Hacker News new | comments | ask | show | jobs | submit login
WhatsApp, Used by 100M Brazilians, Shut Down Nationwide Today by a Single Judge (theintercept.com)
972 points by tshtf on May 2, 2016 | hide | past | web | favorite | 608 comments



I'm here to defend the judge's ruling, a position very unpopular among all my friends here in Brazil.

Brazilian law regarding regarding privacy of users of internet services is very recent and clear: if a judge order the company to share a specific user data, the company must comply. You can disagree with the law, but the law is there.

Now, the judge ordered Whatsapp to share a particular user conversation (a suspect murderer - edit: drug dealer). But the problem is: Whatsapp have no offices or operations in Brazil. The order was sent to Facebook, who ignore as Whatsapp is another company. So, without any executives in Brazil that could be held responsible for disobeying the law, the judge fine the company. They continue to disobey the order (for months). The judge suspends Whatsapp activity (for 24h a few months ago, but that order was suspended itself after a few hours). Now Whatsapp continue to disobey the judge's order until this day. The judge suspend the company again.

All arguments I hear against the judge is in the line that Whatsapp is "too big to fail". That's not a valid point in my opinion. If they disobey the law, it must have consequences, no matter how big and important to brazilian society they are. If they had operations and executives in Brazil this would never had happened at the first place. They would have lawyers fighting against the decision to share the user data and this would be solved by the justice system (never coming to have its activity suspended). But Whatsapp simply ignored brazilian justice system as if it was above the law.

It is very unfortunate that it came to this point, but it is not like a judge decided yesterday that Whatsapp should sufer for whatever reason. They got a lot of months of warning for this. And he is acting completely according to the law. For me, all of this is Whatsapp fault.


There seem to be a few problems with this analysis.

First, WhatsApp is a US company and has no presence in Brazil. Under many readings of US law (specifically, ECPA), US companies are in fact prohibited from complying with requests from foreign law enforcement for content, except in emergencies. Instead, foreign law enforcement must make a request for assistance to the US DoJ, which will then (eventually, and maybe) process it and serve it on the US company. This is one of the reasons why MLAT reform, such as the proposed UK-US agreement[1], is so important because it would allow US companies to directly respond to foreign law enforcement requests.

Second, apparently, the data does not exist. WhatsApp publicly stated, including in testimony before the Brazilian Congressional Committee on Cyber Crimes[2], that it does not and has not retained any message content once messages are delivered, even before the recent full roll-out of E2E. Based on these statements, it would seem that WhatsApp is indeed unable to comply with the court's request, regardless of any jurisdictional arguments.

[1] https://www.justsecurity.org/29203/british-searches-america-...

[2] http://www2.camara.leg.br/atividade-legislativa/comissoes/co...


> First, WhatsApp is a US company and has no presence in Brazil. Under many readings of US law (specifically, ECPA), US companies are in fact prohibited from complying with requests from foreign law enforcement for content, except in emergencies. Instead, foreign law enforcement must make a request for assistance to the US DoJ, which will then (eventually, and maybe) process it and serve it on the US company. This is one of the reasons why MLAT reform, such as the proposed UK-US agreement[1], is so important because it would allow US companies to directly respond to foreign law enforcement requests.

This is all WhatsApp's and the US's problem, not Brazil's. In fact, it's kind of insensitive for foreigners to suggest that a judge of a sovereign nation must consider US law in his rulings. If anything, I think this would justify ruling against WhatsApp more harshly, as it sends the message to the US that policies which don't respect the sovereignty of Brazil will hurt US economic interests in Brazil.

That said:

> Second, apparently, the data does not exist. WhatsApp publicly stated, including in testimony before the Brazilian Congressional Committee on Cyber Crimes[2], that it does not and has not retained any message content once messages are delivered, even before the recent full roll-out of E2E. Based on these statements, it would seem that WhatsApp is indeed unable to comply with the court's request, regardless of any jurisdictional arguments.

If this is true, that's a solid argument and stands on its own.


> In fact, it's kind of insensitive for foreigners to suggest that a judge of a sovereign nation must consider US law in his rulings.

My apologies, but I think that if you re-read what was written, you will find that this was not suggested. The comment was written in response to one that came to the conclusion that this "was all [WhatsApp's] fault." It is suggesting that WhatsApp is not at fault, is probably strictly complying with US law, and cannot share the information in any case. At no point does it even come close to suggesting that the judge in the case should have "considered US law" in his rulings.

Moreover, I feel that your claim does not clearly differentiate between 'considering US law' as a material fact and 'considering US law' as a judicial precedent. You seem to be suggesting that someone arguing that US law ought to be held material to the case is somehow demanding that the Brazilian judiciary hold itself subservient to the US courts. You also seem to be suggesting that a Brazilian state judge has any business interpreting the law so as to "send a message" to the government of another nation, which is simply and patently untrue.


Complying or not complying to a foreing judges orders is a pretty common problem for any multinational company. Even if they have local presensence, the thing requested (data, object, whatever) might be somewhere else. And simply fetching it across a border on a foreign judges order can get you into trouble for "aiding a foreign power" and stuff like that.

It's worse that most local judges simple don't know that there's even a problem, and even if that'a clear to them, the judge most likely has 0 experience in making a successful request to the foreign state. And since all bureaucrats if the request isn't perfect it falls through the cracks. So often (at least if you're locally present) your laywers will need to help the judge to draft and push such a request through.

Long story short: These jurisdictional issues are not at all US specific, it's everywhere. Sovereign states just don't like it all over if their citizens and companies do stuff within their borders under orders of a foreign state.


Huge international US-based companies tend to comply with EU laws just fine (or at least participate in the judicial process) if they are doing business there.

Whatsapp can choose to assign resources to this issue, or it can ignore it and let it solve itself. If Whatsapp thinks that Brazil is an interesting market for whatever it is selling (what are they selling?) or if it is good for PR then they may choose to seek ways to intervene.


> Huge international US-based companies tend to comply with EU laws just fine

When they are operating their business within the EU, yes. For example US companies operating servers in the EU must comply with EU data protection laws regarding information on those servers. This situation is analogous. WhatsApp's servers are in the US so US law applies. If the servers were in the EU then EU law would apply, not Brazilian law.


US companies operating servers in the EU must comply with EU data protection laws regarding information on those servers.

More accurately, US companies processing personal data of EU citizens must comply with EU data protection laws. It just so happens that locating the servers in the EU is among the easiest ways to comply with that.


Right, because the personal information is being transmitted outside the EU. Even if it's from a browser in the EU to a server in the US, that still counts. It's still an activity taking place in the EU.

The Brazilian case isn't about data transmission though. WhatsApp isn't in breach of any rules about that. It's about court ordered access to records stored on an server in a specific geographic location - The USA. Now if the Brazilian government passed a law requiring WhatsApp to record all data on servers in Brazil that would at least be possible to comply with.


But by the US laws the US company has to share information information on those servers located in EU with US government if requested...


Which of course is bonkers. But that doesn't mean it's OK for a Brazilian judge to be similarly bonkers.


> You seem to be suggesting that someone arguing that US law ought to be held material to the case is somehow demanding that the Brazilian judiciary hold itself subservient to the US courts.

Allowing a company to break Brazilian law because US law demands that the company break Brazilian law would absolutely put the Brazilian judiciary in a subservient position to US law.

> You also seem to be suggesting that a Brazilian state judge has any business interpreting the law so as to "send a message" to the government of another nation, which is simply and patently untrue.

Brazil decides what is and is not the business of Brazilian state judges.


As a digital native, I feel like an international Internet is more important than national sovereignty. That is, I don't think the interesting question is whether US or Brazilian law should apply, the question is how to ensure international access to international digital resources.


Internet sovereignty, for sure.

It's really the only way to go. Otherwise, you get pissing matches. Brazil blocks WhatsApp. China blocks Facebook, GitHub, etc. Iran blocks so much stuff that people need to get data dumps via satellite TV. The US blocks a lot too, but mostly about gambling, "piracy", etc.


That has nothing really to do with Internet sovereignty (whatever that means).

It has to do with some countries suck more, and some suck less.

Plenty of countries don't block anything. Like military aggression, child mortality, literacy rate, etc., that is one important data point about any country and its government.


> That has nothing really to do with Internet sovereignty (whatever that means).

If you don't know what "internet sovereignty" means, then how can you possibly claim that something had nothing to do with it?


I may a.gree with that but still, just because you do not like a law you have to comply. You can try to change it but as long as it exists its law for everyone. You cannot say murder should be legal, therefore I am allowed to do it.


On the other hand, I believe that we have a duty to disobey laws that prevent communication. Civil disobedience is also much easier when you're outside their jurisdiction.


> I may a.gree with that but still, just because you do not like a law you have to comply. You can try to change it but as long as it exists its law for everyone. You cannot say murder should be legal, therefore I am allowed to do it.

Bad laws are bad laws. If you can avoid complying with them, you absolutely should.

I wonder if you'd say the same to Gandhi. "The law is for everyone so you can't evade taxes by making your own salt." https://en.wikipedia.org/wiki/Salt_March


>In fact, it's kind of insensitive for foreigners to suggest that a judge of a sovereign nation must consider US law in his rulings.

It's just as insensitive for a judge of a foreign nation to suggest that all foreigners must consider his rulings when making decisions under their own sovereign laws.


If a business wants to operate in a foreign country, it seems natural to me to follow the rules of that country; the fact that the business did not open an office in that country looks irrelevant--otherwise, do not open any office abroad and do what you want.

Incidentally, I wonder how the situation would be handled and what the opinion would be if some big foreign company operating in the US were shut down in the same way.


> otherwise, do not open any office abroad and do what you want.

Isn't this a fair position ? Imagine you are a lone dev creating a service that has no specific limitations. You are subject to your countries law, but should also be liable under each single law of every country where your users might happen to be ?

It seems to me that countries should have the right to do what they want within their borders (including shutting down access to some services) but go the diplomatic route if they have to interact with people out of their borders.


What is your problem here? He does not shut down WhatsApp in total or request info for US user or anything like that, only in Brazil. This does not affect you at all. If they do not obey the law in another country, they do not get access there. Their activities in any other country do not change.


One problem I have is free trade. Can the US just randomly ban one of Brazil's exports? I mean the US likely exports more to Brazil than imports from it but if this weren't the case...


The US have always strictly controlled what they imported (if only via tariff) and what they exported.


Well, technically one could argue that it's not strange for a foreigner to comply with the judge's orders if they want their service to keep working in his country. They may refuse, sure, but there are consequences for that.

So, in this case, "all foreigners must consider his rulings", applies only for the those who wish to keep their service working in Brazil.


Really it's just absurd that we have borders. Ergo absurd situations arise.


Would you rather no borders exist, and a Brazilian judge ruling against WhatsApp taking out service worldwide, instead?


