Cortex and threats to our privacy: public policies and privacy are not opposite ideas

The use of personal data by the public sector in order to guide public policies is allowed by Brazilians’s General Data Protection Law. Thus, parameters of responsibility and proportionality must be observed to avoid abuse and not to trivialize one structure of vigilantism that treats citizens as suspects to be watched. The law does not contemplate the use of data for public security, a gap that is yet to be regulated, which contributes to a scenario of uncertainty. 

Due to the pandemic the offer of essential services by online platforms has considerably increased. As well as the density of data traffic, the volume of information collected and recorded about each of the users. And the use of this material for coordinated actions to face COVID-19 was also an opportunity to consider how to do this in the most responsible way possible. The need for transparency and proportionality of measures are constant demands in this discussion. In the last week, we had some events that led us to reflect again on how to balance the use of data by the public service without putting citizens’ freedom and privacy in check – after all, these are not opposite but complementary ideas. 

Opacity and purpose – The “Cortex” case 

The Córtex case is an event that makes us astonished and doubtful about the proportionality of the monitoring systems managed by the brazilian state. In the last week, a resounding case of the use of personal data by the public sector was made public without enough information about how it is used, who has access to it and why. Córtex is the name given to the system published by The Intercept portal, managed by SEOPI – Secretariat of Integrated Operations of the National Secretariat of Public Security of the Ministry of Justice. This secretariat is the same one that, in July 2020, was responsible for the elaboration of an “anti-fascist dossier” that gathered 579 names of state and federal civil servants in the security sector, in addition to three university professors, identified as belonging to the “anti-fascist movement ”.

In the case of “Córtex”, it is very simple to cross the traffic sign data captured by the highway camera systems with other databases from the government, and then, in instants, it’s possible to access information such as an address, name, ID number, salary, etc. In addition, it is still possible to track your movement around the city, find out who and where you walked, and also cross-check with other personal information from police reports. All of this is done in a few seconds, without the need for a judicial authorization.

The article features a video demonstrating the tool that allows massive surveillance by the state where data from the National Traffic Department (Denatran) are accessible; the National Public Security Information System (Sinesp); the National Penitentiary Department (Depen); Alerta Brasil of the Federal Highway Police; the National Integrated System for the identification of vehicles in motion (Sinivem); the national register of individuals (CPF); fugitives register, police reports and the national bank of genetic profiles.

The available data network is enough to reveal many things about an individual. The opacity of the case is one of its most critical points. It is not known exactly who has access to all this information framework, why and for what purpose. It is estimated that around 10,000 public servants can access it. Opaque and possibly vulnerable systems risk the integrity of citizens’ rights. In addition, they weaken reliability in a scenario where, in the public and private spheres, the trend towards technical processes, with an increased flow of data sharing, grows considerably.

The subject at the Internet Forum in Brazil

Last week, the 10th Brazilian Internet Forum took place, in digital format, bringing together panel experts on the main themes of internet governance in the country. One of the tables, entitled: Pandemic and anti-vigilantism: how to protect rights and ensure ways to mitigate the spread of COVID-19, addressed the challenges of reconciling the use of data for the purposes of public policies and government actions with the guarantee of respect for the rights of individuals. The issue became especially urgent in the context of the pandemic we experienced, in which the use of monitoring technologies was important to coordinate actions to contain the virus.

During the panel, it was stated that it is necessary, for the execution of public actions and policies, that the government treats personal data of its citizens at some level. However, the right to privacy, provided by the constitutional text, cannot be put into perspective. Urgent sanitary measures must be taken, however, transparency about the process and its purpose are ways of doing it with attention to the rights of users. It is necessary to know how long they will last and, if possible, to prove their effectiveness, so that there is no trivialization of a culture of surveillance. In addition, in the context of accelerated digitization of essential services, the information security agenda takes on new proportions, since handling personal information in a careless manner is subjecting citizens to a risk of breach of privacy.

The event also brought important guidelines for discussion about the internet in times of pandemic, from information security, network structure and efforts to universalize the service and also discussions about mental health, education and the need for the network to help us going through such exceptional times.

To read more…. 

The texts organized in the book “Tecnopolitics of surveillance – perspectives from the margin” do an excellent job of thinking the public space as a space of information in dispute, which materializes in the culture of surveillance, in data governance, in algorithmic governmentality. The collection brings important reflections on the plasticity of the perception of public and private spaces and their divergences in the relationship with the State. In the article “State, security technologies and neoliberal normativity”, by Bruno Cardoso, the author demonstrates how Brazil has endorsed a vigilant state especially since the great world sporting events that we host, such as the 2014 World Cup, when monitoring as The security tool was more widely applied and remained one of the main “heritage” of the event.

Technology and politics are categories that should not be dissociated so that we can think about the way we organize and share life in society. To demand transparency and responsibility from public and private entities in possession of our data is to ensure our freedom, based on human rights, the free development of personality, dignity and the exercise of citizenship.

The views and opinions expressed in this blogpost are those of the author. 
Illustration by Freepik Stories.