Rather than walling off from NSA, Brazil should welcome whistleblowers

Rather than seal itself off from the U.S.-centric Internet, Brazil would more effectively fight spying by the National Security Agency by welcoming whistleblowers like former NSA contractor Edward Snowden, an expert says.

Eli Dourado, a member of the U.S. delegation to the World Conference on International Telecommunications (WCIT) last December, said Friday that Brazil's anger over learning that its president, state-owned oil company and citizens were spied on is understandable. However, the country's solution is "exactly backwards."

Rather than pass national laws requiring information on Brazilians be stored in data centers in the country, Brazil should be trying to make it harder for the U.S. and governments in general to spy online, Dourado, a research fellow at the Mercatus Center at George Mason University, said.

"What I would like to see, and what I think would be constructive, would be safe harbor protections for whistleblowers," Dourado said. "You can imagine if Edward Snowden had known that he could go to Brazil and leak with impunity and have asylum right away, he would have done that. He'd probably rather live in Brazil than Russia."

If that was a known option for all NSA-type whistleblowers, than you might see more of them come forward, which would make government surveillance of the Internet much more difficult, Dourado said.

"An attitude of greater openness, rather than shutting themselves off, could actually help fight the spying a lot more than what their instincts are to do," he said.

Dourado has experience with the ongoing international battle over Internet governance. Countries like Russia, China and the United Arab Emirates argue that the U.S. has too much control over the Internet, while the U.S. and its European allies fear that the government-led model favored by their opponents would lead to curbs on free speech.

In December, Dourado and the rest of the U.S. delegation to the WCIT, rejected a proposed treaty governing telecommunications, because Russia and its allies insisted that the agreement include changes to running the Internet.

Currently, a loose group of organizations, mostly from the private sector, oversee the global network. The one entity with government ties is the Internet Corporation for Assigned Names and Numbers, which operates under a contract from the U.S.

[Also see: Critics say federal court got it wrong in defense of NSA activity]

Dourado believes the U.S. could ease the concerns of countries like Brazil by scaling back spying. Instead of basing surveillance on a "collect it all mentality," the NSA should limit its work to specific terrorists or military operations and people suspected of having a connection to terrorism.

"It's not a very good example to set for the world to say, 'We can do this, and therefore we're going to it,'" Dourado said. "I really do think it's a long-run strategic mistake to just try to collect everything."

Brazil's President, Dilma Rousseff, was so angered by the NSA revelations, stemming from documents Snowden took from the agency and gave to the media, that she postponed a trip next month to Washington, D.C., to attend a state dinner in her honor.

To thwart NSA spying on Brazillians, Rousseff plans to lay underwater fiber optic cable to carry Internet traffic directly to Europe and other South American countries, Time magazineÃ'Â has reported. Most of Brazil's traffic today runs through the U.S.

The country is also pushing harder than any other nation to end U.S. commercial dominance on the Internet, Time said. For example, U.S.-based companies handle eight in 10 online searches.

Experts agree that the cost of Brazil's plans would be prohibitive for many countries and would not prevent the NSA or any other spy agency from collecting data. In addition, if many countries followed Brazil's lead, then it would divide the Web into hostile segments that would severely hamper international trade.

For now, the U.S. should hold tight for a year and see what Brazil actually does and then negotiate over real scenarios, said Stewart Baker, a partner with the Washington law firm Steptoe & Johnson and a former NSA counsel

"Sometimes the first reaction isn't the lasting response," he said.

Read more about data privacy in CSOonline's Data Privacy section.

Join the CSO newsletter!

Error: Please check your email address.

Tags National Security AgencyapplicationssecurityBrazilnsasoftwaredata protectionprivacyData Protection | Data Privacy

More about Internet Corporation for Assigned Names and NumbersNational Security AgencyNSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place