Brazilian authorities’ poor handling of sensitive data

Good morning! Brazilian authorities’ poor handling of sensitive data. The weight of the pension reform on the future of the economy. (This newsletter is for platinum and gold subscribers only. Become one now!)

Brazilian authorities’ poor handling of sensitive data

The political world was rocked this week by a series of reports by The Intercept, which released data and private messages exchanged by Justice Minister Sergio Moro and Operation Car Wash prosecutors between 2015 and 2018—when Mr. Moro was still serving as the investigation’s main judge. The content of the messages shows him coaching prosecutors on how to build their case against defendants—especially former President Lula. That is illegal.

While the journalists behind the reports have said nothing about their source—or how the material was obtained—the people affected by the scandal were fast in saying they were victims of a hacker (indeed, several prosecutors reported their phones were hacked in recent months). It’s a natural move, trying to discredit the information. But even if the information was illegally obtained, it is of public interest—thus it has journalistic value.

(If you want more details on the case, and its possible implications, click here. Or here, if you want to listen to our chat with The Intercept‘s managing editor, Andrew Fishman.)

Here, we want to talk about how this story illustrates Brazilian authorities’ poor handling of sensitive information. Let us explain.

• The leak. According to the Federal Police (8 different investigations have been opened), the messages were stolen from lead prosecutor Deltan Dallagnol’s account on Russian messaging app Telegram. Nothing indicates that the alleged hacker(s) broke into Telegram’s system—instead, they profited from a glitch that allows someone to steal your login information when the system is connected on multiple devices. A loophole that can be closed by ticking a checkbox on Telegram’s settings.

• Multiple attacks. A week before the reports were published, Mr. Moro notified the police about a hacking of his phone. But patient zero was former Prosecutor General Rodrigo Janot. Federal marshals believe that, after breaking into his phone, the hacker(s) had access to messaging groups with federal prosecutors. Still, some of the affected persons have yet to turn their cell phones in for the investigators to run analyses.

• Sloppiness. It was only after the so-called Car Wash leaks that members of the cabinet decided to stop using WhatsApp and Telegram on regular phones, and start using encrypted ones protected by Brazil’s Intelligence Agency (Abin). Most Brazilian authorities still use unsafe communication methods—such regular email accounts. In the U.S., using a private email account went some way to costing Hillary Clinton a presidential election. In Brazil, it’s the norm.

• Cultural problem. That sloppiness reflects an overall cultural problem. A recent survey shows that 40% of Brazilian websites don’t have SSL protocols—which allow secure connections from a web server to a browser.

Notable data breaches in government digital spaces

• 2018: Hacking group Anonymous Brazil invaded then-President Michel Temer’s official website—as a form of protest against Mr. Temer’s policies, considered by the group as “an attack against human rights.” Former First Lady Marcela Temer also had her phone hacked by someone who tried to extort her—the perpetrator was sentenced to 5 years in jail.

• 2014: Hackers used a phishing attack to invade Brazil’s Foreign Affairs Ministry’s internal communication system, stealing cables, email lists, passwords, and data from authorities in Brazil and abroad. Secret data on the government’s arrangements to host then-U.S. Vice President Joe Biden was also leaked. At the time, the ministry asked all diplomats to change their passwords on all government systems.

• 2011: Hackers staged massive attacks against government agencies and municipal administrations. Over 200 official websites were invaded—including those of the internal revenue services, Petrobras, the official statistics agency (IBGE), the Federal Police, and the presidency. IBGE data was accessed—and some data was stolen—with official passwords of systems within the Sports Ministry being published.

• 2010: In the middle of the presidential campaign, a 21-year-old man hacked into then-President Dilma Rousseff’s personal email account. He copied roughly 600 emails, and unsuccessfully tried to sell the files to opposition parties. Ms. Rousseff was using an UOL email, one of the most popular providers in Brazil.

