There is no such thing as “information” security. Continue reading
The decision n. 54946/2016 released by the Italian Supreme Court – Vth Branch that held a blogger liable for defamation for a libeling post on his website is gaining momentum in Italy as a case law affirming the automatic liability of a blogger for the behaviour of the people who posts comments. But this is a wrong account of the story.
The merit of the issue is a comment where somebody called the chair of the Italian Soccer Pro League a certified criminal and a crook, and sent the blogger the criminal record of the chairman. While the defendant claimed of not knowing about the comment until the police knocked at his door, the court found that the email containing the criminal record was
enough to have actual knowledge of the existence comment itself.
This decision has been wrongly reported as a shift toward the intermediary liability for omitted control of a platform’s contents.
The decision grounded the indictment on the basis that the defendant actually – actually, I repeat – knew about the existence of the defamatory content and didn’t remove it. Thus – it can be summarized – he either directly contributed to the defamation or indirectly allowed the post to exploit its effect.
While, thus, this decision doesn’t impose a duty of preemptive monitoring, it broadens the notion of “actual knowledge”.
To what extent it will be assessed in the near future.
A friend of mine asked a quick commentary about a Telegraph news about the European Court of Justice decision that bashed the British Data Retention and Investigatory Powers Act, forcing the ISPs to abid to a one-year Internet traffic data retention period.
Here is my answer:
It is clear that the EUCJ is following its political agenda.
As I said countless times, law enforcement and national security aren’t subjected to the might of the data-protection directive so this legal instrument can’t be enforced to rule investigative powers.
It is false that users are note informed about the retention. There is a law that set forth the duty, so the citizen are supposed to know about it (ignorantia legis non excusat.)
Again, the article and – I suppose – the EUCJ confuses fairly different things: GCHQ is intelligence and – as such – is well out of reach from the DP directive. Other public bodies have the right to perform their investigation to guarantee the respect of the law.
So, the actual problem is quis custodies ipsos custodies. In other words: I have no problem with an agency that accesses my data. But I do have the right to know in real time when it happens and why (or, if there is a secrecy issue, as soon as it is reasonable.)
According to Laura Boldrini (left wing), President of the Italian Low Chamber, Google and Facebook are ethically liable for what the users do online. Talking about the (venerable) online hoaxes phenomenon, she verbatim stated:
They are not telcos, they have an ethical and social liability. While obviously it isn’t only their fault if hoaxes are spreading. 1
This is not the first time that Boldrini tries to extend the liability of the users to ISP, Telcos and Over the top operators and this last statement lead to think that there should be an actual agenda on this topic.
But the concept of “moral/ethic liability” is both religious and individual, and in a democratic country where the rule of Law is supreme, is not supposed to be taken into account. On the contrary, following a precise script, this is what we face every time that the Internet is involved: public outcry first, ethical issue next and, finally, an “ethical” regulation.
In the specific case, Boldrini’s position is wrong from whatever the side you look at it.
It is ethically dangerous because weakens the legal principle of the individual’s personal liability, thus reinforcing users’ idea that online there is no accountability.
It is legally unfeasible, because the e-commerce directive made crystal clear that ISPs cannot be forced to monitor and verify each single act of a user, and the data protection directive says, again, crystal clear, that the data protection regulation doesn’t apply to individual’s data processing (in other word: the law doesn’t work for a Facebook’s post made by a user.)
It is market’s sinking. Italy has already proven to be unable to join the digital economy race, and this regulatory approach from Boldrini is another dead weight to the Italian Telco industry.
- Non sono compagnie telefoniche, hanno una responsabilità morale e sociale. Anche se ovviamente non è soltanto colpa loro se si diffondono le bufale. ↩
Audiophile hardware… pardon, equipment, is expensive. Full stop.
It is a “given” that to enjoy “true” music you must allocate a budget that equals the purchase of a supercar otherwise, as Califano (an Italian singer) used to sing, tutto il resto è noia (everything else is spleen.) But is it actually so?
Currently I’m listening some Antonio Vivaldi’s concerts played by Yo Yo Ma, in CD – quality (44/16) FLAC format through a couple of bookshelf B&W loudspeakers connected to my old (sorry again, “vintage”) amplifier that receive the analogue signal from a thunderbolt DAC made by Zoom Japan. Not factoring the computer, the whole setup costs well below a thousand Euros and the quality is very good.
Of course an audiophile would strongly disagree with this statement. He would surely start talking about the superiority of the brand X’s amplifier or the absolute need of a thousand Euros-per-meter loudspeaker cable to have the music flows more “liquid” and so on. And he will rebuff with a pity look in his eyes whoever says something different: ignorant can’t actually understand the “truth”, so let them listen at their Iphone’s earbuds.
To some extent this audiophile is right: expensive rigs can produce awesome results. But a simple logic shows that this statement is wrong and doesn’t match the reality of the digital music industry.
First, it is false that an 100.000 Euros music set up sounds 100 times better than a 1.000,00 Euros one. The more you get close to physical limitation of whatever equipment, the price of each improving step raises more and more and the quality result is more and more less than proportional.
