State of Privacy Chile
The State of Surveillance in Chile is the result of an ongoing collaboration between Privacy International and Derechos Digitales.
Right to Privacy
The right to privacy is referred to in article 19 (Chapter 3) of the Chilean constitution:
“The Constitution assures to all persons: […]
4. The respect and protection of private life and the honour of the person and their family. [...]
5. The inviolability of homes and all forms of private communication. The home may only be searched and private communications and documents intercepted, opened or inspected in the cases and forms determined by the law [...]”
Regional and international conventions
Chile is a signatory to a number of international conventions with human rights implications, including:
- The Universal Declaration of Human Rights;
- The International Covenant on Civil and Political Rights;
- The International Convention on the Protection of the Rights of All Migrant Workers and Members of Their Families; and
- The American Convention on Human Rights.
According to the Pew Research Centre, in 2014, 91% of the Chilean population owned a mobile phone. Of these, 39% owned a smartphone. 69% of Chileans use the internet on a daily basis and 76% stated that, once online, they engaged in social networking.
Facebook and Twitter are popular social media platforms in Chile, according to the report.
There is one internet exchange in Chile, located in Santiago. It is owned by a company called NAP Chile. Fibre optic cables are implemented by private companies and supervised by the telecommunications regulator, SUBTEL.
The Criminal Procedure Code regulates communications interception.
Article 222 establishes how interception takes place and how companies must comply with interception orders. It also states that “communications between the accused and his attorney cannot be intercepted, unless the judge so orders if he has reasons to believe that the lawyer is involved in the crime under investigation.” The article also establishes that “the order for the interception must indicate the name and direction affected by the measure and indicate the form of interception and duration thereof, not exceeding sixty days. The judge may extend this period for up to an equal duration.”
A 2005 amendment to Article 222 requires companies to comply with law enforcement interception orders: “The telephone and communications companies must comply with this measure by providing relevant officers the facilities needed to carry out interceptions as needed.”
A 2004 amendment to the same article had previously required that: “Communication providers shall maintain an updated confidential list for prosecutors of its authorised IP address range and a record of the IP connections performed by their subscribers for at least the past six months". A 2011 law on child pornography then extended the retention mandate to a year.
Article 222 of the Criminal Procedure Code ends by asserting that communication companies required to carry out interception must do so secretly and not disclose it or report it to their customers.
Law No. 19.974, which regulates intelligence services, also refers to the interception of communications. Article 24 allows for “the interception of telephone, computer, radio communications and correspondence in any form”, in the context of investigations related to national security and organised crime matters. Article 25 clarifies that “the directors or heads of intelligence agencies shall request, personally or through an official subordinate expressly authorised to do so, the court authorization to use [that] procedure.”
The interception of communications must only be done in order “to detect, neutralise and counter the actions of terrorists, national groups or international, and transnational criminal organizations or counter intelligence activities developed by national or foreign groups”.
Telecommunication companies are referred to in Article 30: “Natural or legal persons are required to allow the performance of [interception of communications] upon display of court order. They shall accede to such request immediately or as indicated in the judicial authorisation”.
The Penal Code makes multiple references to the unauthorised interception of communications data, which it classifies as a felony.
Article 156 states that employees of postal and other communication services are prohibited from intercepting and accessing communications and would expose themselves to jail terms if they were to do so.
Article 161-A establishes as a crime punishable with imprisonment the capturing, interception, or unauthorised recording of any private conversation, and the dissemination of such conversation.
Security and law enforcement agencies
The ministries in charge of national security are the Ministry of Interior and Public Security and the Ministry of National Defence.
Among its functions, the Ministry of Interior and Public Security is mandated to:
- Propose to the President rules and actions on domestic policies to maintain public order, security and social peace;
- Promote and coordinate measures to prevent and control crime, violence and recidivism;
- Define and evaluate measures aimed at controlling crime and police response to violations of criminal law; and
- Set up contracts with public or private institutions, including municipalities, pertaining to the development, implementation and evaluation of policies, plans and programs for internal security and public order.
