As the rest of the world digests the implications of the data surveillance by the National Security Agency (NSA), it emerged that Brazil is also on the list of non-adversarial countries being monitored.

The Brazilian newspaper O Globo broke the story, co-written by Guardian journalist Glenn Greenwald and published yesterday (7 July), based on documents leaked by whistleblower Edward Snowden. The article suggests that systematic tapping of the telecoms network has led to the collection of emails and telephone records of millions of Brazilians over the last decade.

There are no specific numbers, but the article says that about 2,3 million phone calls and messages in Brazil were monitored in January alone.

Ever since the NSA spying scandal became public, Brazilian authorities have followed the subject. However the debate has become a lot more serious since yesterday, as the allegations are directly related to Brazil and include not only implications around international communications, but also information on local exchanges.

The O Globo story also implies that Fairview, the company that collects data across communications networks worldwide on the NSA’s behalf could be commercially involved with Brazilian telecom operators to get access to private information.

“Evidently [the possible involvement of Brazilian telcos with the NSA] changes the debate, and if that’s the case we are dealing with a crime, as the constitution assures data privacy to all, whether it is in a traditional or digital format,” communications minister Paulo Bernardo told Radio Estadão today.

“So we will investigate that possibility. And I repeat: if we find that this is the case, [the companies involved] will be held responsible. Internationally speaking, we have asked for an explanation from the US and have requested action from international bodies to assure cyber security and privacy to contain that sort of thing,” he added.

The minister also accepted that the telcos will probably say they have nothing to do with the spying activities, so wheels are already in motion to start a police investigation on the matter – which also involves new rumours that Brazil has maintained a data collection facility in the country alongside the NSA.

The Brazilian government wants explanations from the US, but they won't be getting any: the Department of State in the US already told BBC Brazil that it will not comment on any specific intelligence activities.

According to a note released by the presidential office, president Dilma Rousseff wants to push an agenda of improvement of rules on telecommunications security with the International Telecommunications Union (ITU) and launch initiatives alongside the United Nations "to prevent the invasion of privacy of users of virtual networks of communication (...) that protect citizen rights and preserve the sovereignty of all countries. "

The Brazilian government is worried about the possibility of monitoring in a local political, commercial and industrial sense - to the point the possibility of implementation and cost of a national data warehousing system, as well as the creation of an internet act were among the options was being considered by Dilma and her team at an emergency meeting on Sunday.

The surprised reaction of the Brazilian government to these events illustrate the fragile state of Brazil in relation to dealing with business and civil rights on the internet: examples include t he recent regulation of basic principles of e-commerce – this being a market that generated $11bi last year alone – and the relative absence of data security frameworks, which makes Brazil one of the worst places in the world in which to host a datacenter.

Typically, when faced with some sort of tech-related crisis such as the NSA spying, the immediate reaction of the Brazilian government is to create an emergency solution. In this particular situation, the government is looking hopelessly immature, both in terms of its existing policies and in terms of what it is asking the ITU and the UN – rules to regulate the web.

This is the start of a long debate and there is no easy answer to the current issues. Brazil is learning the hard way that it needs to play some serious catch up when it comes to its technology policies – but holding private companies to account in the event of illegal cyber operations would be a good place to start.