Author: Ericson M. Scorsim

The Supreme Court of the United States ruled, in June, in the case Carpenter v. the United States, by majority vote, that government entities must obtain a warrant to access the data/information on the location and movement of suspects of crimes in FBI investigations, on cellphone networks.

The ruling that accepted to try this case before the Supreme Court, in the Certiorari to the United States Court of Appeals for the Sixth Circuit, presented the following issue:

“Whether the warrantless seizure and search of historical cell phone records revealing the location and movements of the cell phone user over the course of 127 days is permitted by the Fourth Amendment.”

Judge Robert cast the winning opinion, which was followed by Ginsburg, Breyer, Sotomayor, and Kagan. Justices Kennedy, Thomas, Alito, and Gorsuch cast the dissenting and defeated opinions.

The Court’s decision mentioned the fact that in the United States there are 396 million cellphone services accounts, within a universe of 326 million people.

The discussion revolved around the interpretation of the Fourth Amendment of the U.S. Constitution.

The American constitutional debate consists of examining whether the search and seizure of data/information on the physical movement of an individual through cell phone networks, requested by the authorities, require a warrant or not.

The issue is whether a third party (in this case, the cell phone companies), has the right to oppose the search of personal data/information.

It also involves the expectation of privacy before third parties (cellphone companies).

The majority opinion pointed out that technological innovations allow for the mass surveillance of the population. Hence the risks of technologies concerning the expectations of privacy of citizens, in violation of the fourth amendment.

By majority vote, the Supreme Court of the United States ruled that there is the expectation of privacy before third parties, namely the cellphone companies.

The U.S. Government invoked the Third-party Doctrine. According to this doctrine, the person has reduced expectation of privacy when information is shared with third parties.

As mentioned, the core issue is the expectation of privacy regarding the historical records on the location of an individual, by the recording of the movement of the respective users by the cellphone companies.

The majority opinion of the Supreme Court presented important considerations. According to the decision:

“The case before us involves the Government’s acquisition of wireless carrier cell-site records revealing the location of Carpenter’s cell phone whenever it made or received calls. This sort of digital data – personal location information maintained by a third party – does not fit neatly under existing precedents. Instead, requests for cell-site records lie at the intersection of two line of cases, both of which inform our understanding of the privacy interests at stake”.

The decision of the Supreme Court of the United States continues:

“Significantly, the Court reserved the question whether ‘different constitutional principles may be applicable’ if ‘twenty-four hour surveillance of any citizen of this country (were) possible.”

The decision also provides considerations on the issue of monitoring via GPS devices installed in vehicles, informing the whereabouts of people.

In this line, the majority opinion of the Court reads:

“A person does not surrender all Fourth Amendment protection by venturing into the public sphere. To the contrary, ‘what (one) seeks to preserve as private, even in an area accessible to the public, may be constitutionally protected.

(…)

For that reason, ‘society’s expectation has been that law enforcement agents and others would not – and indeed, in the main, simply could not – secretly monitor and catalog every single movement of an individual’s car for a very long period.

Allowing government access to cell-site records contravenes that expectation. Although such records are generated for commercial purposes, that distinction does not negate Carpenter’s anticipation of privacy in his physical location over the course of 127 days provides an all-encompassing record of the holder’s whereabouts. As with GPS information, the time-stamped data provides an intimate window into a person’s life, revealing not only his particular movements, but through them is ‘familial, political, professional, religious, and sexual associations.’

(…)

Accordingly, when the government tracks the location of a cell phone, it achieves near-perfect surveillance, as if it had attached an ankle monitor to the phone’s user.”

(…)

Moreover, the retrospective quality of the data here gives police access to a category of information otherwise unknowable. In the past, attempts to reconstruct a person’s movements were limited by a dearth of records and the frailties of recollection. With access to CSLI, the Government can now travel back in time to retrace a person’s whereabouts, subject only to the retention policies of the wireless carriers, which currently maintain records for up to five years. Critically, because location information is continually logged for all the 400 million persons in the United States – not just those belonging to persons who might happen to come under investigation – this newfound tracking capacity runs against everyone”.

On the other hand, in the dissenting opinions, which were defeated, the Justices felt that cell phone companies have the right to the property of the users’ historical records.

According to Justice Kennedy’s opinion, the recordings obtained by the government belong to the cell phone companies. Still, according to him, the information on the movement history of the user’s mobile device is not private.

In his dissent, Justice Thomas claimed that the Telecommunications Act is insufficient, and does not grant to the plaintiff the right of ownership of the cell phone networks’ recordings.

Another dissenting opinion highlighted that the Fourth Amendment does not regulate all the methods through which the government can obtain evidence, for criminal investigation.

In sum, the core theme debated by the Supreme Court refers to the reasonable expectation of privacy concerning the data stored by third parties (cell phone companies).

The majority decision was based on a constitutional interpretation of the Fourth Amendment of the American Constitution concerning its purpose, extending the requirement for a warrant to obtain personal information, protecting the person’s expectation of privacy (information on the records of their personal location).

The dissenting opinion, which was defeated, was grounded on a more restrictive and literal interpretation of the Fourth Amendment.

Another issue discussed refers to the right of ownership of the data stored by the cell phone companies.

There are substantial interests at stake, such as the right to include, exclude, and control the use of personal data.

Thus, who owns the data stored through cell phone networks: the users or the phone companies?

According to one of the dissenting opinions, the Telecommunication Act refers solely to the user’s right to privacy of their confidential information concerning the phone company. Thus, the company has a duty to respect the right to privacy of the user’s personal information.

In his vote, Justice Thomas states that the American telephone law does not recognize the right of property of the users concerning the data stored by the telephone companies.

As for the discussion on the interpretation of the Stored Communications Act (the American law applicable to electronic communications), the investigative authority has to show that the information on the personal location obtained through cell phone networks is relevant to the ongoing investigation for it to be admitted as evidence in a criminal case. However, according to the winning decision, this statute is not the proper mechanism for obtaining access to the recordings of cell phones’ location history.

On the other hand, according to the dissenting opinion, the Stored Communication Act authorizes Courts to order that the recorded history be handed over, provided that the government show specific and substantiated facts that such evidence (the recordings) is relevant to the ongoing investigation.

This United States Supreme Court case is relevant from the point of view of the constitutional interpretation of the right to privacy, especially concerning the treatment of data collected, processed, and stored by private companies.

Note that the matter is broader than the case tried by the USA Supreme Court, which was related to the telephony industry (cell phone companies). The issue of the privacy of personal information also has repercussions on financial institutions, credit card companies, digital payment services, e-commerce, and others. Hence the relevance of the theme, with effects to millions of people.

Artigo publicado no portal jurídico Migalhas Internacional em 18/07/2018.

The case of the data leak of Facebook’s platform, in the episode with the company Cambridge Analytica, with global impact in several countries, including Brazil, poses interesting questions in the context of comparative law, from an economic (the company’s economic value), political (elections), and legal (applicable regulation) perspective, examined below.

From an economic perspective, there is the impact on Facebook’s market value, which lost billions of dollars (through the devaluation of their shares) due to the illegal capture of data from users and non-users of the internet application. This fact also reflects on their business model, as well as the privacy policy and the degree to which the platform is open to application developers (Apps). In other words, the access to personal data on the Facebook platform by third-party companies that collect data through internet applications.

In the electoral realm, the case is related to the influence of Facebook’s digital platform on the elections in several countries, especially in the United States. The core issue is the possibility of manipulating public opinion, as well as the electorate’s vote, through social media campaign’s, including by spreading fake news. Thus, the matter is directly related to the risks of democracy, through campaigns to mislead the public’s opinion, as well as taking the truth out of context.

From a legal perspective, the case has implications on the regulatory model most appropriate to internet applications, such as Facebook, which is controlled by a technology company. The discussion revolves around the extent of state regulation, along with self-regulatory measures by the internet application provider itself.

Another legal aspect relates to the domestic laws of each country, examined below. In particular, the sectoral regulatory model for internet applications, as well as self-regulatory measures.

Thus, it is important to consider the greater context of the current regulations around the world on the protection of personal data, as well as the right of access to personal information by national authorities and foreign governments, in the cases allowed by law.

In February 2018, the United States passed the Cloud Act, which holds rules for the use of data collected overseas.

The United Kingdom, in its turn, passed the Data Protection Bill in January past, which legislates on the protection of personal data, with rules on the international transfer of data to other countries, as well as rules on data access by intelligence services.

This upcoming May, in the European Union, the Regulation of the European Parliament and Council on the protection of people and treatment of personal data will come into effect.

In Brazil, the Public Prosecutor’s Office of the Federal District has opened an investigation to verify if the personal data of Brazilians was unduly captured in the Facebook and Cambridge Analytica episode.

Brazil, however, unlike other countries, does not have a specific law on the protection of personal data; there is not even an agency to regulate this matter.

We will now examine the Facebook case (illegal collection of personal data), as well as it repercussion in different countries.

Artigo publicado no portal jurídico Migalhas Internacional em 11/04/2018.

This article presents a comparative analysis between jurisdiction in Brazil and in the USA in two relevant cases given their impact on internet application and technology companies.

On one hand, in Brazil, the technology companies that provide internet application services (such as Google, Facebook, Youtube, etc.) and have headquarters abroad, face issues regarding the interpretation of the Brazilian laws, especially as to the compliance with court orders to submit the contents of private communications stored in their servers.

On the other hand, in the USA, North American technology companies also face issues such as the requisitioning of email content from these service providers, whereas the content of the private communications are stored in servers abroad.

In Brazil, a Direct Motion of Unconstitutionality was filed before the Brazilian Supreme Court under number 51/2017, for the constitutional review of Decree No. 3810/2001 that enacted the Mutual Legal Assistance Treaty between Brazil and the United States, examined below.

In the USA, there is the case United States versus Microsoft, in progress before the USA Supreme Court. The case debates whether email services providers, which have the control over their users personal data, have the legal obligation to disclose the content of electronic communication, even if the material is stored in servers located outside of the USA.

The Federation of the Associations of Information Technology Companies (“ASSESPRO NACIONAL”) filed a declaratory motion of constitutionality (Adcon No. 51/2017 to have Federal Decree No. 3.810/2001 declared constitutional. This Federal Decree enacted the Mutual Legal Assistance Treaty in Criminal Procedures between Brazil and the United States of America.  Under this legal statute, a letter of request must be issued in cooperation processes between Brazilian and USA authorities in matters of criminal investigation, prosecution, and crime prevention.

According to the technology company association that filed the motion, many Brazilian courts are not applying the said Decree. That is why the Association filed the direct motion of constitutionality, as it is the proper legal instrument to review the constitutionality of the decree and, thus, its practical application by the Brazilian Courts. The only case in which the Decree should not apply is if it is found to be unconstitutional, which has not yet been declared by the Brazilian courts.

What is happening is that the technology companies with headquarters in the USA that provide internet application services (such as email, social media, digital advertising, etc.) in Brazil are being mandated by the courts to submit the contents of private communications between their users. If they fail to comply with such court orders, the internet application providers are held civilly liable, with the application of severe fines, and criminally liable for the crime of contempt of court.

