revealed.”


Please direct questions or comments to []