Brazilian law regarding regarding privacy of users of internet services is very recent and clear: if a judge order the company to share a specific user data, the company must comply. You can disagree with the law, but the law is there.
Now, the judge ordered Whatsapp to share a particular user conversation (a suspect murderer - edit: drug dealer). But the problem is: Whatsapp have no offices or operations in Brazil. The order was sent to Facebook, who ignore as Whatsapp is another company. So, without any executives in Brazil that could be held responsible for disobeying the law, the judge fine the company. They continue to disobey the order (for months). The judge suspends Whatsapp activity (for 24h a few months ago, but that order was suspended itself after a few hours). Now Whatsapp continue to disobey the judge's order until this day. The judge suspend the company again.
All arguments I hear against the judge is in the line that Whatsapp is "too big to fail". That's not a valid point in my opinion. If they disobey the law, it must have consequences, no matter how big and important to brazilian society they are. If they had operations and executives in Brazil this would never had happened at the first place. They would have lawyers fighting against the decision to share the user data and this would be solved by the justice system (never coming to have its activity suspended).
But Whatsapp simply ignored brazilian justice system as if it was above the law.
It is very unfortunate that it came to this point, but it is not like a judge decided yesterday that Whatsapp should sufer for whatever reason. They got a lot of months of warning for this. And he is acting completely according to the law. For me, all of this is Whatsapp fault.
First, WhatsApp is a US company and has no presence in Brazil. Under many readings of US law (specifically, ECPA), US companies are in fact prohibited from complying with requests from foreign law enforcement for content, except in emergencies. Instead, foreign law enforcement must make a request for assistance to the US DoJ, which will then (eventually, and maybe) process it and serve it on the US company. This is one of the reasons why MLAT reform, such as the proposed UK-US agreement, is so important because it would allow US companies to directly respond to foreign law enforcement requests.
Second, apparently, the data does not exist. WhatsApp publicly stated, including in testimony before the Brazilian Congressional Committee on Cyber Crimes, that it does not and has not retained any message content once messages are delivered, even before the recent full roll-out of E2E. Based on these statements, it would seem that WhatsApp is indeed unable to comply with the court's request, regardless of any jurisdictional arguments.
This is all WhatsApp's and the US's problem, not Brazil's. In fact, it's kind of insensitive for foreigners to suggest that a judge of a sovereign nation must consider US law in his rulings. If anything, I think this would justify ruling against WhatsApp more harshly, as it sends the message to the US that policies which don't respect the sovereignty of Brazil will hurt US economic interests in Brazil.
> Second, apparently, the data does not exist. WhatsApp publicly stated, including in testimony before the Brazilian Congressional Committee on Cyber Crimes, that it does not and has not retained any message content once messages are delivered, even before the recent full roll-out of E2E. Based on these statements, it would seem that WhatsApp is indeed unable to comply with the court's request, regardless of any jurisdictional arguments.
If this is true, that's a solid argument and stands on its own.
My apologies, but I think that if you re-read what was written, you will find that this was not suggested. The comment was written in response to one that came to the conclusion that this "was all [WhatsApp's] fault." It is suggesting that WhatsApp is not at fault, is probably strictly complying with US law, and cannot share the information in any case. At no point does it even come close to suggesting that the judge in the case should have "considered US law" in his rulings.
Moreover, I feel that your claim does not clearly differentiate between 'considering US law' as a material fact and 'considering US law' as a judicial precedent. You seem to be suggesting that someone arguing that US law ought to be held material to the case is somehow demanding that the Brazilian judiciary hold itself subservient to the US courts. You also seem to be suggesting that a Brazilian state judge has any business interpreting the law so as to "send a message" to the government of another nation, which is simply and patently untrue.
It's worse that most local judges simple don't know that there's even a problem, and even if that'a clear to them, the judge most likely has 0 experience in making a successful request to the foreign state. And since all bureaucrats if the request isn't perfect it falls through the cracks. So often (at least if you're locally present) your laywers will need to help the judge to draft and push such a request through.
Long story short: These jurisdictional issues are not at all US specific, it's everywhere. Sovereign states just don't like it all over if their citizens and companies do stuff within their borders under orders of a foreign state.
Whatsapp can choose to assign resources to this issue, or it can ignore it and let it solve itself. If Whatsapp thinks that Brazil is an interesting market for whatever it is selling (what are they selling?) or if it is good for PR then they may choose to seek ways to intervene.
When they are operating their business within the EU, yes. For example US companies operating servers in the EU must comply with EU data protection laws regarding information on those servers. This situation is analogous. WhatsApp's servers are in the US so US law applies. If the servers were in the EU then EU law would apply, not Brazilian law.
More accurately, US companies processing personal data of EU citizens must comply with EU data protection laws. It just so happens that locating the servers in the EU is among the easiest ways to comply with that.
The Brazilian case isn't about data transmission though. WhatsApp isn't in breach of any rules about that. It's about court ordered access to records stored on an server in a specific geographic location - The USA. Now if the Brazilian government passed a law requiring WhatsApp to record all data on servers in Brazil that would at least be possible to comply with.
Allowing a company to break Brazilian law because US law demands that the company break Brazilian law would absolutely put the Brazilian judiciary in a subservient position to US law.
> You also seem to be suggesting that a Brazilian state judge has any business interpreting the law so as to "send a message" to the government of another nation, which is simply and patently untrue.
Brazil decides what is and is not the business of Brazilian state judges.
