Italy To Storm Playstation Networks? The Steve Jackson Game Case Strikes Back

According to Andrea Orlando, Italian Minister of Justice, Italy plans to fight  the war on terrorism on Playstations.

In a press conference, Mr. Orlando said that new technologies are exploited by terrorists, and it is imperative to keep pace with the innovation, by allowing the capability to wiretap chat (whatever this means) and Playstations.

Apart from the merit of the issue (we might either agree or not about the strategy, but this is a horse of different colour) what matters is the clear uneasiness of the Minister in  talking about topics he’s clearly not knowledgeable in.

I really wander how the law enforcement agencies will be able to extract something useful by wiretapping network games that deal with assaults, terrorist actions, covert operation and so on.

Will they be able to sort the truth from the game?

Are we on the verge of a new Steve Jackson Games scandal?

The usual approximation showed by a politician in charge of taking the lead on technology-related issues shows that key decision on such a sensitive matters are made elsewhere, by someone else not at all well versed in the matter. And it would be interesting to know who this “Mr. Someoneelse” actually is.

To have a better grasp on the operative issues before talking to the Press,  maybe it wouldn’t had been a bad idea  for the Minister to spend some spare time playing Call of duty or Splinter cell.

 

Microsoft Blog Post on Safe Harbour. A Different Perspective

The collapse of the US-EU Safe Harbor: Solving the new privacy Rubik’s Cube is a post on the official Microsoft’s blog that is gaining momentum since it is possibly the first “cooled down” analysis of the EUCJ decision on Safe Harbour. Though well articulated, nevertheless, I think that the “hook” where the chain of reasoning hangs is weak.

I don’t think we should go for “global laws” because of the technological evolution.

“Global laws” means “Single Government” or, in other words, the end of democracy.

From a legal standpoint, the technological evolution is irrelevant because technology only affects the way things are done and not the right to do it.

You don’t need to amend the provision that punishes killing or manslaughtering everytime that somebody figure out some “creative” mode to put a R.I.P. stone over somebody else head. Or, dealing with the technological “evolution”, you don’t need a new provision to sanction hate speeches, personal life intrusions, libel and defamation, stalking and so on “just” because of the Internet. The illegal behaviours were already there before the computer era.

Furthermore, we all know that law is rather Lobbyists’s pressures, political mediation, economic and financial differences driven, than God-inspired.

Guess who would going to write this “Global Regulation”?

Safe Harbour and the Shortsighted Data Protection Authorities

After the EU Commission met the industry (I was there on behalf of an European industry association) to hear the voice of the business, yesterday it met the Article29 working party (the EU gathering of the national Data Protection Authorities) to explore the possibility of of a short-term solution to avoid exposing thousand and thousand of innocent companies to investigations and fines for “infringing” the data protection directive after the Safe Harbour has been stricken down by the EU Court of justice.

The outcome of this meeting has been very simple: the Data Protection Authorities just couldn’t agree on the possibility of using standard model clauses or binding corporate rules as a viable Safe Harbour alternative, refused to agree on the fact that companies relying upon the Safe Harbour for about fifteen years are entitled to a grace period and feared of no being able to stop the data flow toward the US because of the lack of resources. To put it short: the industry has been left without certainties, victim of potential legal complains, but with no alternative but carry on its activities.

I don’t know if this folks at the Article29 actually live on Mother Earth or in Outer Space. Fact is that such kind of attitude – blindly following a (questionable) reading of the EU data protection directive – is a danger for the international economic system as well as for the safety of the citizens.

The Hypocrisy of the Safe Harbour EUCJ decision

According to the EUCJ , EU Commission’s Safe Harbour is invalid because of the possibility for the US intelligence/law enforcement agencies to access EU citizens’ personal data with a less degree of legal protection. The Court’s official press-release reads:

The United States safe harbour scheme thus enables interference, by United States public authorities, with the fundamental rights of persons, and the Commission decision does not refer either to the existence, in the United States, of rules intended to limit any such interference or to the existence of effective legal protection against the interference.

This is a nonsense because – like it or not – “national security” and “public order” are the  buzzwords that all over the Western world allow the withdraw of civil rights and clearly prevent the application of the privacy/data protection regulation.

EU personal data stored in US facilities are EU (i.e. foreign) first and only after personal data: this means that, for instance, under the US regulations the CIA can legally process it because these data don’t belong to American citizens. As per the FBI, since the Bureau is part of the Department of Justice, its activity is court-issued-warrant regulated. So, again, why the FBI should be denied the access to EU (i.e. foreign) data relevant for an investigation?

To put it short, then, why from an US perspective, the EU personal data should be prevented from being wiretapped, accessed or somehow accessed by US security community?

And why for instance – enforcing in reverse the EUCJ logic – the British GHCQ should be prevented to intercept US personal data in Europe for the sake of “fighting the terrorism”?

Haven’t a dozen or so CIA operatives been wiretapped (and lately, indicted) in Milan during the investigation ran in 2003 for the extraordinary rendition of an imam?

