‘IGF 2019: Open Letter’

Open letter from representatives of Brazilian civil society facing threats to the democratic, free and open internet in Brazil

In the context of the 2019 Internet Governance Forum, the organizations which are part of the Network Rights Coalition publicly denounce the threats posed to the democratic, free and open Internet in Brazil and to the rights of Brazilian citizens. The current political situation in Brazil adds to the global concerns about the direction of internet development, based on a business model of increasing exploitation of personal data and the formation of digital monopolies, and the increasing attempts to regulate the internet from a criminalizing and undemocratic point of view.

The growth of surveillance initiatives by the Congress and the government in Brazil this year are worrisome. Since the inauguration of the new President of the Republic and the new National Congress, several bills and public policy proposals have been presented expanding state surveillance through technologies, under the justification of combating terrorism and the improvement of public safety services. Many of these initiatives aim to expand the state’s police powers on the network by intending some changes of the Brazilian Civil Rights Framework for the Internet (known as the “Marco Civil”) which requires prior judicial authorization for access of users’ usage records by the authorities. In other cases, the proposed projects require that platforms store copies of their users’ private cryptography keys in order to allow the authorities exceptional access to the content of private communications messages. In the same vein, there are proposals to force Internet providers to monitor users’ activities extensively in order to allegedly detect suspicious and illegal conduct, in a clear violation of user privacy. Even more worrying, the government has issued several presidential decrees providing for the centralized and massive processing of sensitive citizens data by the State without due safeguards, including biometric data, measures condemned by the European General Data Protection Regulation (GDPR) and in violation of the Brazilian General Law on Personal Data Protection (LGPD), approved in 2018.

It is noteworthy that the current Minister of Justice and Public Security, Sergio Moro, presented a proposal called “Anticrime Package” which, among other measures, determines the submission of prisoners to the identification of the genetic profile through DNA collection and, where possible, collecting iris, face, and voice data to support federal, state, or district criminal investigations.

The use of automated facial recognition systems by police is also growing in the country. These draft laws and surveillance policies call into question democracy and the rule of law by threatening citizens’ fundamental rights and freedoms, such as privacy, self-determination, freedom of expression, equality and freedom of association. In addition, research has shown that automated systems and the use of algorithms reflect and reinforce approaches and prejudices about gender, race/ethnicity, and class in society. In Brazil, according to data published by the Safety Observatory Network, 151 people were arrested through the use of facial recognition technology in five regions in 2019 — 90% of them are black. It is well known that these technologies are also flawed and should not guide public safety policies. A study by the University of Essex in the United Kingdom looked at 42 cases of facial recognition and found that only 8 were successful, less than 20%.

The surveillance logic has spread throughout the country as the federal government encourages other states and municipalities to implement similar policies as the government approved the use of funds from the National Public Security Fund to implement facial recognition systems and optical character recognition, among others. So Brazil is heading in the opposite direction in relation to other regions. The recognition that these technologies threaten everyone’s freedom, starting with the right to privacy, has led the city of San Francisco to ban the use of face recognition in public places by government agencies, for example.

Freedom of expression, a fundamental right and principle of a free and open Internet, is also at risk in the face of a series of bills under the justification of curbing hate speech and disinformation. Some of these projects aim to modify the Brazilian Civil Rights Framework for the Internet considered a worldwide reference. In its Article 19, the law requires that Web services providers, blogs and applications or digital platforms should only remove content posted by third parties after receiving a court order, except for content that violates intimacy. The purpose of this article is to protect the freedom of expression of users on the growth of cases of removal of content by private platforms that have come to define what content can remain on the network. Amending it may institute notice and takedown procedures that already exist in other countries, transferring oversight power to providers, platforms and copyright holders, thus threatening freedom of expression.

The National Congress is dealing with several bills that aim to make digital platforms liable for content generated by third parties. There is an increase in the last year of automated content removal. The argument used by lawmakers for the change in legislation is the growth of hate speech, harassment and misinformation on the net, and copyright infringement. However, the change of law may lead Brazil to adopt arbitrary procedures for notification and withdrawal of content.

Liability of intermediaries is a threat to freedom of expression and was considered as a form of prior censorship by the freedom of expression rapporteurs of multilateral organizations. This view is in line with a decentralized and free Internet model as the most effective way to protect freedom of expression and to encourage plurality and diversity. The liability for illegal content should fall on those who posted the content. Laws that determine illegal content should be enforced by the courts and not by private companies, always observing the defendants’ full defense rights.

We are also concerned about the announcement of the privatization of two state-owned ICT companies in the government, SERPRO and DATAPREV. They are two of the largest Brazilian companies that control a huge set of personal data of citizens. DATAPREV stores data related to 35 million people regarding social security. SERPRO holds data on Income Tax, CPF (Taxpayer Identification Number), Driver’s License, passports, among others. The privatization process has not gone through any public discussion about how sensitive citizen data will be handled, nor about any adequacy about the new data protection legislation (LGPD). The simple privatization and transfer of this information to a private company can mean outsourcing to third parties the largest databases of Brazilian citizens, without safeguarding how the data will be used.

Finally, we want to highlight the threat to the country’s leading multistakeholder Internet governance entity: The Brazilian Internet Steering Committee (CGI.br). The entity has the participation of the government, the private sector, the scientific and technological community and the third sector, and it is seriously threatened of interference from the new government. Elections for non-governmental members, chosen through electoral colleges, have been delayed since the beginning of the year with no forecast for the start of the election schedule. At the same time, the electoral commission was formed with a government majority to oversee the election of non-governmental members. The next elections risk being manipulated by the government.

In this regard, we, a network of over 37 civil society organizations, would like to advocate:

  1. The bases of the Brazilian Civil Rights Framework for the Internet must be respected in the sense this legislation has been the result of a debate of all sectors of Brazilian society for over seven years and which is recognized worldwide as a model for ensuring democratic principles in the network;
  2. The elections of CGI.br have to be respected, preserving the autonomy of non-governmental sectors in the formation of electoral colleges and in the election of their representatives;
  3. Public security initiatives must be guided by respect for the recently approved data protection legislation (LGPD) and must be guided by respect for the privacy of citizens;
  4. The enactment date of the Brazilian General Data Protection Law should be maintained, so that Brazilian citizens’ privacy is effectively protected.

Having said that, the following subscribed organizations publicly reinforce the defense of democratic pillars and freedom of expression and express a great concern about the current Brazilian situation.

Berlin, November 27, 2019

Network Rights Coalition