It's really the only way to go. Otherwise, you get pissing matches. Brazil blocks WhatsApp. China blocks Facebook, GitHub, etc. Iran blocks so much stuff that people need to get data dumps via satellite TV. The US blocks a lot too, but mostly about gambling, "piracy", etc.
It has to do with some countries suck more, and some suck less.
Plenty of countries don't block anything. Like military aggression, child mortality, literacy rate, etc., that is one important data point about any country and its government.
If you don't know what "internet sovereignty" means, then how can you possibly claim that something had nothing to do with it?
Bad laws are bad laws. If you can avoid complying with them, you absolutely should.
I wonder if you'd say the same to Gandhi. "The law is for everyone so you can't evade taxes by making your own salt." https://en.wikipedia.org/wiki/Salt_March
It's just as insensitive for a judge of a foreign nation to suggest that all foreigners must consider his rulings when making decisions under their own sovereign laws.
Incidentally, I wonder how the situation would be handled and what the opinion would be if some big foreign company operating in the US were shut down in the same way.
Isn't this a fair position ?
Imagine you are a lone dev creating a service that has no specific limitations. You are subject to your countries law, but should also be liable under each single law of every country where your users might happen to be ?
It seems to me that countries should have the right to do what they want within their borders (including shutting down access to some services) but go the diplomatic route if they have to interact with people out of their borders.
So, in this case, "all foreigners must consider his rulings", applies only for the those who wish to keep their service working in Brazil.
If you are operating in Brazil you have to follow Brazilian laws, including judges' orders. Just because I decide to do something in the US doesn't mean it's automatically legal when I do it in Brazil.
So you're saying it's OK for Brazil to send a SWAT team to raid a house in the US? The judge's order has no validity outside his jurisdiction; just like a US judge's order has no validity in Brazil.
> The judge's order has no validity outside his jurisdiction; just like a US judge's order has no validity in Brazil.
Which is why the judge only banned WhatsApp from operating in Brazil.
I don't see what they can gain from storing masses of old chats and then not allowing users to download them onto new devices. If they kept chats to do analytics on, there's no reason that they wouldn't expose it to users too.
(This may also explain how they survived as a company for so long with so many users and so little revenue. All they're doing is running a few fast servers to shuttle messages back and forth, no storage requirements at all).
On the other hand Telegram does seem to store conversations - if you log in using a desktop app, it will pull down your recent chats.
If that's true, I'm in awe of their integrity. Skype on the other hand now has complete disregard for user privacy. Skype stores your voice mails and video messages forever. This is something that they started doing 2-3 years ago and few people seem to be aware of it. It's amazing how low Skype fallen from its early days when it was considered a beacon of privacy and on the cutting edge of encryption and security.
 Details: Clicking on Preferences -> Privacy -> Delete history (OS X) or Options -> Privacy Settings -> Clear history (Windows) pretends to delete the voice/video messages but it merely hides them from your view. If you re-install Skype on the same computer or run Skype on a different computer, all those "deleted" voice mails and video messages re-appear. The delete and clear buttons are basically lies; there's no polite way to put it.
Very old voice messages are also accessible even if "deleted".
Text chats do seem to disappear, but at this point I don't believe anything Skype says. I figure they keep the chats forever as well.
Edit: yes, the chat backup functionality still works. I have never tried to restore it though.
Go to settings > chats >> Chat backup to start backing up your messages to Google Drive. (Make sure you have 2FA on your Google account)
It's a "feature" of the normal chats/channels/groups/supergroups of Telegram that you are able to download them to other devices, or to restore them on a freshly wiped device, because (and I'm over-simplifying here, but the end result is the same) they are encrypted with a key known to the server, and which other devices signed into your account can then be authorized to use.
But, the NSA approach to data collection is basically to vacuum it all up and, if possible, decrypt it later. This has two implications:
1. Metadata. "We kill people based on metadata" isn't a joke, it's a quote from Michael Hayden, ex-executive in both the NSA and CIA. End-to-end encryption doesn't hide who you're talking to or when.
2. It seems unlikely that it will be computationally possible for them to decrypt all traffic, but it would only surprise me a little if AES128 is breakable for high-value targets in the next 20 years: increased computing power, better multi-threading, better cryptanalysis algorithms, maybe quantum computing or some completely unexpected technology; it's hard to say what will come along.
In short: mining encrypted data still matters.
I always feel like many large US tech companies want to have their cake and eat it. They want to be a global company, they want to have 2 billion users, and are valued at having that many users. But when it comes to laws, suddenly they operate under US law alone.
I wouldn't mind if they ignored all national laws, and acted like a true global company. But I'm not from the USA (or Brazil), and don't want to be under US law. If you want to operate only user US law, then why not constrain yourself to the US market? Only operate there?
And when it comes to taxes...
The fact that WhatsApp's info is stored on servers rather than paper records is irrelevant. The jurisdiction in which the records reside applies. Although the fact that their servers don't even store the information requested anyway should be.
Fair point. But to continue that analogy, the US judge is quite free to ban the commercial operation of that Brazilian company in the USA. Which is exactly what happens, and is happening here.
As an ideological position it has some interesting points to make, but in a contemporary legal setting it's difficult to find footing.
My personal position is informed by Hobbes (https://en.wikipedia.org/wiki/Leviathan_(book) ) in that we have to make compromise with our individual liberty to bring about a greater good.
> "No arts; no letters; no society; and which is worst of all, continual fear, and danger of violent death: and the life of man, solitary, poor, nasty, brutish and short."
Freemnan-on-the-land is totaly quackery in a comptemporary legal setting. It's like homeopathy, but for laws. It's Creationism, it's snake oil. Fundamentally it presumes/assumes that laws work differently from how the organs of the state think they work.
