The debate about online privacy versus the battle against crime was given new life this week with an attempt in Brazil to ban the popular messaging application WhatsApp.
A well-known and strict judge in a regional area of Brazil issued a court order banning WhatsApp for 72 hours in the whole country on Monday, because of problems he was having getting information from the company that owns the app.
That company is Facebook, which bought the app for US$19 billion in 2014, and it was allegedly not cooperating by handing over data from customers in a drug-running case that the judge was presiding over.
One billion users
The app has become very popular with smartphone users in many parts of the developing world since it provides a free messaging service that rivals SMS.
In February this year, the company said the app was used by one billion people, nearly one in seven people on the planet. The number of users in Brazil is said to be about 100 million people.
But the issue with WhatsApp and other similar apps, including Wickr, is that they guarantee end-to-end encrypted communications. It’s this feature that is very popular with those who value personal privacy.
For criminals, it provides a secure channel for avoiding surveillance of any kind. The only way their planning and operations can be accessed by law enforcement agencies, if they are communicated via WhatsApp, is with the cooperation of the company holding the data.
But Facebook says it has no power to access the user data anyway. This case appears to echo the same sentiments as those displayed in the recent Apple versus FBI mobile phone incident.
WhatsApp’s co-founder and CEO Jan Koum issued a statement via Facebook explaining why it did not have the data the court was requesting:
Yet again millions of innocent Brazilians are being punished because a court wants WhatsApp to turn over information we repeatedly said we don’t have. Not only do we encrypt messages end-to-end on WhatsApp to keep people’s information safe and secure, we also don’t keep your chat history on our servers. When you send an end-to-end encrypted message, no one else can read it – not even us.
The case is another instance of the lack of clarity between large US-based telecoms and social media companies over collaboration and cooperation with international governments.
The issue of access to and use of data collected from social media is again happening in a framework of different cultures, varying unexplored attitudes to privacy and within authoritarian legislative systems.
This case had a short term (and potentially longer term) and successful conclusion. The WhatsApp suspension was lifted after 24 hours by another judge.
But this is not the first time the WhatsApp service has been banned in Brazil. In December 2015, it was banned for 48 hours. This was also lifted after about 12 hours.
Then, in March, the same Brazilian judge who ordered this week’s ban ordered the vice president of Facebook in Latin America, Diego Dzodan, to be detained by authorities regarding lack of access to WhatsApp data. He was released after 24 hours.
In all cases, the aim of the judges has been to obtain information about alleged criminal activities such as drug trafficking. The approach may seem heavy-handed, but that could be about to change.
Brazil is looking at changes to its legislation governing the use of the internet that could see an end to any attempts to shut down any app across the whole country.
One reform, proposed by lower house deputy Esperidião Amin, would allow the blocking of specific individuals or IP addresses suspected of illicit activity.
“It’s less dramatic than withdrawing the service from the whole of the Brazilian population,” he told Reuters.
But this latest case highlights several issues. First, there is an ongoing debate about the nature of the internet and social media. Liberal democracies have an expectation of a right to privacy, but within them, there is an equal demand for efficient law enforcement, solutions to major crime and provision of national security and protection from terrorism.
Second, companies such as Facebook need to walk carefully and work across different cultures and legal systems to achieve the balance between the demands for security and privacy. It’s often hard to see how these can be achieved.
Third, cybersecurity and privacy legislation is still in its infancy in many under-developed economies and advanced applications are being accessed in economies where the legal boundaries are not clear.
Thankfully, it is very hard to envisage a situation such as this occurring in a country such as Australia, where there has been a more engaged debate over the tension between technology, legislation and privacy.
In more developed economies, the problems that arise from the tension between privacy and national security have had much more debate, but have not necessarily been resolved for all citizens.
- Director, Australian Centre for Cyber Security, UNSW Australia
- This article first appeared on The Conversation