
Annoyed at crypto, Brazilian judge orders mobile carriers to block WhatsApp - Aelinsaar
http://arstechnica.com/tech-policy/2016/07/annoyed-at-crypto-brazilian-judge-orders-mobile-carriers-to-block-whatsapp/
======
soneca
Yes, the judge is asking for a backdoor, but Whatsapp was not blocked just for
that reason. They were blocked also because they are playing a game with
brazilian justice. Whatsapp Inc. claims is based outside of Brazil, so answer
court orders in english and ask for more information about the process (that
is confidential).

And Facebook Brasil just claims is another company. But the counter court
order that removed the block the other times was filled by Facebook Brasil.

So Facebook Brasil + Whatsapp are obviously on an arrogant position with very
unprofessional response to the court orders. If a proper brazilian lawyer was
hired to properly react to the court orders I doubt that any of the 3 blocks
would ever have happened, moreso because they have strong technical and
ethical reasons on their side. At a minimum there would be a long judicial
dispute. Even the judge that overruled the other block stated that Whatsapp
didn't act the proper way while dealing with the previous court order.

WhatsApp might have the HN crowd sympathy on this, but they brought these
issues to themselves by being unprofessional on their response to brazilian
justice.

~~~
cesarb
> And Facebook Brasil just claims is another company. But the counter court
> order that removed the block the other times was filled by Facebook Brasil.

The name "Facebook _Brasil_ " makes me wonder: what's the relationship between
Facebook (the USA company), Facebook Brasil, and Whatsapp? Does anyone here
know the details?

Everybody seems to be assuming that "Facebook Brasil" and "Facebook (parent
company of Whatsapp)" are the same, but is that really the case? And how does
that affect the jurisdictional questions involved in these cases? The decision
mentions a law that says that foreign companies that have one "agência, filial
ou sucursal" in Brazil are considered as having domicile in Brazil, but would
that affect a different subordinate of the same parent company? Does it depend
on which kind of subordinate it is?

~~~
liveoneggs
there are big advantages to having a *-brazil version of your company if you
do significant business in brazil so it's pretty common to make a little spin
off just for operating there.

~~~
meira
This happens all around the world, genius.

------
JoshTriplett
This is exactly why people build services such that they themselves don't have
access to user data, because anything you have access to you can be compelled
to produce (by a jurisdiction that has power over you, or that you let have
power over you because you want its business more than your users' trust).
WhatsApp is feeling the pain here because they're popularizing end-to-end
encryption, and jurisdictions are trying to test the boundaries and push back.
As long as there are only a few such applications and services, blocks like
this will remain feasible.

We need a whole generation full of such applications and services, all of
which have no access to user data, so that jurisdictions get used to the idea
that user data is owned _by the users_ , and that there's no point in going
after the service. And with enough such essential services woven into everyday
life, it'll become less feasible or politically acceptable to attempt to block
them.

Consider the very short list of countries that block Google, or YouTube, or
Wikipedia, and what properties those countries have in common, versus the much
larger set of countries making attacks on encryption right now. Consider the
expected length of a political career in a reasonable country for someone who
tried to block YouTube, versus the disturbing lack of backlash against attacks
on encryption. We need to make attacking encryption a political third-rail.

~~~
AJ007
How many commercial services should just be have just been open internet
protocols in the first place?

If email was created today it would be one company and they would call it a
platform. More than one company is trying to co-opt email in to their own app
and do just this. May be it would be totally free at first but gradually
exposure would decrease and eventually companies would have to pay to ensure
that their customers saw their messages. If a gag order was attached with the
backdoor, no debate would even happen.

This isn't an anti-business rant. Every tech company today has benefitted
tremendously because of open standards - from Linux powering servers to http
to the peering among internet providers. What if every free piece of the pie
came at a cost?

There are a lot of funded tech companies right now creating free services in
an attempt to grow their platforms as large as possible. Then, when they hit
the critical mass of the network effect they either start charging or do
something to cash in.