Second, the majority of the music labels still sells their music in CD quality, i.e. the 1980, Red Book standard (16 bit, 44Khz) and even those CD advertised as “24bit recorded” are actually downsampled to the usual standard. With vinyl there was some sense in purchasing costly turntables to minimize the impact of the moving parts on the quality of the electrical signal to be sent the amplifier. Digital files free us from this need. Sure, there are different quality level in digital-to-analogue conversions (DAC) hardware. But a lot of what is sold right now is just “whistles-and-bells”. Spending money for a DAC able to handle 24bit/192Khz or DSD128 streams is useless because, right now, none of the big music labels are releasing high resolution versions of their catalogue, limiting to a very little niche of contents. So where is the point in spending huge monies to buy something that is of no use?
Third (or, maybe, Second, continued), high resolution files make sense only if the music to be played contains a very high dynamic range (from the lows of drums and percussion to the highs of violins and triangle), high personality musical instruments and great players. “Dirty” music like blues (think of John Lee Hooker) or rock (Jimi Hendrix jumps in) is not enhanced by “better” mastering, as there is no improvement in overmastering a Lady Gaga tune. Furthermore, a lot of the music available on the market is a “bookshelf product”, i.e. something that has been designed to be sold in a very short timeframe, just to be replaced by the next new “version”. Can you actually tell the (musical) difference in the “artistic” production of what is currently sold as “music”? It is not a coincidence that, more and more, “artists” are known more for their eccentricity or fashion look than for their “cultural” production. This is not a rant about how better was the good ol’time music, but a precise cost-benefit analysis: no need to invest in better recorded music, if what has to be sold doesn’t worth it and – more important – if the customer base is not willingly to pay the premium price.
Conclusion: a logic approach to the sound quality that involves a look at the marketing digital strategy of the music industry and the account of the Far East sound-handling devices’ quality shows that it doesn’t make sense to waste money into “audiophile level” equipment.
What we do need is just better music.
The short story is: if I want to pay for a legitimate copy I have to wait don’t know how much time.
Why on Earth, apart being a law-abiding lawyer (no pun intended), should I restrain myself from looking for some torrent? (BTW, should I do it, who might blame me, since I already paid for “SIAE TAX” on my terabytes of storage?)
Copyright stakeholders are still living in the last century, don’t they?
The Brexit’s outcome, Donald Trump to become POTUS (President of the United States) and, before that rise of “populist” political wings, are all a consequence (I hate to say it) of the Internet. Of course, the Internet is not the only factor, but facts show that it contributed largely to a shift of the people’s role in the political arena.
Before the Internet, haters, poorly educated and fanatics lived their life in
(a relative) isolation. They were just individual drops or – at the very worst – a number of little, unconnected rivulets. Thank to the Internet, they all of a sudden discovered that they weren’t alone in their way to look at life and found a way to turn the rivulets into an enormous tide.
So, what present reality teaches us, is that the Internet empowered the most gullible and “weak” part of the society with an actual capability to create social, political and economic damages.
I do not intend to offend (and I’m not talking about) those who voted to leave the EU or supported the current POTUS and so on, that did it on a rational, informed basis. That’s the core of the democracy: a dissenting opinion is not – per se – wrong. What scares me, as the late events have demonstrated, is that our destiny can be shaped by a large, irrational, anonymous digital crowd.
It would be easy, at this point, to start thinking that Russia and China aren’t that wrong
when they prevent the people from accessing the Internet. And that a serious tool should be handled with the proper care and training by untroubled people.
But, apart the unacceptable racist basis of the statement – this would means that only a few should have had access to this resource and then that nobody would have thrown the necessary money to develop the network. So, to close the circle, we now enjoy the Internet as it is, because less culturally-structured people made it possible.
Having a tool that makes people dumber, a modern version of Nero’s panem et circenses, is great for the powers-that-be. Do spend your time in streaming, social-networking, and texting and let us do our job: we know what’s good for you.
And the paradox lies in that: to have power you need to make people weak in thinking. But such kind of people do irrational things, hence Brexit, Trump and so on, so the power you’re eagerly looking for, is lost.
Funny, isn’t it?
As expected, Privacy Shield has been challenged in front of the EUCJ.
Before wasting time and money trying to comply with this DOA thing, it would be safe to wait for the judgement.
The Corte di cassazione (Italian Supreme Court) decision n. 20615/16 narrows the definition of “personal data” under the Italian data-protection act that enforces the data-protection directive.
The merit of the decision is a legal action against a municipality accused of having published on its website the name and surname of an individual who sued the municipality.
While, the Court said, when mandatory by law the releasing of personal data is always allowed (and this was the case, since there is a law the bind a municipality to disclose its decisions, including those related to legal actions), the simple publication of a name and surname is not enough to make and individual actually identifiable.
Verbatim, the Court says:
the identification of the individuals… would have been possible only by way of further investigations, including third-parties database, with a disproportionate effort in terms of energy and money that is not justified by the interest to identify people involved in a trivial car accident.
This decision set forth a very important point because points out the fact that the “identifiability” notion of the directive is a relative one.
In other words, and enforcing the legal principle to the telco world, an IP number in itself is not necessary a personal data, unless “the identification of the individuals… would have been possible only by way of further investigations, including third-parties database, with a disproportionate effort in terms of energy and money that is not justified by the interest to identify people”.
Needless to sat, the Italian Data Protection Authority has always challenged this interpretation, trying to affirm an “absolute” notion of personal data, thus creating bureaucratic burdens end financial costs for the compliance.