A BBC report pushed Italy into international hype, for Mr. Maroni (Lega Nord) Ministry of Home Affairs, backed by a group of public prosecutors, started an aggressive campaign against Skype, claiming that ?organized ?crime uses this software to protect their illegal ?activities. This is a clear shift towards encryption’s outlawing – or limitation of its use – that will negatively affects both human rights and private sector activities.
Italy has a “strong” tradition in trying to ban encryption. Key recovery and/or Key Escrow related issues were debated at least since 1995 A draft of one of the many amendments (not included in the final text) of copyright law known as “legge Urbani” tried to establish the principle that using encryption to protect P2P connection deserved a stronger punishment. If passed, this would have been the first provision outlawing the use of encryption.
The problem, nevertheless, is not limited to Skype. Mr. Maroni, launched a global initiative to “seize” technology from users. He first asked Telcos to provide their customers with static IP only (to better identify persons), then he pushed for the adoption of a National DNA Database because he got “reliable information” that in Italy there is a criminal mob dealing with human organs selling, then – all of a sudden – he become concerned about Skype…
It is unlikely that Mr. Maroni claims hide a “global plot” to kill human right. The truth is more sad: magistrates have scarce investigative resources, untrained law enforcement officer (not all, of course), insufficient monies, an erroneous belief that technology-based investigation is a good shortcut.
Basically, they’re scared by technology and – in a Pavlovian mood – their automated reaction to things like Skype is “forbid”, “ban”, “takeover”.
On Dec. 23 2008 the Italian Senate passed the law that allows the creation of an Italian National DNA Database (NDNAD.) When the Camera dei deputati (a sort of Lower Chamber) will grants its approval the law is approved. Technically speaking, there is room for amendments, but this is improbable and, even if amendments come, they wouldn’t change the foundation of this law.
The law is flawed by several weak points: a scientific and cultural lack of perspective (poor understanding of molecular biology and DNA forensics issues); an incredible exemptions for white-collar crimes, so corruption and other political and economic-related crimes ?never fall into the NDNAD; very light punishment for NDNAD abuse.
A more detailed ?analysis ?will follow soon.
After the investigation started by the Milan Public Prosecutor Office, another case of alleged rogue corporate security and law enforcement officer case hits mainstream media. Former Corporate security head of the Internationally known luxury firm Gucci, together with private investigators and law enforcement officers have been involved into a criminal investigation ran by Florence Public Prosecutor, with charges of computer illegal trespass.
On Nov. 14, 2008 I give a talk at DeepSec. The topic is the end of computer forensics, after the enforcement of the Cybercrime Convention.
N.B. Background information for this post are available here. ?
The Bergamo Court has overruled the preemptive seizure order with a decision that, instead of solving the problems arising from the first decision, creates worst issues. The Bergamo Court, in fact, has overruled the seizure, but only on the legal basis that “seizure” cannot be interpreted as “traffic hijacking”.
But the court did not, as it should have done, evaluate first of all the lack of Italian jurisdiction. By not doing so, the Bergamo tribunal has created a dangerous case law that, by reciprocity, allows any foreign magistrate to investigate and take to court an Italian citizen, with the additional absurdity that even in the absence of any evidence that a crime has been committed, a legal prosecution can be based on hypothetical “statistic calculation”.
Furthermore, by asserting the validity of the public prosecutor investigation, the Court has de facto established the automatic liability not only of internet providers, but also of search engines, and the possibility of using, as an investigative tool, data and information with no solid ground.
And also, by saying that even if preemptive seizure has been wrongly enforced , it is ?in theory compatible with ?sect.14 D.LGV 70/20003 (EU E-commerce directive implementation, dealing with ISP liability), the Court of Bergamo on the one hand allows “owners of ideas” to push for an additional and barbaric copyright law amendment while, on the other hand, it reaffirms an obvious error of interpretation of law by affirming the role of ISPs as “sheriffs of the net”.