I'm not sure what I'd prefer, but borders are an artifact of lag-induced information asymmetry that has drastically lessened with modern means of communication and travel and their existence is a pre-requisite for a lot of the fucked up power dynamics on our planet so I imagine a number of potential systems without them could be an improvement.


> It's just as insensitive for a judge of a foreign nation to suggest that all foreigners must consider his rulings when making decisions under their own sovereign laws.

If you are operating in Brazil you have to follow Brazilian laws, including judges' orders. Just because I decide to do something in the US doesn't mean it's automatically legal when I do it in Brazil.


"The truth is like a lion. it needs not defense. it will defend itself" -- St. Augustine


St. Augustine was wrong


> This is all WhatsApp's and the US's problem, not Brazil's.

So you're saying it's OK for Brazil to send a SWAT team to raid a house in the US? The judge's order has no validity outside his jurisdiction; just like a US judge's order has no validity in Brazil.


> So you're saying it's OK for Brazil to send a SWAT team to raid a house in the US?

No.

> The judge's order has no validity outside his jurisdiction; just like a US judge's order has no validity in Brazil.

Which is why the judge only banned WhatsApp from operating in Brazil.


I can believe them when they say they don't keep data. When I got a new phone (the old one broke), I was expecting my conversations to be in the cloud somewhere so that I could recover them. Nope, I lost everything that I hadn't backed up.

I don't see what they can gain from storing masses of old chats and then not allowing users to download them onto new devices. If they kept chats to do analytics on, there's no reason that they wouldn't expose it to users too.

(This may also explain how they survived as a company for so long with so many users and so little revenue. All they're doing is running a few fast servers to shuttle messages back and forth, no storage requirements at all).

On the other hand Telegram does seem to store conversations - if you log in using a desktop app, it will pull down your recent chats.


> I can believe them [WhatsApp] when they say they don't keep data.

If that's true, I'm in awe of their integrity. Skype on the other hand now has complete disregard for user privacy. Skype stores your voice mails and video messages forever[1]. This is something that they started doing 2-3 years ago and few people seem to be aware of it. It's amazing how low Skype fallen from its early days when it was considered a beacon of privacy and on the cutting edge of encryption and security.

[1] Details: Clicking on Preferences -> Privacy -> Delete history (OS X) or Options -> Privacy Settings -> Clear history (Windows) pretends to delete the voice/video messages but it merely hides them from your view. If you re-install Skype on the same computer or run Skype on a different computer, all those "deleted" voice mails and video messages re-appear. The delete and clear buttons are basically lies; there's no polite way to put it.


Skype was never a reliable option. They never published their protocols or security (just that one "review" iirc). They took many measures to prevent people from inspecting the client.


I thought Skype only stores the last 30 days of data on their servers, while it will store every piece of data received on your local computer indefinitely (unless you delete it, of course).


No. I personally have a video message that is almost 3 years old that I've tried to delete multiple times over the years and it still shows up if I do a fresh install of Skype on a new computer.

Very old voice messages are also accessible even if "deleted".

Text chats do seem to disappear, but at this point I don't believe anything Skype says. I figure they keep the chats forever as well.


Chats are definitely saved, but files aren't. You can't retrieve files after certain amount of time. I can also retrieve conversation from 3+ years ago. I don't remember if there is an option to forget conversation history though.


In all fairness, that's not say they're not being moved to deep physical storage. That's a practice in many organisations dealing with mass data.


storing data for 1 billion users and maintaining consistency is a pain the butt operationally. Whatsapp isn't storing the data. If they are, they're spending hundreds of millions on servers for data they can't monetize easily without alienating all of its users.


It is just text records, I doubt it will take hundreds of millions, even at whatsapp levels


No, a lot of pictures and audio messages as well go through Whatsapp


You used to could store your archive to Google Drive (at least with the Android client).

Edit: yes, the chat backup functionality still works. I have never tried to restore it though.

Go to settings > chats >> Chat backup to start backing up your messages to Google Drive. (Make sure you have 2FA on your Google account)


Telegram isn't end-to-end encrypted unless you're in a "secret chat", and that chat exists only between two different devices and can't be used by multiple devices on one account.

It's a "feature" of the normal chats/channels/groups/supergroups of Telegram that you are able to download them to other devices, or to restore them on a freshly wiped device, because (and I'm over-simplifying here, but the end result is the same) they are encrypted with a key known to the server, and which other devices signed into your account can then be authorized to use.


My point was more that if WhatsApp retained messages in some form they most likely would expose that functionality to its users (as Telegram does). So when people say 'apparently' they don't store messages, I'm inclined to believe WhatsApp/Facebook.


Digressing from the actual discussion, Whatsapp now allows you to keep a backup of your chats and related media on your Google Drive and then recover it when you move to a new device. Probably applicable only for newer versions of Android (not sure about iOS).


You can backup to (and restore from) iCloud, but then again WhatsApp (the company) does not have the data then.


Yes, I didn't mean to say they have the data. That's why I said I'm digressing from the topic (realizing the parent commenter might find it useful).


I wonder if they record the necessary analytics data from mining the text, and then delete the actual text. Depending on what data you're trying to mine, you may be able to get what you need on transmission, and then dump the source data in favor of the output of the analytics event.


The chats are end-to-end encrypted, so there is no plain text anyone could "mine"


That's true if you believe WhatsApp (and I do with some probability of certainty--not certain enough to trust it with data I wouldn't want the government to see, but enough that I'm comfortable hackers won't get my bank info).

But, the NSA approach to data collection is basically to vacuum it all up and, if possible, decrypt it later. This has two implications:

1. Metadata. "We kill people based on metadata" isn't a joke, it's a quote from Michael Hayden, ex-executive in both the NSA and CIA. End-to-end encryption doesn't hide who you're talking to or when.

2. It seems unlikely that it will be computationally possible for them to decrypt all traffic, but it would only surprise me a little if AES128 is breakable for high-value targets in the next 20 years: increased computing power, better multi-threading, better cryptanalysis algorithms, maybe quantum computing or some completely unexpected technology; it's hard to say what will come along.

In short: mining encrypted data still matters.


Unless they are covertly decrypting them on the fly using a master key.


Shouldn't that be impossible by definition?


I think it would be possible to include additional data in the E2E handshake that would allow a third party to extract the session key.


> WhatsApp is a US company and...

I always feel like many large US tech companies want to have their cake and eat it. They want to be a global company, they want to have 2 billion users, and are valued at having that many users. But when it comes to laws, suddenly they operate under US law alone.

I wouldn't mind if they ignored all national laws, and acted like a true global company. But I'm not from the USA (or Brazil), and don't want to be under US law. If you want to operate only user US law, then why not constrain yourself to the US market? Only operate there?


> when it comes to laws, suddenly they operate under US law alone

And when it comes to taxes...


... and when it comes to taxes they operate under US law, meaning that if they repatriate any foreign profits, they will have to pay taxes. If they decide not to, like Apple has decided, they won't be liable for any tax payment.


There's absolutely nothing special in this case because WhatsApp happens to be operating on the internet. Suppose they were a mail order company based in Brazil but serving customers internationally by post. If a US judge issued a court order in the US requiring the company to hand over business records stored on paper in Barzil, he would have no jurisdiction whatsoever. Brazilian law protecting the privacy of information stored in Brazil would prevail. there would be no controversy about this.

The fact that WhatsApp's info is stored on servers rather than paper records is irrelevant. The jurisdiction in which the records reside applies. Although the fact that their servers don't even store the information requested anyway should be.


> Suppose they were a mail order company based in Brazil but serving customers internationally by post. If a US judge issued a court order in the US requiring the company to hand over business records stored on paper in Barzil, he would have no jurisdiction whatsoever.

Fair point. But to continue that analogy, the US judge is quite free to ban the commercial operation of that Brazilian company in the USA. Which is exactly what happens, and is happening here.


OK. So now you're banning a company for operating in your country, because they choose not to become criminals in their own jurisdiction. So why ban them for a day or two? What's that supposed to accomplish? Logically if this was the justification they would ban it permanently. Banning it temporarily is just playing spiteful games that isn't going to accomplish anything.


That makes sense to me. But there really is no international law that's coherent and enforceable. It's a hard problem.


I think given that, it is reasonable for local jurisdictions to act as they see fit.


For everyone to act as they see fit, I believe.


You mean as a Freeman of the Land? https://en.wikipedia.org/wiki/Freemen_on_the_land

As an ideological position it has some interesting points to make, but in a contemporary legal setting it's difficult to find footing.

My personal position is informed by Hobbes (https://en.wikipedia.org/wiki/Leviathan_(book) ) in that we have to make compromise with our individual liberty to bring about a greater good.

> "No arts; no letters; no society; and which is worst of all, continual fear, and danger of violent death: and the life of man, solitary, poor, nasty, brutish and short."


> in a contemporary legal setting it's difficult to find footing.

Freemnan-on-the-land is totaly quackery in a comptemporary legal setting. It's like homeopathy, but for laws. It's Creationism, it's snake oil. Fundamentally it presumes/assumes that laws work differently from how the organs of the state think they work.


Law ≠ Science. It's an interesting thought experiment. It's not like homoeopathy or creationism in that legal precedent emerges by evaluating any reasonable legal argument and their counterpoints and determining which among many is 'right'. It is not hard to conceive of a "freeman" society but what's important is to point out why isn't a realistic aspiration, rather than just shouting "you're wrong you're wrong you're wrong".


I am not talking about separation in meatspace. Or at least, only in subtle ways. Attracting attention is just stupid.


You're always in meatspace - cyberspace is just another dimension to it. Unless you're Job from the lawnmower man.


True enough. What I mean is that I don't wear disguises, have multiple sets of IDs, hang out at anonymous exchange sites, and so on. But one can compartmentalize cyberspace substantially from the rest of meatspace, and then compartmentalize within cyberspace. Or at least, that's my experience. Maybe I'm just not interesting enough ;)


Well, that's the Internet, isn't it?

I mean this: https://anarplex.net/hosted/files/declarationseparation.html


Interesting. I think it boils down to a freeman argument though - you're basically issuing refutation of your implicit social contract. While the sentiment therein is laudable it is somewhat premature. Though one has a great deal of independence in the cyber realm one is can still run afoul of limitations of the real world and her laws (as demonstrated today in Brazil).

I think cyberspace currently is best categorized as a distinct estate rather than realm in a similar vein to the press and the judiciary. Each functions with more or less autonomy but can occasionally be subjugated to the other.

https://en.wikipedia.org/wiki/Fifth_Estate


One can always be subjugated. By robbers. By terrorists. By ISPs. By governments. By whatever. So one does what one can to be left alone. And helps others following the path.

But in meatspace, one blends in, doesn't attract attention. As in Vinge's True Names. Ultimately, authoritarian states may wither. Or not. But in the meantime, one can manage, under occupation.


Yeah but you can't "declare independence"


I can act as if I were independent. And as long as I can manage that, I am independent. Until I'm not, or dead ;)


:)


If it was a small company based out of Iceland, or South Africa, or Singapore, it would still be in the same legal situation. The company (assuming just a single incorporation presence) is under the laws of the country it's from, and Joe Random user from across the internet is internationally accessing it.

National law cannot enforce anything on organizations not within the national jurisdiction, without international cooperation. However, they can (attempt to) stop their own citizens from accessing the international service.


That is false, at least in the example of online retail. If you sell stuff to someone in another country, online or not, you are bound by the consumer protection laws of that country. So someone in Scandinavia has two years of warranty on a laptop bought on dell.com, vs. one year for an American making the same purchase.

I don't think it makes a difference whether what you are offering is physical or not, your service is bound by the laws in whichever country the exchange takes place. Of course enforcement might be an issue, which is exactly why the Brazilian judge did what he did, when Whatsapp failed to abide by Brazilian law.


Note that I only said "enforce". A country can claim whatever they want within their own borders, but cannot really enforce them across the border.

Even with the laptop warranty case, if some small retailer from Country A shipped a laptop to Scandinavia, but didn't uphold a 2 year warranty, the Scandinavian governments would not be able to force the warranty to be upheld. They can make whatever local judgments they want, but none of them would touch Country A without international agreements in place.


completely agree.


If WhatsApp is unable to comply with Brazilian law, should it be allowed to operate in Brazil?

I think this is a bad law by the way. Hopefully the clearly negative impact it is having will lead to it's reform.


It seems to me that they did comply with Brazilian law. They handed over all the conversations they had — zero. Is there a law that says they have to record all the conversations?


They didn’t – they didn’t hand over the IP addresses that were requested.


Where did you read that?


I don't remember if those comments had sources, but I've seen that in various comments in this thread. There seems to be a lot of misinformation going around.


Do they operate in Brazil? They apparently have no offices there and are only available over the internet (as is true of all websites throughout most of the world.) How can anyone expect to hold what amounts to a random IP address on the internet responsible for anything?


This argument looks like it can also be applied to even malware. If I put something illegal doesn't has the judges right to stop the distribution of that app in the country? Another question is if what Watsapp did should be illegal. But if the judges can't stop internet companies from doing something illegal who do you thing should do it?


No, he does not have that right. By that same logic brazilians shouldn't be allowed to visit websites from any other country where there's a discrepancy with brazilian law. With a government like ours next thing you know we have our own Great Firewall.

This kind of thing can't even be enforced, being so easy to bypass.


except you are wrong. e.g. https://en.wikipedia.org/wiki/Countries_blocking_access_to_T...

every country treats certain content as criminal as they wish. Where the servers are is just a minor detail.


No it's not a minor detail, because it's easy to bypass, specially if its a decentralized service. Nevertheless its an outrageous retrenchment of our freedom.


No it's not a minor detail, because it's easy to bypass

All laws are easy to bypass, what's your point? Ever tried to go 60 in a 30km/h zone? Lack of 100% enforcement does not make a law useless.


BS!

they have bank accounts and deals with many tel co to operate as they do in each country they are.

you do not get pre-installed on the three biggest mobile operators phones (99.9% of market) and get deals where data to your service do not count as part of the limited data-plan on two of them, by just "being an IP address on the web".


Right now, it's more of a benefit to phone manufacturers to pre-install whatsapp than it is to whatsapp itself.

Same goes for the telcos. Offering free whatsapp and Facebook is a thing. And it's not because whatsapp had a "deal". It's because the telcos want more users.

Developing countries eat that up. People explicitly want to see whatsapp support or they don't buy the phone and many terrible devices have been sold on this premise.

Source: Experience


Source: 20+yrs on the online advertising industry.

Nothing that lives of ads or telecomunication companies survive only by "serving the user". The telco only pre-install something on the device if: A. they are paid upfront, B. if they get a percentage of the ads.

yeah, serving the user is good, but remember that you are talking about companies that charges for SMS. the day they have to rely on "pleasing the user" hell will freeze over. They rely on regional monopoly, just like in the US.


Does not including a popular app preinstalled increase sales?


not at all. what part of monopoly didn't you get? they already have all the sales.


We have a clear market leader, but it's by no means a monopoly.

People constantly switch network providers here since we have number portability. My wife, me and many of our friends switched to Vodafone cos they were offering a really great Internet package. Free Whatsapp, Facbook, Twitter, Instagram,and Snapchat plus 3.5 GB for what's essentially $9 a month. Here that's unbeatable and unheard of. http://support.vodafone.com.gh/customer/portal/articles/1813...

I doubt all these services are paying for for Vodafone to do this.


Luckily, there is serious competition here.

MTN does it, Airtel does it and Vodafone I think does it as a package.

If you currently don't offer some sort of package or free service, you're out of the competition.


Do you have a source for this? Why would bank accounts need to be situated in Brazil for these deals to happen? That doesn't make sense.


you can pay whats app directly via the operator. e.g. http://www.tim.com.br/sp/para-voce/planos/pre-pago/turbo-wha...

you can't do that in brazil without having the papers to do business there. in fact, you can't even sell anything without the right documents. Just like everywhere else.


paying whatsapp?

I don't know portuguese so I didn't actually read what the deal is.

Is this a service where subscribers pay the carrier a fee for 30 days of unlimited data traffic to whatsapp servers (VoIP excluded) + 50M of data ?

If yes, does that constitute a transaction the consumer makes directy to whatsapp via the operator? I understand that likely whatsapp and TIM (an Italian company btw) might have made some deal and exchanged some money for the use of whatsapp logo etc, but I guess that transaction could have been done anywhere.


tim is Spanish.

the app has in app purchase. that page describes both what you described plus paying for in app purchases via operator


https://en.m.wikipedia.org/wiki/TIM_(brand)

> TIM is an Italian brand owned by Telecom Italia. Originally founded as a mobile telephony company in 1995

https://en.m.wikipedia.org/wiki/TIM_Brasil

> Parent Telecom Italia Mobile, Telecom Italia


Their apps are in the Brazilian app stores


My apps are in the Danish Google Play and Apple App Store...

I never been there, I don't read or write danish, I never interacted with danish government, or met any danish person.

If the dane government wanted something from me, and sent a letter to some random person, written in danish, even if it reaches me, I wouldn't understand it anyway.

Thus, having app in some other country store doesn't prove much, except that you clicked "publish" somewhere on Google or Apple uploading interfaces.


> except that you clicked "publish" somewhere on Google or Apple uploading interfaces.

At which point you agree to adhere to their laws and regulations.

A famous example of someone operating legally under local law, but who got prosecuted for having merely a website accessible in another country, was Kim Dotcom.

That’s the current state of international law, either lobby to change it, or accept it, but don't ignore it.


>>At which point you agree to adhere to their laws and regulations.

Uhm nope. If my app(published on Apple Store/Google Play) violated a law in Saudi Arabia and they sent me a letter requesting me to appear and subject myself to 100 lashes for violating their law, I would very promptly disregard said letter, to put it politely.


You might do this and then you get convicted in absentia, Saudi Arabia will send a request for extradiction, your country will say no, done. Except: better not travel to Saudi Arabia or any other country that will extradict. Also Saudi Arabia will propably ban your App, which is what is happening in Brasil.


> You might do this and then you get convicted in absentia, Saudi Arabia will send a request for extradiction, your country will say no, done. Except: better not travel to Saudi Arabia or any other country that will extradict.

And that is the problem. You can't actually expect people to hire lawyers from 108 different countries to see if their app is legal in each of them just because they're going to distribute it on the internet, to say nothing of what happens when two countries have mutually contradictory laws (e.g. privacy vs. data retention). And a person who goes to see the Great Pyramids shouldn't have to worry about being hauled off to Saudi Arabia and then stoned to death because their app doesn't prohibit blasphemy.

> Also Saudi Arabia will propably ban your App, which is what is happening in Brasil.

Which only increases the proliferation of tools to bypass the restriction.


> You can't actually expect people to hire lawyers from 108 different countries

You could expect facebook, with their almost infinite resources to so.


No business should play along with their BS or hand over customer data.

I never thought I'd say this, but: Good on Facebook for not complying.


So, VW should be able to sell cars in the US ignoring the environmental laws, too?


VW has an actual office in the US - it's not VW Germany selling cars in the US, but VW America.

If you purchased a VW car in Germany and had it shipped over to the US it would be on YOU to make sure it complies with all requirements of your country, not Volkswagen's.


They have every right to pull your app, arrest you and prosecute you if you ever do go to their country, and apply to have your extradited under relevant treaties.


I disagree, because I believe human rights exist.


They have every right to do something ridiculous like that, in the same sense Hitler had every right to kill the Jews. I.e. only in their minds.

Harmful lays laws should not be considered lawful just because somebody wrote them down.


While I agree that whipping someone, execution via stoning, and other punishments are inhuman and no country has the right to exact them, I stand by my point in general.


And you won't care if they summarily shut down your app in their country, then, of course?


Then don’t publish your app in those countries.


But....why not? As a person interested in selling my app, why would I not publish it in the largest number of markets available?


Selling apps is like selling any other product.

I can’t sell medical marihuana in most states of the US – and I don’t go and try, and then complain about getting arrested.

Instead, if I wanted to start a business doing that, I’d check out where it would be legal, and in which ways, and sell my product in those markets.

Why do you assume you can sell your product in markets without having checked the legality, and then complain when they ban your product because it violates the local law?


Hmmmm your example isn't exactly valid. If I was selling something on ebay out of EU, and you ordered something from me to US, I would almost definitely not get in trouble for sending it to you, unless it was an item which has export restrictions from my country. Or to go back to my example of Saudi Arabia - if someone from Saudi Arabia bought something from me I would definitely absolutely not bother to check if what I'm sending is legal in there. If it isn't, then customs will confiscate it and the person buying it will be in trouble, most likely.

My point was - is there any reason why I, as a developer, should not check "all countries" when publishing an app? If Saudi Arabia wants to ban my app later - let them, I literally don't care.


If you sell in another country you are subject to their laws, an obvious example is consumer protection laws. This is a fact. Whether or not you are going to follow any rulings made against you is another matter, in that case all the country can do is try to block you in whichever way they can (like Brazil just did) and possibly prosecute you in absentia.


But...I'm not selling anything in another country. I'm advertising online and someone who bought the item asked me to ship it to Saudi Arabia - sure, whatever. I don't have an office there or a business presence. How would they prosecute me? What for? Their citizen bought something from me and then had it delivered to their home in Saudi Arabia - if he's breaking the law, then it's on him. Now cut out the post from this equation - imagine he came over here, bought the item from me and brought it back with him - how would I be held responsible for what he is doing with the item and where he is taking it?

And yes, consumer protection laws absolutely still apply. The laws of my country - if my country says that I have to give him 2 years warranty - of course he gets 2 years warranty. If his country says a seller can be subject to 100 lashes for selling prohibited materials - they can go and try executing this, I wish them all best luck.


