This is all WhatsApp's and the US's problem, not Brazil's. In fact, it's kind of insensitive for foreigners to suggest that a judge of a sovereign nation must consider US law in his rulings. If anything, I think this would justify ruling against WhatsApp more harshly, as it sends the message to the US that policies which don't respect the sovereignty of Brazil will hurt US economic interests in Brazil.

That said:

> Second, apparently, the data does not exist. WhatsApp publicly stated, including in testimony before the Brazilian Congressional Committee on Cyber Crimes[2], that it does not and has not retained any message content once messages are delivered, even before the recent full roll-out of E2E. Based on these statements, it would seem that WhatsApp is indeed unable to comply with the court's request, regardless of any jurisdictional arguments.

If this is true, that's a solid argument and stands on its own.

My apologies, but I think that if you re-read what was written, you will find that this was not suggested. The comment was written in response to one that came to the conclusion that this "was all [WhatsApp's] fault." It is suggesting that WhatsApp is not at fault, is probably strictly complying with US law, and cannot share the information in any case. At no point does it even come close to suggesting that the judge in the case should have "considered US law" in his rulings.

Moreover, I feel that your claim does not clearly differentiate between 'considering US law' as a material fact and 'considering US law' as a judicial precedent. You seem to be suggesting that someone arguing that US law ought to be held material to the case is somehow demanding that the Brazilian judiciary hold itself subservient to the US courts. You also seem to be suggesting that a Brazilian state judge has any business interpreting the law so as to "send a message" to the government of another nation, which is simply and patently untrue.

It's worse that most local judges simple don't know that there's even a problem, and even if that'a clear to them, the judge most likely has 0 experience in making a successful request to the foreign state. And since all bureaucrats if the request isn't perfect it falls through the cracks. So often (at least if you're locally present) your laywers will need to help the judge to draft and push such a request through.

Long story short: These jurisdictional issues are not at all US specific, it's everywhere. Sovereign states just don't like it all over if their citizens and companies do stuff within their borders under orders of a foreign state.

Whatsapp can choose to assign resources to this issue, or it can ignore it and let it solve itself. If Whatsapp thinks that Brazil is an interesting market for whatever it is selling (what are they selling?) or if it is good for PR then they may choose to seek ways to intervene.

When they are operating their business within the EU, yes. For example US companies operating servers in the EU must comply with EU data protection laws regarding information on those servers. This situation is analogous. WhatsApp's servers are in the US so US law applies. If the servers were in the EU then EU law would apply, not Brazilian law.

More accurately, US companies processing personal data of EU citizens must comply with EU data protection laws. It just so happens that locating the servers in the EU is among the easiest ways to comply with that.

The Brazilian case isn't about data transmission though. WhatsApp isn't in breach of any rules about that. It's about court ordered access to records stored on an server in a specific geographic location - The USA. Now if the Brazilian government passed a law requiring WhatsApp to record all data on servers in Brazil that would at least be possible to comply with.

Allowing a company to break Brazilian law because US law demands that the company break Brazilian law would absolutely put the Brazilian judiciary in a subservient position to US law.

> You also seem to be suggesting that a Brazilian state judge has any business interpreting the law so as to "send a message" to the government of another nation, which is simply and patently untrue.

Brazil decides what is and is not the business of Brazilian state judges.

It's really the only way to go. Otherwise, you get pissing matches. Brazil blocks WhatsApp. China blocks Facebook, GitHub, etc. Iran blocks so much stuff that people need to get data dumps via satellite TV. The US blocks a lot too, but mostly about gambling, "piracy", etc.

It has to do with some countries suck more, and some suck less.

Plenty of countries don't block anything. Like military aggression, child mortality, literacy rate, etc., that is one important data point about any country and its government.

If you don't know what "internet sovereignty" means, then how can you possibly claim that something had nothing to do with it?

Bad laws are bad laws. If you can avoid complying with them, you absolutely should.

I wonder if you'd say the same to Gandhi. "The law is for everyone so you can't evade taxes by making your own salt." https://en.wikipedia.org/wiki/Salt_March

It's just as insensitive for a judge of a foreign nation to suggest that all foreigners must consider his rulings when making decisions under their own sovereign laws.

Incidentally, I wonder how the situation would be handled and what the opinion would be if some big foreign company operating in the US were shut down in the same way.

Isn't this a fair position ? Imagine you are a lone dev creating a service that has no specific limitations. You are subject to your countries law, but should also be liable under each single law of every country where your users might happen to be ?

