Net-Threats: How To Lie With Statistics, Again

Another example of how a non-statistical-based research is turned by poorly informed journalists into “scientific truth”. Net-Threats is a survey collecting the opinions of a certain number of “experts”: as its authors clearly state:

Since the data are based on a non-random sample, the results are not projectable to any population other than the individuals expressing their points of view in this sample. The respondents’ remarks reflect their personal positions and are not the positions of their employers; the descriptions of their leadership roles help identify their background and the locus of their expertise.

But this part of the survey – that nobody but the concerned people will ever read – is missed in the  poor journalistic account of the news and the readers will be given the wrong idea that the figures quoted are for real and that the findings are “true”.

By the way, as in the other “statistical” research about the value of personal data, I’ve written about, the findings of this survey might even be acceptable. But there is no need to beef it up with figures and percentage show off that give the general reader a wrong information.

But in this case, the culprit is the journalist.

The Data Protection Authority Leak And The (Now) Hard To Find Article

The title that links the article about the leaked Italian Data Protection Authority secret report is no more easily accessible on (the newspaper that did the scoop.) There is no trace of this link in the home-page, and the title is missed in the Technology section.

If you are quick enough, a one minute short video clip gives you the possibility to click an anonymous link (labelled “Leggi su” – “Read it on”) and finally the article comes on screen.

Technically speaking, then, the article is still online but now in a hard-to-find form. And this is rather odd, because other older and less important articles (such as the valueless research on the personal data selling price) are still featured in the technology section of this newspaper.

Coca-Cola And The True Meaning Of Copyright

The new Coca-Cola marketing campaign in Italy puts on its bottles quotes from popular Italian songs. Of course this has been previously negotiated with the copyrights holders but not with the single artists that sold their song to the music label.

Technically speaking, Coca-Cola did nothing wrong and its activity is perfectly legal. But one of the featured singers, Caparezza, didn’t like his songs to be exploited the Coca-Cola way.

Under Italian Copyright Law, Caparezza and – broadly speaking – an artist have no actual protection in such case since once the tune has been sold to a music label, the musician only retains the “moral right” (mainly the right to be credited as the author, and the right to oppose any mutilation of his work.)

So the question is: whose interests copyright is supposed to take care of?

An Italian Data Protecion Authority Secret Report Leak?

According to an Italian newsmagazine, a non-for-public eyes investigation of the Italian Data Protection Act would have found severe security problems in the management of the Internet Exchange Points (the points of the Italian telecommunication network where the various telco networks are mutually interconnected.)

A first remark is that the King is – or might be – naked. If this secret report actually exists (and the IDPA didn’t deny its existence) and has been leaked, the Authority’s information security is not that good, and – therefore – the IDPA should fine itself for this non compliance, instead of just targeting the rest of the (industrial) world.

Coming to the heart of the matter, in the words of the journalists that authored the article:

there is an enormous black hole in the security of the Italian telecommunications. A hole so wide that allows whoever with a proper equipment to have available phone calls, SMS, emails, chat, and social-network posted contents.

The journalists claim that the report verbatim says:

These device are equipped by technical features that can allow the traffic duplication, in real time, of the traffic in transit diverting it to another port (port mirroring)

and that

if somebody wanted to look at the traffic in transit this would be easily done with specific analysis tools …

It is amazing how this article – and the IDPA findings, if proven true – are so poorly legally and technically savvy because:

  • the possibility of performing a port mirroring is necessary to the public prosecution and intelligence agency activities. The point, then, is how and by who these feature are exploited rather than its mere existence, that like-it-or-not are necessary for investigative purposes. One day, maybe, it will be possible to disclose some of the ways traffic data information are asked, but this is another story…
  • there is no evidence of the port mirroring features being abused, misused or cracked,
  • performing a port mirroring in an Internet Exchange Point is not as easy as the article and the IDPA report(?) say: it is not like Independence Day computer virus uploading or Swordfish’s Hugh Jackman “under pressure” hack,
  • there is an easy way, available almost since day one of the pre-internet era to protect users’ communications without caring of what the ISPs do: client-based encryption. But I assume that the Minster of home affair wouldn’t like an IDPA endorsement of the “crypto-for-the-masses” slogan,
  • oddly enough, the IDPA secret report (if true) doesn’t address the serious problem of network devices proprietary firmware and operating systems that prevent an ISP to check on its own the existence of backdoors (as in the recent Cisco affair) and other security flaws.

The Internet Bill of Rights. A Dangerous And Useless Idea

Italy (or at least, a little but noisy group of old-school netizens, politicians and academics) is in pole-position at the race for the Internet Bill of Rights, a sort of “constitution” to grant “internet rights” to the people.