They have the power to block you in their country, just as you have the power to publish in their country.

Just because you can take their money doesn't mean they have to accept that.


Because if you're not willing to do the legwork to see if your app is following the letter of the law in those countries, you may be subjected to being banned due to violation of said laws.


That's not really an argument. Go ahead and ban it. There's no reason anyone should preemptively ban themselves just because someone else wants them banned.

It's a bit like saying "You should hang yourself, because if you don't, I'll hang you." The proper response is "get on with it then."


> A famous example of someone operating legally under local law, but who got prosecuted for having merely a website accessible in another country, was Kim Dotcom.

That's a pretty shit example, given everything that happened around that case.


Lesson there is not to piss off the US IP industry ;)


They are in the Apple and Google app stores, you mean to say.


The person I was replying to asked "Do they operate in Brazil?". And considering that the app stores are on a country level, I'd say they do.


The app stores operate there as distributors. Just because my product is distributed somewhere by a third party doesn't necessarily mean I operate there.

If an art dealer sells a painting to someone in brazil, does it mean the original artist operates in Brazil?


I think the difference is that you /knowingly/ (to an extent) sell your app to Brazil. If you sell your art depicting, say, women in power to Saudia Arabia to someone here and they move to Saudia Arabia and sell it, it's not your fault. But if you told him it's ok to sell that painting in Saudia Arabia, I would assume you can be held liable.

(Not that I agree with that, but that's what it looks like)


In the artist/dealer scenario, only the latter is actually under the legal jurisdiction of Saudi Arabia and could be legally compelled to follow a court order. They can choose to hold anyone liable but their legal and practical ability to compel an entity to comply doesn't extend beyond their state unless they have an agreement with another state.

Apple has a corporate office in Brazil (google too) and they're the ones who distribute and approve the application for sale there. They're legally required (I assume) to respond to legal notice they're served with. WhatsApp is not legally required to do so, and others have pointed out that it might not even be legally feasible for them to do so.

Of course this situation is more complex because obviously Apple doesn't have the data and I doubt Brazil wants to get into a legal battle with Apple. And although Brazil doesn't have the ability to force WhatsApp to comply with anything, they do have the leverage of being able to shut down their service. Should make for an interesting story to follow.

At the very minimum, if they had served Apple/Google instead, they would have had a legal requirement to actually respond. I don't know much about the actual case so these are mostly assumptions.


Who cares what the law says? The laws should serve the citizens. And in this case, a huge majority of the citizens prefer to use WhatsApp.


The judge cares. Because the basic tenet of a Republic is the separation of powers, a Judge is not allowed to decide whether or not a law is fair or good for the people; that decision falls on the legislative branch.


> has no presence in Brazil.

If they have no presence in Brazil, how did they get shut down in Brazil? I don't mean to be glib, but I don't see how the two concepts jive with each other.

On a purely practical level, if they were interesting in maintaining their service in Brazil, why didn't they establish a presence in Brazil when all these previous orders and shutdowns were going on? This is like ignoring notices in the mail and then wondering why you're getting collections calls.


> If they have no presence in Brazil, how did they get shut down in Brazil?

Blocked at the ISP level.


Seems like a flaw in the service if it can be shut down that easily.


Why is that a flaw in the service? The ISP/mobile operator is essentially the gatekeeper to the Internet; having them block WhatsApp (or anything else) is just a case of them adding a block rule to their DNS.

What would interest me is knowing whether or not access is still blocked if you change your default DNS server to something like 8.8.8.8?


Changing the DNS server has no effect; I use Google's and it's still blocked.


WhatsApp uses IP addresses directly to route the traffic, but you could still use a VPN. The problem is that unless everyone else uses one you won't be able to talk to them...


What if you hit it via some VPN service?


I can reach them through a VPN, no problem at all to communicate with people outside of Brazil or with those connected through a VPN.

OT: Intrigued and tempted by ivpn.net but the about page don't give me enough info to decide (no team, no physical address...) Where can I read more?


Whois has provider name, business address and telephone.[0] They say:[1]

> VPN was founded in 2009 by a group of information security professionals who met whilst doing their Msc in Information Security at Royal Holloway, University Of London.

I've never researched that, but I've worked with them for years, and it's consistent with my experience. They're good people, I believe.

[0] http://www.siteshowinfo.org/sites/www.ivpn.net

[1] https://www.ivpn.net/aboutus


Somehow I assumed you worked for ivpn, based on your profile. My bad! Thanks for the info anyway.


I freelance.


Using DNS is the start of the flaw.


If a US law makes it impossible for a US company to comply with laws in another country in which they operate, that other country has the right to prohibit said company from operating there.


That doesn't mean it's wise for the said country to do so. In this case, doesn't seem like it is.


> WhatsApp publicly stated that it does not and has not retained any message content once messages are delivered

This does not make a lot of sense.

If they don't retain any message content, then how am I able to browse all my message threads on https://web.whatsapp.com?

EDIT: I'm wrong.


The messages come from your phone; that's why you need your phone to access the webapp.


I also use the web interface and I believe it tethers your phone to the browser - so the phone is sending the unencrypted messages to the browser window.

If you delete a message on the phone the message disappears in the web interface too.


Looks like you guys are right:

"WhatsApp Web connects to your phone to sync messages."

I.. did not know that.


It connects to your phone which stores the messages, I believe.


Foreign law enforcement may kindly request US DoJ OR operate under their (foreign) laws (and with 0 help, it's not hard to guess what route would be taken).


Your first point makes no sense whatsoever. Because an American company operates in a foreign country doesn't mean they don't have to follow the law.

"oh sorry, breaking local laws? Oh well, we're in america! Too bad!"

Doesn't work like that.


> Under many readings of US law (specifically, ECPA), US companies are in fact prohibited from complying with requests from foreign law enforcement for content

i know nothing about law, but where are you getting this from? does not seems to be the case with any company in china (yahoo gave in, google decided to leave) for example.


The difference is likely that these companies had the type of presence that causes Chinese law to come into effect ... such as physical presence (servers), buildings (owned property), human presence (employees, especially if they're Chinese citizens), financial presence (bank accounts, insurance), business/legal presence (i.e. local corp, subsidiary, company of some sort).


And in that case, it's the Chinese subsidiary that makes the decision to comply with Chinese law, as it obviously has to.


> First, WhatsApp is a US company and has no presence in Brazil.

I certainly disagree with this ruling, but "no presence in Brazil" is wrong and contradicted by Facebook itself:

https://www.facebook.com/careers/locations/saopaulo/

> São Paulo, Brazil 23 open positions

> One of the most talented and diverse cities in the world, Sao Paulo is a hub for our operations throughout Latin America. Our teams make an impact by providing support to our communities, small and medium businesses and brands in the region.

And of course their Latin America VP is located in this office:

http://www.zdnet.com/article/facebook-hires-new-latin-americ...

So I don't know where the bizarre idea that Facebook has "no presence" in Brazil comes from.


WhatsApp and Facebook are in fact still separate companies. Just making this distinction.


"Separate" as in WhatsApp Inc. is a wholly-owned subsidiary of Facebook Inc. That matters a lot.


I suppose, but would you refer to General Electric and Telemundo in the same interchangeable way? Same difference. If I were applying to a job in GE's aviation research division, I wouldn't mail my application to Telemundo.


That's actually wrong at multiple levels; Telemundo is a division of NBCUniversal, a wholly owned subsidiary of Comcast since 2013.

It would be an apt comparison, if you imagine that Comcast had a Latin American headquarters in Brazil, where Telemundo's Portuguese telenovelas have millions of viewers; it would be weak tea for NBCUniversal to then argue that Brazil had no jurisdiction over it and the programming it distributes there because the shows are produced in Florida and NBCUniversal has no employees there.


> First, WhatsApp is a US company and has no presence in Brazil. Under many readings of US law (specifically, ECPA), US companies are in fact prohibited from complying with requests from foreign law enforcement for content, except in emergencies. Instead, foreign law enforcement must make a request for assistance to the US DoJ, which will then (eventually, and maybe) process it and serve it on the US company. This is one of the reasons why MLAT reform, such as the proposed UK-US agreement[1], is so important because it would allow US companies to directly respond to foreign law enforcement requests.

If you want to do business in a country then you should follow its laws.


You are missing the most important part of the story. Facebook and Whatsapp are not ignoring the request. They have said that it is impossible for them to provide the information requested.


That's the problem with all these judicial orders. They think it's a flip of the switch to comply. Why don't the courts provide the money to build the services and infrastructure to comply with the order?


Orders like these are normally written out by judges that are completely oblivious to how reality works. Adding to that the fact that people with power know they tend to get things their way in Brazil, and that the government is all-powerful, I'm quite sure this guy just assumed he could change the laws of the universe with a stroke of his pen.


> he could change the laws of the universe with a stroke of his pen

that's how the legislative and judiciary branches think here in Brazil, write the problems away with a law. it called 'canetada'.


> it called 'canetada'.

It's wonderful to have a succinct word for a concept like that; I wish there were such a word in English. Do you have any background information about the origins and meaning of this word?


Caneta means pen in portuguese. Canetada, although not a dictionary word, means the act of swiftly using a pen to show "who is the boss" - signing an impromptu decree or order of questionable legitimacy for example.


Portuguese, maybe especially Brazilian Portuguese, has a good number of made-up words that can be created by simply adding certain suffixes to common words. They might not be in the dictionary; that'd grow its number of words exponentially I assume. But they're widely used and understood. In this case, "-ada" is basically added to words when something is used indiscriminately, normally by hitting something or someone, or throwing it.

Whacking someone with a wooden stick ("pau") is a "paulada". Kicking a ball ("bola") on someone is a "bolada". Poking someone with a pin ("alfinete") is a "alfinetada".

Therefore, using a pen ("caneta") indiscriminately becomes a "canetada".

The same word would be used if you threw the pen at someone's head, so there's that.



In Germany you get recompensation for that. Also one might argue if they don't like the laws they shouldn't access the market.


Not that I am a big fan of this particular law/result, but I want to highlight the second half of your sentence:

"if they don't like the laws they shouldn't access the market"

That is something the HN crowd does not seem to understand/respect. Most of us enjoy the personal protection of the law yet we want to whip up a webapp and have no laws apply to us.


Bad laws are bad laws, it's idiotic to support them.


If you think harder you will realize that is false. The rule of law itself has value, and we can only live in a lawful society if we respect all laws and change them via established processes. Otherwise someone may decide that your favorite law is "idiotic" and you will have no recourse.


Civil disobedience is a very "established process".


Civil disobedience does not imply impunity. You disobey the law and you face the consequences. That's how civil disobedience works. If too many people disobey the law, it eventually gets noticed.


Not only idiotic but also immoral. If you obey an immoral law you are acting in a way which strengthens that law and keeps other people under its influence. By your actions you are essentially condemning people to be affected by an immoral law - which in itself is immoral behavior.