It seems to me that countries should have the right to do what they want within their borders (including shutting down access to some services) but go the diplomatic route if they have to interact with people out of their borders.

So, in this case, "all foreigners must consider his rulings", applies only for the those who wish to keep their service working in Brazil.

If you are operating in Brazil you have to follow Brazilian laws, including judges' orders. Just because I decide to do something in the US doesn't mean it's automatically legal when I do it in Brazil.

No.

> The judge's order has no validity outside his jurisdiction; just like a US judge's order has no validity in Brazil.

Which is why the judge only banned WhatsApp from operating in Brazil.

I don't see what they can gain from storing masses of old chats and then not allowing users to download them onto new devices. If they kept chats to do analytics on, there's no reason that they wouldn't expose it to users too.

(This may also explain how they survived as a company for so long with so many users and so little revenue. All they're doing is running a few fast servers to shuttle messages back and forth, no storage requirements at all).

On the other hand Telegram does seem to store conversations - if you log in using a desktop app, it will pull down your recent chats.

If that's true, I'm in awe of their integrity. Skype on the other hand now has complete disregard for user privacy. Skype stores your voice mails and video messages forever[1]. This is something that they started doing 2-3 years ago and few people seem to be aware of it. It's amazing how low Skype fallen from its early days when it was considered a beacon of privacy and on the cutting edge of encryption and security.

[1] Details: Clicking on Preferences -> Privacy -> Delete history (OS X) or Options -> Privacy Settings -> Clear history (Windows) pretends to delete the voice/video messages but it merely hides them from your view. If you re-install Skype on the same computer or run Skype on a different computer, all those "deleted" voice mails and video messages re-appear. The delete and clear buttons are basically lies; there's no polite way to put it.

Very old voice messages are also accessible even if "deleted".

Text chats do seem to disappear, but at this point I don't believe anything Skype says. I figure they keep the chats forever as well.

Edit: yes, the chat backup functionality still works. I have never tried to restore it though.

Go to settings > chats >> Chat backup to start backing up your messages to Google Drive. (Make sure you have 2FA on your Google account)

It's a "feature" of the normal chats/channels/groups/supergroups of Telegram that you are able to download them to other devices, or to restore them on a freshly wiped device, because (and I'm over-simplifying here, but the end result is the same) they are encrypted with a key known to the server, and which other devices signed into your account can then be authorized to use.

But, the NSA approach to data collection is basically to vacuum it all up and, if possible, decrypt it later. This has two implications:

1. Metadata. "We kill people based on metadata" isn't a joke, it's a quote from Michael Hayden, ex-executive in both the NSA and CIA. End-to-end encryption doesn't hide who you're talking to or when.

2. It seems unlikely that it will be computationally possible for them to decrypt all traffic, but it would only surprise me a little if AES128 is breakable for high-value targets in the next 20 years: increased computing power, better multi-threading, better cryptanalysis algorithms, maybe quantum computing or some completely unexpected technology; it's hard to say what will come along.

In short: mining encrypted data still matters.

I always feel like many large US tech companies want to have their cake and eat it. They want to be a global company, they want to have 2 billion users, and are valued at having that many users. But when it comes to laws, suddenly they operate under US law alone.

I wouldn't mind if they ignored all national laws, and acted like a true global company. But I'm not from the USA (or Brazil), and don't want to be under US law. If you want to operate only user US law, then why not constrain yourself to the US market? Only operate there?

And when it comes to taxes...

The fact that WhatsApp's info is stored on servers rather than paper records is irrelevant. The jurisdiction in which the records reside applies. Although the fact that their servers don't even store the information requested anyway should be.

Fair point. But to continue that analogy, the US judge is quite free to ban the commercial operation of that Brazilian company in the USA. Which is exactly what happens, and is happening here.

As an ideological position it has some interesting points to make, but in a contemporary legal setting it's difficult to find footing.

My personal position is informed by Hobbes (https://en.wikipedia.org/wiki/Leviathan_(book) ) in that we have to make compromise with our individual liberty to bring about a greater good.

> "No arts; no letters; no society; and which is worst of all, continual fear, and danger of violent death: and the life of man, solitary, poor, nasty, brutish and short."

Freemnan-on-the-land is totaly quackery in a comptemporary legal setting. It's like homeopathy, but for laws. It's Creationism, it's snake oil. Fundamentally it presumes/assumes that laws work differently from how the organs of the state think they work.

