Italian banks are not “victim” of phishing money laundering-side

On Oct. 10,02008 the Criminal Court of Milan issued an Order related to the criminal trial Docket Number 24919/05 RGNR stating that a bank whose customers were “affected” by successful phishing attacks, can seek for damages only against the phisher itself, while no civil action can be started against those who laundered the monies coming from the theft.

The people accused of money launderers, said the Court, had no part into the phishing attack, since they play their role only after the monies are stolen.

Another website preemptive seizure

On Oct. 10 the Justice for preemptive investigation of the Court of Milan issued a decree of preemptive seizure against a couple of websites charged of trading cigarettes. [ 1. That in Italy is a State monopoly activity, thus forbidden to everybody but those that applied for a special license]

This decree is a replica – but a smarter one – of the decree issued (and ovverruled) by the Justice of preemptive investigation of the Court of Bergamo, in the notorious Piratebay case. No clear order of DNS hijacking has been issued, but fact is that ISP’s have to “obscure” a network resource that is far too away from their reach. Thus, if they cannot remove the “charged” files, the only alternative is… yes, you’re right: DNS hijacking.

Q.E.F.

Thepiratebay.org case. An Italian Court affirms a dangerous principle of law

N.B. Background information for this post are available here. ?

The Bergamo Court has overruled the preemptive seizure order with a decision that, instead of solving the problems arising from the first decision, creates worst issues. The Bergamo Court, in fact, has overruled the seizure, but only on the legal basis that “seizure” cannot be interpreted as “traffic hijacking”.

But the court did not, as it should have done, evaluate first of all the lack of Italian jurisdiction. By not doing so, the Bergamo tribunal has created a dangerous case law that, by reciprocity, allows any foreign magistrate to investigate and take to court an Italian citizen, with the additional absurdity that even in the absence of any evidence that a crime has been committed, a legal prosecution can be based on hypothetical “statistic calculation”.

Furthermore, by asserting the validity of the public prosecutor investigation, the Court has de facto established the automatic liability not only of internet providers, but also of search engines, and the possibility of using, as an investigative tool, data and information with no solid ground.

And also, by saying that even if preemptive seizure has been wrongly enforced , it is ?in theory compatible with ?sect.14 D.LGV 70/20003 (EU E-commerce directive implementation, dealing with ISP liability), the Court of Bergamo on the one hand allows “owners of ideas” to push for an additional and barbaric copyright law amendment while, on the other hand, it reaffirms an obvious error of interpretation of law by affirming the role of ISPs as “sheriffs of the net”.

Digital Signature. A chance for change?

After ten years Italy might let digital signature legal framework moves toward a coherent system.

Current legislation – Legislative Decree 82/2005 – is still affected by unclear definitions, EU directive translation errors and technical misunderstanding.

If passed in Parliament, draft law AC1441-bis will assign Government the power to amend these mistakes, a non-impossible mission if only the concerned persons will take their time in fully understand the issues debated since 1997 and never fully resolved.

More to come about, as soon as the Parliament will pass the law containing the amendment principles.

Italy, Data Protection, International Corporate Rules

Law n. 133 passed on Aug. 6, 2008 amends the Italian Data Protection Code and allow conglomerates and multi-national companies to freely exchange personal data, provided that their internal corporate rules system matches Italian Data Protection Regulation.

This is a way to circumvent the strict limits imposed by former regulation, that forbade the exchange of personal data with countries (like United States of America) with a lower level of personal data legal protection.