The week in review

Pension reform 1. Congressman Samuel Moreira presented his report on the pension reform, altering core points of the bill. State and municipal-level servants were excluded from the new rules—which makes the reform more palatable, but also places a lot of pressure on state legislatures, now facing financial collapse. Savings over 10 years could reach BRL 915bn—with an additional BRL 217bn coming from the re-allocation of revenue from a fund that finances unemployment insurance into the pension system pot. Click here for more detail.

Pension reform 2. Economy Minister Paulo Guedes complained about the report, saying lawmakers caved to the will of civil servants (one of Brasília’s strongest lobbies). In reaction, Speaker Rodrigo Maia called Mr. Guedes “unfair,” and said the government is a “crisis factory.”

Cabinet. President Jair Bolsonaro fired his third cabinet minister in less than 6 months. General Santos Cruz was relieved of his duties as Secretary of Government (a political liaison with Congress) due to “ideological differences” with the administration. In his place, the government named General Luiz Eduardo Ramos, the current military chief of the Southeast region. Mr. Cruz’s defenestration is an important win for the government’s “moral crusaders,” who are gaining ground against the military wing and other nuclei—such as the libertarian economists, and the Operation Car Wash defenders.

Budget. The administration got an important win this week by getting Congress to authorize an elevated debt ceiling. The extra BRL 248.9 billion allows the government to fund pensions, salaries, and regular expenses without breaking budgetary laws—which is an impeachable offense. To get votes from the opposition, the government promised to unfreeze money on housing projects and university grants.  

Startups. Gympass, a network of fitness services that operates in partnership with existing gyms, has just become Brazil’s new unicorn. In its latest round of funding, the company raised USD 300m from a group of investors led by Softbank. The Japanese group is set to use its connections to help Gympass (already present in 14 countries) expand to Asia in the near future. But the short-term goal continues to be growth in the U.S.

Homophobia. After four months, the Supreme Court has finalized its trial on whether or not homophobia should be a crime. By an 8-3 margin, the justices ruled that homophobia should be criminalized—while stating that religious leaders have the right to advise their congregation against homosexuality, based on the principles of religious freedom, “as long as they don’t engage in hate speech.”

Strike. Jair Bolsonaro faced the first general strike of his presidency on Friday, as unions banded together in walkouts to protest the government’s pension reform proposal. Public transport was affected in various cities across the country (some more than others), and demonstrations were organized on Friday afternoon. While several groups did join the strike, the impact of the event was deemed to be subdued, not meeting the expectations of the opposition.

Stabbing. A federal judge has acquitted Adelio Bispo de Oliveira, the man who stabbed Jair Bolsonaro on the campaign trail last September. Mr. Oliveira was considered mentally incapable. The verdict, however, determines he will be committed to a psychiatric facility—and re-evaluated every three years.

The weight of the pension reform on the future of the economy

The pension reform is treated by the government as something of a holy grail which would unclog investments and make economic growth possible again. Investors also seem to make the same assumption, according to GDP growth predictions we have gathered from the IFI—the Senate’s Independent Financial Institution—and top-rated investment firms surveyed by the Central Bank’s Focus Report. While they are less optimistic than the Economy Ministry, the general belief is that there is a light at the end of the tunnel. They’ll be hoping it isn’t the train.

Markets

Analysts at bank BTG Pactual believe drugstore chain RD (formerly RaiaDrogasil) could be a sleeper pick for investors. Smaller pharma chains have changed the sector’s dynamics, spurring competition and price wars, but analysts think aggressive discount policies may have reached their limit. In comparison to big players, “RD is the only genuine [Brazilian] pharma retailer, with a solid and profitable footprint in 22 states.” This gives the company a competitive edge and power to open more stores, without jeopardizing profitability. Analysts have reiterated RD as a “buy,” and “thanks to RD’s solid balance sheet and proven performance,” margins are expected to rise again, as the company gains more scale.” BTG Pactual projects RADL3 shares may reach a BRL 90 price-target within the next 12 months, a 22% jump from current levels.

Natália Scalzaretto, TBR markets reporter

The post Brazilian authorities’ poor handling of sensitive data appeared first on The Brazilian Report.