The main functions of the Ministry of National Defence are:
- Proposing and evaluating defence policy, military policy and national defence planning;
- Studying, proposing and evaluating policies and rules applicable to the defence sector and ensuring compliance;
- Studying the financial needs and budgetary sector and submitting the draft annual budget;
- Assigning and managing resources appropriate in accordance with the law;
- Supervising the activities of the defence sector and ensuring their efficient management in organisms that compose it;
- Reporting to Congress on policies and plans for national defence; and
- Supervising the investment of the resources, services and institutions in the defence sector.
The main intelligence agency in Chile is the Agencia Nacional de Inteligencia (National Intelligence Agency, ANI), which is under the Ministry of Interior. It was created in 2004, and is the head of the Sistema de Inteligencia del Estado (State Intelligence System), which coordinates the efforts of military intelligence and police intelligence.
Other military and law enforcement bodies have their intelligence units which are part of the State Intelligence System, including:
- Dirección de Inteligencia de Defensa del Estado Mayor de la Defensa Nacional (DID) – created in 1942
- Dirección de Inteligencia del Ejército (DINE) – created in 1891
- Dirección de Inteligencia de la Armada (DINA or DIRINTA) – created in 1965
- Dirección de Inteligencia de la Fuerza Aérea (DIFA) – created in 1976
- Dirección de Inteligencia Policial de Carabineros (DIPOLCAR, Police Intelligence Directorate), which is under the Ministry of Interior.
Chile spent US$ 4,000,000 on intelligence and had 2,000 intelligence employees in 2003, according to one study.
The function and mandate of the ANI is defined by Law 19.974, which regulates intelligence agencies. The National Intelligence Agency is a centralised public service dependent on the President of the Republic through the Minister of the Interior. It aims to produce intelligence to advise the President of the Republic and the various higher levels of leadership of the State.
The functions of ANI are the following:
- To collect and process information from all areas at the national and international level, with the purpose of producing intelligence and providing global and sectorial judgements, according to the requirements of the President of the Republic;
- To create periodical intelligence reports, secret in nature, to be sent to the President of the Republic and the ministries or entities he determines;
- To propose rules and procedures to protect the State’s critical information systems;
- To request from the intelligence bodies of the Armed Forces and the Forces of Order and Public Security, as well as the National Directorate of the Gendarmerie, the information of the scope of their responsibility and in the competence of the (National Intelligence) Agency, through the corresponding technical channel. The aforementioned entities will be obliged to provide the documentation and reports in the same manner as requested;
- To request from the services of the State Administration included in article 1 of Law No. 18,575 (about the general framework of the administration of the State) the documentation and reports deemed necessary to fulfil their objectives, as well as from the corporations or institutions where the State has equity, participation or majority representation. The aforementioned entities will be obliged to supply the documentation and reports in the same manner as requested, through their respective senior leadership or management body;
- To provide for the application of intelligence measures in order to detect, neutralise and counter the actions of national or international terrorist groups, and transnational criminal organisations; and
- To provide for the application of counterintelligence measures, in order to detect, neutralise and counter intelligence activities developed by national or foreign groups, or their agents, excluding the second paragraph of Article 20.
Currently, the ANI is not allowed to perform communications interceptions themselves and have to delegate that work to the police that then hand over the information. The government of President Bachelet has however proposed a bill to allow the ANI to perform communication interception themselves.
The function and mandate of military intelligence are also defined by the same law:
“Military intelligence is a function that belongs exclusively to the intelligence services of the Armed Forces and the DID.
It includes intelligence and counterintelligence necessary to detect, neutralise and counter, inside and outside the country all activities that may affect national defence. [...]
Military intelligence is controlled by the institutions on which they depend.
The objectives of military intelligence of the Armed Forces shall be determined by the heads of their respective institution, based on the national defence policy, established by the Minister of National Defence.
The objectives of military intelligence of the Intelligence Directorate of the General Staff of National Defence shall be fixed by the Minister of National Defence.”