I mean this: https://anarplex.net/hosted/files/declarationseparation.html

I think cyberspace currently is best categorized as a distinct estate rather than realm in a similar vein to the press and the judiciary. Each functions with more or less autonomy but can occasionally be subjugated to the other.

https://en.wikipedia.org/wiki/Fifth_Estate

But in meatspace, one blends in, doesn't attract attention. As in Vinge's True Names. Ultimately, authoritarian states may wither. Or not. But in the meantime, one can manage, under occupation.

National law cannot enforce anything on organizations not within the national jurisdiction, without international cooperation. However, they can (attempt to) stop their own citizens from accessing the international service.

I don't think it makes a difference whether what you are offering is physical or not, your service is bound by the laws in whichever country the exchange takes place. Of course enforcement might be an issue, which is exactly why the Brazilian judge did what he did, when Whatsapp failed to abide by Brazilian law.

Even with the laptop warranty case, if some small retailer from Country A shipped a laptop to Scandinavia, but didn't uphold a 2 year warranty, the Scandinavian governments would not be able to force the warranty to be upheld. They can make whatever local judgments they want, but none of them would touch Country A without international agreements in place.

I think this is a bad law by the way. Hopefully the clearly negative impact it is having will lead to it's reform.

This kind of thing can't even be enforced, being so easy to bypass.

every country treats certain content as criminal as they wish. Where the servers are is just a minor detail.

All laws are easy to bypass, what's your point? Ever tried to go 60 in a 30km/h zone? Lack of 100% enforcement does not make a law useless.

they have bank accounts and deals with many tel co to operate as they do in each country they are.

you do not get pre-installed on the three biggest mobile operators phones (99.9% of market) and get deals where data to your service do not count as part of the limited data-plan on two of them, by just "being an IP address on the web".

Same goes for the telcos. Offering free whatsapp and Facebook is a thing. And it's not because whatsapp had a "deal". It's because the telcos want more users.

Developing countries eat that up. People explicitly want to see whatsapp support or they don't buy the phone and many terrible devices have been sold on this premise.

Source: Experience

Nothing that lives of ads or telecomunication companies survive only by "serving the user". The telco only pre-install something on the device if: A. they are paid upfront, B. if they get a percentage of the ads.

yeah, serving the user is good, but remember that you are talking about companies that charges for SMS. the day they have to rely on "pleasing the user" hell will freeze over. They rely on regional monopoly, just like in the US.

People constantly switch network providers here since we have number portability. My wife, me and many of our friends switched to Vodafone cos they were offering a really great Internet package. Free Whatsapp, Facbook, Twitter, Instagram,and Snapchat plus 3.5 GB for what's essentially $9 a month. Here that's unbeatable and unheard of. http://support.vodafone.com.gh/customer/portal/articles/1813...

I doubt all these services are paying for for Vodafone to do this.

MTN does it, Airtel does it and Vodafone I think does it as a package.

If you currently don't offer some sort of package or free service, you're out of the competition.

you can't do that in brazil without having the papers to do business there. in fact, you can't even sell anything without the right documents. Just like everywhere else.

I don't know portuguese so I didn't actually read what the deal is.

Is this a service where subscribers pay the carrier a fee for 30 days of unlimited data traffic to whatsapp servers (VoIP excluded) + 50M of data ?

If yes, does that constitute a transaction the consumer makes directy to whatsapp via the operator? I understand that likely whatsapp and TIM (an Italian company btw) might have made some deal and exchanged some money for the use of whatsapp logo etc, but I guess that transaction could have been done anywhere.

the app has in app purchase. that page describes both what you described plus paying for in app purchases via operator

> TIM is an Italian brand owned by Telecom Italia. Originally founded as a mobile telephony company in 1995

https://en.m.wikipedia.org/wiki/TIM_Brasil

> Parent Telecom Italia Mobile, Telecom Italia

I never been there, I don't read or write danish, I never interacted with danish government, or met any danish person.

If the dane government wanted something from me, and sent a letter to some random person, written in danish, even if it reaches me, I wouldn't understand it anyway.

Thus, having app in some other country store doesn't prove much, except that you clicked "publish" somewhere on Google or Apple uploading interfaces.

At which point you agree to adhere to their laws and regulations.

A famous example of someone operating legally under local law, but who got prosecuted for having merely a website accessible in another country, was Kim Dotcom.

That’s the current state of international law, either lobby to change it, or accept it, but don't ignore it.

Uhm nope. If my app(published on Apple Store/Google Play) violated a law in Saudi Arabia and they sent me a letter requesting me to appear and subject myself to 100 lashes for violating their law, I would very promptly disregard said letter, to put it politely.

