The use of cyberspace by the public administration in the COVID-19 pandemic: diagnosis and vulnerabilities

1. INTRODUCTION

Just as times of war and need drive innovation (Freeman & Soete, 2008), the social isolation imposed by COVID-19 prompts virtual solutions and platforms to assist in the digitalization of social life, driven by the political rhetoric of “War on COVID- 19” (Bennet & Berenson, 2020; Nienaber & Carrel, 2020). The need to transpose the administrative apparatus into cyberspace generates vulnerabilities and challenges rising from the dynamics and logic of the cyber domain that affect possible strategies to combat SARS-CoV-2. Based on paradigmatic cases, this article investigates administrative implications of the transposition of the state apparatus into cyberspace, a practice that started in the 1990s and that gained new contours with the advent of the current pandemic. The text presents a diagnosis of the vulnerabilities and challenges related to the increasing operationalization of cyberspace by the public administration.

Originally, the article demonstrates that when elaborating public policies, the digital divide must be considered a cyberspace vulnerability, alongside traditional technical problems. This work indicates that COVID-19 has highlighted the effects of digital exclusion and that it was not properly considered by the Brazilian authorities when elaborating policies to mitigate the effects of the pandemic.

Structurally, the article elucidates the transposition of the administrative apparatus into the cyber domain and the history of e-government. Thereafter, it examines the challenges arising from the nature of cyberspace regarding the virtualization of government administration. Finally, it analyzes the implications of such transposition with regard to technical and socioeconomic vulnerabilities, focusing on actions triggered by the new coronavirus.

2. TECHNICAL-SCIENTIFIC-INFORMATIONAL DOMAIN AND E-GOVERNMENT

The administrative virtualization is carried out through the technical-scientific-informational framework of globalization processes, which, according to Santos (2009), culminates in cyberspace. In this case, it is viewed as a domain of artificial human interaction, equipped with unique peculiarities (Cohen, 2007; Rattray, 2009; Kuehl, 2009; Medeiros, 2019), developed through the interconnection of physical layers (people and hardware) and digital layers (software and information) (Libicki, 2009; Ventre, 2012).

Given its artificiality, cyberspace only exists through its operation by individuals and institutions. Since access to technology is a limiting factor for cyberspace, the asymmetry of this access results in increasing socioeconomic disparities (Ruediger, 2003).

The most evident manifestation of cyberspace is the Internet. It was conceived during the Cold War by the American public administration as a network of computers interconnected between universities and research centers that then extended to the private sector, originating the universe known today (Castells, 2003). With the popularization of the Internet in the 1990s, portions of the public administration were progressively digitized in order to use Information and Communication Technologies (ICTs) as vectors of efficiency and agility for information flows between governments and their citizens (Chadwick & May, 2003).

At the beginning of the 21st century, ICTs were considered a mere extension of public administration, with potential benefits of speed, accessibility and convenience (Jaeger, 2002). The most recent views, however, envision e-government as the combination of ICTs and the public administrative apparatus, with repercussions for areas that include improvement in public services, political frameworks, high quality and efficiency of government operations, civil engagement in democratic processes and institutional reforms (Dawes, 2008; Choi & Chandler, 2019).

E-government processes consist of capitalizing on the peculiarities of cyberspace by the public administration. In other words, the use of deterritorialization and interconnection of cyberspace (Medeiros, 2019) to reach connected portions of society, while computational speed and connections accelerate administrative processes. Hence, e-government can effectively be characterized as a facilitator of relations between State and society (Ruediger, 2003) through innovation, rationalization and adoption of management models that prioritize the provision of information and services to citizens. At the same time, e-government opens public administration to participation and social control and encourages the exercise of citizenship (Rampelotto et al., 2015) in accordance with the Brazilian constitutional principle of advertising, provided for in Article 37, caput, of the Federal Constitution (1988), and elucidated by Oliveira (1996).

Because it demands means for its operationalization such as electronic devices and infrastructure networks, e-government has the potential to be excluding, contrary to the intrinsic universality of the public good. Governments often resort to using mixed methods of online and face-to-face processes to mitigate the digital divide (Sampaio, 2016).