The mandate and function of police intelligence is also defined by the same law:
“Police intelligence is a function that belongs exclusively to Carabineros and the Investigative Police of Chile, subject to the provisions of the second paragraph of Article 20.
It includes processing information related to the activities of individuals, groups and organizations that in any way affect or may affect the conditions of public order and domestic security.
The conduct of police intelligence services corresponds to the control of the institutions of which they depend.”
In 2003, an investigation by the centre for investigative journalism Centro de Investigación Periodística (CIPER) revealed that police were engaged in intercepting communications data using a car equipped with an antenna and a laptop computer running a software whose logo was "a sparrow on a stick." According to the investigation's source, this permitted police to listen and record phone calls. One possible provider of this equipment, if the source's observation is correct, could be surveillance technology company Almenta.
An earlier article on the legal procedures governing interception described an interception process involving capturing IMEI numbers provided by telecommunication companies from within police offices. The officers were equipped with recording gear, according to this article.
The surveillance and security technology tradeshow Sicur Latino America is usually held in Chile around October each year. The Chilean government officially sponsors the event.
Deep-packet inspection manufacturer Blue Coat has offices in Chile.
The German government has also sold surveillance technologies to Chile, according to a German parliamentary inquiry.
A local company known as Mipoltec has served as an intermediary for the acquisition of surveillance technologies from companies such as Hacking Team.
Surveillance oversight, checks and balances
Following the description of what is expected from telecommunication companies in terms of carrying out interception in Article 222 of the Criminal Procedure Code, Article 223 describes the measures in place to limit the privacy violations. The files are sent out directly to the prosecutor who is in charge of sealing them and guaranteeing their confidentiality. If the files are no longer relevant, a copy is sent to the people involved in the communications and the prosecutor's copy is then destroyed.
According to both the Criminal Procedure Code and the Law regulating intelligence services, data collected from surveillance can be used in court, but not presented by the ANI. Other internal and external checks on intelligence agencies' powers are contained in Law No. 19,974. This law states that:
“The internal control include, among others, the following:
a) The proper administration of the human and technical resources in relation to the tasks and institutional missions.
b) The proper use of funds allocated to the service so that they are rationally used to achieve their own tasks.
c) The adequacy of the procedures used to respect constitutional guarantees and legal and regulatory standards.”
A parliamentary committee is responsible for carrying out external checks on the intelligence agencies powers. This model of review by parliamentary committee, however, has been called relatively weak as the committee lacks investigative powers. The committee's sessions, as well as their records, are not made public.
Surveillance case law
The Supreme Court decision on video surveillance balloons in Santiago has had some implications for surveillance in Chile. In September 2015, Derechos Digitales, along with some local residents and fellow organisations Fundación Datos Protegidos, ONG Fundamental and Libertades Públicas A.G., filed a suit against the two municipalities for their use of surveillance balloons, for violating the constitutional rights to privacy and the sanctity of home. On a first ruling, the Court of Appeals of Santiago banned their use, in March 2016. On appeal, in June 2016, the Supreme Court overturned the ban. The Court recognised that such a sweeping surveillance mechanism did indeed pose a threat to fundamental rights but allowed their continued use with some conditions.
According to the Supreme Court, “given the characteristics of the surveillance system, that has been installed in mostly residential areas, we cannot but admit that those who live within its reach may feel observed and controlled, encouraged to change certain habits or avoid certain behaviours within a sphere of privacy such as domestic life”. However, this meant the need not for a ban, but for safeguards that the Court itself provided, as no previous rules exist for massive surveillance schemes. The authorisation regime set by the Supreme Court includes: recording only over public spaces, supervision by a municipal inspector against recordings of private spaces, deletion of content after 30 days, and access to the images by recorded persons.
Examples of surveillance
Though it is difficult to identify clear instances of surveillance, the most widely surveilled groups are reportedly drug dealers, anarchist groups and indigenous communities in the southern region of the country. The indigenous communities have also reportedly been targeted by surveillance drones.