I mean this: https://anarplex.net/hosted/files/declarationseparation.html
I think cyberspace currently is best categorized as a distinct estate rather than realm in a similar vein to the press and the judiciary. Each functions with more or less autonomy but can occasionally be subjugated to the other.
But in meatspace, one blends in, doesn't attract attention. As in Vinge's True Names. Ultimately, authoritarian states may wither. Or not. But in the meantime, one can manage, under occupation.
National law cannot enforce anything on organizations not within the national jurisdiction, without international cooperation. However, they can (attempt to) stop their own citizens from accessing the international service.
I don't think it makes a difference whether what you are offering is physical or not, your service is bound by the laws in whichever country the exchange takes place. Of course enforcement might be an issue, which is exactly why the Brazilian judge did what he did, when Whatsapp failed to abide by Brazilian law.
Even with the laptop warranty case, if some small retailer from Country A shipped a laptop to Scandinavia, but didn't uphold a 2 year warranty, the Scandinavian governments would not be able to force the warranty to be upheld. They can make whatever local judgments they want, but none of them would touch Country A without international agreements in place.
I think this is a bad law by the way. Hopefully the clearly negative impact it is having will lead to it's reform.
This kind of thing can't even be enforced, being so easy to bypass.
every country treats certain content as criminal as they wish. Where the servers are is just a minor detail.
All laws are easy to bypass, what's your point? Ever tried to go 60 in a 30km/h zone? Lack of 100% enforcement does not make a law useless.
they have bank accounts and deals with many tel co to operate as they do in each country they are.
you do not get pre-installed on the three biggest mobile operators phones (99.9% of market) and get deals where data to your service do not count as part of the limited data-plan on two of them, by just "being an IP address on the web".
Same goes for the telcos. Offering free whatsapp and Facebook is a thing. And it's not because whatsapp had a "deal". It's because the telcos want more users.
Developing countries eat that up. People explicitly want to see whatsapp support or they don't buy the phone and many terrible devices have been sold on this premise.
Nothing that lives of ads or telecomunication companies survive only by "serving the user". The telco only pre-install something on the device if: A. they are paid upfront, B. if they get a percentage of the ads.
yeah, serving the user is good, but remember that you are talking about companies that charges for SMS. the day they have to rely on "pleasing the user" hell will freeze over. They rely on regional monopoly, just like in the US.
People constantly switch network providers here since we have number portability.
My wife, me and many of our friends switched to Vodafone cos they were offering a really great Internet package.
Free Whatsapp, Facbook, Twitter, Instagram,and Snapchat plus 3.5 GB for what's essentially $9 a month. Here that's unbeatable and unheard of. http://support.vodafone.com.gh/customer/portal/articles/1813...
I doubt all these services are paying for for Vodafone to do this.
MTN does it, Airtel does it and Vodafone I think does it as a package.
If you currently don't offer some sort of package or free service, you're out of the competition.
you can't do that in brazil without having the papers to do business there. in fact, you can't even sell anything without the right documents. Just like everywhere else.
I don't know portuguese so I didn't actually read what the deal is.
Is this a service where subscribers pay the carrier a fee for 30 days of unlimited data traffic to whatsapp servers (VoIP excluded) + 50M of data ?
If yes, does that constitute a transaction the consumer makes directy to whatsapp via the operator? I understand that likely whatsapp and TIM (an Italian company btw) might have made some deal and exchanged some money for the use of whatsapp logo etc, but I guess that transaction could have been done anywhere.
the app has in app purchase. that page describes both what you described plus paying for in app purchases via operator
> TIM is an Italian brand owned by Telecom Italia. Originally founded as a mobile telephony company in 1995
> Parent Telecom Italia Mobile, Telecom Italia
I never been there, I don't read or write danish, I never interacted with danish government, or met any danish person.
If the dane government wanted something from me, and sent a letter to some random person, written in danish, even if it reaches me, I wouldn't understand it anyway.
Thus, having app in some other country store doesn't prove much, except that you clicked "publish" somewhere on Google or Apple uploading interfaces.
At which point you agree to adhere to their laws and regulations.
A famous example of someone operating legally under local law, but who got prosecuted for having merely a website accessible in another country, was Kim Dotcom.
That’s the current state of international law, either lobby to change it, or accept it, but don't ignore it.
Uhm nope. If my app(published on Apple Store/Google Play) violated a law in Saudi Arabia and they sent me a letter requesting me to appear and subject myself to 100 lashes for violating their law, I would very promptly disregard said letter, to put it politely.
And that is the problem. You can't actually expect people to hire lawyers from 108 different countries to see if their app is legal in each of them just because they're going to distribute it on the internet, to say nothing of what happens when two countries have mutually contradictory laws (e.g. privacy vs. data retention). And a person who goes to see the Great Pyramids shouldn't have to worry about being hauled off to Saudi Arabia and then stoned to death because their app doesn't prohibit blasphemy.
> Also Saudi Arabia will propably ban your App, which is what is happening in Brasil.
Which only increases the proliferation of tools to bypass the restriction.
You could expect facebook, with their almost infinite resources to so.
I never thought I'd say this, but: Good on Facebook for not complying.
If you purchased a VW car in Germany and had it shipped over to the US it would be on YOU to make sure it complies with all requirements of your country, not Volkswagen's.
Harmful lays laws should not be considered lawful just because somebody wrote them down.
I can’t sell medical marihuana in most states of the US – and I don’t go and try, and then complain about getting arrested.