Is it a proper personal data protection for the US Department of Homeland Security to state in  the I-94 form  given the passengers  on every flight directed to the USA  that

WAIVER OF RIGHTS:
I hereby waive any rights to review or appeal of a U.S. Customs and Border Protection officer’s determination as to my admissibility, or to contest, other than on the basis of an application for asylum, any action in deportation

There are several critical issues that hamper the Safe Harbour, like the actual Data Protection Authorities check on the actual enforcement of the binding corporate rules or the standard clauses, or the confuse notion of “personal data” that in the opinion of some local Data Protection Authorities still includes the data related to legal person and to single professionals. And, therefore, there is surely ground to revise the (killed) Safe Harbour legal architecture. But using civil rights as an excuse to bash an EU Commission act, looks more like a stunt in an covert political battle instead of a purely legal dispute.

The End of the (Un)safe Harbour

The news of the Safe Harbour bashing by the European Court of Justice is hardly a news since the EU directive 95/46 already affirmed the possibility of a local jurisdiction over transnational data-exchange.

The actual issue is that the data protection authorities didn’t have the courage to state it clearly before, leaving ISPs and Telcos without actual guidance and, more important, exposed to fines and sanctions.

As a matter of fact, the EUCJ decision doesn’t invalidate the core of the safe-harbour, unless for “safe harbour” we mean a way to export overseas personal data, claiming that EU data-protection authorities lost their jurisdiction.

From a corporate perspective, an issue to be dealt with in the EU toward USA personal data exchange, is to check whether the current agreements/policies actually comply with the directive.

From a concerned citizen perspective, the question to ask is: where were the data protection authorities until this decision was issued?

Once again, the inertia of the public services led to industry damages and low citizen’s right protection.

Why the Right To Be Forgotten Is Plain Wrong (and What Is the Best Way to Protect Your Reputation)

The Right to be forgotten – not a “right” per se, by the way – is a distorted way to enforce the right to privacy and an actual form of censorship because strips from the Court’s hands the power to decide what should be known and what shouldn’t and, further more, is a way to enforce a bottoms-up censorship that a State can easily turn into a top-down dissent shutting.

The Right to be forgotten is the wrong answer to a (maybe) real question: how do you get rid of your embarrassing past if I’ve changed course of life?

Answer: instead of trying to hide the dust under the carpet by removing the search engines’ indexes, just use it at your advantage: run a blog, a social network page or whatever elicit the interest of the search engines’ robots and tell your story. This way you can counterbalance the (allegedly) negative effect of a news relating to you because a search engine will reveal  your side of the story too.

This, of course, if you are sincere in your life-changing effort because, if you’re not,  you might find yourself exposed again to the consequences of your con stunt.

Is the solution to the Right to be forgotten actually as simple as that?

No, because to do so you should be able to properly handle an argument, collect and provide evidences and effectively deliver your statement. And since Cicero’s adepts aren’t that much, it is better to go for the censorship solution: cheaper, faster and good for the powers-that-be.

My “Cookie Law” Legal Notice (in English and Italian)

This is how I amended the data-protection information page on my street-photography website to meet this stupid “cookie law”;

A plain wrong Italian enforcement of the EU “cookie” directive makes mandatory to obtain a prior consent to allow the use of Google Analytics, even if – as in this case – the personal identity of a user is unknown by me and Google only “might” be able to exploit the anonymous information collected through this website. So, in case you want to know if Google is able to identify you by means of this website’s access, please send me your identity together with your IP and I will forward your request to Google… or you might better do it on your own, without telling ME who you are.

And this is the Italian translation:

Un’applicazione semplicemente sbagliata della direttiva europea sui cookie impone di ottenere il consenso preventivo per usare Google Analytics anche se, come in questo caso, ignoro l’identità  personale di chi accede al mio sito e solo Google “potrebbe” essere capace di usare le informazioni raccolte per fornirmi le statistiche. Dunque, se volete sapere se Google è in grado di identificarvi tramite l’accesso a questo sito, per favore inviatemi le vostre generalità  e l’IP che avete usato, e girerà la vostra richiesta a Google… oppure, meglio, potreste farlo direttamente voi, senza dire A ME chi siete.

Italian “Cookie Law” and the Misinformation about Google Analytics

There is a lot of hype in Italy about this “cookie law” put into force since June, 2 that makes mandatory to obtain the consent of a user accessing a website to allow his “profiling” through the use of cookies.As always, a  fleet of  “advisers” kept, full steam, pushing companies to comply with this regulation, foreseeing dire consequences for the non-abiding companies, especially those using Google’s Analytics.

This is not entirely correct, so it is better to clarify a few points:

First of all: “cookie law” is not a “law”, but just an order issued by the Data Protection Authority under its “peculiar” view of the EU Data Protection Directive(s),

Second: the data protection directive (and its local enforcements) work only with “personal data”, i.e. data that identify or made possible to identify a natural person,

Third: a user that access anonymously a website doesn’t reveal his identity, thus the data protection act doesn’t come into play,

It comes from above that a website using Google Analytics without looking of the identity of the user is not subjected this stupid “cookie law”.

Simple as that.