This means that the next generation of tools not only have the potential to
"tax" the next generation of businesses for every little piece they have, but
it also brings immense cross-border regulatory exposure increasing the risk of
broken dependancies. What a different story it would be if the headline read
"Brazilian judge orders mobile carriers to block the internet." We would all
laugh.

~~~
superuser2
The overwhelming majority of email is in cleartext, and the overwhelming
majority of email users vulnerable to phishing and impersonation, precisely
because email is an open federated standard. We wouldn't be having this
conversation about email, because the prosecutor would have read it already.

The laughably tiny adoption of GPG, and even TLS between SMTP servers for that
matter, should make it abundantly clear that voluntary extensions aren't good
enough. A federated system which respects peers' "freedom" to not react
adequately to a changing threat profile is somewhere between irresponsible and
actively malicious to its end-users.

I, for one, celebrate the death of open standards like email in favor of
mechanisms that can actually be improved (i.e. by forcing people to upgrade on
pain of being locked out of the network) in response to new developments in
security.

------
rmsaksida
The judge is explicitly asking for a backdoor [0]:

> We are _only_ requesting disabling cryptography and intercepting data,
> mirroring messages real time in one of the ways suggested by the Ministério
> Público [1] - in addition to forwarding the messages received by the user
> but not yet encrypted; in other words, the exchanged messages must be
> forwarded in real time before encryption is implemented, in a manner similar
> to phone tapping.

(This is a direct quote from the court order.)

This is ridiculous. Judges shouldn't have the power to force software authors
to install backdoors. Nobody should. What's next? Outlawing encryption?

[0] [http://jota.uol.com.br/justica-rj-determina-novo-bloqueio-
wh...](http://jota.uol.com.br/justica-rj-determina-novo-bloqueio-whatsapp)

[1]
[https://en.wikipedia.org/wiki/Public_Prosecutor%27s_Office_(...](https://en.wikipedia.org/wiki/Public_Prosecutor%27s_Office_\(Brazil\))

~~~
vitorbaptistaa
_edit: styling_

I also found it interesting that Facebook's lawyers (which appears to be from
[https://www.zwillgen.com/](https://www.zwillgen.com/)) asked for:

> If possible, please provide responses in English as that will significantly
> improve our ability to analyze and process your request in a timely manner.

> 1\. Is this a criminal matter?

> 2\. What organization is conducting the investigation (Federal Police, Civil
> Police, Prosecutor’s Office)?

> 3\. What is the nature of the crime being investigated (corruption, drug
> trafficking, gun violence/homicide, child exploitation, terrorism, etc.)?

> 4\. What are the specific WhatsApp accounts that are the target of this
> legal process (including all applicable country codes)? > > 5\. What data
> are you requesting for each of the targets listed above?

I wonder if this was only to keep internal statistics.

~~~
rmsaksida
Yep - and they've asked for this _in English_ , something the judge complained
about.

I think I'm with the judge on this one. I found this really lazy and of bad
taste on Facebook's part. The firm representing Facebook won't afford a
translator for one of their top 3 countries (I'm guessing) in number of
Whatsapp users? Really?

~~~
bllguo
You support a judge pettily and stupidly ordering the blockage of one the most
ubiquitous apps in Brazil, over something this insignificant?

