Blog – Page 87 – Andrea Monti

November 7, 2014November 7, 2014

The Roman Catholic Church Knows Better (about privacy and the Internet)

Monsignor Nunzio Galantino, the secretary of the Conferenza Episcopale Italiana (the permanent assembly of Roman Catholic Bishops) stated that (my translation)

The Internet is useful and effective, but the price we pay in term of privacy is huge

and, talking about the Data Protection Authority, he said

I don’t understand what these useless entities are worth for.

Of course he’s right, but the Italian Data Protection Commissioner (obviously) has a different opinion claiming that (again, my translation)

It is rather odd to call as useless the only entity that – within its powers – has always defended the human dignity from the “mud machine” ¹, and from the plots arranged by those who want to turn the Internet into a space of violence and outlaws, form the totalitarian logic of the man-in-a-fishbowl.

Is this the same Data Protection Authority that failed to address the issues of the Telindus Router, the Android Spyware Case, The Pirate Bay Case, the Aruba Case, the Sony BMG rootkit case, that didn’t say a single word (while being informed) about the security concerns in relationship to the upcoming massive, trial-related personal data flood originated by the online shift of the Italian Civil Trial System, and that wasn’t able to prevent the leak of a confidential report?

The reference is to a journalism idiomatic meaning the use of the media machine to soil somebody’s reputation ↩

October 3, 2014

The Italian Internet Bill of Rights. The Trojan Horse Keeps Shaping

According to the Italian online newsmagazine Repubblica.it the Italian Bill of Rights endorsed by Boldrini, the leftist President of the Italian Low Chamber (Camera dei Deputati) is almost ready and will affirm principles such “net-neutrality”, “right to privacy”, “right to universal access” and so on.

If this is what is all this Internet Bill of Rights about, then much ado for practically nothing, since all the alleged “Internet Rights” are already broadly covered by existing laws and regulation but what we do lack is a fair enforcement. Copyright is one of the most blatant examples: the current law protects the author, gives him full control over his works and let him free to use whatever licensing model of choice. He has the right to be acknowledged as the creator of a work and to stop any detrimental use. But what happens in the real life is that these provisions are largely ignored because of the overwhelming power of those who make profit from authors’ work: the publishers. Thus, again, “rules” are the last needed thing in the world.

Of course (and hopefully) this Internet Bill of Rights will never be turned into a real, parliament-passed law. Nevertheless shall become a political platform to ease the shift of the legal liability from the single users who commits a crime or is lazy in protecting his rights to the Telco Industry.

This is not acceptable.

October 1, 2014October 1, 2014

Our Digital Health And Electronic Money. IT Security Gets Tough

Let’s say the truth: IT security is just a bubble that no “serious” manager cares of. There is no possible explanation for the fact that today we keep talking about the very same things I’ve heard back in the early nineties, sold by somebody who wants to re-invent the wheel. But the indirect Paypal attack against Apple targeted at the upcoming Applepay platform and the spin put on the health-related application ? might change the situation: a (very)personal computing device allowing to manage the two most critical things of a (Western) human kind: health and money.

Can a company really afford to market software pre-release as “final” just to meet a marketing-set deadline? Or lure people into trusting a payment platform, risking to become liable in case of problems caused by a poorly implemented security?

It is really (still) possible to discharge any liability with a “simple” contract and put the barrel on the users’ shoulder when serious issues are involved?

IT companies should carefully think about it before entering into a sector where people aren’t so keen in just waiting for the next fix or hardware upgrade. They might be dead or bankrupted, in the meantime.

September 18, 2014

Apple’s New Security Policy: Just a PR Stunt?

Apple announced not to be able anymore to hack into IOS8-based devices because of its “privacy-by-design” development strategy. Thank to this choice, according to Tim Cook, quoted by The Washington Post,

it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.

Since the fantasy of both lawyers and judges knows no limit, I wouldn’t be surprised to hear, in the next future, about some claim for “contributory criminal activity” filed against Apple based on the deliberate choice of giving “unbreakable weapons” to terrorist, paedophiles and copyright infringers.

When this scenario will become real, it will be interesting to see whether Apple remains stuck into his “libertarian” position risking a trial for contempt of the court, or negotiates over its users with the powers-that-be.

Then, and only then, we will be able to check if this “privacy commitment” was a genuine attitude or just the next marketing trick.

September 18, 2014September 18, 2014

Does SHA-7 belong to the US NSA?

As everybody knows, the SHA-n is a series of cryptographic algorithm developed by the NSA and published by the US NIST. The current SHA-n lineup includes SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512.

On the contrary, SHA-7 (see this link – italian only, sorry), a “proprietary, patented encryption algorythm” developed by an Italian company doesn’t belong to the original “family”. And doesn’t have any endorsement by the scientific community.

I wonder why SHA-7 designers have choses this confusing name for their code.