In a way, Brazil demonstrates its concern with digital inclusion by the paradigmatic change from the term “electronic government”, which refers to the computerization of internal management processes, to the term “digital government”, “whose focus centers on the relationship with society (citizen’s view), in order to become more user friendly, more accessible and more efficient in offering services to citizens by means of digital technologies” (Digital Government, 2020).

The reality imposed by COVID-19 heightens the operationalization of cyberspace through the administrative apparatus, requiring that employees work remotely (Hern, 2020), banks prioritize digital services (Almeida, 2020), stores adapt to online shopping models (Meyersohn, 2020) and face-to-face education is modified so as to continue at a distance (Star, 2020). Regarding the existing socioeconomic differences, the responsibility for taking further measures of e-government and adapt their communications and practices to the virtual environment rests with the government apparatus. Nevertheless, social insertion in cyberspace is open to exploitation by a myriad of actors capable of operationalizing the logics and peculiarities of the digital universe according to their personal agendas.

3. THE OPERATIONALIZATION OF CYBERSPACE, TECHNICAL VULNERABILITIES AND CHALLENGES

In view of the digitalization of the administrative apparatus and the intensification of e-government, the conservation of political frameworks and the efficiency of government operations are essential focal points for public administration. Maintaining government communications and services in cyberspace is imperative in today’s context of social isolation. However, as today’s society resorts to cyberspace, in addition to aggravating social differences, this becomes a vector for the dissemination of disinformation and criminal attacks (Batista et al., 2020).

Part of the government’s actions in the current pandemic scenario is aimed at combating “infodemics”, i.e., the proliferation of false information about SARS-CoV-2 by social networks (Cinelli et al., 2020). The Oswaldo Cruz Foundation (Fiocruz), for example, recently had to deny information falsely attributed to the entity (Fiocruz, 2020).

One way of spreading false news and cyber-attack is by sending malicious links via email or communication applications (apps). In Brazil, links and sites improperly attributed to health authorities give rise to scams, encouraging downloads of files that supposedly could contain data on SARS-CoV-2 (Mazzi, 2020). After opening the link or the file sent, the device becomes infected. Hence, the attacker can obtain various data from the victim, such as banking (Kaspersky, 2020).

Public administration is also challenged by ransomware: malicious software that encrypts the contents of a device and only releases them after a payment in cryptocurrencies. The university hospital in Brno, Czech Republic, testing center for the new coronavirus, has suffered a ransomware attack (Newman, 2020) where criminals gained access to the hospital system and encrypted the databases (Arbulu, 2020). The hospital did not pay the ransom and, as a result, activities were temporarily suspended and patients were relocated (Schwartz, 2020).

Another recent example of a ransomware attack occurred in the Champaign-Urbana Public Health District in Illinois, USA. As the institution had data backup, its services were not severely affected by the non-payment of ransom (Nichols, 2020). The billions of dollars of damage caused by the 2017 WannaCry ransomware left valuable lessons in digital literacy for administrative entities, among them, ensuring continuous system backups (Coughlin, 2017).

Public websites are targets for cybercriminals who seek advantages by creating clones that simulate official websites. Recently, the US Department of Health and Human Services suffered a DDoS (Distributed Deny of Service) attack that aimed to make the institution’s website unavailable. As a result, people lost the official reference and had to search for other sources of data on the pandemic that might not be “legitimate”, or be infected with codes to “steal” user data (Morrison, 2020).

It is worth noticing that the digitally excluded are already permanently “denied access” to electronic information systems. Thus, in practice, digital exclusion has social similarities to one of the “traditional” technical vulnerabilities of cyberspace.

4. TRANSPOSING THE SOCIAL ENVIRONMENT TO CYBERSPACE: INNOVATIONS, CHALLENGES, VULNERABILITIES AND LESSONS FOR PUBLIC ADMINISTRATION

The increasing operationalization of cyberspace by the public administration driven by COVID-19 gives rise to innovations, challenges, vulnerabilities and lessons.

In recent weeks, television newscasts have been showing virtual meetings of national authorities, in which videoconferencing platforms are used (Behnke, 2020; Matsuura, 2020; O Estado de S. Paulo, 2020). In order to respond to the demands imposed by the pandemic, public and private entities have transferred activities to cyberspace. However, the use of this alternative for professional and educational activities and for the coordination of public policies reveals technical and social vulnerabilities of cyberspace. According to Sampaio (2016), while it is necessary to admit the advantages of society’s participation in cyberspace, it is necessary to recognize the existing limitations.