Insensitive and foolish move on Facebook's part, sure, but come on. Let's put
things in context here...

~~~
rmsaksida
Try reading the parent comment of this thread - I wrote it, and I explicitly
condemn the judge.

Doesn't change the fact Facebook lawyers are in the wrong when it comes to
this specific issue (and, of course, that doesn't mean the judge is right
about everything else).

------
cesarb
I found a copy of the full order at [http://www.conjur.com.br/dl/decisao-
whatsapp-vara-criminal-d...](http://www.conjur.com.br/dl/decisao-whatsapp-
vara-criminal-duque.pdf) (source: [http://www.conjur.com.br/2016-jul-19/juiza-
manda-suspender-w...](http://www.conjur.com.br/2016-jul-19/juiza-manda-
suspender-whatsapp-reclama-resposta-ingles)).

To me, the most eyebrow-raising part is "[...] além do encaminhamento das
mensagens já recebidas pelo usuário e ainda não criptografadas [...]" (page 4,
rough translation: "and also the forwarding of messages already received by
the user but not yet encrypted"). Do they believe that the messages are
encrypted only after being received either by the user or by a central server?
I get the feeling that they think that the encryption is done by a central
server, and that the messages can be intercepted there before the encryption
(while in reality, they're probably encrypted by the sender's phone, so
intercepting would mean pushing a software update).

~~~
pb8226
That's bizzare if they think that. If it's not encrypted end to end a lot of
the value of encryption is lost.

------
ucy
It's back already - the Head of Supreme Justice overturned the decision.
[http://www.tecmundo.com.br/whatsapp/107456-caiu-
presidente-s...](http://www.tecmundo.com.br/whatsapp/107456-caiu-presidente-
supremo-derruba-bloqueio-
whatsapp.htm?utm_source=facebook.com&utm_medium=referral&utm_campaign=thumb)

------
ucaetano
Let's look at a similar case in the US: [http://arstechnica.com/tech-
policy/2016/07/microsoft-wins-co...](http://arstechnica.com/tech-
policy/2016/07/microsoft-wins-court-rules-feds-cant-use-sca-to-nab-overseas-
data/)

US government sues uses SCA to request data held overseas by an American
company. Court rules that US government under SCA has no jurisdiction to
request data held overseas, even if by an American company.

In this case, WhatsApp does not operate in Brazil. They do not have a legal
entity in Brazil. A Brazilian judge has exactly zero jurisdiction over
WhatsApp.

Sure, it is in the judge's power to blackmail the company by ordering other
companies to block it. But the judge still has zero authority over WhatsApp.

The correct way for the judge to proceed would be to use the Mutual Legal
Assistance treaty between the US and Brazil to request the data through the US
Government and judicial system:
[http://www.state.gov/documents/organization/106962.pdf](http://www.state.gov/documents/organization/106962.pdf)

From Art. I, assistance shall include:

(f) executing requests for searches and seizures;

Which would be subject to US laws, therefore, probably wouldn't happen.

~~~
serge2k
Why does a case in the US have anything at all to do with this?

~~~
ucaetano
It provides a parallel view on a critical subject: how does the sovereignty
and jurisdiction of countries extend or not over the entire internet.

------
ucy
Brazilian here [http://jota.uol.com.br/justica-rj-determina-novo-bloqueio-
wh...](http://jota.uol.com.br/justica-rj-determina-novo-bloqueio-whatsapp) "Em
verdade, o Juízo requer, apenas, a desabilitação da chave de criptografia, com
a interceptação do fluxo de dados, com o desvio em tempo real em uma das
formas sugeridas pelo MP, além do encaminhamento das mensagens já recebidas
pelo usuário e ainda não criptografadas, ou seja, as mensagens trocadas
deverão ser desviadas em tempo real (na forma que se dá com a interceptação de
conversações telefônicas), antes de implementada a criptografia."

So, a judge required Whatsapp to put a backdoor to realtime wiretap some users
before the payload is encrypted. I personally dont think Whatsapp should
comply.

Whatsapp isnt secure, anyway, the default config is to store all the messages
and the key on icloud or google. Also, the server knows your contact list,
(and bans you if you dont sync), and someone could tap your wifi to get your
contact list.

