For a boot camp on privacy, São Paulo’s symposium was anything but subtle. In May, the fourth annual CryptoRave drew 3,000 people to the Casa do Povo, a modernist downtown museum, for 30 hours of strobe-lit dance parties, craft beer and workshops on topics that ranged from offline health and “holistic security” to protecting personal communications from government and corporate spying. The overall objective: “Celebrate our connections to each other while learning to behave safely online,” organizer Gabi Juns tells OZY.
Concerns about online privacy and security are as old as the internet itself, but Brazil’s activists say they are fighting two types of abuse that have intensified in recent years: government surveillance of dissidents and government sharing of personal information with the private sector. At the front ranks of those sounding the alarm are women in groups like CryptoRave and the Brazilian think tank Coding Rights, which launched a site on Brazil’s Valentine’s Day in June titled Chupadados [“The Datasucker”], which revealed how some dating apps in Brazil siphon personal information without the users’ knowledge, in some cases for resale.
Some activists point to a pair of sports events for the uptick in privacy concerns: the 2014 World Cup and the 2016 Rio Olympics. In preparation for those global showcases, government officials sold Brazilians on what Joana Varon, director of Coding Rights, calls “RoboCop discourse” — that is, the more high-tech security measures in place, the safer the public.
Based on that sweeping reasoning, Brazilian security forces spent more than $25 million on intelligence-gathering software from 2014 to 2016, according to Brazil’s Ministry of Defense. Before the events, security officials repeatedly warned of potential violence from two types of actors: drug traffickers and political protesters. As it turned out, the police mainly went after the drug lords the old-fashioned way — with guns blazing in raids that often caught civilians in the crossfire. Government data shows that in 2016, police in Rio killed 920 people in raids — more than double the total in 2013.
The surveillance tactics were focused on political threats. Prior to the World Cup final, police in Rio arrested 30 activists in their homes after tracking their electronic communications. A state judge ordered their imprisonment for planning to organize violent activities, but days later they were freed due to lack of evidence. Charges were dismissed against five of them, two were tried and absolved in a juvenile court, and the cases of 23 remain open. A spokesperson for Rio’s justice department declined to comment.
Adding to the churn are reports in the Brazilian media about government agencies sharing personal data with credit-rating companies, which some experts say could unfairly prejudice decisions on loan applications. A federal prosecutor is currently suing Brazil’s social security agency for this type of sharing, claiming violation of privacy rights guaranteed in 2002 legislation.
And then there’s the data scraping involved in the push for post-Olympic Rio and São Paulo to become “smart cities,” full of security cameras and public transportation pass cards linked to social security numbers. São Paulo’s government is preparing to sell data gleaned from those pass cards to private companies, and its mayor is considering doing the same with data obtained from residents’ use of free city Wi-Fi.
São Paulo’s technology and innovation officer, Daniel Annenberg, tells OZY, “We will absolutely respect citizens’ privacy rights by not allowing any of their data to be shared without consent.” Digital strategy consultant Vitor Amuri, who has worked in cities across Brazil, says that selling personal data is the most viable option for urban areas to finance free public Wi-Fi and that São Paulo is currently in talks to monetize citizen data that is rendered anonymous via digital ledgers like blockchain.
Still, Rafael Zanatta of Brazil’s Institute of Consumer Defense tells OZY that the country’s current legislation safeguarding personal data is fragmented. He says a 2014 court decision about credit scoring systems could be used as a precedent to require regulating algorithms so they preserve transparency rights and nondiscrimination. But Brazil lacks a general personal data protection law, so Zanatta is part of a coalition of 24 Brazilian organizations lobbying lawmakers to pass one. Their campaign has yielded three bills that would ban to different degrees the nonconsensual use of personal data by third parties.
This coalition bucks stereotypes about the unshakeable male-centricity of tech: Women make up at least 50 percent of the leadership in half of the organizations. And women steer privacy initiatives at groups like CryptoRave and Actantes. Fernanda Monteiro, director of São Paulo’s MariaLab, tells OZY, “Women’s leadership on digital privacy is in part because we’re more harassed online than men.”
Monteiro has helped engineer a “feminist server,” through which women can co-author documents without fearing the oversight of companies like Google. A Rio-based hacker collective called Pirate Girls draws women into the digital privacy movement with projects like a menstrual tracking app that encrypts personal health data so it can’t be monitored and monetized. “If we truly want everyone to be communicating safely online, female protagonists need to be visible,” Pirate Girls’ Zeilane Fernandes tells OZY.
Juns of CryptoRave notes, “Just because intrusive technology exists does not erase fundamental rights” like nondiscrimination and innocence until proven guilty.
Although it’s a complex challenge to regulate big tech and maintain autonomy in its world, Varon of Coding Rights notes that living in male-dominated societies has made women “experts at finding ways forward in systems aimed to limit our choices.” Brazil’s privacy warriors, she says, show “the power of creativity when diverse teams come together.”