Instead, if I wanted to start a business doing that, I’d check out where it would be legal, and in which ways, and sell my product in those markets.
Why do you assume you can sell your product in markets without having checked the legality, and then complain when they ban your product because it violates the local law?
My point was - is there any reason why I, as a developer, should not check "all countries" when publishing an app? If Saudi Arabia wants to ban my app later - let them, I literally don't care.
And yes, consumer protection laws absolutely still apply. The laws of my country - if my country says that I have to give him 2 years warranty - of course he gets 2 years warranty. If his country says a seller can be subject to 100 lashes for selling prohibited materials - they can go and try executing this, I wish them all best luck.
Just because you can take their money doesn't mean they have to accept that.
It's a bit like saying "You should hang yourself, because if you don't, I'll hang you." The proper response is "get on with it then."
That's a pretty shit example, given everything that happened around that case.
If an art dealer sells a painting to someone in brazil, does it mean the original artist operates in Brazil?
(Not that I agree with that, but that's what it looks like)
Apple has a corporate office in Brazil (google too) and they're the ones who distribute and approve the application for sale there. They're legally required (I assume) to respond to legal notice they're served with. WhatsApp is not legally required to do so, and others have pointed out that it might not even be legally feasible for them to do so.
Of course this situation is more complex because obviously Apple doesn't have the data and I doubt Brazil wants to get into a legal battle with Apple. And although Brazil doesn't have the ability to force WhatsApp to comply with anything, they do have the leverage of being able to shut down their service. Should make for an interesting story to follow.
At the very minimum, if they had served Apple/Google instead, they would have had a legal requirement to actually respond. I don't know much about the actual case so these are mostly assumptions.
If they have no presence in Brazil, how did they get shut down in Brazil? I don't mean to be glib, but I don't see how the two concepts jive with each other.
On a purely practical level, if they were interesting in maintaining their service in Brazil, why didn't they establish a presence in Brazil when all these previous orders and shutdowns were going on? This is like ignoring notices in the mail and then wondering why you're getting collections calls.
Blocked at the ISP level.
What would interest me is knowing whether or not access is still blocked if you change your default DNS server to something like 220.127.116.11?
OT: Intrigued and tempted by ivpn.net but the about page don't give me enough info to decide (no team, no physical address...) Where can I read more?
> VPN was founded in 2009 by a group of information security professionals who met whilst doing their Msc in Information Security at Royal Holloway, University Of London.
I've never researched that, but I've worked with them for years, and it's consistent with my experience. They're good people, I believe.
This does not make a lot of sense.
If they don't retain any message content, then how am I able to browse all my message threads on https://web.whatsapp.com?
EDIT: I'm wrong.
If you delete a message on the phone the message disappears in the web interface too.
"WhatsApp Web connects to your phone to sync messages."
I.. did not know that.
"oh sorry, breaking local laws? Oh well, we're in america! Too bad!"
Doesn't work like that.
i know nothing about law, but where are you getting this from? does not seems to be the case with any company in china (yahoo gave in, google decided to leave) for example.
I certainly disagree with this ruling, but "no presence in Brazil" is wrong and contradicted by Facebook itself:
> São Paulo, Brazil 23 open positions
> One of the most talented and diverse cities in the world, Sao Paulo is a hub for our operations throughout Latin America. Our teams make an impact by providing support to our communities, small and medium businesses and brands in the region.
And of course their Latin America VP is located in this office:
So I don't know where the bizarre idea that Facebook has "no presence" in Brazil comes from.
It would be an apt comparison, if you imagine that Comcast had a Latin American headquarters in Brazil, where Telemundo's Portuguese telenovelas have millions of viewers; it would be weak tea for NBCUniversal to then argue that Brazil had no jurisdiction over it and the programming it distributes there because the shows are produced in Florida and NBCUniversal has no employees there.
If you want to do business in a country then you should follow its laws.
that's how the legislative and judiciary branches think here in Brazil, write the problems away with a law. it called 'canetada'.
It's wonderful to have a succinct word for a concept like that; I wish there were such a word in English. Do you have any background information about the origins and meaning of this word?
Whacking someone with a wooden stick ("pau") is a "paulada". Kicking a ball ("bola") on someone is a "bolada". Poking someone with a pin ("alfinete") is a "alfinetada".
Therefore, using a pen ("caneta") indiscriminately becomes a "canetada".
The same word would be used if you threw the pen at someone's head, so there's that.
"if they don't like the laws they shouldn't access the market"
That is something the HN crowd does not seem to understand/respect. Most of us enjoy the personal protection of the law yet we want to whip up a webapp and have no laws apply to us.
There are people in Brazil who have downloaded the application, and those people are connecting OUT to WhatsApp, which is operating in America.
So all the Brazilian government can do, is BLOCK its own people from accessing WhatsApp through the Internet.
The question is, should the Brazilian government have the right to block websites that it doesn't want its people to be able to see?
Ultimately that's a problem for Brazilian domestic politics, and also a greater issue of human rights. After all, that's how we describe it when discussing the Great Firewall of China.
A company cannot provide data that it does not have and has no way of acquiring.
Whether or not they have a presence, operate there, are required to comply or whatsoever is not an issue.
They simply can't comply. If they could initially they can't anymore. End-to-end encryption made sure of that.
Again, unless they're lying to us.
They have said this to the press or to the court? Because it seems to me like Fb/Whatsapp have been pointedly ignoring the courts for months. The least they could do is fly down a lackey to Brazil and say it in person and/or alternatively hire a Brazilian law firm to represent them.