The Internet Bill of Rights is useless because doesn’t add a set of rights that we don’t own just yet, and is dangerous because, on the contrary, would add more confusion to a rather chaotic situation.

In the Western World we have plenty of rights such as: data-protection, personal privacy, free-speech, freedom of commerce, freedom for press, copyleft and copyright. But what we actually lack – in Italy for sure – is a FAIR ENFORCEMENT of these rights: the fundamental rights that are taken for granted on paper, when challenged in court or in the parliament are twisted and torched to meet the need of the moment.

Think of the ridiculous extension made by local courts first and then by the Corte di cassazione (the Italian Supreme Court) of the “seizure” legal concept up to including the Internet traffic filter, or the way the Italian Data Protection Authority is working as a censorship machine, taking over the freedom of press, the Communication Authority, that self-gave the power to shut down Internet resources accused of copyright infringement, without any judicial review or, yet, the Antitrust authority that has been given the power (that was supposed to be reserved for a judge) to tell as illegal a contractual provision between a professional and a consumer…

This is typically Italian: pretend to fix a problem by passing a law, and immediately forget to check whether and how is enforced. And when the “need” arises, the old joke comes into play: law is enforced against enemies, interpreted towards friends.

The Economics of Personal Data And The (Reckless?) Use Of Unreliable Statistics

A paper by a scholar of the university of Trento (IT), co-authored by people from the Kessler Foundation,Telefonica Network, Telecom Italia and Google finds that we are ready to sell our personal data for about two Euros.

Although the conclusions are – in principle – fair enough and match the “gut-feeling” of whoever works in the field of the personal-data handling, I wonder how it would be possible to draw statistics evidence by the criteria adopted.

I’m not a statisticians, but the only part of the paper dedicated to the sample’s composition reads:

All volunteers were recruited within the target group of young families with children, using a snowball sampling approach where existing study subjects recruit future subjects from among their acquaintances … A total of 60 volunteers from the living lab chose to participate in our mobile personal data monetization study. Par- ticipants’ age ranged from 28 to 44 years old (μ = 38, σ = 3.4). They held a variety of occupations and education levels, ranging from high school diplomas to PhD degrees.
All were savvy Android users who had used the smartphones provided by the living lab since November 2012. Regard- ing their socio-economic status, the average personal net in- come amounted to e21169 per year (σ = 5955); while the average family net income amounted to e 36915 per year (σ = 10961). All participants lived in Italy and the vast majority were of Italian nationality.

While, again, I have a limited knowledge of the statistic, there are a few oddities in the method applied by the researchers that undermine the value of the findings:

  1. The sample is made by only 60 people, belonging to young (wealthy enough) young families with children. This isn’t actually a fair depiction of the Italian socio-economics. Furthermore, there are neither enough information about the socio-economic status nor the  geographic location of the participants to actually understand the sample quality.
  2. Even Wikpedia knows that the “snowballing” sample selection method is known to be prone to biases. No evidence are given in this paper of who the biases are handled.
  3. Though broadly used, Android isn’t the only platform. A well balanced sample should have taken into account Blackberry, IOS and Windows Mobile (or whatever the name.)
  4. The “measurements” of individual traits data relies upon psychological categories and methods. Psychology is not a science and putting a bunch of equations into an highly subjective discipline doesn’t turn it to hard science (I know, I know, positivism is dead, natural sciences aren’t so “absolute” etc. But try to send a rocket to the moon by assessing the “mood” of a ballistic trajectory and tell me the results.)

Before concluding that this paper offers no scientific evidence of its findings I would like to have these (and maybe other, expert-made) questions be answered. But I’m afraid that the final judgements wouldn’t change.

A final remark: the lack of scientific method shown in this paper is dangerous because, as often happens, poorly informed journalists jump on the news and “sell” it without any warning to the readers, thus luring them – and the Data Protection Authority, I fear – into thinking that what is a limited, partial and non-relevant work actually drives to factual conclusions.


Parkinson’s Law Italian Edition Quoted By Gian Antonio Stella

Gian Antonio Stella, a well known  journalist whose articles are published by the most important Italian daily newspaper, Il Corriere della sera, just published a new book: Bolli, sempre bolli, fortissimamente bolli, about the bureaucracy cancer in Italy.

At the beginning of the book (Kindle location 1853, to  be precise) he extensively quotes  La Legge di Parkinson, the Italian translation I did of the British classic “Parkinson’s Law“.

Google Not To Become A US Defense Contractor

Well, the news isn’t actually “new” but there is one interesting and underlooked Google statement about the acquisition of the (military) robotics firm Boston Dynamics: while the current agreements are honored, Google has no plan to become a defense contractor.

This way Google is depriving the US military system of a top-notch technology, keeping in its own and solely hands what is supposed to be a (although future) critical asset for the US security and safety.

