Brazil Must Rebalance Its Approach to Cybersecurity



by Robert Muggah

Council on Foreign Relations
September 2, 2016

When Brazil attends the Group of 20 Summit in Hangzhou next week, cybersecurity will be on the top of everyone’s mind. This includes President Obama who received a letter from U.S. senators this week urging him raise the issue with his Chinese hosts. A spate of high profile cyberattacks against U.S. government agenciesUK phone retailers and South Korean credit card companies are a dark reminder of the real dangers of security breaches and data theft. Cyber criminals are far ahead of international and domestic law enforcement. And the costs of cybercrime to the global economy are enormous, estimated to reach $2.1 trillion a year by 2019.

Brazil also has reason to be nervous. The country is at the epicenter of a global cybercrime wave. It ranks second in the world for online banking fraud and financial malware. And the problem appears to be worsening. The number and intensity of cyberattacks has risen significantly over the past few years. A 2012 study estimated the annual costs of cybercrime at R$16 billion (US$4.9 billion). An electronic banking payment scheme netted hackers over R$8 billion (US$2 billion) alone over a two-year period. There is a ready supply of cybercrime tools and skills on the dark web.

One of the reasons Brazilians are so vulnerable is because the country was an early adopter of online banking. The latest data indicate that more than 54 percent of all banking transactions are made using internet-connected devices. Brazil’s online migration also spawned a generation of cyber criminals with a demonstrated ability to wreak digital havoc. In 2015, more than half of the cyberattacks reported to Brazilian authorities were of Brazilian origin, though it is an issue seldomly discussed in local media.

Brazil has taken a number of steps to fight the problem. The Ministry of Justice and the Federal Police have ramped-up the investigation and prosecution of online crimes such as child pornography. Brazil’s experience with mega-events has steadily expanded the role of the armed forces, with the Ministry of Defense’s cyber defense center (CDCiber) gaining more responsibilities. Some civil liberties advocates fear that the pendulum may have swung too far in favor of a securitization of cyberspace.

An open question is whether Brazil’s approach to addressing cybercrime is the right one. The massive outlay of digital security and surveillance infrastructure for the 2014 World Cup and 2016 Olympic Games is a case in point. If these platforms are left running indefinitely without adequate oversight by civilian authorities, there is real potential for abuse. Justice Minister Alexandre de Moraes has said explicitly that Brazil intends to maintain the surveillance infrastructure now in place, though he has offered few details about checks and balances to guarantee that civil liberties are protected.

There are also signs that Brazil’s Congress is ratcheting up its surveillance of cyberspace. As a result of a congressional commission on cybercrime (CPICIBER), there are a number of bills that purport to increase penalties for cyber criminality, but may in fact curb basic digital freedoms. For example, one bill proposes that social media content that impugns someone’s honor must be removed within 48 hours. CPICIBER’s legislative proposals were widely condemned and several digital rights groups issued their own set of recommendations and guidance in addition to sending an open letter to Brazil’s Congress—efforts which resulted in some modest modifications to the commission’s proposals.

Brazil should consider taking a closer look at other G20 countries for effective ways to address cybercrime. Germany, for example, recently enacted legislation requiring financial institutions to report when they are a victim of a data breach or other cyber-attack, imposing penalties for non-compliance. The European Parliament recently issued a similar directive, which EU countries must now implement into domestic legislation. The Brazilian government should consider adopting similar reporting mechanisms.

Brazil could also consider joining the other 49 countries that have signed and ratified the Budapest Convention, a framework that facilitates international cooperation on fighting cybercrime while protecting human rights and due process. While Brazil has complained about not being involved in its original drafting, it is the only internationally-binding instrument to address cybercrime. At a minimum, the government needs to require greater transparency of service providers and financial institutions to ensure a more data-driven approach to cybersecurity.

Brazil has good reason to work with G20 partners to prevent cybercrime. After all, the majority of its citizens have been victimized by digital criminals operating abroad and, for the most part, at home. But the answer is not more intrusive surveillance. Rather, the focus must be on strengthening federal policing capabilities, developing sound legislation and improving Brazilians’ digital hygiene. If Brazil continues on its present course, there is a real danger that the proposed cure will be worse than the disease.

Image: Ueslei Marcelino/Reuters

Be the first to comment

Please check your e-mail for a link to activate your account.

No events are scheduled at this time.


Global Times: BRICS summit displays the potential of a new future

by Editorial Staff (feat. Swaran Singh), WSFA 12, June 24, 2022

Oil's Dive Won't Bring Any Immediate Relief on Inflation

by Alex Longley, Elizabeth low, and Barbara Powell (feat. Amrita Sen), BNNBloomberg, June 24, 2022

China To Tout Its Governance Model At BRICS Summit

by Liam Gibson (feat. Stephen Nagy), The Asean Post, June 23, 2022

Soutien aux victimes d’inconduites sexuelles dans l’armée

by Rude Dejardins (feat. Charlotte Duval-Lantoine), ICI Radio Canada, June 23, 2022

Defence: $4.9 billion for radars against Russian bombs

by Editorial Staff (feat. Rob Huebert), Archynews, June 23, 2022

The Hans Island “Peace” Agreement between Canada, Denmark, and Greenland

by Elin Hofverberg (feat. Natalie Loukavecha), Library of Congress, June 22, 2022

What the future holds for western Canadian oil producers

by Gabriel Friedman (feat. Kevin Birn), Beaumont News, June 22, 2022

At BRICS summit, China sets stage to tout its governance model

by Liam Gibson (feat. Stephen Nagy), Aljazeera, June 22, 2022

Crude oil price: there are no changes to the fundamentals

by Faith Maina (feat. Amrita Sen), Invezz, June 22, 2022

Few details as Liberals promise billions to upgrade North American defences

by Lee Berthiaume (feat. Andrea Charron), National Newswatch, June 20, 2022

Defence Minister Anita Anand to make announcement on continental defence

by Steven Chase (feat. Rob Huebert), The Globe and Mail, June 19, 2022

Table pancanadienne des politiques

by Alain Gravel (feat. Jean-Christophe Boucher), ICI Radio Canada, June 18, 2022

Russia Ukraine conflict

by Gloria Macarenko (feat. Colin Robertson), CBC Radio One, June 17, 2022

New privacy Bill to introduce rules for personal data, AI use

by Shaye Ganam (feat. Tom Keenan), 680 CHED, June 17, 2022


Canadian Global Affairs Institute
Suite 1800, 150–9th Avenue SW
Calgary, Alberta, Canada T2P 3H9


Canadian Global Affairs Institute
8 York Street, 2nd Floor
Ottawa, Ontario, Canada K1N 5S6


Phone: (613) 288-2529
Email: [email protected]


Making sense of our complex world.
Déchiffrer la complexité de notre monde.


© 2002-2022 Canadian Global Affairs Institute
Charitable Registration No. 87982 7913 RR0001


Sign in with Facebook | Sign in with Twitter | Sign in with Email