The judges here are annoyed that the lawyers requested info that is under a
gag order, and that they answered in English, and that Facebook, who has a
local office plays dumb and insists that "Whatsapp is out of my jurisdiction"
when Brazil has the 2nd bigger userbase of the app. They are hitting them
where it hurts - blocking 7 billion usd of their assets.
[http://link.estadao.com.br/noticias/empresas,justica-
brasile...](http://link.estadao.com.br/noticias/empresas,justica-brasileira-
bloqueia-r-19-5-milhoes-de-contas-do-facebook,10000060270)

~~~
eggie
> Also, the server knows your contact list, (and bans you if you dont sync),
> and someone could tap your wifi to get your contact list.

Wouldn't they also have a contact log for each user?

That plus the contact list is a pretty nice chunk of data for use by their
parent company.

And also, it would surely be useful for law enforcement. Has it been shared
with the courts?

------
erpellan
What if they just gave up the ciphertext? They will have complied in the sense
that the court would know everything WhatsApp knows about the content.

~~~
JoshTriplett
That'd be interesting to see. What's the process, in general, if you're served
a warrant for something you don't have?

------
bikamonki
FB cannot afford to lose its Brazilian Whatsapp market share, I am
guesstimating over 50% of its users in South America are from Brazil?
Furthermore, integrations of Whatsapp to businesses (with or without a legal
API) are already happening so there is high pressure to rollout a business
oriented API and make the billions back, I am sure Brazilian numbers are key
in the projected revenue stream. Given this, I dare to predict FB will just
lift encryption for Brazilian users and blame it on their legal system. In the
end, the _average_ internet user couldn't care less about privacy; in fact, in
developing countries users are much more concerned with saving money with
_free_ SMS and calls.

~~~
scardine
We know the court order is abusive and will be voided by an appeal in a few
hours, so nobody cares. While it is blocked we may use telegram or resort to
plain old SMS.

The problem is that a Judge here in Brazil cannot be fired based on the number
of reformed decisions.

~~~
necessity
As someone expecting a reply from my boss on WhatsApp, I care.

As a french man once said, Brazil is not a serious country.

~~~
ucaetano
That's funny, coming from France. Neither are serious countries.

------
mankash666
Why is Facebook applying different standards to different countries? In Saudi
Arabia, they outright disable encryption to placate the government, so why not
Brazil (not that I argue for weaker encryption, but the double standards are
mysterious)

~~~
Jtsummers
So this is about WhatsApp, not Facebook. Does _WhatsApp_ disable encryption in
Saudi Arabia?

EDIT:

[http://www.ibtimes.co.uk/whatsapp-blocking-encrypted-
calls-s...](http://www.ibtimes.co.uk/whatsapp-blocking-encrypted-calls-saudi-
arabia-1570599)

Is this what you're referring to? This deosn't indicate that they're disabling
encryption, but that they're blocking all _calls_ to Saudi numbers. A
different issue.

~~~
unwind
I read that as since Facebook owns WhatsApp, it's their decision.

~~~
Jtsummers
Fair. But either way encryption doesn't seem to be _disabled_. Rather, calls
are not allowed _at all_. Encrypted messaging still seems to be present.

------
Kenji
I wonder what security threat or investigation could be so large as to warrant
stifling the communication of large parts of the population. A classic case of
a state gone haywire and not serving its people anymore.

~~~
vocatus_gate
Does any state really serve its people?

------
hughw
The judge "did not give a reason for the blockade due to legal secrecy in an
ongoing case." Secrecy for me, jail for you!

------
kawera
Brazilian Supreme Court just upholded the order, the blockage is over:
[http://www1.folha.uol.com.br/mercado/2016/07/1793291-preside...](http://www1.folha.uol.com.br/mercado/2016/07/1793291-presidente-
do-stf-suspende-bloqueio-do-whatsapp-no-brasil.shtml)

------
ajeet_dhaliwal
Seems to becoming a monthly affair.

------
0x006A
Does anyone know how the block was done last time? Is this done via DNS or are
they blocking based on IP Address or some other way?

