Ir para o conteúdo

PUBLIC NOTE regarding the use of encryption in systems and devices connected to the Internet

22 de novembro de 2019


THE BRAZILIAN INTERNET STEERING COMMITTEE –, exercising the mandate conferred upon it by Decree 4829/2003, taking into account the frequent dissemination of recent initiatives that seek to create “privileged access” to private communications content in digital systems, either through mechanisms, processes or tools that implement vulnerabilities or even corrupt cryptographic systems; either by disincenting or hindering the use of encryption, and


  • That the use of strong encryption is very important for secure and reliable information flows on the Internet, not only for individual users, but also for businesses and public entities;
  • That the protection of such flows is regulated by ordinary legislation (Law 10406 of January 10, 2002 - Brazilian Civil Code; Law 12965 of April 23, 2014 - Marco Civil da Internet, its regulatory Decree 8771 / 2016, art. 13, IV; and Law 13709 of August 14, 2018 - LGPD, General Data Protection Law, among others), and also contained in the “Principles for the Governance and Use of the Internet”, defined by, in particular the principle of freedom, privacy and human rights, as expressed in Resolution;


  • Reaffirms the importance of ensuring the free and appropriate implementation of strong end-to-end encryption, both for the protection of data and communications confidentiality, and for the exercise of rights under the Federal Constitution and infra-constitutional laws;

  • Reaffirms that an eventual implementation of privileged access mechanisms through tools such as backdoors or master switches may be ineffective in face of technical aspects impossible to overcome in order to obtain the original message, besides potentially posing greater risks, while creating security breaches that could be exploited for malicious purposes;

  • Reaffirms that solid encryption mechanisms are fundamental to the integrity and security of digital systems, to business secrecy, as well as to ensure the non-liability of network intermediaries, and the functionality, security and stability of the Internet;

  • Highlights that a hypothetical choice for vulnerable encryption mechanisms would go against international best practices and severely affect the security of users and businesses on the Internet, as well as could inhibit innovation and the emergence of business models.