The transposition of face-to-face work activities into cyberspace creates a type of social exclusion, since only part of society is able to maintain its employment and income. To mitigate the socioeconomic effects of the pandemic, the Federal Government has launched an emergency aid program (Decree 10.316, of April 7, 2020) for the universe of citizens who have drastically lost their livelihood. This action brings to light the technical and social vulnerabilities of cyberspace.

In order to comply with the Government’s determinations, the Caixa Econômica Federal (CEF) launched the “Caixa Auxílio Emergencial” website and app by which citizens, covered by the previously mentioned Decree, can request emergency aid. The bank provided a call center to clarify doubts, albeit accessing it poses problems (UOL, 2020). The way it was designed to work is that the ‘Bolsa Família’ beneficiaries, who are already registered at the CEF, would automatically receive the extra assistance through a deposit made in the same bank account as the regular government program.

Other interested citizens, who fulfill the criteria of the Decree, must register on the CEF website or app to receive emergency assistance, provided they are holders of a regularized Cadastro de Pessoa Física (CPF). A major problem since the many “invisible” Brazilians do not have a CPF (Kerber, 2020). With this requirement, plus the lack of information, technical problems and the precariousness of non-face-to-face information channels, the system did not work as expected and many took to the streets outside the CEFs, forming lines and agglomerations, forcing them to go against the recommendations to combat the pandemic (Lara, 2020).

When the online registration is completed, the interested party awaits analysis by Dataprev (Larghi, 2020). Once approved, the beneficiary should receive the deposit in a CEF or Banco do Brasil account. Those who do not have an account with these banks receive a code to access the Social Savings Account, managed by the “Caixa TEM” software (CEF, 2020). This last alternative presents another problem: the code is only valid for two hours (Branco, 2020), which makes it difficult for those with mobility or internet access problems and / or those who need to use borrowed devices to access the CEF app or website. Technical problems, delays and misinformation again took many people back to the streets unnecessarily (G1, 2020).

The main problems faced by the population are not related to the design of the CEF systems itself, but in the requirements for their use. Initially, data from 2019 show that 6.8% of the Brazilian population over 15 years of age is composed of illiterates (Gazeta do Povo, 2020). These, consequently, are excluded from the digital universe. Inequality of access is another problem: 50% of the population in rural areas and peripheral regions and 16.2% in urban areas do not have access to the Internet (Brazilian Institute of Geography and Statistics [IBGE], 2018); altogether, only 70.07% of the population is active on the Internet (Internet World Stats [IWS], 2020c). In addition, those interested in the aid could still suffer from problems related to the rules imposed on registration (GooglePlay, 2020) and / or have old devices that are unable to install the software.

The digital divide is also present in education during the pandemic. According to data from the National High School Examination (Enem) board of 2018, 34% of students in the public school system did not have access to the Internet and 55% did not have a computer (Saldaña et al., 2020). Despite these numbers, after schools were closed across the nation due to COVID-19, the Ministry of Education (MEC) authorized the use of ICTs as an alternative for continuing education (MEC, 2020).

It took strong pressure from the society for the Government to agree to postpone this year’s Enem exams (Betim, 2020). When it comes to inequalities, the Minister of Education allegedly stated in a meeting with senators, “Enem was not designed to correct injustices” (Lemos, 2020). Only time will tell whether the historic inequality in the performance of students from public and private schools in the Enem (G1, 2016) will be exacerbated by the current pandemic.

Both classes and work activities were transferred to the virtual environment via videoconferencing platforms. The operationalization of cyberspace through these tools, including by the public administration, raises questions about privacy and security.

