Brazil data plan aims to keep US spies at bay
- 18 September 2013
- From the section Technology
Brazil is considering ways to make local use of the internet less dependent on US-based services, following leaks about Washington's cyberspy operations.
The South American nation has suggested forcing internet firms to open data centres in Brazil, which would be used to store locally generated material.
It is also pursuing a plan to build a new internet cable.
The project would offer a way for data to bypass the US.
Brazil's President, Dilma Rousseff, has postponed a state visit to Washington after allegations that the US National Security Agency (NSA) had targeted her emails and phone calls.
It has also been alleged that the NSA hacked state-run oil company Petrobras and intercepted billions of emails and calls to Brazilians.
US Secretary of State John Kerry has previously defended the NSA's actions, saying they were necessary to combat terrorism.
"Brazil and other countries will understand exactly what we are doing, why and how - and we will work together to make sure that whatever is done is done in a way that respects our friends and our partners," he said last month on a visit to the country.
Brazil's IT policy secretary Virgilio Almeida has suggested that internet firms would have to operate data centres in the country, which would make them subject to local privacy laws.
In addition, he said, the government might move to ensure that its own data about tax information and other sensitive subjects would be stored locally rather than in the cloud.
Last week a Brazilian official specifically named Facebook, Google and Microsoft as examples of companies that would have to change their practices, according to a report by the Reuters news agency.
The three companies are among those that have acknowledged handing over data about "national security matters" after legally binding requests from the US authorities.
However, there is no suggestion that Brazilians would be barred from using US-based storage services.
There has also been talk of a separate plan to create the Brics Cable.
This would see a fibre-optic link run from the Brazilian city of Fortaleza to Vladivostok, Russia. The link would pass through Africa and Asia and connect with cables running to mainland Europe and the Middle East.
There would also be a link between Fortaleza and Miami, but it would mean data would not need to go through Florida before travelling elsewhere.
At present the vast majority of Central and South America's internet data is routed through a single building in Miami known as the Network Access Point.
According to documents leaked by whistle-blower Edward Snowden, the NSA and its UK counterpart GCHQ have used cable taps to collect "vast amounts" of data passing though their countries, which are then analysed using encryption-cracking tools.
The Brics Cable's organisers hope to have their 34,000km (21,000 miles) link ready to use by the end of 2015.
Brazil's telecom firm Telebras is also planning to launch the country's first communications satellite in 2016. Its military currently relies on a system run by Mexico's Embratel.
In addition the country's postal service has announced plans to create an encrypted email service to offer the public an alternative to Gmail, Yahoo email or Outlook.com.
One expert warned that such measures would give Brazil only a limited degree of protection from the NSA.
"They are a step towards getting out the very strong control the US has over the internet infrastructure," said Dr Joss Wright, a cybersecurity expert at the University of Oxford's Internet Institute.
"But if you send an email from your encrypted Brazilian provider to somebody else who has a Gmail account then Google is getting to read the thread of information anyway.
"Regarding the new cables, you can't say, 'My data should go from here to here across this particular path.'
"It's calculated on a very ad-hoc basis where it is going to go... which means you can't guarantee that just because there is a new high-capacity cable running from Brazil to Russia that all the data will go through it rather than an alternative."
He added that taking steps to make firms subject to local data protection laws might also be easier said than done.
"Look at the EU - it already has very strict rules about sharing and processing data and the general rule is that you can only share data if you share it with a country that has equivalently strong protection laws," he told the BBC.
"However, the US being the US has a get-out-of-jail-free card with what are called the 'safe harbour provisions'.
"They are an industry self-regulatory agreement which says they will treat data according to EU standards. But there is no oversight, there's no comeback if they do not live up to them."