Blog

Posted on

Faked DNA and Criminal Trials in Italy

Authentication of forensic DNA samples” is a paper released on the last Forensic Science International: Genetics issue by a group of Israeli researchers. Authors claim to have found a method to fabricate artificial biological samples (and the way to tell the differences from the original one) and wish that their finding will become a standard in forensic procedures to maintaini “the high credibility of DNA evidence in the judiciary system.”

Does this method really affect criminal investigations and trials?

“We still are in the “bad cop” (or evidence tamperer) field who planted faked biological samples on the crime scene” – says Andrea Cocito, researcher at IFOM, Milan (IT.) In fact, the “fabricated-genetic-evidence defense” has been proven viable in the ? OJ Simpson case tried between 1994 and 1995 in Los Angeles, USA. Mr. Simpson’s lawyers were able to raise the suspicion that the results of the analysys on the biological samples coming from the crime scene – aiming at Mr. Simpson as “owner” of the DNA – weren’t reliable enough because of the police handling lack of care. “If” – Cocito argues – “a biological sample has ? really been found on the crime scene, if the sample isn’t planted and if it’s not been degraded, then I might analyze both samples (the crime scene one and the one belonging to the defendant) to see if I get a match. In these case, there couldn’t be reasonable doubts on the results.” Thus, matching the defendant biosample collected in a controlled environment with the sample found on the crime scene it is possible to tell the probability of a reciprocal match.

The actual problem, then, is not the intrinsic scientific reliability of a genetic analysis-produced evidence. The problem is the strength of the chain of custody (i.e. the possibility of tracking all the intermediary steps, from the crime scene to the Court.) It is evident that if during the journey some part of it is not verifiable, a possibility comes to arise a legitimate doubt that what came in Court might not be what has been found on the crime scene.

On this issue, Italian law n. 85/2009 that creates a local National DNA Database is very lazy. There is neither any explicit duty of guaranteing the chain of custody, nor a provision that prevent the use in Court of wrongly-handled biological samples.

This is the translation of an article I’ve written for Nova-IlSole24Ore. The Italian version is available here.

Posted on

The Pirate Bay war. Does something changes for ISP’s liability?

The new episode of the Pirate Bay war leads to think that something is changing in judges’ mind in re: ISP liability. In the recent Swedish preliminary order neither is the final user the final target of a legal action, nor the ISP. The focus is on the sole and only possible defendant: the one who actually shares illicit contents (apart from the merit of the specific TPB case.) The ISP who provided the housing service for TPB torrent search engine has been ordered to “disconnect” the machine from the network and not, as in the previous episodes, to hijack users’ attempts to reach The Pirate Bay.

It is important to remark that in this trial the ISP is not involved as (contributory) defendant, but only as subject whose cooperation is – de facto – necessary to obtain the compliance to a court order. Thus, we face a situation where:

  • rights of innocent end users are not endangered by the activity of the copyright majors,
  • ISP’s role is not portrayed as those of an accomplish, supporter, or contributory violator,
  • the target of the legal action is focused on the (alleged) culprit.

Again, I don’t want to enter in the legal quarrel about TPB responsibility. What I want to stress is that – should the Swedish approach be confirmed – a step toward and actual respect of legal principles set by dir. 31/00/CE is made.

Posted on

Italian NDNA database. The devil is in the details

On June 30, 2009, the Italian Parliament finally passed Law No. 85 that ratifies the Prum Convention and forms the legal ground for the creation of an Italian National DNA Database (NDNAD.)

Although this law might have benefited from UK and USA court experience in the field of DNA forensics, the current text indicates that neither British nor American case law have been taken into consideration. Furthermore, the law is flawed by a foggy understanding of the technicalities behind DNA profiling and sloppy wording that certainly will not facilitate the work of lawyers, prosecutors or judges. Just to highlight a few of these inconsistencies, it must be noted that art. 8 (Attivita` del laboratorio centrale per la banca dati nazionale del DNA – Activity of NDNA Database Central Laboratory) lacks any general provision that would oblige all the responsible parties to adopt serious and adequate security measures against unauthorized access, data tampering, and illegal handling of data and information. Continue reading “Italian NDNA database. The devil is in the details”

Posted on

Corporate liability for copyright infringements in Italy?

Among the measures to fight the economic crisis announced by the Italian Government, sect. 15 para 1 lett. c) of the Anti-Crisis decree deserves a special mention: to put it short, the provision asserts corporate liability (under legislative decree 231/01) ? for copyright infringement committed by top management.

Although it may seems that the new law is of a little impact on corporate life (is highly unlikely that a top manager has time to waste doing file sharing) a second glance prove this first opinion not entirely correct.

The inclusion of copyright infringements into the list of crimes implying specific corporate liability forces a company to revise its (mandatory) prevention model to reflect new changes; thus – de facto – establishing a specific set of controls aimed at downloads, website surfing and file sharing. Failing to do so might lead some zealous prosecutor to think that the company actually allows copyright abuses.

A side effect of this regulation – when it will come into full force – is that workplace privacy will get another heavy blow. For the sake of copyright abuse prevention, indeed, all of employees’ Internet activity will be deeply inspected.

So long, Mr. Data Protection Commissioner…

Posted on

Aggregate data and Italian Data Protection Authority

An Italian Data Protection Authority decision issued on June, 25, 2009 set the deadline of Sept. 30, 2009 for telco operators and ISPs that must notify the Data Protection Authority the list of their mining activities executed on customers’ aggregate data (such as traffic volumes, paths and so on.) The aim of this decision is to spot illegal (at least, under Data Protection Authority opinion) data handling “masked” by activities performed to keep the infrastructure running

The Data Protection Authority, after having received the information, will decide what can be still done without informing the customer, what can be done AFTER having informed the customer and obtained his approval and what cannot be done at all. Furthermore, the Data Protection Authority will release a set of technical and management rules to ensure the concerned subjects’ compliance.

If these new set of rules will mimic those recently established for data-retention purposes and system administrators, telcos and ISPs will face again a mayhem of useless bureaucracy so hard to understand that the Data Protection Authority itself did release a FAQ to explain what these regulation actually meant (and we’re still waiting for the FAQ interpretation.)

Although the decision is limited to the Internet and telephony world, it is clear that in the near future it will affects too energy firms, banks, insurance companies and, in general, everybody who relies upon aggregate data to tweak its supply chain of services.

Once again, the Italian Data Protection Authority is proved to be one of the biggest blocking factor of Italian telco market, while not granting citizens some sort of protection.