Watch out: NSA scandal shall not masquerade national threats to privacy protection in LatAm

by Digital Rights LAC on August 27, 2013

NSA final

The picture we sketch shows a dissonance between Latin American leaders reactions to the Snowden case and their governments’ practices regarding the respect and protection of privacy within their own borders, which highlights some ironies and threats of such nationalists reactions.

By Joana Varon y Ramiro Ugarte*

Side effects of reinforcing strong ideas of Sovereignty and National Security on the Web

Latest denounces of a massive surveillance scheme performed by the USA National Security Agency (NSA) have brought privacy issues to the headlines of international media. That’s because revelations of classified documents by former NSA contractor Edward Snowden have confirmed what many feared: our communications are being closely watched; private companies with access to personal data and other public agencies from Western countries are part of governmental surveillance schemes and the scope of these activities is broad and overreaching. Believe it or not, just like in the movies or conspiracy theories, programs such as PRISM, Fairview and XKeysScore and even satellite interception have been used by the US government to access not only our metadata , but also the content from emails and phone calls from citizens all over the world.

Due to subsequent events, Latin America was particularly in focus. When Mr. Snowden left Hong Kong and arrived in Russia, many speculated he would ask for asylum in a Latin American country, probably having in mind Julian Assange, founder of WikiLeaks, asylum at the Ecuadorian Embassy in London. Eventually, those hunches proved to be true: Venezuela, Bolivia and Nicaragua offered Snowden asylum.

At the same time, president of Bolivia Evo Morales’ plane was denied safe passage through the air space of a few European countries, which sparked protest from UNASUR, the Union of South American Nations. In a statement, UNASUR said that “illegal espionage practices jeopardize civil rights and the friendly coexistence among nations” . In the same time period, Gleen Greewald, journalist from The Guardian who received about 20,000 secret files from Snowden, wrote an article denouncing that Brazil was a priority nation for surveillance, along with China, Russia, Iran and Pakistan. The surveillance was allegedly conducted through partnerships between Brazilian telecoms companies and US Agencies (NSA, CIA, etc). In a subsequent public hearing at the Brazilian Senate , Greenwald also mentioned that while the pretexts for espionage were terrorism and national security, the NSA had been collecting strategic data for economic reasons from several countries in Latin America. Besides Brazil, he specifically mentioned data collection on oil and military purchases in Venezuela and on energy and narcotics in Mexico and Colombia. In face of such events, the region has also been visited for the first time by US Secretary of State, John Kerry. Kerry, who once referred to the region as the United States’ “backyard”, came to Colombia and Brazil to address, as the Brazilian chancellor called, “a new challenge in the bilateral relationship”.

Indeed, all these revelations gave rise to inflamed statements within the region. President of Argentina Cristina Fernández condemned mass surveillance at the United Nations Security Council and talked about the “sacred right to privacy”. Enrique Peña Nieto, Mexican president, said their Foreign Ministry had asked for an explanation about the spying allegations. Officials in Chile and Colombia made similar statements, though the Colombian visit of US Secretary of State, surprisingly, didn’t sparkle wrathful comments in the media.

Brazilian reactions where even more pragmatical, President Dilma Rousseff urged for explanations from the US government, asserting that, if true, such actions would represent “violations of sovereignty and human rights”. The country has also made considerations about proposing changes in the field of Internet regulation, both nationally and internationally, specifically mentioning the wish to address the issue at the Human Rights Council and the International Telecommunications Union. Something similar has been reflected during Mercosur meeting, where leaders have expressed the desire to push for an international regulation of the internet, with an emphasis on cyber-security to guarantee the protection of communications and preserve the sovereignty of States.

While on one hand these reactions are good news for a region with many shortcomings in terms of privacy protection, on the other hand, the discourse of sovereignty and cybersecurity can be dangerous, as it serves both ways. It could be used for national protection, but also as an argument for implementing hasty solutions, in disregard of the architecture of the web. Even worst, it could lead on promoting an exaggerated increase on the role of States in internet governance, not taking into account other stakeholders. Such reaction could jeopardize significant innovations and increase the availability of tools for national surveillance. In Brazil, for instance, this possibility is already coming true by recent proposals for nationalization of data centers.

In this brief essay, we want to highlight some of the privacy-related-issues we see in some Latin American countries. Not willing to diminish the importance of the actual “Snowden conjecture” , the picture we sketch shows a dissonance between Latin American leaders reactions to the Snowden case and their governments’ practices regarding the respect and protection of privacy within their own borders, which highlights some ironies and threats of such nationalists reactions.

Issues on surveillance in LatAm

Even in face of such outstanding revelations of mass surveillance by US and allies, it is always important to remember that many — if not all — countries in Latin American face their own problems in terms of State surveillance. This fact has been clearly exposed by the report on the “implications of State surveillance of communications on the exercise of human rights to privacy and freedom of expression”, presented in June by the UN Special Rapporteur on Freedom of Expression, Frank la Rue, at the Human Rights Council .

In Argentina, for instance, the oversight mechanisms of security agencies face huge challenges. Several abuses have been documented in the past, which range from the infiltration of a news agency by the Federal Police intelligence division to the surveillance of left-leaning activists and the public disclosure of personal emails belonging to politicians, journalists and businessmen. In response to a critical scenario, two civil society organizations have called for reform and demanded more transparency from the parliamentary commission in charge of controlling the intelligence activities.

In Colombia, the “Departamento Administrativo de Seguridad” (DAS) has been found responsible for spying and threatening journalists, which sparked a public controversy that eventually lead to changes at the top of the intelligence agency and even to a legal reform.