They argue that internet application providers headquartered in the United States are subject to the laws of that country. In this regard, the laws of the USA impose strict limits to the delivery by internet application providers of the contents of private communications between their users (such as emails).

The argument presented in the case ADCON No. 51 is that, by failing to apply Decree No. 3810/2001, the Brazilian courts are violating the constitutional principles of sovereignty, confidentiality of private communication, the due process of law, equality, and free enterprise.

The Plaintiff also claims that the Brazilian Internet Regulatory Framework does not exclude the application of international treaties to which Brazil is party to. In the present case, the Mutual Legal Assistance Treaty, in the form of Decree No. 3810/2001, is deemed to be a formal law, as it has been received by the Brazilian legal system.

Facebook joined the action as amicus curiae (ADCON No. 51).  It claims that its activities are subject to the Electronic Communications Privacy Act.  This North American law forbids the disclosure of the content of private communications stored by the electronic communications services providers, notwithstanding the exceptions set in the law itself.

According to the company Facebook Brasil, it does not have managerial control over the data of the company Facebook Inc., based in the United States. Facebook Brasil only voluntarily provides information to Brazilian authorities in case of emergency (risk of death and/or severe bodily harm to a person). Therefore, Facebook Inc. is governed by the United States laws, as is headquartered in that country.

It also claims that the contents of private communications cannot be directly provided to Brazilian authorities, except with a court warrant issued by a U.S Court. According to the company, U.S law does not allow internet application providers to disclose the content of private communications directly due to a Brazilian court order, otherwise the company may be held liable for violation of the U.S law.

Another question is if it is possible to extend the application of Brazilian laws and the Brazilian jurisdiction to companies with headquarters abroad and, respectively, given the sovereignty of the foreign State.

In sum, the case portrayed in ADCON No. 51 is interesting as it deals with the constitutional principles of sovereignty, independence of States, international cooperation, principle of territoriality of jurisdiction, due process of law, and the rights to communication and to privacy of communication.

As for the United States of America, the case of United States V. Microsoft Corporation  is in progress before the American Supreme Court. This case regards the possibility of the United States government obtaining, through court orders, the contents of private communications, such as emails, stored in computers/servers/datacenters located outside of that country.

The original case refers to a drug-trafficking criminal investigation, in which the Government requested an order for Microsoft to disclose email information. Microsoft refused to deliver the content of the email, claiming that it changed the email storage location to Ireland, and that the Stored Communications Act cannot be applied outside of U.S territory.

Here is an excerpt from the original brief filed by Microsoft before the U.S Supreme Court: “Whether a United States provider of email services must comply with a probable-cause based warrant issued under 18 U.S.C 2703 by making disclosure in the United States of electronic communications within that provider’s control, even if the provider has decided to store that material abroad”. According to the U.S government, grounded on 18 US.C 2703, authorities from that county may require electronic communication providers to disclose the content of communications.

In contrast, Microsoft claims that the American law on electronic communications is applicable only to acts committed within U.S territory. It argues that the Stored Communication Act focuses on protecting the safety of private communications, hence the trust that users have that the electronic communications providers safely store the content of their communications in electronic servers.  It also claims that it offers services such as MSN, Hotmail, and Outlook, storing thousands of user emails in data centers located in over 40 countries.

According to Microsoft, the U.S. Congress did not signal that the Stored Communications Act should be applied outside of U.S territory. Thus, a order to copy and import communications stored in foreign territory is an illegal and extraterritorial application of the Stored Communications Act.

Also, according to Microsoft, the Stored Communications Act comprehends solely communications stored in the United States, as the focus of the statute is to protect electronic communications stored and avoid the disclosure of private communications. So, the focus on the disclosure of electronic communications is contrary to the original intent of the American legislators.

The conclusion: “For now, the presumption against extraterritoriality limits the SCA, and the warrant issued under it, to communications stored on U.S. soil”. Moreover, the U.S Congress may update the Stored Communications Act, considering the conflict between the application of the law and international relations with other countries, the privacy of citizens, and the competitiveness of the technological industry.

The European Union, the United Kingdom, New Zealand and Ireland have requested participation in the case United States x Microsoft by filing an amicus curiae brief.

So, as an illustration of the above, the European Union claims that the proper procedure would be to consider the internal laws of the European Community in relation to the protection of personal data, especially in relation to data stored in its territory. The European regulation contains specific rules on the transfer of personal data between countries, especially in relation to non-European countries.

The Brazilian NGO InternetLab, connected to Fundação Getúlio Vargas, filed a petition as amicus curiae in the United States v. Microsoft Corporation case . It claims that Brazil is one of the largest internet markets. U.S. technology companies such as Facebook, Youtube, Google, and Microsoft have millions of users in Brazil. It also claims that the Brazilian laws related to internet application providers is strictly enforced, despite the American electronic communications law that forbids the delivery of private communications content by electronic communications providers.

The NGO also alleged that the Mutual Legal Assistance Treaty between Brazil and the United States, in the form of Decree No. 3810/2011, is the best legal alternative to solve the conflict between the Brazilian and American laws and jurisdictions, and to apply the laws most appropriate to the case, respecting the sovereignty of each country, the due process of law, and the privacy of the users of internet applications.

Another argument presented by InternetLab is that the Internet Regulatory Framework prevents the disclosure of private communications, guaranteeing the users’ right to privacy. Thus, U.S technology companies cannot be forced to directly provide the contents of private communications without a court order from a U.S court.  The brief claims that the Brazilian Internet Regulatory Framework offers protection similar to the one purported by the United States Stored Communication Act.

Further, it claims that in the case of the Stored Communications Act (SCA), there is a conflict between two jurisdictions, so the court order has extraterritorial application.

Hence the question posed by InternetLab to the United States Supreme Court, as amicus curiae: “Whether a United States provider of email services must comply with a probable-cause-based warrant issued under 18 U.S.C § 2703 by making disclosure in the United States of electronic communications within that provider’s control, even if the provider has decided to store that material abroad”.

In this case, the application of two laws on electronic communications puts the internet application provider in a situation of conflict in light of different obligations in each jurisdiction: the United States and Brazil. Hence the need for a solution that grants legal certainty in the application of the law, given the conflict between international laws and jurisdictions, within the realm of the internet.

The conclusion: “This Court should affirm the judgment of the Second Circuit of Appeals and hold that the warrant issued to Microsoft in this matter was an improper extraterritorial application of 18 U.S.C §2703 (b) (1) (A)”.

It must be said that the importance of this case lies in the fact that the ruling by the United States Supreme Court may have repercussions in Brazil, specifically on internet application providers that operate herein, even if headquartered abroad.

It is our opinion that Brazil, within the realm of international cooperation between jurisdictions in a case relevant to internet applications, should also participate in the United States x Microsoft soft case as amicus curiae, such as the European Union, Ireland, and New Zealand have done, given the possible repercussion of the ruling of the United States Supreme Court on the interpretation of its law that will impact technology companies that operate globally.

_____________

1 See STF (Brazilian Supreme Court), case Adcon 51, Plaintiff: Federação das Associações das Empresas Brasileiras de Tecnologia da Informação.

2 This is provided in the U.S Stored Communications Act (“SCA”), which forbids electronic communication providers operating under USA jurisdiction to disclose the communications of their respective users, notwithstanding the legal exceptions.

3 Supreme Court of the United States. United States of America v. Microsoft Corporation. On writ of certiorari to the second circuit Court of Appeals. Brief of InternetLab Law and Technology Center as amicus curiae in support of respondent.

4 See: 18 U.S. Code § 2703 – Required disclosure of customer communications or records. A governmental entity may require the disclosure by a provider of electronic communication service of the contents of a wire or electronic communication, that is in electronic storage in an electronic communications system for on hundred and eighty days or less, only pursuant to a warrant issued using the procedures described in the Federal Rules of Criminal Procedure (or, in the case of a State Court), issued using State warrant procedures) by a court of competent jurisdiction. A governmental entity may require the disclosure by a provider of electronic communications services of the contents of a wire or electronic communication that has been in a electronic storage in an electronic communications system for more on hundred and eighty days by the means available under subsection (b) of this section”.

5 Supreme Court of the United States. United States of America v. Microsoft Corporation. On writ of certiorari to the second circuit Court of Appeals. Brief of InternetLab Law and Technology Center as amicus curiae in support of respondent.

6 Under this aspect of the U.S electronic communications statute, Google was sentenced to pay a fine of USD 8,5 million in a class action filed by users, under the argument that the provider violated the users’ right to privacy, before third parties.

Publicado no Portal Jurídico Migalhas em 02/02/2018

http://www.migalhas.com/HotTopics/63,MI273592,61044-Brazil+and+the+United+States+of+America+Jurisdiction+and+the

The Federation of the Associations of Information Technology Companies (“ASSESPRO NACIONAL”) filed a declaratory motion of constitutionality (Adcon No. 51) of Decree No. 3.810/2011. This Federal Decree enacted the Mutual Legal Assistance Treaty in Criminal Procedures between Brazil and the United States of America.¹

Technology companies claim that the Brazilian judicial authorities are not applying this Decree, as they request evidence, data, and information directly from the technology companies that have their data are stored in data centers located in the USA, without going through the procedure of issuing letters of request from the Court. The Decree states that the Court must issue a letter of request to solicit documents, evidence, and information located in foreign countries.

This failure of the Brazilian Courts to apply Decree No. 3,810/2011 creates serious problems for technology companies that work in the social network segment, as well as for the providers of internet applications.

And, if these companies do not comply with the court orders requesting documents/data, they may be penalized with heavy fines. There is also a risk of criminal investigation/prosecution related to the crime of disobedience, including the risk of arresting the manager of the company.

Private Communications: The Constitutional Protection of the Fundamental Right to Privacy of Communications

The Brazilian Constitution holds solid guarantees related to private communications. It is worth noting the guarantee of data secrecy, except in the case of breach of secrecy of communication, for the purposes of criminal investigation or prosecution.²So the lower laws (the Brazilian Civil Procedure Code, the Criminal Procedure Code, and the Internet Regulatory Framework) must be interpreted under the perspective of maximizing the effects of this constitutional guarantee with regard to obtaining evidence, information, and data from internet application companies.

The Brazilian Civil Procedure Code and the Brazilian Criminal Procedure Code: International Cooperation in Jurisdictional Exercise

The Brazilian Civil Procedure Code provides that a letter of request will be issued to the foreign court so that it may perform the international legal assistance act related to the case in progress before the Brazilian Courts (Article 237, item II.

The Brazilian Criminal Procedure Code, in its turn, states that the provisions of that statute apply to the ratification of foreign criminal sentences and the issuance and compliance with letters of request for summons, inquiries, and other procedures required for criminal prosecution” (Article 780 Article 783 of the Brazilian Criminal Procedure Code also provides that the letters of request will be sent by the respective judge to the Head of the Department of Justice, to request its enforcement, through diplomatic channels, by the proper foreign authorities.

So Decree 3810/2001 that deals with the Mutual Legal Assistance Treaty between Brazil and the USA is set within this statutory context.

