THE HISTORY OF ENCRYPTION IN BRAZIL IN 2016 AND ESTIMATES FOR 2017
The year 2016 was full of discussions on encryption applied to our daily lives. In Brazil, WhatsApp was the main character of the discussions. Since April 2016, the app has adopted end-to-end encryption. However, since 2015, the issue can be seen within the Brazilian context and there are key perspectives ahead.
2015 blocks and end-to-end encryption
Even prior to adopting end-to-end encryption, WhatsApp had been blocked twice during 2015. First on 2/25/15 due to a court order from Piauí because the app had refused to provide information on users who were under investigation. Then on the same year for the same reason, but the court order for service interruption was issued by the 1st Criminal Court of São Bernardo do Campo.
In April 2016, the app implemented end-to-end encryption to its users’ conversations. Thus, only the sender and corresponding receiver cellphones contain the readable-format messages. The new technology pleased users for its increased security, and apparently made it impossible to provide information required by courts.
First blocking event in 2016 and diverse reactions
After using end-to-end encryption, not long had elapsed for the app to be blocked again. In early May, the Court of Sergipe ordered the telephony operators to block the app for 72 hours. Such request was justified by the non-compliance with a court order requiring information which would assist in an ongoing police investigation. In March 2016, such non-compliance caused Facebook Regional CEO to be arrested, as such company owns WhatsApp.
To revert blocking, the app filed a Writ of Mandamus with the Justice Court of Sergipe. The judge pointed that such a case should be sentenced before the STF (Supreme Federal Court)[1], and that the “writ was required to be granted, considering that there is conflict of principles in the established law”.
Meanwhile, the Socialist Popular Party (PPS) filed an action against Violation of Fundamental Constitutional Right (ADPF 403) with the Supreme Federal Court. The party intends to prevent new blocking to the app.
Still in May, the Public Prosecutor’s Office (MPF) initiated an investigation as to the constitutionality of the use of end-to-end encryption by WhatsApp[2]. The investigation is based on art. 5 of the Brazilian Constitution, item XII:
XII – secrecy of mail and telegraphic communications, data and telephone communications is uninfringeable, except, in the last case, by court order, under circumstances and as established by the law for the purpose of criminal investigation or criminal procedural instruction.
The Olympic Games held in Brazil at the time and the required enhancement of security by the Government in preparation for the event made encryption a concern to police investigations.
Still in May, Decree 8.771/2016 was enacted, which regulated some matters of the Marco Civil of Internet. Under its art. 13, the decree points out that encryption is one of the security standards to be adopted by connection providers and applied on any personal data handling.
Second blocking and an unclear project
In July, the app was blocked again. The Justice Authorities in Rio de Janeiro provided a similar reason as those of the other interruptions. However, no period was defined to conclude the blocking.
PPS, using a provisional remedy with ADPF 403, reverted the blocking. The decision rendered by Minister Ricardo Lewandowski asserts that the remedy violates free speech and is not proportional:
“Well then, suspension of the WhatsApp application service, that enables users to exchange brief typed messages through the world wide web, as wide as determined, seems to violate the elementary standard of the free speech mentioned herein, as well as the law governing the matter. In addition, extending the block to the whole national territory, represents, to say the least, a measure which is not proportional to the reason which led to this.”
Thus, the provisional remedy was granted, and the app returned to its regular operations.
In July, 12 suspects of planning a terrorist attack during the Olympic Games were arrested by the Federal Police. There were many speculations on how the police conducted such investigation[3]. However, contrary to popular belief, the encryption of the WhatsApp accounts of the suspects had not been broken, as the authorities used an undercover agent for the investigation[4].
The government, however, indicated that it intends to restrict application of encryption. Attorney-General Alexandre de Moraes announced he was working on a bill regarding the issue. Little information was provided on the project contents; however, the idea is for companies using encryption to be forced to provide the requested information.[5]
What to expect in 2017?
ADPF 403 is still the main character of any discussion resulting into encryption. In late 2016, the STF opened enrollments for technology experts to participate in a Public Hearing on the case. The quite technical questions are focused on the possibility of intercepting end-to-end encryption. So far, the statements provided by the STF on the blocking events to the app indicate prevalence of the right to free communications.
On the other hand, there is a possibility for the bill mentioned by the Attorney-General to be proposed. Although its contents are unknown, it will quite probably be unfavorable to encryption in view of police investigations.
Furthermore, in early 2017, a failure in the app encryption protocol was found, so that the messages could be intercepted by the company.[6] Such discovery may have great impact upon ADPF 403.
The discussion involving encryption in Brazil is limited. It is restricted to the dichotomy between free communication and support to police investigation. However, encryption has many more features, such as: protecting bank transactions, security standard of personal data and developing other technologies, such as blockchain. These are some examples that go beyond private communication. In addition, they must also be included in discussions on the subject.