I'm not sure what you're proposing Facebook to do here? Hand over useless encrypted data? Hold a cryptography seminar for Brazillian law enforcement to explain what end-to-end encryption means? Have more of their employees risk arrest?
Some more subtle hints may work better, but generally, what Facebook says, "it can't be done" is the correct strategy.
What lackey is going to want to fly to a hostile country where the government is battling your employer?
I don't want to spend any time in a foreign prison. Who would?
Now I know the law's position is basically "do what we say or we'll punish you until you comply - and we'll simply ignore you until you figure out a way to do so".
Obviously that's literally impossible for data that doesn't exist anymore, but of course it's technically possible to comply with these laws in the future. And I think that's a bigger problem here - that governments want to turn companies into surveillance tools. It's like telling the postal service to open and scan every single letter - which would have sounded pretty bad in the past, but nowadays that's somehow okay. Not because morals have changed but because it's feasible now.
Following/enforcing laws is generally a good thing, but since we live in a human society and not a robot one, things like that get fuzzy around the edges. Let's imagine an extreme, outlandish case where some odd and unforeseen circumstances in poorly written laws lead to a judge being able to order nuclear attacks on several cities of their own country. I'd want the judge to hold off on that and maybe wait for the legislature to catch up with the will of the people - which is not to die in millions.
Whatsapp isn't exactly a matter of life and death (at least I hope it isn't), but maybe this is a case where values like common sense, the common good and the interests of hundreds of millions of people weigh more than maybe locking up some stupid drug dealer.
I completely disagree with "If they disobey the law, it must have consequences, no matter how big and important to brazilian society they are.". That's the kind of idiocy that emerges right when society ends up working for the benefit of its government instead of the other way around.
If your position is unpopular with your friends, then it's because you think the law is more important than the entire society it's supposed to protect.
Totally agree. This is unfortunately a very authoritarian world of view that is not uncommon.
The Brazilian people have a clear option, vote for officials who have no problem with communication encryption. The solution is not to circumvent the parliamentary democratic process.
I am shocked so many of you agree with this. If it is forbidden to kill people, you have done something very bad and everyone else wants to kill you, they are still not allowed. (They may change the law and kill you then but for now, they are not allowed.) This is called justice.
Sir/Ma'am: you get my gratitude for voicing this. People do forget why we have laws in the first place.
I don't happen to think the law mentioned is a good one. And I have no idea how the law is actually worded. Depending on how it is worded maybe it is ok to just not keep records so you don't have to provide them. But it is certainly within the power of governments to demand companies operate in a manner that requires them to do certain things and you can't avoid that by for example not keeping the records you are required to.
I sure hope the USA stops the leadership of authoritarian overreaching on laws relating to technology. But it is not at all surprising that others are following the lead of the USA into horrible authoritarian and Orwellian laws given the USA's behavior. Few countries seem willing to put liberty ahead of authoritarianism. The USA is far from perfect but it is a country that has above average potential for promoting liberty.
But the last Bush and Obama administrations have been horrible and both political parties are pushing for horrible laws. A few decent advocates (such as Senator Ron Wyden) for fighting this trend exist but they are not common yet.
This promotion of authoritarian state power is a very dangerous trend that may well have incredibly bad consequences for us. Our history shows authoritarian governments abuse power and I am worried about the last two administrations strong support for increasingly powerful spying abilities of government.
I would hope countries like Brazil lead away from the path the USA is pushing the world down. Unfortunately I don't see much good happening in that way. I hope I am just not aware of good things other countries are doing but I worry that isn't the reason I don't hear about good moves to thwart the dreams of authoritarian regimes.
If a judge demanded the postal service hand over an image of every envelope processed, it must comply -- even though no such images exist?
Where does it end?
The problem with the attitude of the Brazilian courts in regards to Whatsapp is that they are not a telco. The abomination that is the Marco Civil, which is being used as a justification to enforce the court request and says data should be retained by companies for one year, does not help.
This was passed in 2014, so the main allegation from the Brazilian courts is that Whatsapp should have this data, anyway. There is nothing "retroactive" there.
It's illegal to open the envelope, but hey - who knows?
But the basic idea is yes, you must comply with all laws. If you can prove it violates the constitution you can have a court invalidate the law (but before that it would be illegal to violate it). There are often laws that you could argue conflict with this law and get out of it that way.
Often if you have lots of money you can influence the enforcement of laws. That doesn't exempt you from a law but often it isn't really an issue of what the law allows but what the regulator or prosecutors decide to enforce. And if you can't do that you can fight the attempts by the regulators and prosecutors (and law enforcement officials) and argue they have not legal right to do what they are seeking to do. See Apple, for a recent example.
Your rights are often not just a matter of the law but of to what extent the government and law enforcement are bound by laws. In the recent experience in the USA we have examples of the Bush and Obama administrations seeking to avoid accountability for authoritarian overreaching. They often seem to get away with it. The recent attempt to push around Apple was stopped mainly due to Apple's lawyers and leaders refusing to be pushed around.
I do not know if the Brazilian example is one where the government and/or judge are attempting to compel behavior not legal in Brazil (either not what the law requires, using a non-legal punishment or neglecting another legal requirement that would override the law being used to compel the behavior). But I do think it would be possible to have such a law and have the judges actions be legal.