Decree No. 3810/2011: Status of Law

The federal decree under examination is formally a law, hence its effectiveness on Brazilian judicial authorities. It is an act that incorporated the international treaty between Brazil and the USA into the Brazilian legal system. The simplified procedure for requesting data, information, and documents provides for the issuance of letters of request by the Courts, to be enforced with the cooperation of diplomatic agents.³

Internet Application Providers: The Internet Regulatory Framework

According to the Internet Regulatory Framework (Article 10, Paragraph 1) and the decree that regulates it, registration data and access records must be submitted by internet application providers upon proper request by the Brazilian authorities, regardless of any international treaties on the matter. However, regarding the content of private communications, there is no legal authorization for direct request thereof by the Brazilian Courts. It is worth highlighting that internet application providers have a different legal regime than internet connection providers, as per distinction in the Internet Regulatory Framework.

Internet Application Providers’ Business Model

Internet application companies, such as Google, Facebook, WhatsApp, Twitter, etc, which store and collect private communications exchanged by Brazilians, do not usually have data centers in Brazilian territory. They merely use the local infrastructure of the telecommunications network. However, the contents of the private communications are stored in data centers abroad.

The location of the data center is part of the business model of internet application providers, due to economic and strategic reasons, as well as data security and network architecture.

So any Brazilian law that tries to oblige these companies to build data centers in Brazil in order to offer such internet applications may have its constitutionality question, especially given the constitutional guarantee of free enterprise.

In this regard, we must point out how essential the protection of privacy and of the secrecy of private communications is, as they are integral to the business models of technology companies that provide internet applications. The assurance that personal data and the content of private communications will be kept safe and secure is essential to the business models of these technology companies. Their market value depends on proper protection of the private communications of their users and the expectation and trust placed by the user on the protection of the secrecy of such private communications.

Brazilian Sovereignty: Self-delimitation due to Mutual Legal Assistance Treaty

In the present case, as Brazil has signed the Treaty for Mutual Legal Assistance in Criminal Cases with the USA, that contemplates the issuance of letters of request by the Judiciary, then Brazil must comply with this international treaty, in the form of Decree No. 3810/2001, while it is in effect in the Brazilian legal system.

However, the Brazilian Courts (including the Superior Court of Justice) are denying the application of Decree No. 3810/2001, under the argument of the principle of national sovereignty.⁴ If the effectiveness of the Decree is not certain, then the best legal solution is to have its unconstitutionality declared by the Courts.

It seems that the argument of violation of the sovereignty principle is not enough to justify the failure to apply the federal decree and impose undue burdens to foreign technology companies with headquarters abroad. Much to the contrary, this type of interpretation of the law results in an offense to the sovereignty of the foreign country that is responsible for requesting evidence, data, and information from the companies located in their territory.

Legal Security and the Due Process of Law: the Procedure for Letters of Request for the Purpose of Gathering Evidence in a Police Investigation or Criminal Prosecution.

The direct request by Brazilian Courts of evidence/information for the purposes of criminal investigation or prosecution from internet application providers, without the issuance of a formal letter of request by the Court, violates the principles of the due process of law and of legal security.

The reason is that the Brazilian law defines how cooperation between the Brazilian and foreign jurisdictions should work, in its Decree No. 3810/2001, so the Brazilian authorities are bound to the enforcement of the Brazilian law.

Admissibility of Evidence

According to the Brazilian Constitution, evidence must be properly produced for it to be admissible, for the purposes of criminal investigation. The Constitution expressly states the evidence obtained by unlawful means are not admissible (Article 5, item LVI.

Thus, if Decree No. 3810/2001 is not applied when evidence is gathered from foreign technology companies with headquarters abroad, there is the risk of annulment of that evidence.

Conclusion

In sum, the declaratory motion of the constitutionality pf Decree No. 3810/2001 that approved the International Legal Assistance Treaty between Brazil and the USA, which is now in course before the Brazilian Supreme Court, illustrates the complexity of issues related to the exercise of jurisdiction in Brazil, as well as the enforcement of Brazilian law with regard to the internet and internet application providers with headquarters abroad.

We highlight the international cooperation between the Brazilian and North American courts, for the enforcement of Brazilian laws in the compliance of court orders related to police investigation or criminal prosecutions (gathering of data/evidence), related to internet application users of foreign technology companies located abroad.

_______________

1 The Mutual Legal Assistance Treaty between Brazil and the USA, under the terms of Decree No. 3810/2100 comprehends the following measures: depositions or witness statements; provision of documents, records, and assets; location or identification of people or assets; delivery of documents; transfer of people in custody to give testimony; executing search and seizure warrants; assistance related to the freezing and forfeiture of assets; restitution, fines, etc.

2 Brazilian Constitution, Article 5, item XII.

3 See: Ericson M. Scorsim. Communications Law. Telecommunications, Internet, Broadcast Media, and Pay TV. Author’s Edition. Curitiba: Amazon, 2016.

4 Cases that the Superior Court of Justice failed to apply Decree No. 3810/2001, RMS 44892/SP, 2010, reported by Justice Ribeiro Dantas, tried on April 5, 2016; RMS 466685/MG, reported by Justice Leopoldo de Arruda Raposo, published on April 6, 2015.

Artigo publicado no Portal Jurídico Migalhas Internacional em 11/01/2018.

http://www.migalhas.com/HotTopics/63,MI272273,41046-Mutual+Legal+Assistance+Treaty+between+the+Brazilian+and+North

In the United States of America, the decision on the flexibility of net neutrality is on the agenda of the Federal Communications Commission, under the leadership of the Republican Ajit Pai. According to the President of the FCC: “President Trump and Congress have appropriately invalidated one part of the Obama-era plan for regulating the Internet. Those flawed privacy rules, which never went into effect, were designed to benefit one group of favored companies, not online consumers”.[1]

The purpose of the new regulatory policy of the FCC is to reinstate broadband internet services classification as an information service and not as telecommunications services (common carriers). Classifying internet connection services as common carrier leads to obligations to third parties, especially the guarantee of equal competition.  Thus, with the FCC regulation in force, there are rules preventing broadband providers from blocking or slowing down broadband internet connection services. If the regulatory change is passed by the FCC, internet access services providers will have more freedom to set prices, for the purposes of compensation for the use of the telecommunications’ infrastructure network. The new regulatory policy would be especially created to pass transparency rules for internet connection providers, to know which websites or applications pay an additional value for high-speed streaming, and the monitoring of net neutrality would be done by the Federal Trade Commission. 

The FCC Fact Sheet – Restoring Internet Freedom claims that the current regulation does not encourage new investments in the telecommunications’ infrastructure network.[2]  If the new regulation is passed, telecommunication services’ operators such as Comcast, Verizon and AT&T would be able to determine which online websites their clients can consume, as well as block or favor the traffic of certain contents.

This potential change to internet regulation in the USA resulted in a debate on net neutrality in Brazil. The highlight here is the internet of things phenomenon (digital communication between machines) as an argument for reviewing the Brazilian Internet Regulatory Framework.

Here are some considerations on this debate on net neutrality being held in the USA and Brazil.  Internet regulation deeply affects telecommunications companies, internet access providers, internet applications providers, the new business models of technology companies, and online content providers. Therefore, this regulation impacts different markets within the internet platform. It has a particular impact on the entertainment, audiovisual, and commercial advertisement markets.

From an economic perspective, the core issue of the controversy is broadband internet consumption and its pricing: who should foot the bill and how much should that bill be. Should consumption be measured and priced accordingly, so that the more bandwidth consumed, the greater the payment? For example, major video consumers (movies, sitcoms, television programs) would pay more for bandwidth consumption. The alternatives to the regulatory treatment of the issue are: ensure market freedom, that is, the companies negotiate freely, through commercial agreements, on the payment for data packet traffic; or the sector’s regulation, preserving net neutrality.   

In Brazil, internet connection services are not telecommunications services. It is an added-value service to the telecommunications network, as determined in the General Telecommunications Act, Article 61, paragraph (1).

Here in Brazil, unlike in the USA, net neutrality is legislated by a law, the Internet Regulatory Framework. The issue in the USA was regulated through mere interpretation of the law by the Federal Communications Commission. Because of this, the classification of internet access services as a telecommunications service is being questioned in court.

According to the international press, Netflix has entered into a business agreement with one of the owners of telecommunications networks to ensure the flow of data traffic related to its audiovisual content. 

In Brazil, the principle of net neutrality stated in the Internet Regulatory Framework ensures equal treatment in the transportation of data packets between users. That law forbids internet access providers from discriminating data packet traffic. This ensures that the internet environment remains favorable to innovative business models, based on the digital economy.

Without net neutrality, there are greater risks to new digital enterprises and the potential for higher prices to be charged by the owners of the infrastructure networks from internet application providers and the consumers. 

If the principle of net neutrality, expressly stated in the Internet Regulatory Framework, is revoked or modified, there are serious risks to the digital business environment, as well as a cost increase to internet application consumers.

The internet of things, based on the communication between machines, with significant market potential, is a future trend that deserves proper attention by Brazilian legislators. Thus, considering this new reality, the Internet Regulatory Framework may need adjustments. 

To ensure legal certainty in investments in the internet of things, any changes to the Internet Regulatory Framework should be done through a bill.

Decree No. 8771/2016, that regulates the Internet Regulatory Framework, is assertive regarding the exceptional nature of any discrimination or degradation of internet traffic, due to technical requirements essential to the provision of the application’s services or prioritization of emergency services.

Under this argument related to the internet of things, one must know if devices such as automobiles and traffic lights can be connected, as this would be reason enough to be characterized as emergency services prioritization, in this case related to urban traffic, an exceptional case for the flexibility of the net neutrality principle, under the terms of the Decree that regulates the Internet Regulatory Framework. Anyhow, one must only interpret the decrees in accordance with the law, without creating exceptions not stated therein.   

There is another issued to examined. At first glance, there seems to be now legal prohibition to the provision of free data traffic on social networks.  Thus, this business practice does not harm net neutrality, as it does not harm consumers, much less the internet applications providers.

Note that there are similarities and differences in how net neutrality is dealt in Brazil and in the USA. The similarity is due to the greater purpose of ensuring net neutrality to guarantee that it is accessible by all. The difference is in the fact that net neutrality in the USA exists only in a regulatory act by the Federal Communications Commission. Here in Brazil, net neutrality is supported by an actual law, namely, the Internet Regulatory Framework.

Within the Brazilian context, the National Telecommunications Agency (ANATEL) has the power to monitor compliance with the principle of net neutrality, as defined in the Internet Regulatory Framework and the Decree that regulates it. In the USA, however, the FCC created the norm by interpreting the North American laws on this industry.

In sum, the Brazilian Internet Regulatory Framework and the Decree that regulates it represent significant and progressive historical landmarks for Brazilian Law.

Changes to the regulation of the internet to adjust and update it to new demands are possible, of course, by enactment of a new bill. ANATEL, as the regulatory agency of this industry, cannot decide on the matter without proper legal grounds, given the principle of strict legality present in Brazilian Law, unlike law in the USA. The changes to the regulatory policy of net neutrality that may occur in the USA does not necessarily imply changes here in Brazil. Perhaps this matter deserves more reflection and debate within our country. 

---

[1]See: FCC.

[2] FCC Fact Sheet. Restoring Internet Freedom, Declaratory, Report and Ordem, WC Docket n. 17-108.

The US Senate Judiciary Subcommittee on Crime and Terrorism, on October 31, 2017, held a public hearing with the legal representatives of the technology companies Facebook, Google, and Twitter regarding the influence of the Russian government, through third parties, on the 2016 USA Presidential elections.

According to the debates held by the US Senate and the news broadcast by the expert media, the Russian actions were carried out through the purchase of advertisement on Facebook and Google, as well as the creation of fake profiles and the use of robots to spread fake content that stimulated hate speech among the North American voters, causing a divide in the electorate.

For example, there was the sponsoring of controversial content related to racism, immigrants, and guns.  Another accusation was of the hacking of emails and the leak of private and confidential information from the presidential candidate Hillary Clinton. 

The USA senators were seeking solutions for the problem of the influence of Russian government on the elections in the USA. The discussion revolved around the manipulation of democracy and the risks to national security due to the abuse in the use of social networks during the presidential elections. 

The legal representatives of Google, Facebook, and Twitter publicly acknowledged the Russian influence on the USA presidential election.

The technology companies stated that they are adopting transparency measures regarding advertisements on their social media networks. They presented some measures for self-regulation of social media, such as verifying users’ accounts. They showed themselves willing to cooperate with the US Congress to improve the legislation applicable to social media. They also said that they are making investments in intelligence to detect terrorist threats and hate speech on social media networks.

One of the legal representatives mentioned the law passed by the State of California, known as the California Disclose Act, with rules on the transparency of paid ads in digital advertising related to politics, with the identification of the financiers and donors of electoral campaigns. 

The relevance of this theme raised in the USA, from a legal standpoint, involves the regulation of technological platforms such as social media networks and search engines on the Internet. 

Social media and search engines are technology companies that do not produce content, as stated by their legal representatives. Thus, they are not subject to the laws that apply to traditional media: newspapers, magazines, television, and radio. The classical legislation holds mechanisms to balance out the democratic game and electoral disputes, in particular ensuring equal conditions in elections, with rules on the financing of electoral campaigns. 

In any democracy, there are rules to protect the free flow of information and the dissemination of truthful information.  However, in the United States, the misrepresentation of information or fake content was used to manipulate public opinion in the 2016 presidential elections, under foreign influence. Thus, the vulnerability of democracy given the abuse of the technological platforms, and the need for adequate measures to hold accountable the technology companies that have global impact.  

Apparently, the core issue of the public debate is to know if the self-regulation by the technology companies that own these platforms, known as social media networks, is suffice from a democratic perspective. In other words, can the public trust solely on the responsibility of the Big Techs: Google, Facebook and Twitter? 

Or, is it necessary to have new sectoral regulation of social media with rules to avoid abuses of these platforms, and to improve the rules of transparency related to the purchase of ads on social media?

In the latter case, the fundamental need is to balance the tension between legislative regulation of the technology companies and the risk of censorship of the freedom of expression of the users of these platforms. 

First, given the constitutional guarantees of free enterprise, can the government regulate technological platforms?

Second, if this regulation of social media and search engines is possible under the USA Constitution, what is the proper weighted measure between freedom of expression and the protection of democracy?

The business model of these USA technology companies, especially given their market value, is based on the number of users connected to each platform. The greater the number of users of the technological platform, the greater economic value of the company. 

But, although the business model is protected under the guarantee of free enterprise, it is clear that any legislative limitations to the freedom of the technology companies’ business model may be passed to protect other relevant constitutional assets, such as the democratic principle, and to prevent the commitment of unlawful or criminal acts on social media, as well as threats to national security, such as terrorist threats. 

In sum, the matter related to Facebook, Google, and Twitter is on the regulatory frontier between the law and new technologies. It requires an in-depth debate to perceive the best regulatory alternatives to defend democracy. 

This debate on self-regulation and sectoral legislative regulation that is being held in the USA is also necessary here in Brazil, given the perspective of the elections, limits and transparency of digital publicity, national security, consumer privacy and protection.    

______________

*Ericson M. Scorsim is a lawyer specializing in Communications Law at Meister Scorsim Advocacia.

Artigo publicado no portal jurídico Migalhas Internacional em 27/11/2017.

Ericson M. Scorsim

AT&T, a telecommunications company, and Time Warner, a Pay TV programming licensing company, both with headquarters in the United States, required the approval of their merger before CADE, in Brazil.

The purchase by AT&T of Time Warner is taking place in several countries, with repercussions also in Brazil. In Brazil, Time Warner licenses programming channels and Sky is a Pay TV company.

CADE voted unanimously to approve the economic concentration related to the purchase by AT&T of the Time Warner company, grounded on Brazil’s Antitrust Act (Law 12.529/11, article 88).

Another reason given to justify the interference of CADE, in this case, was the General Telecommunications Act that holds an express rule on CADE’s power to examine economic concentration acts in the telecommunications industry, as per article 7, §1, §2 and §3.

The Brazilian Antitrust Authority understood that the corporate acquisition between AT&T and Time Warner does not pose significant risks to competition in the Pay TV market. The competitive analysis examined the licensing/programming markets (upstream market) and the Pay TV services distribution/operation market (downstream market). Thus, the possibility of economic concentration in the Pay TV market under the perspective of Antitrust Law.

Moreover, Reporting Commissioner, Gilvandro Araújo, presented some considerations on the evolution of audiovisual content distribution and production technologies, after the creation of OTT (Over-The-Top) companies, such as Netflix, Amazon, Apple TV, and others.

The Reporting Commissioner also suggested, in his vote, that the legal prohibition of vertical integration between Pay TV segments, established in the Conditioned Access Audiovisual Communication Services Act should be revoked given the evolution of the technologies in that industry.

Commissioner Cristiane Alkin Junqueira Schmidt also suggested that the sectoral regulation should be updated to hold a more flexible rule on the limits between Pay TV channels’ programmers and the Pay TV services’ operators; she also recommended that the corporate transaction under examination be approved without restrictions.

However, the Reporting Commissioner set some conditions in his vote to control the economic concentration, which we will now examine.

One of the obligations is for AT&T to keep Sky Brasil and the Time Warner channel programmers as separate legal entities, each with their own administrative and governance structure.

Another obligation is to offer Time Warner’s programming channels to non-affiliated packers and providers of pay-tv with all the programming channels licensed to Sky, upon non-discriminatory conditions. That is, the Time Warner Pay TV channels must be offered to their Pay TV competitors upon non-discriminatory conditions between the economic agents.

In this regard, the parties committed to the appointment of an independent consultant, responsible for helping CADE to monitor the compliance with the obligations assumed in the agreement signed with CADE for the approval of the merger transaction.

They also established that any conflicts between the channel programmers or the Pay TV services providers not affiliated with AT&T or Sky and the latter will be solved through arbitration.

The Reporting Commissioner’s vote concludes:

“Thus, in my opinion, the approval of this Transaction by CADE does not mean the recognition of the lawfulness of the integration under Article 5 of the Conditioned Access Audiovisual Communication Services Act. If the Agencies claim that such provision has been violated, this will not offend the administrative res judicata formed by CADE’s decision.”

In this respect, it is important to highlight an enlightening excerpt from the vote given by Commissioner Alexandre Barreto de Souza:

“Another key issue seen in this Act of Concentration was the intertwining of antitrust issues with issues of other government agencies. In this sense, the Technical Notes issued by both the National Telecommunications Agency (ANATEL) and the National Agency of Cinema (ANCINE) indicated that the transaction presents evidence of a violation of Article 5 of Law 12,485, of September 12, 2011 (the Conditioned Access Audiovisual Communication Services Act).

It is important to make it clear that the actions of CADE in this Act of Concentration was limited to the antitrust aspects only, without the examination of issues belonging to the jurisdiction of other regulatory agencies.

I also point out that the proposed remedies seek precisely to solve any antitrust problems of the transaction. ANATEL and ANCINE will examine any issues outside the realm of antitrust norms, including possible violations of the Conditioned Access Audiovisual Communication Services Act. Thus, I stress that this merger under examination will require the authorization by the aforementioned agencies for its consummation, according to the respective legal responsibilities of each one.

CADE’s decision on Merger No. 08700.001390/2017-14 reads: “The Plenary unanimously examined and approved the merger, conditioning it to the execution and fulfillment of a Merger Control Agreement (ACC, in its acronym in Portuguese), in accordance with the vote by the Reporting Commissioner.”

At first, CADE understood that the merger between AT&T and Time Warner in the programming and pay-TV operation markets can go through under the perspective of the Brazilian antitrust legislation. However, as remedies to such merger in the Pay TV market, it imposed the conditions mentioned above, to be fulfilled under the Merger Control Agreement.

Subsequently, ANATEL, through its Antitrust Department, must now examine the case under the perspective of the sectoral legislation, in particular, the Conditioned Access Audiovisual Communication Services Act, Law 12.485/11 (Article 5).¹

The focal point is the legal interpretation that ANATEL will give to Article 5 of Law 12485/11, that deals with the limit to the structural division between telecommunications companies and audiovisual content distribution and licensing companies in the Pay TV market.²

There are two possible solutions in the interpretation of the sectoral legislation by ANATEL in the exercise of its legal jurisdiction, regarding the regulation of the audiovisual communication sector.

First, ANATEL may approve the acquisition of Time Warner by AT&T, understanding that it does not violate the Brazilian laws on Pay TV, as there is no offense to Article 5 of said law, which deals with the structural separation between the Pay TV package distribution, programming, and licensing market and the operation of Pay TV services.

Second, in theory, ANATEL may order the structural separation between the telecommunications companies and the Pay TV programming, distribution, and licensing companies, given the possible legal prohibition of vertical integration between the Pay TV distribution, packaging, and programming segments and the Pay TV operations, as per Article 5 of Law 12.485/11. However, in this case, there must be actual evidence that the corporate transaction violates the respective sectoral law.

Therefore, it is possible, in theory, for ANATEL to acknowledge the unlawfulness of the acquisition of Time Warner by AT&T, ordering AT&T to sell the company Sky Brasil to possible interested parties. If Sky is to be sold, such corporate transaction will also have to be submitted to examination by CADE, to verify the lawfulness of such transaction.

On the other hand, we highlight that the aforementioned Article 5 of Law No. 12.485/2011 is the subject of a dispute regarding its legality, in Motions of Unconstitutionality filed before the Brazilian Supreme Court³. However, Reporting Justice Fux voted for the constitutionality of the said legal provision⁴. This case is still pending the final decision on its merit by the Supreme Court, as the trial of the respective motions of unconstitutionality has been suspended. For now, the presumption is of the constitutionality of Article 5 of Law 12.485/11.

Only the Brazilian Congress has the power to pass a law revoking said limit to the corporate interest held by companies in the Pay TV licensing, programming, and distribution segments.

Note that ANCINE also has a say in the matter. Under the terms of the respective law, ANCINE has the power to regulate and monitor the programming and packaging activities.