When analyzing the videoconferencing app, Citizen Lab¹ pointed out that calls go through the company’s central server so that it can have access to communications, files and videos shared through the platform. In addition, the group identified that encryption keys were transmitted by servers located in countries other than those that host the company (Marczak & Scott-Railton, 2020). These findings gain relevance because Brazilian public entities use the platform in question for work meetings. Therefore, potentially sensitive data could be accessed by private entities located outside the national territory. It is important to emphasize that no communication app is 100% secure and that similar problems can also occur with the storage of information and files “in the cloud”, which are actually physical servers located in different countries. Furthermore, the Snowden case has already exposed vulnerabilities related to the traffic of digital information (Greenwald & MacAskill, 2013).

Another vulnerability of video call apps arises from the expedient the cyber-attackers use to enter public meetings or discover the identification code of a private meeting. After entering, they can listen to the communications or try to end meetings or classes, embarrassing participants with racist and / or pornographic messages (O’Flaherty, 2020). Such an issue becomes more prominent as users post photos of meetings on social networks, displaying the call identification code, such as the British Prime Minister Boris Johnson did at the end of March (Corera, 2020).

Despite the aforementioned vulnerabilities, as shown on television news, Brazilian institutions such as the Federal Supreme Court, the Chamber of Deputies and the Federal Senate continue to use videoconferencing platforms to hold ordinary sessions and voting (Brígido, 2020). It is noteworthy that the trials are transmitted over the Internet and TV Justiça, and that no vote in Congress was secret (Ladeira, 2020).

The Snowden case left important lessons. With regard to the initiatives promoted by the Brazilian Government in cyberspace, the topics “budget control” (Normative Instruction No. 01, 2019), “information security” (National Information Security Policy, Decree No. 9.637, 2018) and “confidentiality and transparency” (General Data Protection Law - LGPD) stand out.

5. FINAL CONSIDERATIONS

The operationalization of cyberspace by the public administration faces challenges inherent to the cyber domain. It is imperative that public sectors consider the technical and social vulnerabilities of that environment and take measures to combat them.

Running training courses and developing platforms and personal solutions should be part of broader digital inclusion measures. This challenge is not unprecedented; it synthesizes historical processes of social exclusion.

The problems related to education through digital platforms and the difficulties in accessing the Federal Government’s emergency benefit leave significant lessons for the public administration: digital exclusion is a nefarious face of the operationalization of cyberspace. As seen, only 70% of the Brazilian population is active on the Internet (Pop.AI).

Regarding emergency aid, the experiences of countries with digital and / or social reality similar to Brazil offer little as an alternative. According to Ozili (2020), in the African continent, only Nigeria (Pop.AI 61.2%, IWS, 2020a) and Malawi (Pop.AI 14.2%, IWS, 2020a) have emergency income assistance programs. The Nigerian government distributes approximately USD 52.00 to families registered with the ‘National Social Register of Poor and Vulnerable Households’ via bank transfer (Human Rights Watch [HRW], 2020). India (Pop.AI 40.6%, IWS, 2020d) adopts a similar model, distributing USD 6.60 to women registered in the Jan Dhan Program, through deposit in bank accounts (The Economic Times, 2020). Both programs are similar to the transfer that takes place in Brazil for Bolsa Família beneficiaries. Argentina, which has 93% of Pop.AI (IWS, 2020c), adopted measures similar to the Brazilian one: fully online registration of beneficiaries and direct payment in bank accounts (Argentina, 2020).

Brazil could have adopted mixed solutions practiced by States equally affected by the pandemic, as summarized in the following box:

Despite having a high percentage of Pop.AI, none of the countries listed relied so much on cyberspace for the payment of emergency aid as Brazil. Registration via the workplace (UK and Spain), Federal Revenue (USA) or Social Security (Italy) database, and distribution via the Post Office (USA), payroll (UK and Spain) or deposit in the beneficiary’s preferred account (USA, UK and Italy) could all minimize the problems faced by many Brazilians. Having said that, social issues, such as informality, would hinder the full reproduction of these measures in the country.

The vulnerabilities of cyberspace for public administration are technical and social; and countries with high social inequality are more difficult to remedy. Although it is impossible to predict the world after social isolation, comparable to combating this contagious disease, it is possible to see that a greater exposure of the administrative apparatus to cyber reality engenders practices and habits that will lead to the creation of “cyber antibodies”. As a result, government sectors would not only become more aware of the vulnerabilities emanating from the cyber domain, but could also counter back and avoid them in their daily work.

References

Publication Dates

History