Should this trend be confirmed, we might face in the near future the massive accumulation of advanced technologies in the hands of just one company that might become the “one-stop” for defense – and more broadly – public needs.



The Italian Copyright Levy To Legalize Digital Piracy?

The Italian Minister of culture, Franceschini (Democratic Party) issued the decree – effective by July 17, 2014 – that makes the copyright levy skyrocket up to 30 Euros per multimedia storage device. This levy (technically called “fair reward”) is supposed to compensate in advance the authors for the copy made by a user of a copyrighted content. Even those contents – so long, entertainment industry – shared through the Internet. But the authors who don’t belong to SIAE (the Italian Royalty Collecting Agency) will never get paid for the (ab)use of their works.

So, how is it possible that online sharing isn’t illegal? Here is the catch: nothing in the Italian Copyright Law says that the copy must come from an ORIGINAL or legally owned content. The consequence is that if I download or share something through the Internet I’m not infringing somebody else’s copyright because of the preemptive payment made through the levy.

More than legally correct, this conclusion comes from common sense: the “fair” compensation exists way before the Internet and was designed in the VCR-era to allow copyrighters to get some money from the privately made TV broadcast recording. Of course somebody who recorded a movie didn’t have a “right” over this content that allowed him to put it on a video-cassette and this is where the levy jumps in. The equation is simple: pay your fee in advance and get the right to keep your favourite show at home.

As odd as it may sounds, this equation works for the Internet too but the entertainment industry refuses to even talk about the issue, claiming that the levy is designed for legally-owned content only. While – again – there isn’t such provision clearly stated in the law, this statement is counterintuitive since is a fact that as soon as a content is stored on a levy-burdened media, the author compensation’s has already been paid.

Instead of complaining, the entertainment industry should be happy of this unjust levy because it gets money from a huge quantity of Terabytes used for backups, business continuity and private storage that don’t contain copyrighted works and that – nevertheless – are still burdened by the “fair” compensation.

The only that have the right to complain are all the unknown authors whose works (music, words, pictures) are routinely abused (not only) on the Internet and that will never get their share of “fair” reward. Yes, because all the monies we pay fall into the SIAE  that shares the cuts among its members.

Is this “fair” reward actually so?


Software-Based Claims Attack Strategies

Under Italian laws, hiring a software-house to produce an industrial application may expose a non-IT savvy company to civil and criminal action filed by the software-house itself and/or by the other software-house that has been called to replace the one the initially did the job. This is the consequence of a lazy attitude towards a properly written agreement and a deep ignorance of the intricacies of the software development’s world.

Here is a fairly usual scenario: a tiles manufacturer needs a software to control the temperature of the ovens used to finally release the products. It asks a software house to write the application, securing in the agreement that “all the intellectual/industrial property belongs to the company”. By doing this the company feels on the safe side and believes to be shielded by no matter what problem.


The agreement didn’t clarify the exact way the IP must be transferred, so the software-house delivers the software on a LICENSING basis and not as a full-ownership transfer. Once the agreement has been signed, the company doesn’t read the following papers at all and thus, de facto, the agreement has been amended (possibly) unbeknownst to the company’s legal department.

Let’s say, now, that the business relationship with the software house breaks and the company finds another partner, giving him access to the source code made by the previous developer. The company sees no problem in doing so since believes to “own” the software so the new developer just start working on the code.


The company failed to identify the code given by the original developer (for instance, by adding disclaimers or comments both in the source and the executable version) thus infringing the moral IP rights that, under Italian Copyright Act belong to the author and cannot be sold or otherwise transferred.

So the software’s author steps in claiming that the company has violated his rights because allowed a third party to access and use a LICENSED code. And when the company tries to blame the new developer he counter the move by accusing the company of infringement of the Criminal Corporate Liability Act (Legislative Decree 231/2001) because of the lack of prior identification of the supplied source code as being authored by a third party.

Lesson learned: under Italian Laws a proper software development agreement should at least contains:

- a precise identification of the source code that has been released, with a duty, on the software-house side, to mark and duly comment the software,

- a clear statement about the IP ownership transfer to the company,

- a clear exclusion of any further change or amendment including the impossibility of turning the agreement from a full-transfer into a license,

- a clear provision that, whatever the legal status of the software, the company is entitled to be given the source-code,

- a clear clause that grants the company, whatever the legal status of the software, the right to allow third parties to access and modify the source code.

Furthermore, since such kind of agreements – once signed – rarely come back on the legal department desks, it is fundamental to train the technical and financial department involved in the further steps, to carefully scrutinize papers and communications so to avoid any “mudding” of the original stipulation.

A final note: when a third party is hired to work on the software, it should be made it clear that the software, while owned by the company, still bears the original author’s moral right, with all the legal consequences.