From a cyber crime law to an internet civil rights framework
In 2007 a law establishing penalties for cyber crimes was on the verge of being approved in the Brazilian Senate. The bill had been discussed in Congress for eight years, but it was significantly altered at the last stages of the legislative process in order to include provisions of the European Convention on Cybercrime. With such changes – activists argued – the government would criminalise everyday practices of consumers and would open the way for criminalising file sharing.
Civil society activists and academics started pressurising senators to change the proposed law. As the campaign gathered momentum it turned into a massive campaign against criminal law being applied in the context of the internet and a positive push for a civil rights framework for the internet. After activists managed to persuade Brazilian President Luiz Inácio Lula da Silva of the importance of a rights framework for the internet, the Brazilian government set up a model participatory process for drafting the legislation, which is now ready to be debated in Congress.
Early legislative process
On 24 February 1999 Deputy Luiz Piauhylino submitted the proposed law on cyber crime (PL 84/1999) to the Chamber of Deputies (the lower house of the Brazilian Congress). The law proposed established criminal penalties for damage to computer data, unauthorised access to a computer or computer network, unauthorised use of data, the introduction of malware and publishing of pornography without warning. On 5 November 2003, after four years of legislative processes, the bill, with minor alterations, was approved by the Chamber of Deputies and subsequently submitted for further approval by the Senate. Nearly three years of additional legislative processes ensued in the Senate. In June 2006, an opposition Social Democrat senator, Eduardo Azeredo, proposed an amendment incorporating provisions in accordance with the European Convention on Cybercrime – a convention to which Brazil was not a signatory. The amendments created broad definitions for the crimes, which could result in criminalising trivial things like unlocking mobile phones or making backup copies of DVDs. It could also oblige internet service providers (ISPs) to identify users and log all internet connections in Brazil, opening the way for the criminalisation of file sharing.
The change to the legislation was backed by a coalition of strong corporate and state interests, including the Brazilian Federation of Banks (FEBRABAN), which wanted stronger criminal sanctions to fight bank fraud; police organisations and public prosecutors who wanted identification and logs to help investigative work; and the copyright industry which wanted a way to identify users, as well as criminal sanctions, to combat “piracy”.
After the amendments were included in the bill, civil society groups and academic experts grew concerned with the potentially negative outcomes of the proposed legislation and became involved in the process by opening up discussions with senators from the ruling Workers’ Party. In 2007, Senator Aluizio Mercadante of the Workers’ Party began negotiations with Senator Azeredo to incorporate minor changes that civil society was demanding. In June-July 2008, a new version of the legislation was agreed on by Social Democrat and Workers' Party senators. But because the bill had been further amended it had to be once again approved in the Chamber of Deputies.
Civil society campaign against the cyber crime bill
Four days before the amended bill was to be voted on again in the Senate, university professors André Lemos and Sergio Amadeu and internet activist João Caribé launched a petition asking for senators to veto the proposed legislation [Lemos, A., Amadeu, S. and Caribé, J. (2008) Pelo veto ao projeto de cibercrimes: em defesa da liberdade e do progresso do conhecimento na Internet brasileira] . One week after it was launched, the petition gathered nearly 30,000 signatures, with this number growing as the campaign evolved (it had gathered some 160,000 signatures by July 2011).
The debate became so polarised that the Brazilian Ministry of Justice intervened in order to work on a compromise between supporters of stronger criminal penalties and advocates for more freedom on the internet. NGOs and academic groups, such as the Getúlio Vargas Foundation’s Centre for Technology and Society [Centro de Tecnologia e Sociedade (2008) Comentários e Sugestões sobre o Projeto de Lei de Crimes Eletrônicos] and the University of São Paulo's Research Group on Public Policies for Access to Information (GPoPAI) [Grupo de Pesquisa em Políticas Públicas para o Acesso à Informação (2008) Carta ao Ministro da Justiça], produced technical studies that were sent both to the Ministry of Justice and the Congress highlighting the negative effects of the bill and asking for it to be stopped. Mainstream media gave broad coverage to the controversy – turning what was on the face of it a sectoral concern into a major political topic polarising Brazil's two largest political parties. In 2008 and 2009, industry, civil society and police institutions organised seminars all over the country, and Congress called for several public hearings. The topic was so controversial that even though it had been discussed in Congress for ten years, it had not been settled (and remains unresolved at the time of writing this article – August 2011).