As far as I understand, WhatsApp is not conducting any activities in Brazil.

There are people in Brazil who have downloaded the application, and those people are connecting OUT to WhatsApp, which is operating in America.

So all the Brazilian government can do, is BLOCK its own people from accessing WhatsApp through the Internet.

The question is, should the Brazilian government have the right to block websites that it doesn't want its people to be able to see?

Ultimately that's a problem for Brazilian domestic politics, and also a greater issue of human rights. After all, that's how we describe it when discussing the Great Firewall of China.


Brazil can apply whatever laws they want wherever they want. They just might not be able to enforce them and therefore non-residents might decide to ignore them. The same is true for everyone else.


Nah, you just gotta DISRUPT the current laws.


That would require a backdoor that didn't exist at the time and that WhatsApp doesn't want to create.


It would require more than a backdoor but dozens of data centers as well as the software and personnel to manage them all


And not just the money. They try to override the logic of the universe.

A company cannot provide data that it does not have and has no way of acquiring.


To give them some message that was deleted years ago? What is Facebook supposed to do, build a time machine?


It doesn't matter what 'they said', if it was not 'said' in formal legal response. If you are subpoenaed, you don't go ahead and publish in your blog 'hey judge, I've done nothing', you hire a lawyer and do it via legal channels. Facebook/WhatsApp haven't done the legal work, thus, their answer amounts to nothing.


Well finally.

Whether or not they have a presence, operate there, are required to comply or whatsoever is not an issue.

They simply can't comply. If they could initially they can't anymore. End-to-end encryption made sure of that.

Again, unless they're lying to us.


> They have said that it is impossible for them to provide the information requested.

They have said this to the press or to the court? Because it seems to me like Fb/Whatsapp have been pointedly ignoring the courts for months. The least they could do is fly down a lackey to Brazil and say it in person and/or alternatively hire a Brazilian law firm to represent them.


Brazil already arrested a Facebook executive and detained them for 24hrs this year over the fact they said there is nothing that can do regarding the information request.

I'm not sure what you're proposing Facebook to do here? Hand over useless encrypted data? Hold a cryptography seminar for Brazillian law enforcement to explain what end-to-end encryption means? Have more of their employees risk arrest?


Pull their app from the Brazilian app store and let democratic process take its course


Better to make the app install but when starting, display a message that the local laws and judge's orders make it illegal to operate in Brazil.


They should say it like it is, and FB having a high visibility platform is a plus. Just put a banner there saying those guys are idiots in an authoritarian power trip, and fuck them. After that you'll probably be found dead or something. So YMMV


Putting up banners with "fuck them" is not how companies work, and it is not a good communication strategy.

Some more subtle hints may work better, but generally, what Facebook says, "it can't be done" is the correct strategy.


This is going to sound flippant, but think about it, it isn't.

What lackey is going to want to fly to a hostile country where the government is battling your employer?

I don't want to spend any time in a foreign prison. Who would?


They dont have to fly anyone down to brazil. They had someone there. He was arrested a few months go for not fulfilling the request. Its all in the article we are commenting on.


Terrifyingly Brazil is probably on the no-go list for lots of Apple employees right now, like how the Middle East is in general for LGBT people.


Apple has offices and operates legally in Brazil and has done so for many decades. As far as I know, they aren't violating any local law.


I meant to say Facebook. No idea how I confused the two.


"It's impossible for me to follow the law" is not a valid defense.


To repeat what everyone else has said: The data doesn't exist on whatsapp's servers.

Now I know the law's position is basically "do what we say or we'll punish you until you comply - and we'll simply ignore you until you figure out a way to do so".

Obviously that's literally impossible for data that doesn't exist anymore, but of course it's technically possible to comply with these laws in the future. And I think that's a bigger problem here - that governments want to turn companies into surveillance tools. It's like telling the postal service to open and scan every single letter - which would have sounded pretty bad in the past, but nowadays that's somehow okay. Not because morals have changed but because it's feasible now.

Following/enforcing laws is generally a good thing, but since we live in a human society and not a robot one, things like that get fuzzy around the edges. Let's imagine an extreme, outlandish case where some odd and unforeseen circumstances in poorly written laws lead to a judge being able to order nuclear attacks on several cities of their own country. I'd want the judge to hold off on that and maybe wait for the legislature to catch up with the will of the people - which is not to die in millions.

Whatsapp isn't exactly a matter of life and death (at least I hope it isn't), but maybe this is a case where values like common sense, the common good and the interests of hundreds of millions of people weigh more than maybe locking up some stupid drug dealer.

I completely disagree with "If they disobey the law, it must have consequences, no matter how big and important to brazilian society they are.". That's the kind of idiocy that emerges right when society ends up working for the benefit of its government instead of the other way around.

If your position is unpopular with your friends, then it's because you think the law is more important than the entire society it's supposed to protect.


> If your position is unpopular with your friends, then it's because you think the law is more important than the entire society it's supposed to protect.

Totally agree. This is unfortunately a very authoritarian world of view that is not uncommon.


This has mothing to do with authoritarianism. Upholding the law itself is important. If everybody ignores the law all the time you'll have a pretty shitty society.

The Brazilian people have a clear option, vote for officials who have no problem with communication encryption. The solution is not to circumvent the parliamentary democratic process.


Nobody is going to question a law that nobody is willing to defy. And then you'll also end up with a shitty society.


> If your position is unpopular with your friends, then it's because you think the law is more important than the entire society it's supposed to protect.

I am shocked so many of you agree with this. If it is forbidden to kill people, you have done something very bad and everyone else wants to kill you, they are still not allowed. (They may change the law and kill you then but for now, they are not allowed.) This is called justice.


> If your position is unpopular with your friends, then it's because you think the law is more important than the entire society it's supposed to protect.

Sir/Ma'am: you get my gratitude for voicing this. People do forget why we have laws in the first place.


But, as it says in the article, WhatsApp just doesn't have the data the judge wants it to turn over. How does it make sense to punish a company for not doing something that it physically cannot do?


Companies can be punished for failure to obey laws. If a company didn't bother to retain records on who bought something they are now required to recall due to safety failures I can't imagine any country would say that is ok. They would be punished.

I don't happen to think the law mentioned is a good one. And I have no idea how the law is actually worded. Depending on how it is worded maybe it is ok to just not keep records so you don't have to provide them. But it is certainly within the power of governments to demand companies operate in a manner that requires them to do certain things and you can't avoid that by for example not keeping the records you are required to.

I sure hope the USA stops the leadership of authoritarian overreaching on laws relating to technology. But it is not at all surprising that others are following the lead of the USA into horrible authoritarian and Orwellian laws given the USA's behavior. Few countries seem willing to put liberty ahead of authoritarianism. The USA is far from perfect but it is a country that has above average potential for promoting liberty.

But the last Bush and Obama administrations have been horrible and both political parties are pushing for horrible laws. A few decent advocates (such as Senator Ron Wyden) for fighting this trend exist but they are not common yet.

This promotion of authoritarian state power is a very dangerous trend that may well have incredibly bad consequences for us. Our history shows authoritarian governments abuse power and I am worried about the last two administrations strong support for increasingly powerful spying abilities of government.

I would hope countries like Brazil lead away from the path the USA is pushing the world down. Unfortunately I don't see much good happening in that way. I hope I am just not aware of good things other countries are doing but I worry that isn't the reason I don't hear about good moves to thwart the dreams of authoritarian regimes.


So if a judge demanded a telco hand over an audio recording of any specific conversation, they must comply -- even though calls are not recorded and stored?

If a judge demanded the postal service hand over an image of every envelope processed, it must comply -- even though no such images exist?

Where does it end?


That's why Google doesn't operates in China at full scale. https://en.m.wikipedia.org/wiki/Google_China They decided that was agains the company values to comply with Chinese law, so they stopped offering some services. It's the law, and maybe I don't like it at all, but still I thing that companies should comply. I also thing that that laws should me changed.


Some services? I have not found any Google service to work over there. Which one should work?


Gmail works, in the sense that Shanghai utility is able to deliver e-mails to me when it's time to pay the electricity bill. Downloading stuff from google's android repostitories (i.e. for developing Android) also works (most of the time).


Yes the latter works (Android repos which are not on google.com), but when in Shanghai I get nothing from Gmail, ever. Not sure how that works then but at least it's not supposed to work I guess as that's officially banned. And when something works from Google it'll not work after trying it a few times. I definitely find it both hard to work there and both relaxing. Hope to be in Shanghai soon again.


Comply with what? What law is being broken here?


Censorship laws, mainly. China wants to block out huge portions of search results, and Google doesn't want to do that.


Look, if a judge has such a right, a corporate lawyer usually has an idea that such a request might come. Companies that do not break law must do what is needed to make sure they will not violate any laws – neither now nor in the future. Or WhatsApp may say – sorry Brazil, we do not think that complying with your laws would be appropriate for us and stop servicing Brazilian numbers until laws are changed. But it's just not right to ignore country laws as long as that country is not US.


It's not clear that they are actually violating the law, though. Judges can be wrong too.


To become a telco, in the first place you need to comply with all of the laws to be allowed to operate. In the case of the US, this is CALEA, and every phone company should be able to provide a backdoor that allows the agencies to follow court orders and tap phones. Brazil has similar laws for the phone networks.

The problem with the attitude of the Brazilian courts in regards to Whatsapp is that they are not a telco. The abomination that is the Marco Civil, which is being used as a justification to enforce the court request and says data should be retained by companies for one year, does not help.


It's not about providing a backdoor, it's about retroactively having recorded all conversations demanded by a judge.


Like I said, the Brazilian code about Internet communications (Marco Civil) establishes that all companies must retain all data for one year.

This was passed in 2014, so the main allegation from the Brazilian courts is that Whatsapp should have this data, anyway. There is nothing "retroactive" there.


I shouldn't have used a metadata example with the postal service. Better case: judge demands the postal service turn over a transcript of every exchange between two people for the past year.


Actually, in the USA, USPS records an image of the front and back of all letters.

It's illegal to open the envelope, but hey - who knows?


Couldn't an image of a letter with a thin envelope be used to see the contents?


Customs can.


USPS does do that. It's considered metadata.


Apparently, it ends in Brazil when a court shuts down WhatsApp (for 72 hours).


Apparently the USPS does make an image of every envelope processed. http://www.nytimes.com/2013/07/04/us/monitoring-of-snail-mai...

But the basic idea is yes, you must comply with all laws. If you can prove it violates the constitution you can have a court invalidate the law (but before that it would be illegal to violate it). There are often laws that you could argue conflict with this law and get out of it that way.

Often if you have lots of money you can influence the enforcement of laws. That doesn't exempt you from a law but often it isn't really an issue of what the law allows but what the regulator or prosecutors decide to enforce. And if you can't do that you can fight the attempts by the regulators and prosecutors (and law enforcement officials) and argue they have not legal right to do what they are seeking to do. See Apple, for a recent example.