Digital rights NGO Electronic Frontier Foundation reported that trade union community website Huelga.cl was approached by the Cyber Crime Police. The police required the website to hand over confidential data on its users. As the police came without a warrant, Huelga.cl refused to hand over the data.
The article from the investigative outlet CIPER mentioned above revealed that the police was illegally intercepting conversations for which it had not obtained warrants.
An interesting case highlighting the use of surveillance technologies by the Chilean police is the arrest of Bryan Seguel, a student who was accused of assaulting a police officer. It was eventually demonstrated that the video that had captured the image had wrongly linked it to his Facebook profile picture, and the Carabineros police held a list of likely culprits of disorderly conduct during student protests.
Data protection laws
Chile became the first South American country to pass a comprehensive data law, in 1999. The law is, however, weak as it does not grant data protection the same status as “private life” or “private communication”, the fundamental rights to which are protected by the Constitution. Therefore, constitutional actions cannot be carried out against state or private companies in case of a breach in data protection. According to civil society group Derechos Digitales, the law exists to provide a legal framework to the current processing and treatment of data.
Despite the 1999 data protection law, Chile has no data protection authority. A new data protection law, which would mandate a new data protection authority was announced in 2014, and the draft bill was placed in public consultation. Two years later, a new announcement was made that the bill would be reviewed by Congress during the second half of 2016.
In March 2017, President Michelle Bachelet eventually signed the new Data Protection bill that will be debated at the Senate and the Chamber of Deputies before the end of 2017. The bill aims to establish a data protection authority.
Freedom of information
Law 20,285 allows for access to government-held information. The exceptions to this law are:
"1. If the publication or the knowledge of that information could affect the proper performance of the executing authority, particularly:
a) If it is at the expense of prevention, investigation and prosecution of a crime or offence or in the case of information necessary for legal and judicial defences.
b) Prior to the adoption of a decision, action or policy deliberations, notwithstanding that those fundamentals are public once they are adopted.
c) If those are generic requirements, or referring to a large number of administrative acts or their background, as treating those requests would require an inadequate amount of work for the civil servants in charge.
2. If the publication or the knowledge of that information could affect the rights of people, particularly in the case of their safety, health, sphere of privacy or commercial and economical rights.
3. If the publication or the knowledge of that information could affect the security of the nation, particularly if it relates to national defence or the maintenance of public order or public safety.
4. If the publication or the knowledge of that information could affect the national interest, especially if they relate to public health or the international relations and economic or commercial interests.
5. In the case of documents, data or information that a law of qualified quorum declared confidential or secret, according to the grounds mentioned in Article 8 of the Constitution."
Data breaches: case law
We are not aware of any case law related to data breaches in Chile. Please send any tips or information to: firstname.lastname@example.org
Examples of data breaches
We are not aware of any examples of data breaches in Chile. Please send any tips or information to: email@example.com
ID cards and databases
In 1969, the Internal Tax Service introduced a new way to identify taxpayers by providing identification cards with a number correlated with the inscription number at the Civil Registry Service. This number, the Rol Único Tributario (tax number), was extended in 1973 as the "Rol Único Nacional" (unique national number) to all persons with the explicit goal of facilitating the participation in all areas of commerce and relation with the State. The correlating number, for Chilean-born persons, is currently assigned as soon as a birth is recorded by the Civil Registry Service. Identity cards with a duration of up to 10 years are issued by the same entity.
Identity cards are also issued for foreign nationals, who are required to register and obtain a RUN number if they wish to be residents, even if only temporarily. Until 2014, RUN numbers were also the same as passport numbers.
Chile was one of the first countries to have a fully functional border control kiosk based on facial recognition biometric technology. Passports are scanned in one of 60 kiosks in Santiago airport and the passport picture is compared to a picture captured by a digital camera. Once the identity is confirmed, the facial image is checked against an Interpol facial database and a local Chilean database. The Investigations Police (Policía de Investigaciones) has access to this system.
