Brazil: Investigating policy initiatives on cybersecurity and cyber-defence in South America

ARTICLE 19 Brazil/South America has investigated policy initiatives aimed to create standards of cybersecurity and cyber-defence in South America. The report analyses information provided by the Brazilian government in response to eight information requests submitted by ARTICLE 19.

While cybersecurity and cyber-defence issues have long topped the political agenda of South American countries, concerns have increased since 2013 when former intelligence analyst Edward Snowden revealed the mass internet and phone surveillance operations of the United States government.

ARTICLE 19’s study is based on data from eight information requests to departments and agencies linked to Brazil’s Ministry of Defence and to the Ministry of Foreign Affairs. ARTICLE 19 sought to uncover information about initiatives within Mercosur, Unasur, the Organization of American States (OAS), bilateral relations between Brazil and Argentina and an event participated by several states to discuss cybersecurity techniques which took place in Brazil.

Findings indicate that the region’s most active multilateral initiative is the (OAS)-linked Cyber ​​Security Program of the Inter-American Committee against Terrorism, of which the United States is also a member. Since joining the Committee in 2005, Brazil has participated in more than 20 activities related to cybersecurity coordinated or supported by this agency.

Requests for information about the Working Group on cyber-defence –within the South American Defense Council of Unasur —  revealed that the Group met three times since its formation in 2012 and even went so far as to adopt guidelines. Despite this, according to the Brazilian government, the Group’s activities have been suspended since 2014.

ARTICLE 19 also requested details on the Subgroup on Cooperation in Cyber ​​Defense, the result of a partnership between Brazil and Argentina. In response, the Ministry of Defence listed a series of actions carried out by the two countries between 2014 and 2017, involving information exchange, research development and the holding of courses and exercises together.

In the Mercosur context, although member states passed a resolution in 2013 to reject US espionage, information provided by the Brazilian government shows that there has been no joint initiative since this resolution was passed.

Finally, ARTICLE 19 requested information on the first International Cyber ​​Defense Training for Officers of Friendly Nations, organized in Brazil by the Ministry of Defence in 2016 attended by representatives from 12 countries around the world. According to the documents submitted, it was not possible to state that the content addressed in the event was related to possible violations of rights. However, it should be noted that such a diagnosis does not necessarily apply to all cyber-defence structures that exist in Brazil and in the countries of the region, since the study dealt with institutional spaces at the regional level only.

Access to information obstructions

ARTICLE 19 encountered some difficulties obtaining access to information. Of the eight information requests made, only one was not required to file an appeal asking for the answer to the request. In two cases, the information requested was denied and in the remaining five requests one or two appeals were required for the responsible authority to provide an appropriate response.

For ARTICLE 19, public participation over cybersecurity and cyber-defense initiatives is only possible with the adoption of a fully transparent stance by the Brazilian government regarding information on protocols, procedures and operations in this field. Access to information is one of the essential steps towards respect for fundamental rights, in particular the right to freedom of expression and privacy.

Furthermore, any cybersecurity or cyber-defense apparatus should never be used against the population itself, emphasizing that discussions on the subject should always consider human rights, such as the right to privacy. In addition, we also recommend that all information provided through the Access to Information Law should be made public and accessible online, enabling the population to monitor and participate in the designing of public policies in the area.

Read the report in Portuguese.