~~~
kawera
Telcos were forced to block IP addresses and they were happy doing so as we
had to use their expensive services.

~~~
the8472
If the block is IP-based then adding a p2p component would be the next logical
step.

~~~
kawera
It's certainly an option. I for one use a VPN so no blockage.

~~~
necessity
The problem is that the people you want to communicate with often don't even
know what a VPN is.

~~~
kawera
True for most people, yes, but not in my case since my kids and business
contacts are all on VPNs.

------
meira
It's funny how HN didn't care when judges and the supreme court broke several
laws in support of a parlamentary coup d'etat. And it's sad to see so many
brazillians not defending the best interests of their country here in HN.

------
meira
She got more annoyed with the arrogante attitude of whatsapp's director. He
didn't answer her in the local language. He could have been jailed for
delaying investigations.

------
utopcell
is it fair to assume that all other messaging apps operating in Brazil that
have not been blocked have cooperated with the government and installed
backdoors ? does anyone have more information on this ?

~~~
thomasfortes
Not exactly, the thing with whatsapp here is their MASSIVE user base, almost
every one uses it.

------
holografix
To telegram it is...

------
aianus
If WhatsApp gets summoned to Sharia court in Saudi Arabia over a case of
suspected extramarital sex, do you think they should humor them and play
along?

It is unrealistic to expect WhatsApp to 'correctly respond' to every little
despot's 'court orders' worldwide.

~~~
soneca
Ad absurdum.

They may very well ignore brazilian justice. It is their choice. What they
can't do is to ignore brazilian justice and continue to operate in the
country.

~~~
bubbleRefuge
Pelo amor de deus cara! Who looses here is the Brazilian public where WhatsApp
use is ubiquitous. This is like the reciprocal visa requirements that Brazil
imposes on US visitors(making it harder for Americans to spend their dollars
in Brazil). This is the Brazilian Government wanting to flex their muscles in
front of the Gringos while the public suffers yet again from Ivory tower
policies totally disconnected from reality on the ground.

~~~
cocotino
I remember WhatsApp was blocked once in Brazil for refusing to hand out data
on a drug smuggler... Taking into account Brazil is an oversized drug cartel,
yes, doing that was "to be disconnected from reality".

~~~
segmondy
First they start with the drug smugglers, ...

No, really, this has always been the means, we are going after "criminals" and
once that is possible, then it's everybody else.

~~~
morganvachon
The flipside is to slowly criminalize everyday activity. I've seen that trend
in the US (apart from the decriminalization of marijuana, which I'm still
surprised by).

As an example, here in Georgia you can theoretically be ticketed for going too
slow _and_ too fast at the same time; traffic law says don't impede the flow
of traffic, even if said traffic is going 20+ over the limit. So if you're
going 5 over and everyone else is going 20 over, you're at risk of getting
both tickets.

I realize that traffic infractions are not what most consider crimes, but it
scales to misdemeanor and even felony offenses as well. "Show me the man and
I'll show you the crime."

[http://www.cato.org/policy-
report/januaryfebruary-2010/crimi...](http://www.cato.org/policy-
report/januaryfebruary-2010/criminalization-almost-everything)

------
serg_chernata
His age is showing.

~~~
csours
This comment doesn't add anything to the discussion. Even young judges expect
to have access to information needed to make decisions; that is key to the
judicial process.

~~~
serg_chernata
Maybe I should have elaborated, maybe I shouldn't have assumed, but I think
most people on the younger side of age brackets would understand that WhatsApp
is not the ONLY way to have encrypted conversations.

~~~
rmsaksida
This is silly. The judge is female and young (for a judge):

[http://oglobo.globo.com/rio/juiza-agredida-no-bep-ganhou-
ape...](http://oglobo.globo.com/rio/juiza-agredida-no-bep-ganhou-apelido-de-
kate-mahoney-17667644)

Unfortunately, tech-related ignorance is common across ages and genders.

