Is The IPhone Criminals’ Weapon of Choice?

According to NBC, Apple has been ordered by a federal judge to support the FBI in decrypting the Iphone used by the people accused of having slaughtered 14 people in San Bernardino, California, last December, 2, 2015. The court order has been necessary since Apple refused to voluntarily provide such support.

These are the bare facts, that have been turned into a horse of different colours by  bad-faith anti and pro encryption activist. The former sang the usual song “Strong Encryption Smooths Criminals”(FBI Records), while the latter waged the old flag “Weak Encryption Affects Civil Rights”.

The federal court neither asked for a backdoor nor for the enforcement  of a weaker Iphone security, but just said Apple to support the after-crime investigation. This court order doesn’t hampers people’s legal right to strong encryption, because the justice said something like “you have the right to own a strong safe, but the State has the right to try to open it whatever the mean in case of a criminal investigation”. In this context, then, the fact that Apple has been ordered to provide support to the FBI is not constitutionally illegal.

I still support strong encryption for the masses (and for companies too), but I don’t think that making a case out of this court order might help the civil right cause. It only works as as a (maybe unintended) advertising stunt for Apple that can portray itself as a “privacy shield”.

Blogging vs Social Networking: different tools for different goals

Blog and Social Networks are very different tools of expression (and, for what it worth, online marketing.)

A blog gives you absolute freedom and exposes your thoughts to potentially a huge quantity of people. People, on the other end, can enjoy the things you do without necessarily disclose their identity, unless they actually want to do.

A Social Network page/profile, instead, implies that the majority of your audience is made by those you already know or, at least, you are acquainted with. Yes, I either know about the existence of “public” pages or the possibility of “following” somebody else, but this doesn’t change the point.

To blog is more like living into the wild, where you can meet other peers, predators or none at all (and in this case ask yourself why are you still blogging if nobody cares.) While “living” in a social network is fairly safer but actually less challenging because of its “Walled Garden” design.

While is obviously possible to use a blog to stay in touch with people and a social network to publish contents aimed at a (personally) unknown audience, it would be more efficient to use the proper tool designed for the specific task.

Unless you are left without options, why should you use a hammer to cut a wire and a screwdriver to hammer in a nail?

The Web is ISIS’s Nuclear Bomb

The Web is ISIS’s Nuclear Bomb. This is what Loretta Napoleoni, author of books on the economic side of terrorism, wrote in an article for the leftwinger Italian newspaper Il Fatto Quotidiano.

Napoleoni claims that – as the Marxist ideology did in the past with the “word-of-mouth” or, better, “word-of-book” – ISIS’s propaganda gets its power from a new “ideology-spreading-tool”: the Internet, and thank to the Internet will last, no matter what:

Even though, hypothetically, we should succeed in taking out all of ISIS’s warriors by bombing them and killing al Baghdadi, the ideology that these people have created and their universal message will last on the Internet. 1

I don’t have enough authority to challenge the curious association Napoleoni did between Karl Marx philosophy and ISIS’s vision of the Islamic religion, but I find grossly superficial and offensive for the victims of (every) war to compare “the Web” to a nuclear bomb.

As I wrote in a post, war is made of bullets, and bullets hurt as do (nuclear) bombs. Bombs make carnage, slaughters, shred a human being in pieces, burn, annihilate, vaporize, wipe communities, blindly kill innocents, pollute lands for centuries or millennia (ask Hiroshima and Nagasaki survivors for additional info, just in case.) E-mail, newsgroups, chats, FTP (yes, Napoleoni, the Internet is not only made by HTTP) are tool of freedom designed by free people to give humans a free chance to communicate with no physical and social barrier.

Those like Napoleoni – and her cultural associates, member of the “Internet-as-a-threat Club” – should simply accept the fact that ideas are countered (and sometimes, fought) with ideas and that the worst way to challenge a disturbing statement is to censor it.

The idea that a sole statement might change somebody’s personal philosophy up to turning him into a human bomb carrier is simply wrong. Change of mind happens by way of  tragedies, loneliness, apartheid and injustice and not because of a tweet.

As per the “Internet Patrolling” advocated (not only) by Napoleoni – though sadly labelled by her as ineffective – again, let’s go back to basics: as the East Germany, Russian and Italian political police history show, to fight an enemy and prevent attacks there is no substitute for an actual, massive, ruthless and pervasive physical control. But t this is disturbing and, rightly so, nobody in the Western world is available to give a government so much power.