From a criminal law to a civil rights framework
A significant twist in the debate occurred when Professor Ronaldo Lemos from the Getúlio Vargas Foundation published an article [Lemos, R. (2007) Internet brasileira precisa de marco regulatório civil, UOL, 25 May.] arguing that a civil regulatory framework had to precede a criminal framework for the internet. Slowly, the idea that civil law must precede criminal law gained support and became part of the demands of activists opposing the cyber crime bill. Lemos' idea was that we needed a regulatory framework – that is, regulation of the internet services provided to customers which is especially clear on civil liability. However, activists expanded the idea to include a civil rights framework – a change probably inspired by discussions at the Internet Governance Forum on a Charter of Human Rights and Principles for the Internet [For more information, see the website of the Internet Rights and Principles Coalition]. The demand became an integral part of the campaign and found its decisive moment at the 10th International Free Software Forum (FISL) that took place in Porto Alegre in July 2009. FISL is an annual free software forum, similar to Linux World, although significantly more political. At the tenth forum, organisers decided to place the threats to a free internet at the core of the proceedings. Both President Lula and Chief of Staff Dilma Rousseff (now the president of Brazil) spoke at the closing conference of the event. In his speech, Lula criticised the cyber crime proposal as a threat to freedom of information and said that his government would be willing to do whatever was necessary to correct the situation, including changing civil regulation [The full speech is available on YouTube]. The Ministry of Justice promptly reacted to the remark by starting a process to build a civil rights framework for the internet in October 2009.
The public consultation for the civil rights framework
The Ministry of Justice decided that the public consultation process should follow the open and participatory nature of the internet, and so opted for a three-step process. First, it commissioned a comparative study of civil regulations of the internet and, based on experiences in other countries, it came out with a systematic list of topics that the civil rights framework should encompass. This list was then put out for public consultation for a period of 45 days, and posted to a website which allowed free comment and input, including suggestions for the removal or addition of clauses. Comment was unmoderated and did not require logging in. More than 800 contributions were received during this phase of the consultation.
The contributions were then consolidated and a draft revised text was published for further public discussion and comment. An additional 1,168 contributions were received by May 2010. Public debate spilled over onto blogs, into public seminars and the press – which itself followed the debate closely. The process, given its openness and participatory nature, was so successful that it quickly became an international benchmark for participatory and transparent law making [It has since then been adapted to other law-making processes such as the reform of copyright law.]
Current state of affairs and the new legislative agenda
As of August 2011, both the cyber crime bill and the civil rights framework proposal have re-emerged as public topics for debate and discussion. A wave of hacker attacks on government websites in July 2011 and the fact that the civil rights framework is about to be sent to Congress reignited the controversy. Because the cyber crime bill was still considered excessive, Deputy Paulo Teixeira called for public consultation on an alternative cyber crime law. The draft consisted of a cyber crime law which was much more limited in its reach, and much more practical. Civil society campaigners and government officials are now rebuilding their legislative agenda in order to defend the joint approval of the civil rights framework and the new cyber crime bill. If both proposals are approved, the experience would stand out as a model of democratic process in which strong civil society mobilisation succeeded in defeating powerful corporate and state interests, and securing a public-interest legal framework.
Given the context of the above discussion, the advocacy focus areas for civil society appear clear:
• Work towards the approval of the civil rights framework for the internet.
• Work towards rejecting Senator Eduardo Azeredo's cyber crime bill.
• Work towards the approval of Deputy Paulo Teixeira's alternative cyber crime bill.