Note that ANATEL holds the regulatory jurisdiction to interpret Law 12.485/11, as per Article 29, sole paragraph of said law: “Anatel will regulate and inspect the distribution activity.”

Anyhow, ANATEL and ANCINE must coordinate their understanding of the interpretation of the said law, otherwise, there will be conflicts in its legal interpretation, in detriment of legal security in the application of the law.

There is a possible risk of judicialization of the case on the interpretation of the sectoral regulation of the Pay TV market, related to the decisions issued by CADE, ANATEL, and ANCINE, which may decide against the Time Warner’s acquisition by AT&T. Nevertheless, this could lead to the questioning of ANATEL’s jurisdiction to order the sale of the company Sky Brasil, as this type of obligation falls more naturally under the jurisdiction of CADE.

In sum, as well defined by the Brazilian Antitrust Authority (CADE), the acquisition by AT&T, a telecommunications company, of the Time Warner company, which operates in the Pay TV programming market, involves an antitrust matter (requiring the application of Law No. 12,529/2011), as well as the issue of sectoral regulation (interpretation of Article 5 of the Conditioned Access Audiovisual Communication Services Act, Law 12.485/11).

ANATEL and ANCINE will soon issue their opinions on this interesting case related to the interpretation of the Brazilian audiovisual communication law.

____________

1 According to Law 12.485/11.

2 “Article 5. The total and voting capital of sound and sound and image broadcast concessionaires and permittees and producers and programmers with headquarters in Brazil cannot be controlled or belong to collective interest telecommunications companies above the limit of fifty percent, and they must not directly explore such services.

3 On these legal limits to corporate concentration in the Pay Tv services operation and programming markets, See: Scorsim. Ericson M. Communications Law. Telecommunications. Internet. Broadcast TV and Pay TV. Curitiba: Edited by the Author, 2017, Amazon.

4 See: Adis 4.679, 4.759. 4.747 and 4.923 (Motions of Unconstitutionality before the Brazilian Supreme Court).

5 The following Justices accompanied the vote of the Reporting Justice: the recently deceased Teori Zavascki, Rosa Weber, and Edson Fachin. See: Scorsim. Ericson M. Communications Law Themes in the Case Law of the Brazilian Supreme Court. Curitiba: Author’s Edition, 2017. Amazon.

Artigo publicado em 20/11/2017 no Portal Jurídico Migalhas.

http://www.migalhas.com/HotTopics/63,MI269344,81042-CADE+is+examining+the+ATT+and+Time+Warner+Economic+concentration+deal

1. Case presentation.

In the case Carpenter x United States filed on July 2017, technology companies such as Facebook, Google, Apple, Microsoft, Twitter, Airbnb, Cisco, Dropbox, Mozilla, Snapchat and the telecommunications company Verizon, requested to take part in the case as amici curiae.

The original case, Carpenter x United States, deals with an FBI investigation of a robbery perpetrated by obtaining data on the location of the suspects’ cell phones, as well as information on the movement of these devices, obtained from the records of cell phone towers.

This article examines this case, currently being tried by the United States Supreme Court, which deals with the constitutional interpretation of the Fourth Amendment of the USA Constitution that deals with search and seizure procedures on private properties and of people, grounded on the reasonable cause of the existence of a crime, upon court order. Technology companies wish to extend this constitutional guarantee to the digital era, broadening the realm of protection of the right to privacy.

It is a constitutional debate on the review of the traditional constitutional interpretation of the Supreme Court, which differentiates the constitutional protection of communications and what it calls non-content (metadata). In the traditional interpretation by the Supreme Court, the Fourth Amendment does not apply if the information is voluntarily shared with third parties. Therefore, Telecommunications and Internet application companies should provide data/information of their respective users to police or criminal investigation authorities.

Technology companies such as Facebook, Google, Apple, Microsoft, Twitter, Airbnb, Cisco, Dropbox, Mozilla, Snapchat and the telecommunications company Verizon, have petitioned to be admitted to the case as amici curiae.

The companies are requesting the evolution of the constitutional interpretation to remove the third-party doctrine that distinguishes between communication content and non-content (meta data is data such as the location of cell phones), to expand the protection of the right to privacy in the digital era. They argue that digital technology users cannot avoid transmitting sensitive data to service providers, but they expect that such data will remain private. They also contend that the protection of the Fourth Amendment of the USA Constitution should include the non-content of digital data.

In sum, third parties such as telecommunications providers and Internet application providers that receive and transmit sensitive data must not be required to provide such personal data without a court order.

We will now further examine the constitutional debate on the right to privacy in the digital era.

2. The United States Supreme Court: Constitutional Issue in Focus

The decision by the USA Supreme Court that admitted the trial of the Carpenter vs. the United States case is based on government police investigations (namely, the FBI) to search and obtain the data on the location history of a private individual’s cell phone data, without a data search and seizure court order, grounded on the Stored Communication Act (SCA). Under this law, there is no need to show reasonable cause for a crime to seize data; all that is required is recordings/information that are relevant to the criminal investigation. Still, according to the United States Supreme Court: “As a result, the district court never made a probable cause finding before ordering Petitioner’s service provider to disclose month’s worth of Petitioner’s cell phone location records. A divided panel of Sixt Circuit held that there is no reasonable expectation of privacy in these location records, relying in large part on four-decade-old decisions of this Court.

The United States Supreme Court also proclaimed:

“The question presented is:
Whether the warrantless seizure and search of historical cell phone records revealing the location and movements of a mobile phone user over the course of 127 days is permitted by the Fourth Amendment”.

We will examine the decision of the United States Court of Appeals for the Sixth Circuit that is being questioned in the Supreme Court.

3. The decision of the United States Court of Appeals for the Sixth Circuit

The case Carpenter x United States was filed because the FBI requested three court orders for historical records/recordings of several cell phone companies for sixteen (16) different phone numbers, as well as the location of the originating and receiving cell phones, in a robbery investigation.

The FBI presented a map, based on the cell phone locations, to show the proximity of the suspect to the place where the robbery happened.

In their defense, the accused tried to throw out the evidence produced by the FBI from the location data of the cell phones, arguing that it violated the Fourth Amendment, as the data was seized without any warrant based on probable cause of the existence of a crime.

Judge Kethledge’s vote reads: “In Fourth Amendment cases the Supreme Court has long recognized a distinction between the content of a communication and the information necessary to convey it. Content, per this distinction, is protected under the Fourth Amendment, but routing information is not”.

Also, according to that Judge: “This case involves an asserted privacy interest in information related to personal communications. As to that kind of information, the federal courts have long recognized a core distinction: although the content of personal communications is private, the information necessary to get this communication from point A to point B is not”.

So, Justice Kethledge concluded that this same distinction between the content of communication and the information required to transport it applies to Internet communications. This is an excerpt from that decision:

“Today, the same distinction applies to internet communications. The Fourth Amendment protects the content of the modern-day letter, the email. (….). But courts have not (yes, at least), extended those protections to the internet analog to envelope markings, namely the metadata used to route internet communications, like sender and recipient addresses on an email, or IP addresses”.

Upon examining the information on the location of the cell phone, provided by the data from the towers, the decision affirms:

“Thus, the cell-site data – like mailing addresses, phone numbers, and IP addresses – are information that facilitate personal communications, rather than part of the content of those communications themselves. The government’s collection of business records containing these data, therefore, is not a search”.

In his dissenting vote, Justice Stranch stated:

“… I believe that the sheer quantity of sensitive information procured without a warrant, in this case, raises Fourth Amendment concerns of the type the Supreme Court and our circuit acknowledged. (…). Though I write to address those concerns, particularly the nature of the tests we apply in this rapidly changing area of technology, I find it unnecessary to reach a definite conclusion on the Fourth Amendment issue “.

In the part of his vote that deals with the interpretation of the Fourth Amendment of the USA Constitution, Justice Stranch states:

“At issue here is not whether the cell-site location information (CSLI) for Carpenter and Sanders could have been obtained under the Stored Communication Act (SCA). The question is whether it should have been sought through provisions of the SCA directing the government to obtain a warrant with a probable cause showing, 18 U.S.C. §2703 (c) (1) (A), or a court order based on the specified ‘reasonable grounds (,), id §§ 2703 (c) (1), (B), (D). This leads us to the requirements of the Fourth Amendment.
Fourth Amendment law was complicated at the time of paper correspondence and land phone lines. The addition of cellular (not to mention internet) communication has left courts struggling to determine if (and how) existing tests apply or whether new tests should be framed. I am inclined to favor the latter approach for several reasons, particularly one suggested by Justice Sottomaior: ” (It may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties. This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks ….”.

Another interesting issue in Justice Stranch’s vote is the distinction between information obtained through GPS tracking and information on the location of a cell phone device through the data of the telephone towers, for the constitutional interpretation of the Fourth Amendment to the American Constitution.

According to him:

“First, the distinction between GPS tracking and CSLI acquisition. CSLI does appear to provide significantly less precise information about a person’s whereabouts than GPS and, consequently, I agree that a person’s privacy interest in the CSLI his or her cell phone generates may indeed be lesser. (…). GPS monitoring generates a precise, comprehensive record of person’s public movements that reflects a wealth of detail about her familial, political, professional, religious, and sexual associations, … ‘For older phones, the accuracy of the location information depends on the density of the tower network, but new smart phones, which are equipped with a GPS device, allow for more precise tracking.

Justice Stranch concludes that a court order is required to obtain information on the location of a person through the use of their cell phone data. He also states the need for limits to the amounts of personal data, over a given period of time. Finally, he voted for the constitutional interpretation of the Fourth Amendment to include the context of new communication technologies.

4. The Amici Curiae brief: Apple, Airbnb, Cisco, Dropbox, Facebook, Google, Microsoft, Mozilla, Snapchat, Twitter, Verizon

The technology companies mentioned above, along with Verizon, a telecommunications company, filed an amici curiae brief in the Carpenter x United States case.

This is their narrative: when the United States Congress passed the Stored Communications Act (SCA) in 1986, not many people used the Internet, almost no one had a personal computer, and very few people used mobile phone services.

However, the current scenario is different, due to the mass reach of the Internet and smartphones. The brief reads: “Transmitting personal data to the companies that provide digital products and services is an unavoidable condition of using technologies that people find beneficial and useful, and forgoing the use of those technologies for many is not an option”.

Given these new technologies, the companies sustain that the constitutional interpretation of the Fourth Amendment of the American Constitution must be adjusted to the changes to the reality of the digital era.

The amici curiae brief claims:

“Rigid rules such as the third-party doctrine and the content/non-content distinction make little sense in the context of digital technologies and should yield to a more nuanced understanding of reasonable expectations of privacy, including consideration of the sensitivity of the data and the circumstances under which such data is collected by or disclosed to third parties as part of people’s participation in today digital word”.

The technology companies state that their operations involve the transmission of highly personal information through their networks, including metadata. This data, even though it is the content of the private communication itself, reveal details of people’s private life.