And here comes the brilliant solution: let’s fall back on the Internet and blame “the Web” as a radicalization tool.

No, Napoleoni, ideologies will not last because of a blog. They will stand until there will be inequality in world, it means until the end of time.

  1. Orginal text in Italian: Anche se, ipoteticamente, riuscissimo a stanare con le bombe tutti i guerrieri dello Stato Islamico e a far fuori al Baghdadi, l’ideologia che costoro hanno creato ed il loro messaggio universale in rete rimarrà

War is fought with bullets

True, the monumental unscrupulousness of the ICT business (which sells systems
without concerns for the security side), and the naïveté of its clients (trusting hardware instead of good practice and appropriate security processes) built today’s western digital infrastructure as a Colossus with feet of clay.

True, this made the Western World a soft target for computer-related criminals and terrorists.

True, a lot of damage can be done in a short time by a committed digital strike.

But don’t forget that war is fought with bullets, real bullets.

And bullets do hurt.

Légion étrangère and Kamikaze. Dangerous Rethorical Stunt of Italian Politicians and Media

Undersecretary Marco Minniti, superseeding the Italian Intelligence activities on behalf of the Government, gave out his two cents about the war on terrorism – the Italian Way, announcing a private-public project to fight cyberterrorism and claiming that Europe hosts the Légion étrangère of Terror.
Here is the screen-shot of his statement:
ForeignLegionWell, I don’t want to talk about the merit of the cyberterrorism response of his announcement. It is too early to actually assess a proposal that ranges from catastrophically ineffective to functional.

Let’s wait and see, but in the meantime I’ve found grossly misinformed and misleading the association Mr. Minniti  did between the terrorist forces and the French Légion étrangère. It is a fact that people from many different countries are joining the terrorist camp, but in no way this can be compared to what (like it or not) the Légion is.

What I find rather disappointing is that to obtain a rhetorical stunt in front of the Press, a politician that is supposed to know better just let slip easy and wrong messages. I can imagine a newspaper’s title when the next attack will strike: “Terror Foreign Legion vs France’s Foreign Legion!” Awful sounding isn’t it?

This is what happened so far with the word “Kamikaze” whose meaning has been turned upside down by the Italian media.

Kamikaze was (and still is) the name for a desperate military tactic (BTW, not so different from the one Winston Churchill thought of fighting German panzers in case of invasion of the British soil) conceived by an army against another army, and has nothing to do with the exploitation of an individual as human bomb carrier targeting people with non combatants status.

Words’meaning grip loss leads to confused ideas, and cloudy thoughts produce wrong decision.

Italy To Storm Playstation Networks? The Steve Jackson Game Case Strikes Back

According to Andrea Orlando, Italian Minister of Justice, Italy plans to fight  the war on terrorism on Playstations.

In a press conference, Mr. Orlando said that new technologies are exploited by terrorists, and it is imperative to keep pace with the innovation, by allowing the capability to wiretap chat (whatever this means) and Playstations.

Apart from the merit of the issue (we might either agree or not about the strategy, but this is a horse of different colour) what matters is the clear uneasiness of the Minister in  talking about topics he’s clearly not knowledgeable in.

I really wander how the law enforcement agencies will be able to extract something useful by wiretapping network games that deal with assaults, terrorist actions, covert operation and so on.

Will they be able to sort the truth from the game?

Are we on the verge of a new Steve Jackson Games scandal?

The usual approximation showed by a politician in charge of taking the lead on technology-related issues shows that key decision on such a sensitive matters are made elsewhere, by someone else not at all well versed in the matter. And it would be interesting to know who this “Mr. Someoneelse” actually is.

To have a better grasp on the operative issues before talking to the Press,  maybe it wouldn’t had been a bad idea  for the Minister to spend some spare time playing Call of duty or Splinter cell.

 

Microsoft Blog Post on Safe Harbour. A Different Perspective

The collapse of the US-EU Safe Harbor: Solving the new privacy Rubik’s Cube is a post on the official Microsoft’s blog that is gaining momentum since it is possibly the first “cooled down” analysis of the EUCJ decision on Safe Harbour. Though well articulated, nevertheless, I think that the “hook” where the chain of reasoning hangs is weak.