Your rights are often not just a matter of the law but of to what extent the government and law enforcement are bound by laws. In the recent experience in the USA we have examples of the Bush and Obama administrations seeking to avoid accountability for authoritarian overreaching. They often seem to get away with it. The recent attempt to push around Apple was stopped mainly due to Apple's lawyers and leaders refusing to be pushed around.

I do not know if the Brazilian example is one where the government and/or judge are attempting to compel behavior not legal in Brazil (either not what the law requires, using a non-legal punishment or neglecting another legal requirement that would override the law being used to compel the behavior). But I do think it would be possible to have such a law and have the judges actions be legal.

Certainly laws can compel companies to do things that they are not now capable of doing. Normally if some new law were to be created the regulatory framework and notice would be publicized and companies would be aware of the requirement (say to keep records or whatever sort). And then if they failed to do so that isn't a justification to fail to comply since they failed to do what was required in order to be able to comply with a further requirement. Their lawyers may also be able to argue the law was unrealistic in expecting compliance because even though we wanted to comply it just wasn't possible to do so. And making a case that they are doing everything they can may be taken into account to say that while they are not fully compliant yet, they are taking all reasonable action and therefore to the extent the judge has leeway they could make adjustments to the consequences.

While it is sometimes annoying the reality is there are so many complications it is often a matter of judgement for whether something is or is not ok and even if it isn't ok, what is a reasonable consequence. When the legal system is working well it makes these judgement in a sensible manner even if it leaves many people unhappy. And then you have things like the Eastern district of Texas making a mockery of abuse of society by patent trolls.

I certainly do believe the legal system can be systemically broken. And those failures can be left unaddressed by our representatives for decades. Could that be similar to what is happening in this Brazil case? Yes. Could it also be that this Brazil case is just a matter of a bad law and the legal system is properly carrying out the consequences of that law? Yes.


>> If a company didn't bother to retain records on who bought something they are now required to recall due to safety failures

I am not aware of any law in the US ( talk on US laws because you discuss it later in your comment) that requires by business to keep sales records for the purposes of recalls, the only businesses required to do that are business that sell regulated goods, (firearms, explosives, Drugs, certain chemicals, etc)

Normal Consumer Goods are recalled all of the time with out the Manufacturers, or Retailers having a master list of every person that bought that item.


The Law orders it to collect the data, the data is available and Watsapp does collect it, but instantly discards (or so they claim).

What is in there that can not be punished?

I don't think this specific law is a good one, but it is not in clear violation of our Constitution, and was brought up by People's representatives... We should fight for improving it, and we should stop relying on infrastructure owned by private companies. But I can't think this judge is wrong.


The Law orders it to collect the data

Which law orders them to collect the data?


Marco Civil da Internet.

Brazilian federal Law nº 12965.

http://www.planalto.gov.br/CCIVIL_03/_Ato2011-2014/2014/Lei/...


It doesn't matter it's not a Brazilian company, there are no servers in Brazil, only the users exist in Brazil. They could mandate Mark Zuckerberg run around naked and it would make no difference. Maybe Brazil should create a great wall of Brazil and cut itself off of the internet. Then it could enact whatever laws it wants to affect companies in other countries.


Facebook has at least one company in Brazil, and they are providing a service in Brazil that this judge ordered to interrupt.

It's perfectly reasonable to forbid access to Brazil for some service that does not follow a Brazilian law. This is bad because of the specific terms of this law, not because of some broad issue.


> providing a service in Brazil

I don't know if they have servers in brazil, but if they don't then it seems quite unreasonable to say that they are "providing a service in Brazil". If you run a bookstore in the US and a German comes and buys Nazi material, are you running a store in Germany? If Brazilians are effectively leaving their country to go get stuff from US servers then it's up to the Brazilian government to make a law to stop them, if it doesn't like that. Saying that connecting to the internet is "providing service" to every country in the world is a way to simply break the entire internet.


>If you run a bookstore in the US and a German comes and buys Nazi material, are you running a store in Germany?

No, but if she buys via mail order and the package gets confiscated at the border, don't whine about losing business.


Under German law you are subject to German laws about commerce if you are "addressing the German market". Some indicators include offering your site in German, probably also support German phone numbers and addresses, etc. For some services/apps this is obvious (e.g. online shopping) for others it is more debatable.

The most important part however is that of course you don't have to give a damn about what German law thinks as long as you aren't in a position in which German jurisdiction can be enforced. Likewise, even if you are a German citizen living in Germany some German laws and regulations may not apply if you are decidedly not offering your services/apps to a German audience -- though of course that's a much less safe position. Either way, it's not as simple as "it exists on the Internet, therefore it falls under German jurisdiction" although the reasoning is quite similar to that in Brazil.

The point is moot, anyway. Brazil can't enforce their laws against a US company that doesn't have a presence in Brazil, but it can ban them from Brazil -- as apparently a Brazilian court is allowed to force Internet access providers to ban specific IPs. Whether courts should be allowed to do that is a legitimate question but right now in Brazil they apparently are, so everything is fine.

This isn't an action against WhatsApp. This is an action against Brazilian WhatsApp users. It's basically enforcing a sanction against WhatsApp by preventing Brazilians from accessing the service (which they can't get at otherwise). This is more like a German court forcing an IP ban (in Germany) against a Nazi website hosted outside of Germany -- which is a thing.


All that law orders them to do is to record the access logs (Registros de Acesso), not the actual messages or any other metadata. Soneca's post above said the judge "ordered Whatsapp to share a particular user conversation", which that law doesn't oblige them to record.


This investigation is under seal. Soneca is speculating just as much as I am.

That is the law Watsapp broke the last two times it was interrupted (when the news was almost a verbatim copy of what it is now). I imagine it is the same it is breaking now.

Yes, I should have made it clearer.


I think this statement weird. End-to-end encryption is very recent, the data asked by the judge is for communication made before this feature roll-out. So I'm assuming Whatsapp do have the information for these two particular cases. But I could be wrong.

Anyway, maybe they are just using it for PR support on their position against the court decision, betting that all of that Telegram new users will come back to Whatsapp after the suspension (that's what happened before).


WhatsApp publicly stated[1] in testimony before the Brazilian Congressional Committee on Cyber Crimes in December 2015 that they do not, and have not ever, retained the content of communications—regardless of E2E or not. Apparently, WhatsApp only retains messages until they are delivered.

[1] http://www2.camara.leg.br/atividade-legislativa/comissoes/co...


When I buy a new cell phone my Whatsapp conversation history is lost but my Facebook message history is not. It's likely that Whatsapp discards the messages from their servers immediately after they confirm it has arrived to destination (the two check marks).

If the communication was made a long time ago, Whatsapp may no longer have it, encrypted or not.


End-to-end encryption for Android to Android conversations has been in place since November 2014: https://whispersystems.org/blog/whatsapp/


You are assuming, just like the judge. That is not correct, you should trust in the company when they say that. The hole world works as that, trust. A judge cannot assume that they have that data, because they don't. This judge just dont have any tech acknowledge, thats the problem, people that dont understand what they are doing. BTW, its not End-to-end encryption related, is just that they dont store that data in anywhere.


Do we know for sure what cases this particular order is connected to? Because WhatsApp has been encrypting Android communications since 2014 [0].

[0] https://www.wired.com/2014/11/whatsapp-encrypted-messaging/


Surely they are physically able to answer the court?


That's my thinking -- an inability to comply could have been addressed with the court. Instead, it appears that they had no representation in front of the court in order to make that argument, have hearings and otherwise determine that compliance is impossible.

The merits of the case are one thing, however not appearing to address those merits (or lack thereof) seems to be the failure point.

But I could be wrong.


If it is impossible for you to drive legally - say, for example, you are blind - that does not permit you to then drive illegally.


When it comes to decisions this big, I always assume there's more than meets the eye.

You're probably aware of the statement Brazilian telcos made on the intent of charging according to bandwidth usage and it's public reaction. Which to me indicates that telcos are kinda desperate on trying to find new sources of revenue. And this happened not long after one big telco company acquired a big competitor. Add the fact that Brazilian telcos have already tried to shut down whatsapp before[0].

Whatsapp makes sms and mobile phone calls a pricey redundancy to anyone with access to wifi, no wonder they're desperate.

Do I have any evidence the two cases are related? no. But the flow of events is certainly interesting.

It just doesn't seem justifiable to restrict communication for millions of people due to a single case. As in, sure, arresting a drug dealer may be a good thing to society overall, but is that worth the limitation shutting down whatsapp imposes on Brazilian citizens?

The decision may be in agreement with the law, but is it in harmony with the law's ultimate purpose? which is to protect the interest of the society as a whole?

[0]http://www.zdnet.com/article/mobile-operators-unite-against-...


There are lots of apps that let you send free sms over wi-fi, including Cacao (not sure of spelling, I don't use it but my partner does, seems popular in Korea?) and also why would the sale of iPhones with FaceTime and Messages not be an even greater threat than WhatsApp to telecom revenue?

I don't doubt the telecom companies are trying to control their market, but I doubt they are behind some huge conspiracy. It is more likely that the govt/courts are trying to control the flow and availability of user's data and are in cahoots with the telecoms companies who have close ties to govt.


"why would the sale of iPhones with FaceTime and Messages not be an even greater threat than WhatsApp to telecom revenue?"

There's no "would", whatsapp is a bigger threat. Simple math: number of whatsapp users > number of iphone owners.

As I said I don't know if the cases are related, I just laid down some well known and interesting facts. Your conclusion sounds perfectly reasonable to me (:


Besides the point that Whatsapp does not have the data, how does it make sense to stop 100 million people from communicating to prosecute one drug dealer? If you look at it from the point of view of society as a whole the judge has done a lot more damage than the alleged drug dealer. The judge has other options, such as issuing fines, that won't disrupt the lives of millions of people.


Fines have been issued over and over. FB's president in Brazil has been arrested. What else do you suggest this judge (limited by what the law prescribes) should do?


Get a grip on reality and attain an understanding of how these communication systems work, then move on to other avenues of investigation


doesn't law there mandate retaining of all communications for service providers?

if that's the case, as hinted by other people, and whatsapp has been found in violation of that requirement, then blocking it seems the correct course of action (given the judge cannot change nor ignore the law)

the big IF is what the Brazilian communication law mandates to companies providing a service on their territory.


doesn't law there mandate retaining of all communications for service providers?

From what I can tell (I can read Portuguese, but I'm not versed in Brazilian law), that's only for ISPs.


ISPs have to maintain access records for an year. Application providers for six months [1]

http://www.planalto.gov.br/ccivil_03/_ato2011-2014/2014/lei/... (subsection III, article 15).


Access records, explicitly defined in that law as IP address plus date/time, not "all communications".