Certainly laws can compel companies to do things that they are not now capable of doing. Normally if some new law were to be created the regulatory framework and notice would be publicized and companies would be aware of the requirement (say to keep records or whatever sort). And then if they failed to do so that isn't a justification to fail to comply since they failed to do what was required in order to be able to comply with a further requirement. Their lawyers may also be able to argue the law was unrealistic in expecting compliance because even though we wanted to comply it just wasn't possible to do so. And making a case that they are doing everything they can may be taken into account to say that while they are not fully compliant yet, they are taking all reasonable action and therefore to the extent the judge has leeway they could make adjustments to the consequences.
While it is sometimes annoying the reality is there are so many complications it is often a matter of judgement for whether something is or is not ok and even if it isn't ok, what is a reasonable consequence. When the legal system is working well it makes these judgement in a sensible manner even if it leaves many people unhappy. And then you have things like the Eastern district of Texas making a mockery of abuse of society by patent trolls.
I certainly do believe the legal system can be systemically broken. And those failures can be left unaddressed by our representatives for decades. Could that be similar to what is happening in this Brazil case? Yes. Could it also be that this Brazil case is just a matter of a bad law and the legal system is properly carrying out the consequences of that law? Yes.
I am not aware of any law in the US ( talk on US laws because you discuss it later in your comment) that requires by business to keep sales records for the purposes of recalls, the only businesses required to do that are business that sell regulated goods, (firearms, explosives, Drugs, certain chemicals, etc)
Normal Consumer Goods are recalled all of the time with out the Manufacturers, or Retailers having a master list of every person that bought that item.
What is in there that can not be punished?
I don't think this specific law is a good one, but it is not in clear violation of our Constitution, and was brought up by People's representatives... We should fight for improving it, and we should stop relying on infrastructure owned by private companies. But I can't think this judge is wrong.
Which law orders them to collect the data?
Brazilian federal Law nº 12965.
It's perfectly reasonable to forbid access to Brazil for some service that does not follow a Brazilian law. This is bad because of the specific terms of this law, not because of some broad issue.
I don't know if they have servers in brazil, but if they don't then it seems quite unreasonable to say that they are "providing a service in Brazil". If you run a bookstore in the US and a German comes and buys Nazi material, are you running a store in Germany? If Brazilians are effectively leaving their country to go get stuff from US servers then it's up to the Brazilian government to make a law to stop them, if it doesn't like that. Saying that connecting to the internet is "providing service" to every country in the world is a way to simply break the entire internet.
No, but if she buys via mail order and the package gets confiscated at the border, don't whine about losing business.
The most important part however is that of course you don't have to give a damn about what German law thinks as long as you aren't in a position in which German jurisdiction can be enforced. Likewise, even if you are a German citizen living in Germany some German laws and regulations may not apply if you are decidedly not offering your services/apps to a German audience -- though of course that's a much less safe position. Either way, it's not as simple as "it exists on the Internet, therefore it falls under German jurisdiction" although the reasoning is quite similar to that in Brazil.
The point is moot, anyway. Brazil can't enforce their laws against a US company that doesn't have a presence in Brazil, but it can ban them from Brazil -- as apparently a Brazilian court is allowed to force Internet access providers to ban specific IPs. Whether courts should be allowed to do that is a legitimate question but right now in Brazil they apparently are, so everything is fine.
This isn't an action against WhatsApp. This is an action against Brazilian WhatsApp users. It's basically enforcing a sanction against WhatsApp by preventing Brazilians from accessing the service (which they can't get at otherwise). This is more like a German court forcing an IP ban (in Germany) against a Nazi website hosted outside of Germany -- which is a thing.
That is the law Watsapp broke the last two times it was interrupted (when the news was almost a verbatim copy of what it is now). I imagine it is the same it is breaking now.
Yes, I should have made it clearer.
Anyway, maybe they are just using it for PR support on their position against the court decision, betting that all of that Telegram new users will come back to Whatsapp after the suspension (that's what happened before).
If the communication was made a long time ago, Whatsapp may no longer have it, encrypted or not.
The merits of the case are one thing, however not appearing to address those merits (or lack thereof) seems to be the failure point.
But I could be wrong.
You're probably aware of the statement Brazilian telcos made on the intent of charging according to bandwidth usage and it's public reaction. Which to me indicates that telcos are kinda desperate on trying to find new sources of revenue. And this happened not long after one big telco company acquired a big competitor. Add the fact that Brazilian telcos have already tried to shut down whatsapp before.
Whatsapp makes sms and mobile phone calls a pricey redundancy to anyone with access to wifi, no wonder they're desperate.
Do I have any evidence the two cases are related? no.
But the flow of events is certainly interesting.
It just doesn't seem justifiable to restrict communication for millions of people due to a single case. As in, sure, arresting a drug dealer may be a good thing to society overall, but is that worth the limitation shutting down whatsapp imposes on Brazilian citizens?
The decision may be in agreement with the law, but is it in harmony with the law's ultimate purpose? which is to protect the interest of the society as a whole?
I don't doubt the telecom companies are trying to control their market, but I doubt they are behind some huge conspiracy. It is more likely that the govt/courts are trying to control the flow and availability of user's data and are in cahoots with the telecoms companies who have close ties to govt.
There's no "would", whatsapp is a bigger threat.
Simple math: number of whatsapp users > number of iphone owners.
As I said I don't know if the cases are related, I just laid down some well known and interesting facts. Your conclusion sounds perfectly reasonable to me (:
if that's the case, as hinted by other people, and whatsapp has been found in violation of that requirement, then blocking it seems the correct course of action (given the judge cannot change nor ignore the law)
the big IF is what the Brazilian communication law mandates to companies providing a service on their territory.