I don’t think we should go for “global laws” because of the technological evolution.

“Global laws” means “Single Government” or, in other words, the end of democracy.

From a legal standpoint, the technological evolution is irrelevant because technology only affects the way things are done and not the right to do it.

You don’t need to amend the provision that punishes killing or manslaughtering everytime that somebody figure out some “creative” mode to put a R.I.P. stone over somebody else head. Or, dealing with the technological “evolution”, you don’t need a new provision to sanction hate speeches, personal life intrusions, libel and defamation, stalking and so on “just” because of the Internet. The illegal behaviours were already there before the computer era.

Furthermore, we all know that law is rather Lobbyists’s pressures, political mediation, economic and financial differences driven, than God-inspired.

Guess who would going to write this “Global Regulation”?

Safe Harbour and the Shortsighted Data Protection Authorities

After the EU Commission met the industry (I was there on behalf of an European industry association) to hear the voice of the business, yesterday it met the Article29 working party (the EU gathering of the national Data Protection Authorities) to explore the possibility of of a short-term solution to avoid exposing thousand and thousand of innocent companies to investigations and fines for “infringing” the data protection directive after the Safe Harbour has been stricken down by the EU Court of justice.

The outcome of this meeting has been very simple: the Data Protection Authorities just couldn’t agree on the possibility of using standard model clauses or binding corporate rules as a viable Safe Harbour alternative, refused to agree on the fact that companies relying upon the Safe Harbour for about fifteen years are entitled to a grace period and feared of no being able to stop the data flow toward the US because of the lack of resources. To put it short: the industry has been left without certainties, victim of potential legal complains, but with no alternative but carry on its activities.

I don’t know if this folks at the Article29 actually live on Mother Earth or in Outer Space. Fact is that such kind of attitude – blindly following a (questionable) reading of the EU data protection directive – is a danger for the international economic system as well as for the safety of the citizens.

The Hypocrisy of the Safe Harbour EUCJ decision

According to the EUCJ , EU Commission’s Safe Harbour is invalid because of the possibility for the US intelligence/law enforcement agencies to access EU citizens’ personal data with a less degree of legal protection. The Court’s official press-release reads:

The United States safe harbour scheme thus enables interference, by United States public authorities, with the fundamental rights of persons, and the Commission decision does not refer either to the existence, in the United States, of rules intended to limit any such interference or to the existence of effective legal protection against the interference.

This is a nonsense because – like it or not – “national security” and “public order” are the  buzzwords that all over the Western world allow the withdraw of civil rights and clearly prevent the application of the privacy/data protection regulation.

EU personal data stored in US facilities are EU (i.e. foreign) first and only after personal data: this means that, for instance, under the US regulations the CIA can legally process it because these data don’t belong to American citizens. As per the FBI, since the Bureau is part of the Department of Justice, its activity is court-issued-warrant regulated. So, again, why the FBI should be denied the access to EU (i.e. foreign) data relevant for an investigation?

To put it short, then, why from an US perspective, the EU personal data should be prevented from being wiretapped, accessed or somehow accessed by US security community?

And why for instance – enforcing in reverse the EUCJ logic – the British GHCQ should be prevented to intercept US personal data in Europe for the sake of “fighting the terrorism”?

Haven’t a dozen or so CIA operatives been wiretapped (and lately, indicted) in Milan during the investigation ran in 2003 for the extraordinary rendition of an imam?

Is it a proper personal data protection for the US Department of Homeland Security to state in  the I-94 form  given the passengers  on every flight directed to the USA  that

WAIVER OF RIGHTS:
I hereby waive any rights to review or appeal of a U.S. Customs and Border Protection officer’s determination as to my admissibility, or to contest, other than on the basis of an application for asylum, any action in deportation

There are several critical issues that hamper the Safe Harbour, like the actual Data Protection Authorities check on the actual enforcement of the binding corporate rules or the standard clauses, or the confuse notion of “personal data” that in the opinion of some local Data Protection Authorities still includes the data related to legal person and to single professionals. And, therefore, there is surely ground to revise the (killed) Safe Harbour legal architecture. But using civil rights as an excuse to bash an EU Commission act, looks more like a stunt in an covert political battle instead of a purely legal dispute.