We are not aware of any privacy issues related to voter registration in Chile. Please send any tips or information to: firstname.lastname@example.org
SIM card registration
There is no requirement to register a prepaid SIM card. However, two bills in Congress, one in the Chamber of Deputies and one in the Senate, are attempting to establish this obligation for varying reasons.
Policies and Sectoral Initiatives
The Ministry of the Interior announced the creation of the Interministerial Committee on Cybersecurity in July 2015. Soon afterwards, the Committee held a series of consultations with key stakeholders from government, the armed forces, police and prosecutors, academia and civil society.
After the series of meetings, a draft Proposal for a National Policy on Cybersecurity was announced and circulated for public consultation from February to April 2016. It is expected that during the last trimester of 2016 a new version of the proposal will be made public to kickstart its implementation.
There is a cybercrime law in Chile (Law 19.223) but it does not contain provisions allowing for access and collection of data by law enforcement.
There is no explicit mention of encryption in Chilean law.
Licensing of industry
Chile's telecommunications regulatory body is the Undersecretariat of Telecommunications (Subsecretaria de Telecomunicaciones, SUBTEL).
Communications Service Providers
The main mobile operators in Chile are Claro (owned by América Móvil), Entel PCS (owned by Entel), and Movistar (owned by Telefónica).
All companies are now privately owned and, for the majority, by foreign companies, though Entel was formerly a state-owned company before being entirely privatised in 1992. Telefónica is headquartered in Spain, and América Móvil is Mexican.
The most recent digital agenda, Agenda Digital 2020, was unveiled during the first trimester of 2016 following a series of consultations and meetings held during 2014. The plan consists of 60 measures and policies, from connectivity to e-commerce to personal data protection. It has been strongly criticised for its lack of details and because it did not appear to incorporate an evaluation of previous processes also called "digital agendas", particularly regarding digital rights including privacy.
Health sector and e-health
Currently, a national ID number is required to access many healthcare services in Chile. Certain medical data enjoys a slightly higher level of protection.
In 2016, CORFO (the Chilean Economic Development Agency) launched “Salud más Desarrollo” ("Health + Development"), a strategic national programme aiming to reinforce the development of an industry of services, technology and health management. The objective of the program is to collaborate to improve Chile’s public health system and the quality of the service. It has been suggested that in order for the programme to succeed, it must have centralised systems to hold patients' information that are subject to more stringent legal protections.
We are not aware of any privacy issues related to smart policing in Chile. Please send any tips or information to: email@example.com
Transportation cards were introduced in Santiago in 2003 as a payment option for the subway train system. Their use was expanded with the launch in 2007 of Transantiago, a completely renewed set of city buses routes that has been modified several times in recent years, when the new Bip! card was introduced.
The system keeps information on the last 90 days of each prepaid transportation card's data, including the current amount of money, the time the card was used to validate a trip, the bus route or the subway station used, and each time the card has been topped up. This information can be checked with the card's unique number on a website.
Primary, high school, and university students can benefit from a reduced-fee transportation card. The card (Tarjeta Nacional Estudiantil) serves also to identify its holder as a student for other purposes, and holds information about its owner.
The government has installed closed-circuit television cameras (CCTV) in many public places. At least one company based in Chile offers governments solutions for “smart city” initiatives. NEC offers a range of sensing, monitoring and control technologies for operating a smart city with privacy implications.
We are not aware of any privacy issues related to migration in Chile. Please send any tips or information to: firstname.lastname@example.org
We are not aware of any privacy issues related to emergency response in Chile. Please send any tips or information to: email@example.com
Humanitarian and development programmes
We are not aware of any privacy issues related to humanitarian and development programmes in Chile. Please send any tips or information to: firstname.lastname@example.org
In 2011, the government was harshly criticised for announcing that it would contract the company BandMetric to monitor public perception of the government expressed over social networks. Evidence suggests that BandMetric is still being used by the current government of President Bachelet.