A proposed new law that restricts access and freedom on Brazilian Internet has passed in the Senate without public scrutiny and is now close to being enforced by the House of Representatives. The law project, created by Senator Eduardo Azeredo, restricts devices like open wi-fi networks, obliges Internet service providers to record and keep user information for three years and allows providers to check for copyright infringements over packages on peer-to-peer connections, along with other threats to users' right to privacy.
The cybercrime law project by Senator Azeredo (PSDB) proposes that the first Internet regulatory frame must be a criminal one. The natural path for regulating the web, followed by most of developed countries, is to firstly establish a civil regulatory framework that clearly defines the rules and responsibilities in relation to users, companies and other institutions accessing the network – and only then define a criminal regulation framework.
The reason for that is the issue of innovation. In order to innovate, a country needs to have clear civil rules, which allow security and predictability to initiatives that take place on the web (such as investments, companies, archives, databases, services, etc.). The penal rules shall be created from the experience acquired with the civil rules.
According to Senator Azeredo, the Brazilian Cybercrime Bill is inspired by the Convention on Cybercrime of the Council of Europe. But that convention was not signed by any Latin American country, neither by the absolute majority of developing countries – actually, very few poor countries ratified the Convention. During the Convention elaboration, which had an active participation of the United States, the text was severely criticized by organizations arguing that it could cause offence to individual’s rights to privacy. But the rich countries that signed the document already did their homework (to regulate Internet from a civil angle) and, only after that, they set criminal parameters for the web. Brazil is in a reverse way: the country is firstly creating criminal punishments, without priorly regulating the Internet in a technical and civil way.
“Tangible property” and data
There is an uncertainty generated by the project, which uses vague and wide concepts (“data”, “communications systems” and others) in order to regulate a subject that requires a prior technical discussion – which still have not taken place in Brazil. For example, in its article 183-A, the project equates, for penal effects, the “tangible property” with the data, information or information unit in electronic means. That equalizing generates unforeseeable effects in Brazilian legal system.
“Tangible property”, as the term means, is used in Law to designate objects that have a material existance. The term “immaterial good” is used as a wider category, also including what is intangible. By equalizing “data” or “information” to “tangible property”, one could take advantage of the criminal consequences that can arise from that equalization. The distinction between material and imaterial – that refers directly to the different uses of the terms “tangible property” and “immaterial good” -- have Penal Law ramifications. Some crimes, like theft, for example, only exist in relation to tangible properties. If the Penal Code says that it is a crime “to subtract to oneself someone else's chattels [...]”, it is not the subtraction of an immaterial good that is criminalized, but indeed of a material good. With the equalization of “data” and “tangible property”, there is the insertion of another category of goods into a label that was more restrictive before.
The Internet aggregates characteristics of many media, many of which represent ephemeral or transitory communications. In that sense, a “phone call” taking place via Internet through a Skype-like software could then be equated with the “tangible property” for penal purposes. The same is valid for conversations through text, video, webcam flow, e-mail, as well as any other communication mode. That equalizing to the “tangible property” yield the ISPs (Internet Service Providers) to judicial measures that take towards the possibility of restoring those transitory informations, which can then be “distrained” and used in court. That disrespects basic rights and expectations related to the nature of electronic data.
Besides, equalizing “data” to “tangible property” disrespects the economic nature of electronic systems. While “tangible properties” are scarce goods, electronic data are “non-scarce” goods. A “tangible property”, when transferred to another person, does not belong to the first one anymore, but does belong to the other one. On the other side, the data have a fluid nature, which means that its dispatching and utilization by one person does not impede its utilization by another. Making use of the jargon, data are “non-competitive” and “non-rival” goods. To juridically regulate them as if they were “tangible properties” goes against those goods' nature itself and generate unforeseeable consequences within Brazilian Law.
Digital crimes
The project's article 339-A criminalizes the activities of “to access computer network, communication device or computing system, without autorization by the rightful holder, when required” and “to obtain data or information available in computer network, communication device or computing system without autorization by the rightful holder”, with penalties of imprisonment and arrestment for 2 to 4 years.
That provision creates a criminal conduct that can affect the life of thousands of people, as a true instrument of “mass criminalization”: in case the Senator Azeredo's project is approved, countless people will become criminals in potential. That article comprehend the access to devices like computers, iPods, mobile phones, DVD players and even digital TV signal converters. So that the content industry can criminalize their consumers, like it happened in the United States in 1998 due to the Digital Millenium Copyright Act (DMCA) approval. Ten years after the approval of that legislation in the US, there is a consensus that, besides having its absolut inefficiency proved, the DMCA produced serious damages for society and public interest, to the point that its provisions are being made more flexible, year after year.
Senator Azeredo's law project not only runs against that empiric evidence of a failed legislation in the US, but also amplifies the scope of the North American model. While in the US it became a crime “to break or circumvent digital protection measures” used by the entertainment industry to protect copyrighted materials, Senator Azeredo's project criminalizes the access itself.
That proposed model creates significant costs, both for any Internet user and for any public or private enterprise in the web – including business initiatives. The reason for those costs is the need for constant verification: when, how, and in what terms do the “autorization by the rightful holder” take place so that the access can be made.
The authorization empire and copyright
In synthesis, an “authorization empire” is created, aggravating a well-known problem, which is the practical difficulty of obtaining “authorization” and verifying what exactly are each of the respective terms and modalities with the rightful holders. That will increase the problem of transaction costs for the access to information in Brazil.
Finally, it is well-known that criminalization and restriction to “access”, in the way the law project in question does, opposes public and collective interests. Consumers' defense associations of the whole world, together with librarians, universities, companies and academic institutions, among others, have been manifesting in a consistent way regarding the increasing of barriers and the bureaucratization of access. An example of that is the well-succeeded pressure performed by consumers on Apple company, which is progressively quitting from using measures that difficult the access to its contents (the so-called “digital rights management”, or DRM). The very same occurs with several other content distribution websites.
The situation overburdens when one bear in mind that that the law project includes the signals transmitted by digital television in Brazil: the project's article 339 explicitly defines that the “communication dispositives” also encloses “the digital radio or television signals' receptors and converters”. It must be considered that the digital TV transmissions in Brazil will be made through public concessions, and using an equally public good, which is the eletromagnectic spectrum. In that sense, it is unconstitutional to criminalize the “access to communication device” like the TV converter “without authorization of the rightful holder”. The actual possibility of demanding that authorization, defined by article 339, violates the public nature of digital television transmissions.
Actually the possibility of an Internet user to face a lawsuit due to improper access to copyrighted content is not completely remote, because of the vagueness of the expression “express restriction to access”. That restriction can be the copyright law (access to protected content), contractual (violation of the terms of use of a website) or technological (like a mobile phone lock or mailbox password). In the second scenario, the law project affords opportunity for the judge in charge of the case to understand that there was a violation of the authoral restriction of the files.
Access versus surveillance
In the project's article 21, several obligations are created for the Internet service providers. Among them, the obligation “to keep in a secure and controlled environment the data of connections made through one's equipments”, “during a three years term”. That obligation forces the providers to create instruments for permanent monitoring over its costumers. As mentioned above, such monitoring can lead to a vigilance over all the user's activities, which is foreseen on article VI of article 21. That provision foresee that the provider shall “preserve immediately, after explicit solicitation from judicial authority, during investigation, the data regarding connections, the user's identification data and the communication carried out regarding that investigation”. With that, the providers are obliged to build technical capacity for monitoring their customers. That monitoring can reconstitute ephemeral communications, like phone calls over the web, e-mails, instant messages and any other data exchanged by the user.
Still, subsection V of article 21 obliges the providers “to inform, in a secret manner, to the proper police authority, denunciation that it got to know, and that contain clues of illegal conduct on the computer network under its responsibility”. Such a provision creates a system of “surveillants” over the web. The provider becomes a vigilance agent, that every time that gets provoked by a “denunciation” shall inform the police authority in a secret manner. That provision violates the guarantee of broad defense and the proper legal process, configurating itself as unconstitutional. The user that is under vigilance have broad right to be informed about that vigilance, which derivates directly from his constitutional rights. That system of incentive to “private surveillance”, together with a secret and secrecy regime is uncompatible with the Democratic State of Right.
The incentive to the “vigilance privatization” is strengthened by the law project's 22nd article, which determines that “the communication to competent authorities of illicit practices, including the supply of information about access, hosting and user identifying data, when any criminal conduct is detected, does not constitute a violation of secrecy rights”.
This article, in practical terms, simply eliminates the privacy and inviolability that protects communications in Brazil. Such a disposition would allow, for example, that the electronic communications among teenagers all over the country could be monitored if an exchange of music files is detected (an activity that can be framed as a crime according to the 184 code in the Penal Code, which criminalizes copyright violation). That and other practices are being object of fierce legislative debates all over the world, many of them seeking for reforms in the law. While the reform doesn't take place, it is not possible to ignore the fact that hundreds of thousands of people will effectively have their electronic communications monitored as an effect of Senator Azeredo's law project.
In that sense, the law project in question affects the majority of Brazilians' lifes, being those the owners of mobile phones, or being those who access the Internet through computers, or those that will be future digital television spectators. For that reason, it is inconceivable that a project like this is not being debated in a broader way, together with civil society and representatives of the interests directly affected. This list is long and includes: access providers, technology companies as a whole, consumers, universities, non-governamental organizations, telecommunication companies, just to name a few.
All public debate efforts related to such a law project, that aims at regulating the Internet from a criminal viewpoint, should turn itself to the Internet civil regulation, clearly defining its regulatory mark and privileging innovation – as happened on developed countries. To privilege a criminal regulation of the Internet prior to its civil regulation will have as a consequence the increase of public and provate costs, the disincentive to innovation and, above all, the inneficacy. In that sense, it is needed to firstly learn with the civil regulation, and only then propose criminal measures that can reach their effectiveness, without burdening the society as a whole, like the actual Senator Eduardo Azeredo's law project does.
tags: rio-de-janeiro brazil policy-law brazil cybercrimes local-context-global-commons convention-on-cybercrime copyright privacy civil-regulation internet
|
send
printer-friendly version
invite to vote