They sustain the following theory of protection to the right to privacy in the digital era, grounded on the interpretation of the Fourth Amendment:

“Fourth Amendment doctrine must adapt to this new reality. Although amici do not take a position on the outcome of this case, they believe the Court should refine the application of certain Fourth Amendment doctrines to ensure that the law realistically engages with Internet-based technologies and with people’s expectations of privacy in their digital data. Doing so would reflect this court’s consistent recognition that Fourth Amendment protections, governed as they are by reasonable expectations of privacy, must respond to changes in technology that implicate privacy. Indeed, in declining to extend the search-incident-to-arrest exception to searches of cell phone in Riley v. California, 134 S. Ct 2472 (2014), this Court has already signaled that digital information deserves special consideration, largely because Internet-connected devices such as smartphones, ‘are not just another technological convenience, but are necessary to participate in the modern world, and hold for many Americans ‘the privacies of life.

According to the technology and telecommunications companies, in the analogical era, data transmission to a third party was necessarily a voluntary conduct that did not depend on the protection of the Fourth Amendment.

However, the situation in the digital era is different. Thus, no constitutional doctrine must presume that consumers assume the risk of surveillance by the government or public authorities, without guarantees, simply due to the use of modern technologies. Therefore, certain information transmitted digitally traditionally classified as non-content must not be excluded from the protection of the Fourth Amendment, as they reveal the intimate details of a person’s life.

They also cite that the incompatibility of the third-party doctrine in light of the expectation of privacy is even greater in the case of residential automation applications jointly with smart-home technology that connects private spaces, including by identifying if people are home or not by measuring the internal temperature of the environment.

Thus, the amici curiae brief states the need to review the traditional constitutional interpretation on the Fourth Amendment to the USA Constitution:

“Rather than adhere to rigid Fourth Amendment on/off switches developed in the analog context, courts should take a more flexible approach that realistically reflects the privacy people expect in today’s digital environment. Consistent with the general reasonable-expectation-of-privacy inquiry, courts should focus on the sensitivity of the data at issue and the circumstances of its transmission to third parties. That approach would better reflect the realities of today digital technologies and accommodate the technologies of the future.”

The amici curiae brief concludes:

“The Court should afford strong Fourth Amendment protection to digital data and reject the mechanical application of the third-party doctrine and content/non-content distinction in favor of a more flexible analysis that takes account of people’s reasonable expectations of privacy in the digital era.”

As for the reflections of the interpretation of the Fourth Amendment to telecommunications companies (the brief is also signed by Verizon), the brief reads:

“Last year, law enforcement obtained approximately 40,000 warrants or court orders to require Verizon to provide such cell-site location information to aid them in identifying the location of a device and, presumably, its user. Verizon believes that such demands present important questions about the proper balance between security and privacy. Verizon is committed to maintaining strong and meaningful privacy protections for its customers. Verizon thus carefully reviews law-enforcement requests for user data and publishes biannual transparency reports to disclose how it has responded to those requests”.

In sum, this case being tried by the United States Supreme Court is significant concerning the protection of the right to privacy in the digital era, which has serious repercussions in the technology and telecommunications industry.

There is a high demand for a new constitutional interpretation due to the changes caused by the new digital technologies, to protect the fundamental right to privacy of the users of Internet applications.

Artigo publicado no site jurídico Migalhas –  Seção Migalhas Internacional em 01/09/2017

http://www.migalhas.com/HotTopics/63,MI264665,11049-The+USA+Supreme+Court+the+discussion+of+the+right+to+privacy+in+the

This article focuses on the Internet application, under the perspective of the right to safety and sanctity of the content of personal communication/data stored and transmitted by Internet applications, given the public interest of the Brazilian Judiciary in a police investigation and criminal prosecution.

The Brazilian Supreme Court has examined the constitutionality of the blockage of the WhatsApp application by court order, in the cases ADPF 403 and ADI 55¹, setting some issues on the encryption adopted by the application for a debate in a public hearing, namely:

“1 – What is the end-to-end encryption used by instant messaging applications such as WhatsApp?

2. – Is it possible to intercept conversations and messages transmitted through WhatsApp even if the end-to-end encryption is activated?

3 – Would it be possible to deactivate the end-to-end encryption of one or more specific users to allow for legitimate legal interception?

4 –  As the use of the WhatsApp application is not limited to just one platform (mobile phones/smartphones), but can also be accessed and used through other means, such as computers (by using WhatsApp Web/Desktop), even if the end-to-end encryption is activated, would it be possible to “mirror” the conversations had on the application to another mobile/smart phone or computer, allow to comply with the court order to intercept one specific user?”²

The public hearing will debate the possibility of compliance with a court order to intercept communication via WhatsApp for the purposes of producing evidence in criminal investigations and trials. First, if it is possible to have court ordered interception of the communications if the application’s encryption is activated. Second, if the court-ordered interception would be possible by deactivating the encryption. Third, if the court-ordered interception is possible by copying the communication transmitted via the application, by using other mobile/smartphones or computers, of a specific user. In this case, the Reporting Justice Of case APDF 403, Edson Fachin, clearly stated that the purpose is to know the possibility of court-ordered interception of private communication content of a specific user of the application.³

This WhatsApp case, under the constitutional jurisdiction of the Brazilian Supreme Court, has repercussions not only in all of Brazil, but also calls the attention of the international community as it involves issues of cybersecurity. The theme is interesting as it involves law, new technologies, and cybersecurity.

The matter of the security of private communications is of even greater interest given the recent cyberattack committed by hackers in over one hundred (100) countries, caused by a ransomware virus, which allowed for virtual extortion crimes by sequestering computer data and releasing them only after payment in cryptocurrency (bitcoin). According to the press, the technique used by the hackers to spread the virus is based on methods from the NSA – the National Security Agency of the USA, which explores flaws in Windows software, in particular the lack of updating.⁴ The cyberattack led to actions from the domestic security agencies to hold a worldwide investigation of the episode. Brazil was affected by the cyberattacks.⁵ This shows the serious risks to the security in the flow of private communications, globally.

This article focuses on the Internet application under the perspective of the right to security and sanctity of the content of personal communication/data stored and transmitted by Internet applications, given the public interest of the Brazilian Judiciary in a police investigation and criminal prosecution.⁶

It is important to examine the matter in a broader perspective, within the context of three main characters: the Brazilian Government, the markets (companies and technologies), and society (the guarantee of the fundamental rights to privacy, security, and sanctity of communication).

The Government is interested in applying the civil and criminal laws under its jurisdiction by gathering information and data in police investigations and criminal cases, upon court orders to intercept communications. A properly reasoned court order is necessary to intercept communication for the purposes of police investigation or evidence gathering in criminal cases.⁷ If there is any improper access to the content of private communications, without the necessary court order, the investigation or criminal case will be deemed null.⁸ In the realm of criminal law, we note that the invasion of a technological device, and the interruption or disturbance of technological and telematic services is deemed to be a crime.⁹ Therefore, cyberattacks, with the invasion of computers and mobile phones, are also a crime.

The Government must protect the fundamental rights to privacy and the sanctity of communication. If the encryption is the best solution for communication security, then the Government must encourage the best business practices to favor encryption.

On the other hand, the Brazilian Government must encourage the construction of Internet network infrastructure, such as: satellites, intercontinental submarine cables, optic fibers, and others.¹⁰ The Government must ensure the security of communications in the three branches of the Republic. The Judiciary must zeal for the security of data communication in the realm of electronic cases, for example. It is also required to guarantee data communication of the armed forces. So, encryption is viable as a security technique for communication, including in the public sector itself.

In sum, the Government, in the exercise of its national sovereignty, must promote actions to defend the infrastructure of its communication networks, as well as actions of intelligence considering the serious risk of cyberattacks and wars. It has the institutional responsibility to adopt measures to prevent the risks of cyberattacks, and repress Internet crimes.

The companies that provide Internet applications are interested in offering safe products and technologies to the respective consumers. They have a business responsibility before its consumers to offer safe products. We highlight the relationship between these application providers and the fundamental rights to the privacy and sanctity of the communications as set in the Brazilian Constitution. These technology companies demand parameters for sectoral regulation, with clear and precise rules.

In this sense, the obligation of mirroring the content of the communication (creation of a “back-door”¹¹) cannot be imposed solely by court order, as there must be a prior law authorizing this type of measure to allow the access to the content of private communications by the authorities in charge of criminal investigations and cases. Even if this type of legislative measure is passed, its constitutionality may, of course, be questioned.¹²

Technology companies are interested in investing in communication network infrastructures. Governments and legislators must encourage safer encryption protocols. Encryption also involves matters of international competition of products and services in the digital economy. The countries that offer better security conditions on the Internet, and for hardware and software, are more competitive. The higher the security level offered by technology companies, the greater the degree of confidence in them by the users/consumers. And the lower the security level, the higher the distrust. It is clear that society, through its consumers and citizens, is interested in protecting its privacy, and in Internet security¹³, for the protection of the private life of individuals or legal entities. It is important to highlight the government’s duty to protect personal communication and business communication.

In the United States, there is a strong dispute regarding the establishment of encryption standards. On one side, the intelligence agencies (FBI) and internal security (NSA) seek approval by the government of measures that are more favorable to the decryption of data.¹⁴

In fact, there is a lot of controversy on the surveillance techniques and electronic monitoring adopted by the National Security Agency with regard to the privacy of people.¹⁵ This has led to a movement by technology companies and citizens civil organizations in favor of better encryption practices for private communications.¹⁶

In Brazil, we highlight the legal regime of Internet applications under the Brazilian laws.¹⁷ The Internet Regulatory Framework holds the principle of security and functionality of the network, as per technical measures compatible with international standards, encouraging the use of good practices.¹⁸

Decree 8771/16 regulates the Internet Regulatory Framework, stating that providers of Internet connection and applications should follow certain guidelines for the safekeeping, storage, and treatment of personal data and private communication: (…) IV – the use of record management solutions through techniques that ensure the confidentiality of the data, such as encryption or equivalent protective measures.”  As it can be seen, this decree expressly deals with encryption or similar measures as a mechanism to protect data security in private communication.

Moreover, Decree 8771/16 provides: “Article 16. The information on the security standards adopted by application providers and connection providers must be disclosed in a clear and accessible manner to any interested party, preferably through their Internet websites, respecting the right to confidentiality of business secrets”. We highlight here the protection of the right to confidentiality of the business secrets of Internet connection and applications providers.

The theme of court-ordered interception of communications made via WhatsApp requires the examination of the conflict between the rights to privacy, the sanctity of private communication, and the right to the protection and security of personal data given the need of law enforcement authorities to access communication content and data in the course of a police investigation or criminal case. Note that the application’s user data subject to court requisition may be: i) data stored on mobile/smartphones or computers; ii) data flow in private communication; iii) metadata such as the time the message was written, the telephone number or ID of the sender, the physical location of the sender and receiver at a certain moment.

The solution may lie in the distinction between the main data (the content of private communication) and metadata (secondary information). The main data integrate the key core of the right to privacy and the sanctity of the right to communication, thus the rigor in violating the secrecy of communication in this case. The purpose of the legal interception is to ensure that the proper authorities have access to the content of private communication in a criminal investigation and procedure. On the other hand, one may argue that the metadata mentioned above are not part of the key core of the right to secrecy of communications, thus allowing for a more flexible legal regime regarding the access of metadata by public authorities. Under the Brazilian Internet Regulatory Framework, it is already possible to request to the courts access to the metadata and records of Internet connection and applications.

