![]() In this interpretation, the elements related to the responsibility for massive forwarding of illegal content and to use in criminal investigations are separate, independently permitted uses of the data. In another interpretation, this article may allow a much broader range of uses of the recorded message history information. This means that the metadata could only be accessed in criminal investigations that involve the mass forwarding of a message. ![]() In one interpretation, both “mass forwarding purpose” and “criminal investigation” are mandatory elements. Criminal defamation has been widely criticized by UN Special Rapporteurs on Free Expression and others for hindering free expression.) (In Brazil, defamation liability can be obtained through a moral damage claim under civil law. The third paragraph of Article 10 states that access to these records will “only occur with the purpose of determining the liability of mass forwarding illicit content, to constitute evidence in criminal investigation and procedural penal instruction, only by court order” as defined in the Brazilian Civil Framework for the Internet. When does access to the traceability records occur? Ultimately, all such implementations are moving away from the privacy-focused engineering and data minimization that should characterize secure private messaging apps. Even if other implementations are possible, we don’t know exactly how any given provider will ultimately decide to comply, and at what cost to security, privacy, and human rights. Many of the most obvious implementations of this article would require companies to keep massive amounts of metadata about all users’ communications, or else to break encryption in order to get access to the payload of an encrypted message. The retained logs should be deleted if the virality threshold of 1,000 users has not been met in fifteen days. This retention obligation applies only to messages whose content has reached 1,000 or more users in 15 days. The bill defines “mass forwarding” as the sending of the same message by more than five users, in an interval of up to fifteen days, to chat groups, transmission lists, or similar mechanisms that group together multiple recipients. PROBLEM I: A tech mandate to force private messaging servers to track “massively forwarded” messages sent to groups or listsĪrticle 10 of the bill compels private messaging applications to retain, for three months, the chain of all communications that have been “massively forwarded.” The data to be retained includes the users that did the mass forwarding, date and time of forwardings, and the total number of users who received the message. Such changes move companies away from privacy-focused engineering and data minimization principles that should characterize secure private messaging apps. Below, we will take a deep dive into a series of questions and answers to explain why the current language of two critical issues of the Senate’s bill would undermine human rights: While we do not know how a service provider will implement any traceability mandate nor at what cost to security and privacy, ultimately, any implementation will break users’ expectations of privacy and security, and would be hard to implement to match current security and privacy standards. In such a scenario, the traceability mandate would take this information, which was previously invisible to the server, and make it visible, affecting the privacy-by-design secure implementation and undermine users' expectations of privacy and security. So when a WhatsApp user forwards a message using the arrow, it serves to mark the forward information at the client-side (and count if it's more than 5 times or not), but the fact that the message has been forwarded is not visible to the WhatsApp server. WhatsApp uses a specific privacy-by-design implementation that protects users by making forwarding indistinguishable for the private messaging app from other kinds of communications. There has been minimal discussion of the impact on other tools and services such as Telegram, Signal, or iMessage. The traceability debate has mostly focused on malicious coordinated action on WhatsApp, which is the most popular encrypted messaging tool in Brazil. ![]() ![]() The Chamber has been holding a series of public hearings that should be considered before releasing a new draft text. The bill lacked the necessarily broad and intense social participation that characterized the development of the 2014 Brazilian Civil Rights Framework for the Internet and is now in the Chamber of Deputies. Despite widespread complaints about its effects on human rights, the Brazilian Senate has fast-tracked the approval of “ PLS 2630/2020 ”, the so-called “Fake News” bill.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |