The ‘cloud’ of the Judiciary needs regulation.
Managing court cases in virtual environments is an inescapable and positive phenomenon, as long as the rights of citizens. By: Wilson Sales Belchior
The recent controversy surrounding a contract between the São Paulo Court of Justice with Microsoft precipitated the discussion of an important issue for the Brazilian Judiciary, how to use cloud computing in the management of the millions of cases that are being processed. In addition to the fact that the contract was suspended by the National Council of Justice (CNJ), the fundamental question is whether computer systems guarantee the security of the data contained in the processes, including that of people and companies that resort to the courts.
Several technology companies work with cloud computing and many of them use data centers located abroad, due to the economies of scale, which is an inexorable reality. However, a yellow light came on with the approval in the United States of the Cloud Act, a law that regulates the acquisition of digital data abroad and allows the FBI and other US agencies to enter into executive agreements with other countries, to access electronic information on any place in the world.
Although the objective of the law is to facilitate the fight against transnational crimes, such as terrorism, there is a risk. Under the Cloud Act, US providers, such as Microsoft and Google, have an obligation to preserve, back up and disclose electronic communications belonging to a customer if investigations are against it. However, how is this perspective regarding our legal processes, in which the Judiciary becomes the “client”?
The application of the Cloud Act in Brazil is related to Decree no. 3,810 / 2001, which promulgated a cooperation agreement signed between Brazil and the USA with rules for a person to be summoned or to seek evidence in criminal matters here by the USA and vice versa.
However, the complexity and risk increase when an American provider begins to “control” data from Brazilian lawsuits in its overseas data centers, many of which are confidential and strategic, for example, for companies. It is necessary to remember that, in Brazil, the Marco Civil da Internet and the recently enacted General Data Protection Law (LGPD) have mechanisms for the international transfer of data in case of legal cooperation, but at the same time, guarantee rights fundamental rights, including privacy. Therefore, there is a natural concern that executive agreements based on the Cloud Act may violate such guarantees.
Cloud storage and its security also need to leave the constitutional guarantees of the process unfulfilled. The laws that govern the e-process determine, in effect, that they are protected by access security systems and stored in means that ensure the preservation and integrity of information, through servers that have digital certificates.
But, in view of the controversy of the TJ-SP contract, which is the largest state court in the country, it is necessary to go further. It is necessary that the CNJ regulate the issue, determining security rules. Among them, satisfactory levels of system cryptography, transparency and accountability. It is also imperative that, in each contract, prior regulatory investigations are carried out to ensure, in its execution, the data protection provided for in Brazilian law.
Managing lawsuits in virtual environments is an inescapable and positive phenomenon, as long as citizens’ rights – and even Brazilian sovereignty – are safeguarded.
Wilson Sales Belchior
Source: ClikJus website