In the specific case under examination (ADPF 403), the company WhatsApp claims that there are other legal alternatives for the collection of data and information for the purposes of police investigation or criminal procedure, thus claiming that the sanction that blocked the application was disproportionate.

From an economic standpoint, the encryption offered to the users is part of the business model of the Internet application provider. The product (software) is, thus, protected by the encryption.¹⁹ WhatsApp is an Internet-based technological platform and, therefore, it has the responsibility of offering a safe environment for the exchange of private communication. In other words, without encryption there are exponential risks of losses to the consumers, businesses, and even national security.

For example, the risk of cybercrimes by hackers may create threats to digital commerce. There are also serious risks of business espionage. This clearly shows the need for technical measures to protect business data.²⁰ The main reason the application has adopted encryption is an economic one:  without security in data communication, it is quite clear that the application’s users would be vulnerable.

The use of encryption by WhatsApp is in the realm of free enterprise, as the Internet application provider has the business freedom and contractual freedom to establish the technology that offers the best security to its users.

In other words, offering encryption is inherent to the business model of technology companies. The business practice is to offer the most secure data trafficking to users. The regulatory State cannot forbid this business decision. Much to the contrary, it should encourage technological innovation and business practices for the security and protection of personal and business data. Therefore, any laws restricting encryption must have their constitutionality questioned.

Note that the Internet Regulatory Framework does not forbid the use of encryption in communications via Internet applications. In fact, the Internet Regulatory Framework protects the freedom of business models on the Internet. It ensures the users’ right to the privacy of their data, and the confidentiality of private communications exchanged and the stored.²¹ Articles 22 and 23 of this law deal with the court request for access to Internet applications..

Thus, the mirroring of communications made through the application requires legislative authorization. A court order for interception is not possible without a law that obliges the application provider to mirror the content of the private communications. There must first be the due legislative procedure to create the obligation for Internet application providers to mirror the content of private communications, to avoid violating the principles of legality and legal security. Thus, currently, neither the Brazilian Supreme Court or a court order may require an Internet application provider to create a back-door to access encrypted private communications, under the pretext of judicial interception of communications.

If a law is passed in Brazil forbidding encryption in Internet applications or requiring the adoption of back-doors, the constitutionality of such law will certainly be questioned. The discussion would revolve around the possible violation of the right to privacy and the sanctity of private communications, both protected under the Brazilian Constitution. The legislative restriction to the freedom of business model of Internet application companies would have negative effects beyond Brazil’s borders, reaching the free exchange of communication, the digital economy, and the Internet infrastructures, among other aspects.

The problem of data communication encryption by the WhatsApp application also exists in other countries. Governments and intelligence and security agencies pressure the companies to cooperate with police and criminal investigations.²² So this is a worldwide conflict: on one hand, the privacy and sanctity of communications; on the other, the interests of justice in criminal investigations.

The conclusion is that encryption, in and of itself, is not a threat to security. Much to the contrary, this technology is an assurance to the security of the sanctity of private communications.

The Brazilian Constitution guarantees the rights to privacy and sanctity of communications, except for the breach of confidentiality upon court order in a criminal investigation or procedure.²³ Under the current laws, the confidentiality of communication via Internet application may be breached upon a court order for interception thereof. The problem is knowing if the encryption adopted by WhatsApp technically prevents this interception. This is a matter to be discussed in the public hearing to be held by the Supreme Court. It will also verify if it is possible to mirror the content of the private communications when encryption is activated, for delivery of data and information to the proper authorities.

To have legal security in the application of the law, it is essential to know the extent and limits of the obligations of the Internet application providers related to the protection of the fundamental rights to privacy and sanctity of communication. The interpretation of the current laws does not allow one to conclude that the Internet application provider must create a back-door that allows access to the content of the communication by the law enforcement authorities in charge of criminal investigations or procedures. There must first be a law authorizing this type of obligational burden to Internet application providers. Thus, the mere court order imposing this type of obligation, without a law to support it, violates the principle of legality.

Moreover, it is important to distinguish between the main data (the content itself of the private communications), which is the scope of the key core of the sanctity of communications, and metadata, in the interpretation of the sanctity of private communications. It seems that metadata is not part of the key core of the sanctity of communication. In this regard, the Internet Regulatory Framework contains some guidelines for the court requisition of Internet connection and application records, allowing for metadata to be legitimately obtained upon the issuance of a properly grounded court order against a specific user.

Therefore, the Brazilian Supreme Court is faced with setting clearly and exactly the key core of the fundamental guarantee to privacy and sanctity of private communication, as well as the obligations of Internet application providers related to the nature of the data requested by the courts, for the purposes of cooperating with Brazilian law enforcement.

1. At the Brazilian Supreme Court, the main reasoning of the Motion of Violation of Fundamental Precept Number 403 is challenging the decision that ordered the blockage of the WhatsApp application in all of Brazil due to the noncompliance with the court order to intercept the content of communications, under the argument of a breach to the right to communication, as well as the violation of the principles of proportionality and reasonability. Case ADI 5527 requests the declaration of the unconstitutionality of the legal provisions of the Internet Regulatory Framework related to the sanction of blockage of applications or, alternatively, the interpretation of those legal provisions in accordance with the Brazilian Constitution. The main arguments are the violation of the rights to communication, free enterprise, consumer defense, inter alia.
2. The noncompliance with the court order to intercept conversations of criminal suspects even led to the arrest of the Vice-President of Facebook in Latin America for the crime of disobedience.
3. A judicial interception cannot be generic and open-ended, without a definite target for investigation. On the other hand, former Minister of Justice Alexandre de Moraes, who is currently serving as a Supreme Court Justice, stated publicly that the government was preparing a bill to regulate the access of the courts to private communications on Internet applications.
4. According to the press, flaws in updates to the Windows operational system opened a window for viruses to enter the computers.
5. São Paulo Court of Appeals, INSS (the National Institute of Social Security), private companies, and others, according to the press.
6. The court-ordered blockage of WhatsApp also involves the examination of the fundamental right to communication, as well as the protection of the sanctity of communications. Thus, only a court may order the breach of the sanctity of communications, provided the legal requirements are met regarding the suspect and existence of the crime. Law 9296/96 deals with the interception of telephone and telematic communications.
7. The Brazilian Constitution, in its Article 5, item XII establishes the sanctity of correspondence, telegraphic communications, data, and telephone communications, except, in the latter case, upon court order, as allowed by law for the purposes of criminal investigation or procedure. Law 9296/96 deals with the court-ordered interception of communications. The sole paragraph of Article 1 provides that the law applies to the interception of communication exchange on information and telematic systems. This legal provision was challenged in the motion for unconstitutionality ADI 1488-DF, grounded on the violation of Article 5, item XII. However, the injunction was denied.
8. The Superior Court of Justice has ruled in several cases for the nullity of criminal cases due to the lack of court authorization to access the data of the WhatsApp application.
9. See Law No. 12737/12. This law provides: “If the content of private electronic communications, business or industrial secrets, or confidential information as defined in law, is obtained or there is non-authorized remote control of the invaded device as a result of the invasion. Sanction – Six (6) months to two (2) years of imprisonment, plus fine, if the conduct does not constitute a more serious crime” Article 154-A, §3 of the Criminal Code, as per Law 12737/12
10. To illustrate the matter, the Brazilian government has launched a communications satellite in partnership with private institutions to implement the national broadband network in remote areas. There is also an underground submarine cable network being built between Brazil and Africa, to be connected to Europe. The purpose is to avoid having data communication between Brazil and Europe pass through North American territory. For example, when Google’s email service is used, all the private communications by Brazilians using that service are transmitted to the servers of that company, spread throughout North America, and are stored therein. So the strategic goal is to create alternative data routes, decreasing the dependency on the North American communication networks.

11. Back-door is related to a software’s source code. It is like a master key that would allow access to all the content of the private communications exchanged through the application.
12. On the other hand, former Minister of Justice Alexandre de Moraes, who is currently serving as a Supreme Court Justice, stated publicly that the government was preparing a bill to regulate the access of the courts to private communications on Internet applications.
13. The Constitutional Court of Germany has recognized the right to informational self-determination as inherent to the general right of personality, in light of the new technologies, and information and communication. So, even if the person is not yet qualified as the owner of their data, they are entitled to proper legal protection against invasions to their informational self-determination. Therefore, laws that authorize the monitoring of the private life of criminal suspects on the Internet through secret and remote computer investigation techniques have been ruled unconstitutional. See: Menke. Fabiano. A proteção de dados e o novo direito fundamental à garantia da confidencialidade e da integridade dos sistemas técnico-informacionais no direito alemão. In Direito, inovação e tecnologia, volume 1 (Coordenadores: Gilmar Ferreira Mendes, Ingo Wolfgandg Sarlet e Alexandre Zavaglia P. Coelho). São Paulo. 2015, p. 205-230.
14. Since the September 11^th terrorist attacks in the United States, there has been an increase in the surveillance and monitoring of data and information on the Internet, including with the requirement that telecommunications and Internet companies create back-doors. It seems that the NSA has partnered with Internet and telecommunications companies, including with the inspection of communication networks infrastructure such as router networks, fiber optics, cables, hardware and software platforms, etc. The USA Patriot Act passed during the Bush Administration and extended during the Obama Administration allowed the USA security and intelligence agencies to intercept phone calls and emails of people allegedly involved in terrorist acts, without the need for a court order. This massive surveillance program of US and foreign citizens by USA authorities without court orders was harshly criticized. It was replaced by the USA Freedom Act that establishes new procedures for the gathering of data and information in foreign territories, the so-called Foreign Intelligence Surveillance Court (FISC), in terrorist-related activities. Source: Wikipedia. Critiques say that the legal statute is too broad, allowing for the collection of metadata of telecommunications companies, violating the citizens’ right to privacy.
15. In the United States, there is a debate on the Fourth Amendment of its Constitution, which guarantees the right of citizens to be protected against illegal searches and seizures, without reasonable cause and a proper warrant.
16. Castro, Daniel. And Mcquinn. Unlocking Encryption: information security and the rule of law. ITIF. Information tecnology ^ Innovation Foundation, march 2016, p. 1-50.

Telecommunication services such as landlines and mobile telephony are under a different regime. The General Telecommunications Act of Brazil guarantees the sanctity of communications, except for the constitutional and legal caveats (Article 3). That statute also provides: “Article 72. The provider may only use information related to the individual use of the services by the user to perform its activity. §1. The disclosure of individual information requires express specific consent by the user. §2. The provider may disclose to third parties aggregated information on the use of its services, provided that it does not allow for direct or indirect identification of the users or violate their intimacy.” Moreover, the Resolution by Anatel on personal mobile services authorizes the breach of secrecy of telecommunications in the cases provided in law, upon court order in criminal investigations and procedures.

