Category: Computer Crimes

Posted on

Child Pornography And Computer Crime Still a Criminal Offense in Italy

Several misinformed Italian blogs are currently claiming that the Renzi-led government just passed a draft-legislative decree making child pornography and computer crimes no more a criminal offense.

This is not true because what the government actually did was setting the principle that as soon as a crime is punished with a jail term up to five years AND the judge thinks that the crime is of “minimum damage” then either the prosecution or the trial must end. To put it different: only “serious crimes” are going to be tried in court.

One may argue over the ethic or legal acceptance of the notion of “petty-vs-serious” difference (as Cicero use to said, what matters – and deserves the maximum punishment – is the act of killing, not the fact that you killed one man or hundred people) but this legislative decree only turns into a law what already happens on a daily basis in the Italian courts: a confession of failure, in other words.

 

Posted on

Our Digital Health And Electronic Money. IT Security Gets Tough

Let’s say the truth: IT security is just a bubble that no “serious” manager cares of. There is no possible explanation for the fact that today we keep talking about the very same things I’ve heard back in the early nineties, sold by somebody who wants to re-invent the wheel. But the indirect Paypal attack against Apple targeted at the upcoming Applepay platform and the spin put on the health-related application ? might change the situation: a (very)personal computing device allowing to manage the two most critical things of a (Western) human kind: health and money.

Can a company really afford to market software pre-release as “final” just to meet a marketing-set deadline? Or lure people into trusting a payment platform, risking to become liable in case of problems caused by a poorly implemented security?

It is really (still) possible to discharge any liability with a “simple” contract and put the barrel on the users’ shoulder when serious issues are involved?

IT companies should carefully think about it before entering into a sector where people aren’t so keen in just waiting for the next fix or hardware upgrade. They might be dead or bankrupted, in the meantime.

Posted on

Apple’s New Security Policy: Just a PR Stunt?

Apple announced not to be able anymore to hack into IOS8-based devices because of its “privacy-by-design” development strategy. Thank to this choice, according to Tim Cook, quoted by The Washington Post,

it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.

Since the fantasy of both lawyers and judges knows no limit, I wouldn’t be surprised to hear, in the next future, about some claim for “contributory criminal activity” filed against Apple based on the deliberate choice of giving “unbreakable weapons” to terrorist, paedophiles and copyright infringers.

When this scenario will become real, it will be interesting to see whether Apple remains stuck into his “libertarian” position risking a trial for contempt of the court, or negotiates over its users with the powers-that-be.

Then, and only then, we will be able to check if this “privacy commitment” was a genuine attitude or just the next marketing trick.

Posted on

Net-Threats: How To Lie With Statistics, Again

Another example of how a non-statistical-based research is turned by poorly informed journalists into “scientific truth”. Net-Threats is a survey collecting the opinions of a certain number of “experts”: as its authors clearly state:

Since the data are based on a non-random sample, the results are not projectable to any population other than the individuals expressing their points of view in this sample. The respondents’ remarks reflect their personal positions and are not the positions of their employers; the descriptions of their leadership roles help identify their background and the locus of their expertise.

But this part of the survey – that nobody but the concerned people will ever read – is missed in the ? poor journalistic account of the news and the readers will be given the wrong idea that the figures quoted are for real and that the findings are “true”.

By the way, as in the other “statistical” research about the value of personal data, I’ve written about, the findings of this survey might even be acceptable. But there is no need to beef it up with figures and percentage show off that give the general reader a wrong information.

But in this case, the culprit is the journalist.

Posted on

A Homicide Investigation And The (Still Alive) Data Retention Regulation

The young girl homicide investigation I’ve talked about in a previous post reveals other interesting information, this time about the Telcos’s role in supporting the public prosecution service through the traffic data retention.

The media are reporting (italian only, sorry) that more than 120.000 single mobile calls are under scrutiny spanning from a few months before the kill. But since the fact is more than three years’old, these data aren’t even supposed to exist since the Data Retention Directive forbade its preservation once the (maximum) two-years term expired.

So, hopefully for the justice and the family of the poor girl, at the beginning of the investigation the public prosecutor, as required by law, did issue a traffic data “freezing” order or, better, seized it as dictated by the Italian Criminal Rule of Evidence.

As in the case of the DNA-based evidence, the collection of traffic data without complying the Rule of Evidence might allow the defense lawyers to challenge the reliability of these information especially because the original traffic data have (or should have been) destroyed once collected by the public prosecution service, thus preventing the possibility of double-checking during the trial their actual evidence “weight”.