From what I can tell (I can read Portuguese, but I'm not versed in Brazilian law), that's only for ISPs.
http://www.planalto.gov.br/ccivil_03/_ato2011-2014/2014/lei/... (subsection III, article 15).
He is just following the law, so fight the law, no diminish the judge.
Remembering that a "single judge" following the law with authonomy launched the biggest attack on corruption of brazilian history, and the fact that he is not a supreme court justice acted in favor of an independent investigation (search "sergio moro" and "lava-jato" police investiagiont).
Which is not to say they shouldn't point out that it's ridiculous when they make their ruling, and suggest that the legislature fixes it quickly.
The Big Company (like WhatsApp, Google, Apple) is always the easy target for subpoenas, judicial orders, and National Security Letters when it comes to encrypted transmissions.
Here's an idea for a legal maneuver to take Big Company out of the picture: Suppose crypto was handled by an open source 3rd-party program that was outside of the hands of Big Company. This 3rd-party program would encrypt/decrypt all incoming and outgoing messages, and the program would be mandatory.
If you want to use WhatsApp or other Big Company apps, you must install this open source and fully vetted program. Then if Big Company gets a subpoena, they can legitimately answer that they have absolutely no control over the encryption.
I'm going light on technical details because there are many ways that this could be implemented. The main idea is to insulate Big Companies from renegade legal attacks.
It's an irrational, unreasonable request, which makes it highly questionable as a legal ruling.
A service like WhatsApp is an over the top service, very much like any other communication service that you can use in the internets (like email), that does not need to comply to the telecom services regulations.
The truth is that the judge does not understand the matter being ruled and a single Judge closing a service used by 100m citizens is another proof of a very authoritarian and arrogant judiciary system.
I don't really like seeing what is very very close to a personal attack ("your argument is idiotic", "I am glad you are in the minority...") in what should be a civilized place.
You can be civil while disagreeing strongly. For instance, instead of calling something "idiotic" you could say "I disagree in the strongest possible terms. I do not believe your facts have a basis in reality." This is still somewhat rude, but a lot better as it avoids entangling their personage.
I also find it ironic that in a post about censorship someone pulled out the HN censorship guidelines. I totally understand the context is completely different, but it's funny.
To hide behind "it's legal" to me is harmful to humanity as ofttimes the law is behind the curve, we can and should be better.
> To hide behind "it's legal" to me is harmful to humanity as ofttimes the law is behind the curve, we can and should be better.
I'm with you - but acting on your convictions and doing what's right should also mean accepting the consequences of the current laws. I for one am freaked out by a future where Multinationals get to pick and choose which laws they would like to follow because "the law is behind the curve". Uber's actions and general attitude suggest this future is actually now.
Your position is very unpopular for several, very important reasons. Not the least of it is the shutdown of a communication service that is used by most of the population, on the grounds of a single case.
There are other ways to go about this issue. Starting by the Itamaraty(Ministry of Foreign Affairs).
Don't forget that this was a single judge, from a single state. By all means block whatsapp in that state if you must. But Brazil was supposed to be a federation.
There is something called Civil disobedience (https://en.wikipedia.org/wiki/Civil_disobedience) and surely if you analyze every law system it contradicts itself.
I think it's safe to assume that all companies involved in PRISM aren't happy with it and tried their hardest to fight it.
Also, following your reasoning, if Facebook was a participant in PRISM, does it mean they don't have any right to fight? Privacy is at stake here, Facebook is only one problem instance.
Are you arguing against the use of warrants in police investigations?
What proportional recourse do you suggest when Whatsapp are effectively in contempt of court (in absentia)? In most jurisdictions, obstructing the course of justice usually has heavy penalties.
End to end encrypting doesn't magically cause metadata to disappear. IP addresses, the times messages were sent and received are still useful to law enforcement. In this instance, the court want the IP address of the accused so they can follow up with the ISP.
I prefer warrants written out for specific individuals to dragnet surveillance.
Of course, knowing Brazil as I do (I am Brazilian) I am not surprised that this is happening. In fact, judges these days feel that they have power to block even actions of the president of the Republic.
I, for one, am glad this is happening because this administration has practiced an incredible variety of crimes, and deeply hurt the country in their hubris.
> judges can use this power to attack any government
A government isn't perpetually in power once it is elected. A government is always legitimizing itself, and it can lose its legitimacy as time passes. (In particular, it can lose its legitimacy if it sets up the largest corruption scheme in known history; uses dirty money to finance its campaigns; and secretly maneuvers to hide fiscal problems to support their reelection). Once the legitimacy is gone, a government can and should be attacked.
It is funny how PT government supporters are pragmatic when the judiciary doesn't suit them, and suddenly become strict legalists when they become its target.
What you said just proves my point. You're happy because you perceive this to your advantage. But this judicial power works both ways. In the future they can use this power to do whatever they want.
> A government isn't perpetually in power once it is elected.
True, that's why it is called a democracy. The government will be legitimate only until the next election. It's not a group of judges that can determine the legitimacy of a government.
> It is funny how PT government supporters
The fact that you consider me a PT supporter shows that you just care about your political position, not about the larger point around this issue. There are people pro and anti-goverment who see the big problem that is being created by the Brazilian judicial system. It doesn't matter what government is in power for this to be a problem.
No, I'm happy because our institutions are working. What I said doesn't support your point at all.
> But this judicial power works both ways. In the future they can use this power to do whatever they want.
If, in the future, another government does something remotely similar to what the current government did, I sure hope they (the judiciary) do.
> True, that's why it is called a democracy. The government will be legitimate only until the next election.