In Brasil, Governor of Rio de Janeiro, Sergio Cabral, in face of the wave of public manifestations against it’s rule, has recently issued a very polemical decree. It established that telecom operators and internet service providers would have a maximum deadline of 24hs to disclose user’s data, without a court order, for a special Investigative Commission. Luckly, due to public protests about the unconstitutionality of such decree, the text was changed to include the need of a judicial order . Nevertheless, even in the shadow of NSA criticisms, it became public that the Brazilian Intelligence System – ABIN has recently built a scheme for monitoring social networks to collect citizens data, allegedly to foreseen protests, specially during the visit of the Pope.

As La Rue wisely states in his report: “concerns about national security and criminal activity may justify the exceptional use of communications surveillance technologies. However, national laws regulating what would constitute the necessary, legitimate and proportional State involvement in communications surveillance are often inadequate or non-existent. Inadequate national legal frameworks create a fertile ground for arbitrary and unlawful infringements of the right to privacy in communications and, consequently, also threaten the protection of the right to freedom of opinion and expression.”

Indeed, sometimes, abuses of privacy rights by national intelligence agencies, and even by a hide range of other public bodies and private companies, happen in legal frameworks which –in many cases– follow European standards in terms of data protection. For instance, countries such as Argentina, Peru, México, Chile, Colombia, Paraguay and Uruguay have Data Protection Laws and several legal guarantees against the misuse and abuse of personal information. Sadly, these laws are not enough to guarantee that citizens living under them are not being surveilled or their data is not being used for unknown purposes, without users consent. In Argentina, for instance, the authorities in charge of enforcing data protection guarantees lack resources and powers to do so efficiently. At the same time, most of these laws do not address issues concerning the specific nature of the Internet.

In an everlasting attempt to do so, Brazil has two draft bills under debate: the so called “Marco Civil da Internet”, that ensures rights and responsibilities for internet users and intermediaries; and the draft bill for Data Protection. On the other hand, while these projects don’t get approved, agreements and regulations tend to be signed in disregard of users rights. Just last week, a scoop revealed that the Superior Electoral Court in Brazil had an agreement with Serasa (a company that manages a database on the credit situation of consumers) to provide information of 141 million voters to that private company. Luckily again, after public outcry, the agreement got suspended.

But the attempts to undermine privacy rights doesn’t stop there: during the early days of debate from Marco Civil, the Telecom Regulatory Agency – Anatel, in disregard of any ongoing discussion, has approved a regulation for mandatory retention of connection logs by ISPs for three years, without proper specification of provisions on privacy protection, with severe implication for human rights. In may, 2013, the Agency has changed this provision by resolution 614/2013 in coherence of the debates at Marco Civil, but the comings and goings reflects how unstable is the legal framework for addressing the issue.

It is important to recall that some changes in national legislation tend to be inadequate, once they don’t reach important actors in the communication flow. Nevertheless, they could also be harmful to the architecture of the Internet, causing a fragmentation, a Balkanization process of the web.

Conclusion

We should be aware to avoid the NSA scandal to be used to simply shift the approach for very nationalistic one, in total disregard of the threats of national surveillance. Unlike today, Governments have never been able to collect a huge amount of data for such a low cost, even using companies infrastructure to do so. It is important to recall that States and companies are by nature “dataholic” , because, while data for governments means control; for most of IT companies, it means profit. In this context, there is a mutual interest for disrespecting privacy rights, either for commercial interests or intelligence purposes. Thus, solutions such as nationalizing data centers doesn’t mean users won’t be surveilled.

Besides these technological and political economic aspects against privacy protection, there is also a socio-cultural one: privacy has become a fuzzy right as consequences of new social practices and habits. What before was deemed private, now is shared with millions on social networks. And as we spend substantial parts of our lives on the Internet, everything we do leaves traces behind us: data that could be tracked, stored, analyzed and processed by powerful actors, companies and States which are –to a great extent– unaccountable.

The issue is serious and forces us to insist on some old truths. Privacy has been a fundamental right in the consolidation of the first constitutional regimes. It was deemed as a pre-requirement to the exercise of fundamental democratic freedoms such as the freedom of expression, assembly and association. A government which controls what their citizens do, who they talk to and what they say is the opposite of the kind of government enshrined in our Constitutions. Yet, the national security narrative, specially in the post 9/11 world, is a powerful one and threatens to change the concept of democracy itself.

As the right to privacy is indeed under threat by powerful governments and corporate actors, it needs to be defended by those who depend on the right to privacy to give democracy a breathing space: us, internet users.

These are the only ones who can demand better practices from companies and better policies from their governments, such as, updating and passing Data Protection Bills in coherence with the online environment. Complete studies of how these laws are enforced are also needed to shed light upon its strengths and shortcomings. In the meantime, at the everyday life, users could also benefit from technical solutions. For instance, fostering the wide use of encryption tools in order to make surveillance activities more difficult.

Governments in Latin America should also foster research and development (R&D) for open, interoperable, secure and privacy compliance software innovations within the region. That would increase the diversity of internet services and applications providers, decentralizing even more the communication flows of the web. Privacy will only be guaranteed by decentralization. In the international scenario, these governments should also address regional and international human rights bodies, such as the Inter-American Commission of Human Rights and the Human Rights Council, which may prove to be fruitful venues to present claims about our rights and the demand their protection.

Only with the combination of these strategies we may have bigger chances to succeed in the the fight for the future of privacy. Latin America is a region where democracy is growing strong, but democracies cannot remain so without adequate privacy protections.

*Joana Varon Ferraz, pesquisadora e coordenadora de projetos no Centro de Tecnologia e Sociedade da Fundação Getúlio Vargas (CTS/FGV), Brasil.

*Ramiro Alvarez Ugate, Diretor de Acesso à Informação da Associação pelos Direitos Civis – ADC, Argentina.