This ruling makes end-to-end encryption illegal where, a service provider at no time holds the keys to decrypt messages between communicating parties. This is a protocol decision and since the Snowden revelations, a point of concern for civil libertarians. The Apple v FBI debate is a child of these exact concerns. The idea that governments want to legislate unfettered access to private communications and devices should be met with skepticism and public scrutiny that this Brazilian case will hopefully provide.


I agree with you. And I think all this should be framed "is the law right? should we change it?"; instead is always presented as "an authoritarian, out of his league, small town judge who is arrogant and clueless about tech".

He is just following the law, so fight the law, no diminish the judge.

Remembering that a "single judge" following the law with authonomy launched the biggest attack on corruption of brazilian history, and the fact that he is not a supreme court justice acted in favor of an independent investigation (search "sergio moro" and "lava-jato" police investiagiont).


No, judges need to notice when a law creates a contradiction or a stupid scenario and not make such rulings. Judges are supposed to have "wisdom". Pointing at a broken law, then breaking communications for everyone hardly seems wise. Unless he's secretly hoping this will force a big change in law and government.


Correct,that is the point of judging otherwise we could build software to do it automatically.


Contradictions are one thing, but the stupidity of a law is subjective, and the judiciary should not be empowered to rule contrary to the law based on their opinion of it.

Which is not to say they shouldn't point out that it's ridiculous when they make their ruling, and suggest that the legislature fixes it quickly.


They are being asked to provide data that does not exist, and cannot be recreated. The stupidity of that is objective.


The ruling punishes Brazilians on order(s) of magnitude more than it'll Facebook(WhatsApp). This heavy-handed approach is a power grab.


This is the "too big to fail" that the GP described. Do you really want a world where a company can evade the law just by getting enough people to depend on it? An important idea of rule of law is that it applies equally to everyone, no matter how important they are. Once you make exceptions for powerful people or powerful companies, it can become corrupt and abused. No small local messaging app will have this protection that people demand should be given to Whatsapp. Why should the dominant player in a market be exempt from complying with laws that their competitors must follow?


It also happened before end-to-end encryption be available: http://g1.globo.com/tecnologia/noticia/2015/12/operadoras-sa... (portuguese-br), so it's not necessarily about end-to-end encryption.


> This ruling makes end-to-end encryption illegal where, a service provider at no time holds the keys

The Big Company (like WhatsApp, Google, Apple) is always the easy target for subpoenas, judicial orders, and National Security Letters when it comes to encrypted transmissions.

Here's an idea for a legal maneuver to take Big Company out of the picture: Suppose crypto was handled by an open source 3rd-party program that was outside of the hands of Big Company. This 3rd-party program would encrypt/decrypt all incoming and outgoing messages, and the program would be mandatory.

If you want to use WhatsApp or other Big Company apps, you must install this open source and fully vetted program. Then if Big Company gets a subpoena, they can legitimately answer that they have absolutely no control over the encryption.

I'm going light on technical details because there are many ways that this could be implemented. The main idea is to insulate Big Companies from renegade legal attacks.


Supposedly Whatsapp has less than 100 employees.


Such as Tor?


Hey soneca, could you give me a transcript of the conversation between Dilma Rousseff and Lula da Silva on January 31st, 2011? If you can't, then you'll have to go to prison.

It's an irrational, unreasonable request, which makes it highly questionable as a legal ruling.


There is no legal basis to support the judge decision. A telecommunication service must keep records, but by the very difficult to understand Brazilian regulation, WhatsApp can not be considered a telecom service.

A service like WhatsApp is an over the top service, very much like any other communication service that you can use in the internets (like email), that does not need to comply to the telecom services regulations.

The truth is that the judge does not understand the matter being ruled and a single Judge closing a service used by 100m citizens is another proof of a very authoritarian and arrogant judiciary system.


I am sorry, but your argument is idiotic. It boils down to "WhatsApp wasn't there to produce something they didn't have, so a district court judge managed to order a bunch of nonparties to the lawsuit to take down WhatsApp." That's like a district judge in NY ordering all the telcos to block all iPhones because Apple refuses to hack a phone for him. What kind of judicial system are you running there in Brazil? I am glad that you are in the minority, but that's no way to run a country.


Please take a look at the HN guidelines https://news.ycombinator.com/newsguidelines.html

I don't really like seeing what is very very close to a personal attack ("your argument is idiotic", "I am glad you are in the minority...") in what should be a civilized place.


With all respect, how is that "very very close" to a personal attack? Sure, they're passionate, and frankly I disagree with other sides of what they've said in their comment, but it's not a personal attack in the slightest: it's a strongly worded indictment of the parent comment and the opinions expressed therein. There's nothing wrong with that, that's exactly how arguing works, at least in my opinion :)


It's not exactly one, but I think the tone is excessively aggressive. The words maybe not right on the money, but someone not carefully parsing them might easily find themselves feeling that way. Riding right on the edge isn't the greatest idea when you'd like people to interpret your words charitably.

You can be civil while disagreeing strongly. For instance, instead of calling something "idiotic" you could say "I disagree in the strongest possible terms. I do not believe your facts have a basis in reality." This is still somewhat rude, but a lot better as it avoids entangling their personage.


Since we are talking about me, I might comment as well. Even the smartest and best people can, from time to time, have idiotic ideas, I sure had a few in my time :) To say that someone has an idiotic idea isn't the same as to call them an idiot. The original comment was a well presented, though flawed, argument, clearly NOT a work of an idiot. Further, for me to say "I am glad you are in the minority..." simply indicates that I disagree vehemently with the position the original commenter is taking and I am very happy that his position is not very popular, as that means that maybe things in Brazil will change for the better as the result of this.

I also find it ironic that in a post about censorship someone pulled out the HN censorship guidelines. I totally understand the context is completely different, but it's funny.


Therein lies the rub. What's "legal" does not always mean it's right.

To hide behind "it's legal" to me is harmful to humanity as ofttimes the law is behind the curve, we can and should be better.


> Therein lies the rub. What's "legal" does not always mean it's right.

> To hide behind "it's legal" to me is harmful to humanity as ofttimes the law is behind the curve, we can and should be better.

I'm with you - but acting on your convictions and doing what's right should also mean accepting the consequences of the current laws. I for one am freaked out by a future where Multinationals get to pick and choose which laws they would like to follow because "the law is behind the curve". Uber's actions and general attitude suggest this future is actually now.


Thank you so much for this! The way Uber cherry picks the laws in the countries or even US states just disgusts me to no end. It would indeed be a scary future if multinational corporations get to infringe on countries' sovereign rights.


> I'm here to defend the judge's ruling, a position very unpopular among all my friends here in Brazil.

Your position is very unpopular for several, very important reasons. Not the least of it is the shutdown of a communication service that is used by most of the population, on the grounds of a single case.

There are other ways to go about this issue. Starting by the Itamaraty(Ministry of Foreign Affairs).

Don't forget that this was a single judge, from a single state. By all means block whatsapp in that state if you must. But Brazil was supposed to be a federation.


> You can disagree with the law, but the law is there.

There is something called Civil disobedience (https://en.wikipedia.org/wiki/Civil_disobedience) and surely if you analyze every law system it contradicts itself.


So, Facebook, a participant in PRISM, is now conducting civil disobedience. Totally believable.


Yahoo is also a participant in PRISM, and fought as hard as they could against it in secret court.

https://www.wired.com/2014/09/feds-yahoo-fine-prism/

I think it's safe to assume that all companies involved in PRISM aren't happy with it and tried their hardest to fight it.


That isn't the same thing as civil disobedience


I was not talking about Facebook but about Brazilians.

Also, following your reasoning, if Facebook was a participant in PRISM, does it mean they don't have any right to fight? Privacy is at stake here, Facebook is only one problem instance.


> Privacy is at stake here

Are you arguing against the use of warrants in police investigations?


WhatsApp is the most popular end-to-end encrypted chat app in the world. Shutting it down for 100 million people not suspected or charged with any crime is an incredibly disproportionate, privacy-thwarting response to not being able to access user data in one criminal investigation.


> Shutting it down for 100 million people not suspected or charged with any crime is an incredibly disproportionate, privacy-thwarting response to not being able to access user data in one criminal investigation.

What proportional recourse do you suggest when Whatsapp are effectively in contempt of court (in absentia)? In most jurisdictions, obstructing the course of justice usually has heavy penalties.


I am against the use of warrants when there is nothing to search...


> I am against the use of warrants when there is nothing to search...

End to end encrypting doesn't magically cause metadata to disappear. IP addresses, the times messages were sent and received are still useful to law enforcement. In this instance, the court want the IP address of the accused so they can follow up with the ISP.

I prefer warrants written out for specific individuals to dragnet surveillance.


I see your point, but what is scandalous in this decision is not that WhatsUp is being shut down, but the way this is happening. You have a judge from a remote jurisdiction in Brazil who has enough power to shut down the service in the whole country. I wound't be surprised if this resulted as a process that went through several levels of justice in Brasil, but the fact that any judge can block a service in the whole country is completely crazy and a direct threat to free expression in the country.

Of course, knowing Brazil as I do (I am Brazilian) I am not surprised that this is happening. In fact, judges these days feel that they have power to block even actions of the president of the Republic.


Well, a judge just like that had authonomy to launch the biggest attack on corruption of our history, with a much welcomed independence from political influence. So this is not always for the worst! :)


That's what you think. You seem glad that this is happening because the government is unpopular. But judges can use this power to attack any government. This doesn't sounds like an advantage to me.


> You seem glad that this is happening because the government is unpopular

I, for one, am glad this is happening because this administration has practiced an incredible variety of crimes, and deeply hurt the country in their hubris.

> judges can use this power to attack any government

A government isn't perpetually in power once it is elected. A government is always legitimizing itself, and it can lose its legitimacy as time passes. (In particular, it can lose its legitimacy if it sets up the largest corruption scheme in known history; uses dirty money to finance its campaigns; and secretly maneuvers to hide fiscal problems to support their reelection). Once the legitimacy is gone, a government can and should be attacked.

It is funny how PT government supporters are pragmatic when the judiciary doesn't suit them, and suddenly become strict legalists when they become its target.


> I, for one, am glad this is happening because this administration has practiced an incredible variety of crimes, and deeply hurt the country in their hubris.

What you said just proves my point. You're happy because you perceive this to your advantage. But this judicial power works both ways. In the future they can use this power to do whatever they want.

> A government isn't perpetually in power once it is elected.

True, that's why it is called a democracy. The government will be legitimate only until the next election. It's not a group of judges that can determine the legitimacy of a government.

> It is funny how PT government supporters

The fact that you consider me a PT supporter shows that you just care about your political position, not about the larger point around this issue. There are people pro and anti-goverment who see the big problem that is being created by the Brazilian judicial system. It doesn't matter what government is in power for this to be a problem.


> What you said just proves my point. You're happy because you perceive this to your advantage.

No, I'm happy because our institutions are working. What I said doesn't support your point at all.

> But this judicial power works both ways. In the future they can use this power to do whatever they want.

