Andrea Monti – Page 96

April 17, 2014

The Impact of the Data-Retention ECJ Ruling on the Law Enforcement Activities

From the Law Enforcement perspective, the ECJ ruling that on Apr. 8, 2014 declared invalid the Data Retention Directive didn’t harm its investigation to such a greater extent as somebody has claimed. There are, indeed, other legal tools that can be used to fit the purpose of getting traffic data of interest.

First, ISPs and telco operators might still retain traffic data for other legitimate purposes and for longer periods than the six months “sponsored” by the ECJ. This can happens either with the consent of the customer (for marketing and commercial purposes) or without (in case the traffic data have to be retained to meet under a statutory term (in Italy, ten years) the legal obligation to provide evidence to the tax authorities that the billed services have actually been provided and that the ISP is not involved in a money laundering activity. Thus as soon as some data – though not all the one retained under the now defunct DRD – are available, a prosecutor can always seize it.

Second, the Budapest Convention on cybercrime allows the public authorities to issue a “data-freeze” order to avoid the deletion. Again, this might be a second best solution, but it is currently working and viable.

Third, the national Data Protection Authorities have the power, under the Directive 95/46, to issue orders to “customize” the implementation of this legal instrument so to match the requirements of the ECJ, thus legally keeping alive, though maybe partially, the intrinsic admissibility of the data-retention as such under the current European Data Protection legal framework.

April 15, 2014April 15, 2014

How to poison 700.000 people and live happy with it. A case study in crisis management

According the Italian National Institute of Health, about 700.000 resident of an Italian Region, Abruzzi, have been exposed to water polluted by an abusive chemical waste storage that the national newspaper Repubblica labeled as the biggest in Europe. Although the existence of the wastes was widely known since 1972, only in 2007 the public prosecution service started an investigation and now the criminal trial is likely to end in nothing. The statutory term that set the maximum duration of this trial is going to expire and then the court couldn’t be able to actually indict the responsible.

Apart from the legal issues, it is interesting to look at this incident from crisis management perspective.

Though the big corporation involved into the scandal and now tried in court have surely steamed up their spin doctors to properly handle the damage control, it can’t be said so about the local politicians reacted.

Whatever book you get on the topic advises you to check the facts, be transparent with the media, don’t hide things under the carpet, tell what you know, what you don’t know and what you’re going to do to fix the problem, protect your credibility and so on. But in this case, all of these suggestion haven’t been followed. Neither the longstanding politicians who occupied the core seats during the last forty years ? nor the law enforcement accounted for their lack of control, and when the media started inquiring the main reaction has been to let the bucks slip on somebody else’s shoulders, releasing vague and contradictory statements and avoiding to talk about the hot topic.

From a general crisis management theory point of view, the way the “stakeholders” handled this scandal can be qualified – to be gentle – as grossly amateurish, but a reality-check shows that the lack of enforcement of a crisis management plan didn’t affect the career of the most part of the involved people, some of those are now even running for a new term in the upcoming elections or still seating on their (power) chairs.

A possible explanation of this status quo is the lack of pressure from the information professionals. The local and national media failed to pitch high the facts so to ignite a burst of durable public outcry and protest. Far from the public scrutiny, the involved people fell into a convenient oblivion and didn’t feel compelled to devise a properly arranged defensive strategy.

Once again, this story shows that Information is Power.

April 13, 2014

Why No One Goes to Napoli? An answer to Beppe Severgnini’s Post on The New York Times

This post is rather unusual for the content of this blog, but when I read what has been published by The New York Times online about the reason that prevent people from visiting the Southern part of Italy I felt the need to throw my two cents on the table about this column by Beppe Severgnini (the Italian, Lombardy-born journalist who authored it.)

Severgnini has a (rather easy) point when he claims that ? the southern part of Italy should and could be far better organized but – and here is where I disagree with him – ? it will never be a german or british-like place. As odd as it might seems, one of the beauty of the Southern Italy is that to enjoy it you must, MUST do it with some local that let you experience the actual spirit of the place.