It will be legitimate until when it is no longer legitimate, which can happen - and did happen - before the next election.
> It's not a group of judges that can determine the legitimacy of a government.
I agree. Thankfully, it is not "a group of judges" that are leading the impeachment. It our Parliament and our civil society, including the Bar Association of Brazil.
> The fact that you consider me a PT supporter shows that you just care about your political position
No, it shows that I know how to read. How does the obvious, undeniable fact that you support the current government prove that I only care about my political position?
> not about the larger point around this issue. There are people pro and anti-goverment who see the big problem that is being created by the Brazilian judicial system. It doesn't matter what government is in power for this to be a problem.
I'm sorry, but I do not believe you. There are way more similarities than differences between this impeachment process and Collor's impeachment process. Were you as concerned back then? Nothing has happened now that wasn't scrutinized by multiple layers of the judiciary. Nothing has happened that wasn't discussed for hours, days, weeks on end by both our chambers. Everything against the government is strongly supported by evidence in a variety of formats. I don't think you are honestly concerned about our political system. You are concerned about the survival of this particular administration. Well, our democracy is maturing, our judiciary is maturing, and thankfully, though sadly, our President - who has committed "crimes de responsabilidade" - is going down.
Edit: removed harsh language.
Please avoid this kind of hubris here to keep discourse civil.
> judges these days feel that they have power to block even actions of the president of the Republic.
Thankfully so. Presidents are not above the law.
The case of the president is even scandalous. Many Brazilians are happy with these arbitrary decisions because the government is unpopular. But the same thing can happen now to any government, making Brazil practically impossible to govern properly.
> They would have lawyers fighting against the decision to share the user data and this would be solved by the justice system (never coming to have its activity suspended).
So what would happen? Like you said that law, if you paraphrased it correctly, is very clear - how would lawyers shouting about it actually help? Would they change the law the first time WhatsApp fight back? Presumably not - otherwise the law would be pointless wouldn't it? So how would that stop their activity being suspended?
I'm trying to avoid jumping to conclusions, but to give you a chance to just tell me I'm wrong - is this protectionism?
Well, law does not work this way. Execution of law MUST comply with some rules, e.g. proportionally. Lack of proportionally (execution will harm 100 m people, no less) is the sound reason to suspend the order.
Note I dont agree o disagree with the law.
This almost sounds like fundamentalist religion, to say the law is that sacrosanct. Some bad laws have historically been overcome precisely by people ignoring them, rendering them effectively unenforceable.
On the other hand, some good laws have also been overcome by people ignoring them. For example laws governing limitation of police power (search, detention etc.), traffic laws (speeding, jaywalking, aggressive driving against cyclists, a relevent example in Brazil is ignoring of traffic lights). If it gets to the stage where everyone is doing it, then the authorities no longer care.
I don't know whether WhatsApp has the requested data or not, but I think overall this action is a good thing: it shows that even important (in Brazilian society) companies are not above Brazilian law and if there is a problem with what this judge did, or the power he's wielding, then it should, hopefully, lead to that being fixed.
The alternative is ignoring and not enforcing the law, and ending up with bad laws, which can then be selectively enforced (see Böhmermann affair for example). This may appeal to some, but it's clearly not for everyone.
This is horrible reasoning.
Whatsapp deletes its messages from its servers after delivery. So it can't even provide the messages even if it wanted to.
Also, since end-to-end encryption, the as-yet-undelivered messages sitting on Whatsapp servers are encrypted. Whatsapp has no way to actually read them.
That's not a valid excuse for any law I'm aware of. It's your responsibility to be aware of, and to comply with, laws in places you do business in. To be clear, this is a terrible law, and I think Whatsapp should absolutely not concede to it. But just so we're clear, "I didn't know any better" isn't an excuse for breaking the law.
So? Like Jim Crow laws, merely "being there" is too little justification for a law.
Also, there also has to be a consideration for the 100 MILLION users that might depend on this service. Imagine companies that depend on this to communicate efficiently and businesses that rely on this platform to take orders etc.
If they disobey the law, it must have consequences, but not at the cost of hurting your own people.
Taking it to an extreme, would they also take down a bank website if they didn't comply with a similar request and stop people from withdrawing money? I don't think so.
This takedown will not help in the investigation in any ways. So it seems the justice system isn't working for their main customer: the people.
What a terrible analogy.
Any messaging app that actively stores conversations, and then turns them over to anyone when requested will simply not be used by the public (or if it is, it won't be for very long).
No, the problems is that with encryption, whatsapp cannot satisfy the judge's order anyways! Instead of showing such colossal ignorance, the judge needs to ask some CS/crypto experts if it's possible or not.
This is like the judge handing a company a 2048-bit number and ordering it to factor it! Now!
But to punish ONLY the company, not it's users.
He could impose heavy financial penalties, for instance. But affecting the life of 200 mm users? No way ...
Unless they've been lying to us all along.
Curious if you have an explanation of why given it appears the majority of your friends do not support this, why do you and they do not?
Ignoring and evading broken justice systems and immoral laws is exactly what people who believe in freedom should do, whether it's in Brazil, the US, or any other fucked up political system.
It's not a flip answer. I operate a business on the App Store in part knowing that I'm bound by US law, not the laws of random countries. My app is available in Saudi Arabia, the UAE, Iraq, and so on. They are more than welcome to block the traffic from our servers based on their local laws, but I am not bound by the laws of Saudi Arabia - and neither should you be.
At 100 million, somebody will likely due because they couldn't get a ride and end up with a stranger.