And that is the problem. You can't actually expect people to hire lawyers from 108 different countries to see if their app is legal in each of them just because they're going to distribute it on the internet, to say nothing of what happens when two countries have mutually contradictory laws (e.g. privacy vs. data retention). And a person who goes to see the Great Pyramids shouldn't have to worry about being hauled off to Saudi Arabia and then stoned to death because their app doesn't prohibit blasphemy.

> Also Saudi Arabia will propably ban your App, which is what is happening in Brasil.

Which only increases the proliferation of tools to bypass the restriction.

You could expect facebook, with their almost infinite resources to so.

I never thought I'd say this, but: Good on Facebook for not complying.

If you purchased a VW car in Germany and had it shipped over to the US it would be on YOU to make sure it complies with all requirements of your country, not Volkswagen's.

I can’t sell medical marihuana in most states of the US – and I don’t go and try, and then complain about getting arrested.

Instead, if I wanted to start a business doing that, I’d check out where it would be legal, and in which ways, and sell my product in those markets.

Why do you assume you can sell your product in markets without having checked the legality, and then complain when they ban your product because it violates the local law?

My point was - is there any reason why I, as a developer, should not check "all countries" when publishing an app? If Saudi Arabia wants to ban my app later - let them, I literally don't care.

And yes, consumer protection laws absolutely still apply. The laws of my country - if my country says that I have to give him 2 years warranty - of course he gets 2 years warranty. If his country says a seller can be subject to 100 lashes for selling prohibited materials - they can go and try executing this, I wish them all best luck.

Just because you can take their money doesn't mean they have to accept that.

It's a bit like saying "You should hang yourself, because if you don't, I'll hang you." The proper response is "get on with it then."

That's a pretty shit example, given everything that happened around that case.

If an art dealer sells a painting to someone in brazil, does it mean the original artist operates in Brazil?

(Not that I agree with that, but that's what it looks like)

Apple has a corporate office in Brazil (google too) and they're the ones who distribute and approve the application for sale there. They're legally required (I assume) to respond to legal notice they're served with. WhatsApp is not legally required to do so, and others have pointed out that it might not even be legally feasible for them to do so.

Of course this situation is more complex because obviously Apple doesn't have the data and I doubt Brazil wants to get into a legal battle with Apple. And although Brazil doesn't have the ability to force WhatsApp to comply with anything, they do have the leverage of being able to shut down their service. Should make for an interesting story to follow.

At the very minimum, if they had served Apple/Google instead, they would have had a legal requirement to actually respond. I don't know much about the actual case so these are mostly assumptions.

If they have no presence in Brazil, how did they get shut down in Brazil? I don't mean to be glib, but I don't see how the two concepts jive with each other.

On a purely practical level, if they were interesting in maintaining their service in Brazil, why didn't they establish a presence in Brazil when all these previous orders and shutdowns were going on? This is like ignoring notices in the mail and then wondering why you're getting collections calls.

Blocked at the ISP level.

What would interest me is knowing whether or not access is still blocked if you change your default DNS server to something like 8.8.8.8?

OT: Intrigued and tempted by ivpn.net but the about page don't give me enough info to decide (no team, no physical address...) Where can I read more?

> VPN was founded in 2009 by a group of information security professionals who met whilst doing their Msc in Information Security at Royal Holloway, University Of London.

I've never researched that, but I've worked with them for years, and it's consistent with my experience. They're good people, I believe.

[0] http://www.siteshowinfo.org/sites/www.ivpn.net

[1] https://www.ivpn.net/aboutus

This does not make a lot of sense.

If they don't retain any message content, then how am I able to browse all my message threads on https://web.whatsapp.com?

EDIT: I'm wrong.

If you delete a message on the phone the message disappears in the web interface too.

"WhatsApp Web connects to your phone to sync messages."

I.. did not know that.

"oh sorry, breaking local laws? Oh well, we're in america! Too bad!"

Doesn't work like that.

i know nothing about law, but where are you getting this from? does not seems to be the case with any company in china (yahoo gave in, google decided to leave) for example.

It would be an apt comparison, if you imagine that Comcast had a Latin American headquarters in Brazil, where Telemundo's Portuguese telenovelas have millions of viewers; it would be weak tea for NBCUniversal to then argue that Brazil had no jurisdiction over it and the programming it distributes there because the shows are produced in Florida and NBCUniversal has no employees there.