17. On the other hand, there are several federal laws, and some state laws, that deal with the access to telecommunications users’
    registration information. For example, federal laws 12830/13, 12850/13, and 13,44/16.
    This laws oblige telecommunication companies to submit data and information on their users. That is why their constitutionality is being questioned in the cases ADI 5059, 5063, and 5642, pending trial before the Brazilian Supreme Court, grounded on the violation of the right to privacy and sanctity of communications.
18. Brazilian Constitution, Article 3, item V.
19. There are studies indicating that WhatsApp has contributed to economic growth in the following aspects: production cost reduction and increase of efficiency in Internet-based businesses, improvement of consumer services, reduction of marketing costs, efficiency in the communication between organizations and investors, and improvement in the provision of public services. Ver: Rafert, Greg e Mate, Rosamond. The Global and Country-level economic impacts of WhatsApp.

20. It is worth remembering the invasion of Yahoo’s database, with the access to the content of thousands of email accounts.
21. As per Article 7, items II and III of the Internet Regulatory Framework.
22. As an example, we have the FBI versus Apple case on the IPhone unlocking codes. Apple refused to cooperate with the FBI, claiming the right to privacy of its users. According to Apple, FBI wished to obtain the master key to access the operational system, which is contrary to the company’s business privacy policy. In the end, the FBI decided to unlock the device itself. There was also a matter related to the access of data encryption on WhatsApp in Europe, related to the terrorist attacks in Paris and London.
23. Brazilian Constitution, Article 5, item XII.

The lawyer Ericson M. Scorsim, from the law firm Meister Scorsim Advocacia, is a consultant in Public Law and an expert on Communications Law, and gave this  interview in which he spoke of the main issues related to this subject.

He has a PhD in Law from the University of São Paulo and wrote the book “Communications Law: Telecommunication, Internet, Broadcast Media, and Pay TV”.

Here is the entire interview.

Which laws are part of Communications Law, and what are the challenges in the interpretation of these laws for telecommunications, Internet, and broadcast media companies and the respective users of these communication services?

Ericson M. Scorsim – Communications Law is made up by the Internet Regulatory Framework¹, the General Telecommunications Act², the Private Broadcast TV and Radio Act³, the Public Broadcasting Act⁴, the Pay TV Act⁵, and other laws.

In the e-book Communications Law, available for free online download, I explain in detail the main regulatory issues related to the legislation on Communications Law.

Note that the Brazilian Constitution of 1988 has a specific chapter on Social Communication and a chapter related to fundamental individual and collective rights, requiring the interpretation of the laws on communication services, according to the Federal Constitution.

Communications Law has impact on thousands of companies and millions of users of services such as landline and mobile phones, Internet access, Internet applications, broadcast media, and Pay TV. The challenges in the interpretation of the laws from the communications sector, under a systemic view of Communications Law, are related to the use of specific technical terms and the regulatory logic used by the legislator.

In other words, each specific law adopts its own classifications, so their interpretation must consider the relevant distinctions between the respective telecommunications services, Internet access, broadcast media, and Pay TV. In a first moment, there is no application of general laws over these specific sectoral laws, except if the sectoral law allows for the application of the general law.

How do the Brazilian laws on Communications compare to the ones in other countries?

Ericson M. Scorsim – An example of a modern, current Brazilian law is the Internet Regulatory Framework⁶, which is a reference for other countries. This law deals with Internet access services and Internet applications, which have different legal regimes.

There is also the Pay TV Act, which adopted a new regulatory model for this economic sector.⁷ The Pay TV Act deals with conditioned access audiovisual communication services, regulating the economic activities of Pay TV production, programming, packaging, and distribution.

The 1997 General Telecommunications Act created the regulatory agency for this sector – Anatel, and established the regime for provision of telecommunications services and the rights and duties of the companies and their respective users.⁸

Finally, there is the Private Broadcast Media Act. This law, 4117/1962, is prior to the enactment of the 1988 Constitution but the Brazilian Supreme Court has ruled in favor of its reception by the Constitution.

Which sector needs to have its laws revised or updated?

 Ericson M.   Scorsim – Some claim that the General Telecommunications Act needs to be changed to regulate landline telephone services through administrative authorization, replacing the traditional model of a public utility concession.

This proposed change to the General Telecommunications Act is the scope of legislative bill number 3453 by Representative Daniel Vilela, and would solve the problem of the company OI, a landline telephone concessionaire that has filed for reorganization.

Bill 3453 aims to alter the General Telecommunications Act to allow Anatel to change the licensing regime of telecommunication services from concession to authorization. This replacement of the concession for authorization may be in all or part of the licensed area. Such replacement by Anatel would also be conditioned to proof of fulfillment of the goals to universalize switched landline telephone services.

The bill also includes changing the concession agreement for switched telephone services to a deed of authorization.

The bill to change the General Telecommunications Act provides that the conceding authority will determine the economic value associated with the replacement of the licensing regime for landline telephone services. This economic value will serve as a parameter for investments in the infrastructure of high-capacity data communication networks. The bill also comprehends reversible assets, defined as the assets essential to the provision of switched landline telephone services.

Regarding the reversion of the assets affected by landline telephone concessions, the challenge is to reconcile the need for intense infrastructure investments in telecommunications networks. If there is the reversion of the assets tied to the landline concession to the Federal Government at the end of the concession agreement, which will be in 2025, some argue that this will result in the uncertainty of new investments in the innovation of the infrastructure of telecommunications networks. Thus, it is better to have a more flexible regime for asset reversion, allowing for their economic value to be invested in broadband Internet network infrastructure.

On the other hand, some believe that anticipating this change to the regulatory model of landline telephone services before the end of the concession agreement represents a breach of legal security, and of the landline telephone services concession contract itself. They argue that any changes to the regulatory framework of the telecommunications sector should only be valid after the current concession contracts end.

This bill that aims to change the General Telecommunications Act intends to attribute to Anatel explicit powers to decide on the licensing of telecommunication services, changing it from concession to authorization.

Note that the authorization regime for landline telephone services is nothing new, as it is a provision of the General Telecommunications Act. The new fact is attributing explicit powers to Anatel to decide on the replacement of the legal regime that applies to landline telephone services. The administrative authorization regime favors investment flexibility by the telecommunications company.

In addition to this aspect related to landline telephone services and the proposed changes to the General Telecommunications Act, another noteworthy issue is the regulation of over-the-top (OTT) services, such as Netflix, Facebook, WhatsApp, Youtube, etc. The services based on OTT Internet applications are classified as telecommunications networks added-value services under the General Telecommunications Act. These OTT services have guaranteed access to the infrastructure of telecommunications networks, at non-discriminatory prices. OTT services are also subject to the rules and principles of the Internet Regulatory Framework, as these are Internet application services.

There is a regulatory asymmetry between traditional telecommunication services (landline and personal mobile telephone services) and OTT services such as Netflix, WhatsApp, Youtube and others.

It does not make sense to equate two different types of services (telecom and OTT), given their distinct nature.

Some defend the equivalence of market competition conditions, equating the rules between telecommunications companies and OTT companies, given the tax burden upon them. This is a tax and competition law matter to be resolved by Government, and is not related to the regulatory issue.

What are the case law trends in Communications Law, especially in the higher courts (Brazil’s Supreme Court and Superior Court of Justice)?

Ericson M. Scorsim – I will be launching the e-book “Communications Law Themes in the Case Law of the Brazilian Supreme Court” soon, for free online download. In this e-book I will present the main Brazilian Supreme Court Trials on telecommunications, Internet, Broadcast Media and Pay TV laws, mainly related to the constitutionality of these laws.

In sum, the Brazilian Supreme Court has tried several cases related to Communications Law. One such trial was the case on the constitutionality of the Pay TV Act, still pending a final decision by the Supreme Court. The reporting Justice Fux has already voted for the constitutionality of the law, except for one sole article of that law, which deals with publicity procured by agencies abroad.

In another case, the Supreme Court ruled for the constitutionality of the decree that created the Digital TV and obliged broadcast media companies to adopt digital technology in the transmission of television programs.

The Brazilian Supreme Court also has case law related to the unconstitutionality of state laws that encroached the Federal Government’s exclusive jurisdiction to legislate on telecommunication services.

Another interesting case is the motion for writ of mandamus filed by the former President of Empresa Brasil de Comunicação (the Brazilian Communication Company, in charge of broadcasting the TV Brasil channel) against his removal from office by the acting President of the Republic.

An injunction was granted by the reporting Justice Dias Toffoli in that case (MS 34205) to stay the effects of the removal from office of the President of EBC by the acting President of the Republic, grounded on the argument that Empresa Brasil de Comunicação is independent from the government as per the Public Broadcasting Act, which is Law 11,652/2008.

At the Superior Court of Justice, Special Appeal Resp No. 1.525.174-RS, reported by Justice Luis Felipe Salomão, is a trial on repetitive appeals related to moral damages due to changes in landline telephone services plans/limits without request by the user, and the statute of limitations thereon. When choosing the theme to represent this controversy, the Superior Court of Justice opted for damages related to landline telephone services, excluding services by Internet access providers.

Also pending trial before the Superior Court of Justice is the Motion of Jurisdictional Conflict No. 138.405/DF, on the internal jurisdiction of the Court: whether the Private Law Section or the Public Law Section should try the appeals related to moral damages due to changes in landline telephone services plans/limits without request by the user, and the statute of limitations thereon.

The higher court precedents on Communications Law serve as guidance to the other Courts and judges, and to the telecommunications regulatory agency on the interpretation of the Constitution and the laws. Thus the relevance of examining the case law.

The constitutionality of certain provisions of the recently enacted Internet Regulatory Framework has been questioned before the Brazilian Supreme Court. In your opinion, what are the main controversies of the Internet Regulatory Framework, if any, and its impact to companies?

Ericson M. Scorsim – The main issue is the court-ordered blockage of Internet applications. This theme resulted from a court order that suspended the communications application WhatsApp in all of Brazil, affecting the right of communication of millions of users of that application.

This court ordered blockage of WhatsApp not only affected significantly the right to communication of millions of Brazilians, but it also affected the right of the company that provides this Internet application.

This suspension of the WhatsApp application also had significant impact on the companies that sell products and services through it on the Internet.

The Internet Regulatory Framework allows for the suspension of Internet applications in the case of operations for the collection, storage, safekeeping, and treatment of records, personal data or communications, in violation of the Brazilian laws that protect the privacy of the personal data of users and the confidentiality of private communications.

However, the Internet Regulatory Framework does not allow the courts to block Internet applications grounded on the noncompliance with a court order.

Anyhow, there is a motion of unconstitutionality on trial before the Brazilian Supreme Court, ADI Nol 5527, reported by Justice Rosa Weber, without any ruling on the merit yet, but that will allow that Higher Court to give a better constitutional interpretation on the Internet Regulatory Framework, especially under the light of the essential right to free communication.

The Brazilian Supreme Court has a key role in defining the limits for interpretation of the Internet Regulatory Framework under the Brazilian Constitution, to serve as guidance for the other Courts and judges.

1. Law 12,965/15
2. Law 9,472/97
3. .Law 4,117/62
4. Law 11,652/08
5. Law 12,485/11
6. Law 12,965/15
7. Law 12,485/11
8. Law 9,472/97