If, in the future, another government does something remotely similar to what the current government did, I sure hope they (the judiciary) do.

> True, that's why it is called a democracy. The government will be legitimate only until the next election.

It will be legitimate until when it is no longer legitimate, which can happen - and did happen - before the next election.

> It's not a group of judges that can determine the legitimacy of a government.

I agree. Thankfully, it is not "a group of judges" that are leading the impeachment. It our Parliament and our civil society, including the Bar Association of Brazil.

> The fact that you consider me a PT supporter shows that you just care about your political position

No, it shows that I know how to read. How does the obvious, undeniable fact that you support the current government prove that I only care about my political position?

> not about the larger point around this issue. There are people pro and anti-goverment who see the big problem that is being created by the Brazilian judicial system. It doesn't matter what government is in power for this to be a problem.

I'm sorry, but I do not believe you. There are way more similarities than differences between this impeachment process and Collor's impeachment process. Were you as concerned back then? Nothing has happened now that wasn't scrutinized by multiple layers of the judiciary. Nothing has happened that wasn't discussed for hours, days, weeks on end by both our chambers. Everything against the government is strongly supported by evidence in a variety of formats. I don't think you are honestly concerned about our political system. You are concerned about the survival of this particular administration. Well, our democracy is maturing, our judiciary is maturing, and thankfully, though sadly, our President - who has committed "crimes de responsabilidade" - is going down.

Edit: removed harsh language.


> As a matter of fact, I'm pretty sure you're downright lying

Please avoid this kind of hubris here to keep discourse civil.


Ta, you have a point. I apologize and will remove the harsh language.


> You have a judge from a remote jurisdiction in Brazil

Irrelevant.

> judges these days feel that they have power to block even actions of the president of the Republic.

Thankfully so. Presidents are not above the law.


That's the problem with the mentality of Brazilians these days. There is a concept called jurisdiction for a reason. Judges make decisions that are tied to their jurisdiction, and if necessary those decisions could be disputed at higher levels up to the supreme court. If you accept that any judge can make decisions for the whole country you have just installed the chaos in the judicial system, because you have to fight judges all over the country to do anything. That's what happening here with WhatsUp, for example.

The case of the president is even scandalous. Many Brazilians are happy with these arbitrary decisions because the government is unpopular. But the same thing can happen now to any government, making Brazil practically impossible to govern properly.


> if a judge order the company to share a specific user data, the company must comply.

> They would have lawyers fighting against the decision to share the user data and this would be solved by the justice system (never coming to have its activity suspended).

So what would happen? Like you said that law, if you paraphrased it correctly, is very clear - how would lawyers shouting about it actually help? Would they change the law the first time WhatsApp fight back? Presumably not - otherwise the law would be pointless wouldn't it? So how would that stop their activity being suspended?

I'm trying to avoid jumping to conclusions, but to give you a chance to just tell me I'm wrong - is this protectionism?


"If they disobey the law, it must have consequences, no matter how big and important to brazilian society they are."

Well, law does not work this way. Execution of law MUST comply with some rules, e.g. proportionally. Lack of proportionally (execution will harm 100 m people, no less) is the sound reason to suspend the order. Note I dont agree o disagree with the law.


I am Brazilian as well and feel the same way. Laws are laws. We can change them if we don't like them, but defying and ignoring them is the wrong course of action.


>I am Brazilian as well and feel the same way. Laws are laws. We can change them if we don't like them, but defying and ignoring them is the wrong course of action.

This almost sounds like fundamentalist religion, to say the law is that sacrosanct. Some bad laws have historically been overcome precisely by people ignoring them, rendering them effectively unenforceable.


> Some bad laws have historically been overcome precisely by people ignoring them, rendering them effectively unenforceable.

On the other hand, some good laws have also been overcome by people ignoring them. For example laws governing limitation of police power (search, detention etc.), traffic laws (speeding, jaywalking, aggressive driving against cyclists, a relevent example in Brazil is ignoring of traffic lights). If it gets to the stage where everyone is doing it, then the authorities no longer care.

I don't know whether WhatsApp has the requested data or not, but I think overall this action is a good thing: it shows that even important (in Brazilian society) companies are not above Brazilian law and if there is a problem with what this judge did, or the power he's wielding, then it should, hopefully, lead to that being fixed.

The alternative is ignoring and not enforcing the law, and ending up with bad laws, which can then be selectively enforced (see Böhmermann affair for example). This may appeal to some, but it's clearly not for everyone.


> Laws are laws.

This is horrible reasoning.


Thank you for the perspective from "the other side". Whether or not one agrees with it is another thing, but it's necessary to get the missing context which your post fulfills.


> But Whatsapp simply ignored brazilian justice system as if it was above the law. For me, all of this is Whatsapp fault.

Whatsapp deletes its messages from its servers after delivery. So it can't even provide the messages even if it wanted to.

Also, since end-to-end encryption, the as-yet-undelivered messages sitting on Whatsapp servers are encrypted. Whatsapp has no way to actually read them.


> Whatsapp deletes its messages from its servers after delivery. So it can't even provide the messages even if it wanted to.

That's not a valid excuse for any law I'm aware of. It's your responsibility to be aware of, and to comply with, laws in places you do business in. To be clear, this is a terrible law, and I think Whatsapp should absolutely not concede to it. But just so we're clear, "I didn't know any better" isn't an excuse for breaking the law.


I think you're confused, but I can't think of any clearer way to explain this to you. I suggest you try to read my post again.


>* Brazilian law regarding regarding privacy of users of internet services is very recent and clear: if a judge order the company to share a specific user data, the company must comply. You can disagree with the law, but the law is there.*

So? Like Jim Crow laws, merely "being there" is too little justification for a law.


How was the justice system able to communicate the shutdown order, but not able to communicate the request for user data?


Because they ordered the shutdown to brazilian internet providers. These internet providers company block the access for Whatsapp services. And they are more than happy to comply, as they hate Whatsapp for taking their SMS revenue. But they are in fact only obeying an justice order.


They are specially pissed off by whatsapp's free voice calls.


Ah. I wondered why the ISP's seemed so happy to comply.


Can't WhatsApp set up it's communications in a way that makes blocking them break a lot of other unrelated things?


They can simply block network traffic. They don't need WhatsApp to shut itself for Brazilians.


Because the shutdown is done by ISPs, but the request for user data can be ignored by WhatsApp.


Brazil's faltering economic performance has a lot to do with this style of heavy-handed regulation.


Well, this alone will not make WhatsApp comply with the law, specially if these conversations were encrypted.

Also, there also has to be a consideration for the 100 MILLION users that might depend on this service. Imagine companies that depend on this to communicate efficiently and businesses that rely on this platform to take orders etc.

If they disobey the law, it must have consequences, but not at the cost of hurting your own people.

Taking it to an extreme, would they also take down a bank website if they didn't comply with a similar request and stop people from withdrawing money? I don't think so.

This takedown will not help in the investigation in any ways. So it seems the justice system isn't working for their main customer: the people.


> Whatsapp is "too big to fail"

What a terrible analogy.


Do you understand that the judge is requesting something that is impossible? The data simply doesn't exist on WhatsApp's servers. Facebook cannot provide this data, because they don't have it. The chat is fully encrypted from one phone to another, and the unencrypted text doesn't ever touch their servers. Sure, the judge might order Facebook to install a backdoor and be able to grab unencrypted messages off a user's phone in the future. But apparently this is about a case that happened in the past. There is literally nothing they can do. Does the judge not understand this?


Too big to fail makes no sense here. If you're that big, it's actually easier for you to have an office in every major company where you do business and comply with regulations.


So you think the great firewall of China is also a good thing?


So 100M people have to suffer because one person mis-used a tool? That's disproportionately harsh punishment and not to defend in any case.


Unfortunately I think the Judge does not understand the context here, users of whatsapp will simply use another messaging app - the role of a messaging app is not to store users conversations but relay them.

Any messaging app that actively stores conversations, and then turns them over to anyone when requested will simply not be used by the public (or if it is, it won't be for very long).


> But the problem is: Whatsapp have no offices or operations in Brazil.

No, the problems is that with encryption, whatsapp cannot satisfy the judge's order anyways! Instead of showing such colossal ignorance, the judge needs to ask some CS/crypto experts if it's possible or not.

This is like the judge handing a company a 2048-bit number and ordering it to factor it! Now!


But WhatsApp doesn't have the information. It's like ordering Fedex to turn over a package that they've already delivered.


You've missed the point. The judge is in his right to punish the company, you don't have to defend that.

But to punish ONLY the company, not it's users.

He could impose heavy financial penalties, for instance. But affecting the life of 200 mm users? No way ...


The data is simply not there. Especially with the new end to end encryption system. The best they could do, if they could do that, is give you undelivered encrypted messages.

Unless they've been lying to us all along.


>> "a position very unpopular among all my friends here in Brazil"

Curious if you have an explanation of why given it appears the majority of your friends do not support this, why do you and they do not?


Well, it is Whatsapp's fault if they're that easy to block! Brazil is a pretty big user base. Maybe they ought to come up with a workaround?


You suggest to break the law and should be punished just for that.


"Do what thou wilt shall be the whole of the Law. Love is the law, love under will." Aleister Crowley


Whatsapp is end to end encrypted and won't have the data.


Why can't the judge order the ISP to turn over the contents of the conversation, then shut the ISP down for failing to comply?


> But Whatsapp simply ignored brazilian justice system as if it was above the law.

Ignoring and evading broken justice systems and immoral laws is exactly what people who believe in freedom should do, whether it's in Brazil, the US, or any other fucked up political system.


My favorite answer to justice requests from American companies (Google, Facebook etc) is that their servers are in other country so they don't have to obey Brazilian laws. BTW, it is easy prove wrong issuing a "ping" and knowing the speed of light.


If you had a server set up in Brazil that did something perfectly legal in Brazil, but flaunted US law, would you want to be beholden to US law?

It's not a flip answer. I operate a business on the App Store in part knowing that I'm bound by US law, not the laws of random countries. My app is available in Saudi Arabia, the UAE, Iraq, and so on. They are more than welcome to block the traffic from our servers based on their local laws, but I am not bound by the laws of Saudi Arabia - and neither should you be.


If you sell your services to American individuals and companies, paying American taxes for it, announce in USA, target American market -- like they all do in Brazil -- then the answer is yes.


while (true) { printf("There are unjust laws. The law can't be above the people. Laws are not a moral absolute."); }


Whatsapp is literally unable to comply with the order. It's like the judge ordered a submarine to invade Lesotho - it's not something the submarine can do, it's not within their technical capabilities.


It is ok - you won't understand.


It is still punishing millions of innocent users and of my executives were being arrested for technicalities I wouldn't have anybody in the country either. It is a stupid law, a retard of a judge who should have applied proportional harm based on how many innocents this hurts.

At 100 million, somebody will likely due because they couldn't get a ride and end up with a stranger.

More

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: