After the Presidency of the Republic issued the E-Ciber (National Cybersecurity Strategy) decree at the beginning of the month, the Senate now begins to address a related issue: the responsibility of federative entities for the cyber security of public services Brazilians.
The proposal of the Presidential Institutional Security Office (GSI) is quite comprehensive: to create a National Cybersecurity Policy, to enable a macro-coordination of the theme by the federal government and to align efforts and initiatives among the different actors of the network, including private companies.
Already proposed by the Senate, authored by Senator Eduardo Gomes (MDB / TO – photo) and another 27 senators (from the MDB itself, from Cidadania, Pode, PSB, PSD, PP, Rede, PL, PSDB, PSL and PT), is change the Federal Constitution, changing an item in Article 22 and adding provisions to Articles 23 and 24, to give the Union the prerogative to legislate on the cyber defense theme, as it already does with territorial, aerospace, maritime and civil defense, and not about cybersecurity.
The issue of cybersecurity rules applicable to the public service would also be a matter for the states, territories and the Federal District, as a way of "practicing minimal state intervention in private matters". the Union would only be responsible for harmonizing the rules defined by the state administrations for the public sector.
In this sense, in the opinion of specialists in the protection of personal data, PEC 3/2020 aligns with the data protection environment that we all want to implement in Brazil.
The GSI, in turn, said it was still studying the Senate initiative.
At that moment, the PEC awaits the appointment of a rapporteur in the CCJ – Commission for Constitution, Justice and Citizenship.
The debate is open.
International cooperation is another hot topic
In the justification of the PEC, the senators also warn of the importance of Brazil adhering to the Budapest Convention. "It would be fundamental for the promotion of criminal justice, mainly, through international cooperation, in times of crimes committed by digital means", says the text.
It is worth remembering that also last week, the Federal Supreme Court held a public hearing to debate the Declaratory Action on Constitutionality (ADC) 51, on the validity of the Judicial-Criminal Assistance Agreement signed between Brazil and the United States, known as MLAT .
The Supreme Court will have to decide on highly complex technical and legal issues, such as the practice and effectiveness of the international treaty for obtaining and intercepting electronic communications content, such as conversations via WhatsApp, the possibility of applying Brazilian law and other instruments for access to communications intermediated by US or foreign companies and the possible decrease in the level of privacy protection of Internet service users.
The limits of national sovereignty of the countries involved are also under debate, "in the face of the fragmentation of borders, virtualization of physical space and expansion, at a global and instantaneous level, of the media", the criteria for the reach of the Brazilian jurisdiction over communications and parameters such as territoriality, the location of physical data storage, the definition of the controlling company and the impact of communicative activity.
In the lawsuit, the Federation of Associations of Information Technology Companies (Assespro Nacional) maintains that several Brazilian courts request such information from the legal entity affiliated with the provider of electronic communications services in Brazil, as they understand that the agreement or requisition through letter rogatory is not applicable for obtaining the content of private communications under the control of a provider established outside the national territory. The association claims that the direct request to Brazilian representatives represents a "white declaration of unconstitutionality" of the rules in question.
For the Minister of Justice and Public Security (MJSP), Sérgio Moro, there is no reason for Brazilian courts to give up their sovereignty and their jurisdiction over crimes committed in Brazil. He noted that the Brazil-US agreement was signed to facilitate, not to hinder, the obtaining of evidence and that, so far, the US government has not complained that the treaty has not been complied with.
Marconi Costa Melo, of the MJSP's Asset Recovery and International Legal Cooperation Department, reported that, in the last four years, only 20.8% of the Brazilian government's requests to the USA in this area have been fully complied with and that the deadline for their execution is ten months. Therefore, he considered that the agreement has not shown satisfactory results.
Data protection as a constitutional right
During the hearing at the STF, speaking on behalf of the IDP Law, Internet and Society Center, Professor Danilo Doneda drew attention to the need to increase the effectiveness of requests for information requests and, at the same time, provide measures for protection and clarity of citizens' rights and the rules of the game for governments and businesses. To this end, he stressed that the information request system must take into account both data protection and human rights standards.
In fact, it is also good to remember that the protection of personal data may become part of the Brazilian Constitution in 2020. Gradually we are incorporating important issues for the digital economy in the constitutional text. What is good. Very good!