The biggest secret of the Southern Italy is that you don’t actually go there just to look for monuments or nature. This isn’t a Paris or New York-like place, where you just wander around the town, visit museums and exhibition, get (maybe) decent food and ? go back home without anybody – but your credit card company – noticing your presence. The rest of Italy – and the rest of the world – are full of that kind of experiences. So if you travel around the South and limit yourself to sightseeing I agree, this can be a very frustrating experience. What is really different – and worth to be sought – is the lifestyle that makes the South unique. Hospitality, friendship, generosity… If you really seek to enjoy the South, befriend a local and you will discover another universe.

On the contrary, you won’t generally find all that in the Italian Northern (West/East)’s attitude. I don’t want to raise an anthropological quarrel neither with our kind brothers from the North West that ? back in the XIX century “gently” included the South within their kingdom, while importing culture and manpower, nor with our (greed-motivated separatist) brothers from the North East. ? Of course even these places too are inhabited by ? nice people but the genius loci between South and North is definitely different.

A recent anecdote clarifies the point: I landed yesterday night at Fiumicino coming back from abroad, and got the last long-trip bus to my hometown. The journey was supposed to start at 22,45 but the driver waited an extra five minutes (actually five, I mean) to allow possible passengers that were late to board. At 22.47 a lady confronted the driver blaming him for not leaving on time. The driver politely told her: “madam, this is the last bus. If somebody miss it there is no way to come back home until tomorrow morning. What harms does it do if I wait some extra time?” and the lady: “I don’t care: I want to go home right now! This is why Italy is rotten!” Well from a Northerner point of view the lady was entirely right, but was she?

I don’t want to say that the South is good as it is. There are problems: inefficiency, unpredictability of the services, crime (but ‘ndrangheta, mafia and other forms of organized crime are deeply rooted in Milan, as the public prosecution investigations have demonstrated) … These problems have to be solved as fast and as much as possible, but this won’t going to happen – as Mr.Severgnini wishes – neither by killing our Southern soul nor ? by intercession of “Don Matteo”. ¹

Mr. Severgnini, to put it short, failed to answer the rhetorical question he asked himself.

Don Matteo is a TV series starring a priest (Don Matteo) who solves criminal cases helping the Carabinieri. Don Matteo fixes almost everything, from personal issues to serious crimes. Matteo Renzi, the prime minister, is a catholic ? and has a “ghe pensi mi” (pronounced: ge pensee mee) attitude (a Milan slang for “I’ll take care of everything”.) ↩

April 8, 2014April 8, 2014

The EU Data Retention Directive Trashed by the EU Court of Justice

Today the Europan Court of Justice has declared invalid the Data Retention Directive that forced ISP’s to retain some traffic data to be made available for the law enforcement agencies. Though the decision is immediately effective, until the local parliaments don’t update the concerned internal regulations, as crazy as it may sounds, ? the data-retention is still a legal obligation to be fulfilled.

It would be of great help if the local data protection authorities would issue a statement saying that they will not enforce anymore their own controls on data-retention, since any activity in this direction could be challenged on the ECJ decision.

A final remark: how is it possible that the data-protection authorities all over Europe didn’t spot the “little”, “tiny” problem of the Data Retention Directive?

April 7, 2014April 7, 2014

There is no such thing as “Information Security”

Security is Security. Period. No matter whether you’re designing a network, traveling around some third world country or assessing the pollution of the food you’re going to eat: security prowess comes from the confrontation of danger(s).

There is something different in people who’s been exposed to dangers of every sort (soldiers, firefighters, ER personnel) and those who don’t: the former knows what they’re talking about, the latter don’t. You can read it in their eyes, demeanor and down-to-earth approach, contrary to the pompous, empty style of somebody who can’t even handle spending half an hour on Barcelona’s Las Ramblas without being pickpocketed.

Think about it, the next time a “security” consultant tells you that “you have a security problem” and that “he can fix it”.