Category: Computer Crimes

Posted on

Computer search and seizure. An odd law is coming…

The Italian center-left wing has proposed a bill (currently passed in Senate, and now to be examined in the other chamber) that allows the law enforcement to obtain the use of computer seized during computer-crime related investigation, early before the final judgement comes to an end.

The “idea” backing the proposal (that will likely become a full-force law in a few time) is that there is no harm for the defendant if the police uses his computer waiting for the trial. At the end of the day, if the defendant will be acquitted – says the accompaining text to the draft law – he will get his computer back, and will start using it as if nothing happened. The reason for this law – this is clearly stated – is to give the brand new computers used for criminal purposes to the law enforcement agencies that still use old and crappy technology at no cost.

This is the very same approach adopted for houses and vehicles used by drug dealers and mafia mobs so in principle there shouldn’t be a particular concern for this new law.

Personally I disagree from this statement, since a computer is something different than a car or some other premises. It stores information often unrelated to the investigated crime, and/or information related to innocent third parties.

Why should these people be exposed to a mass infringement of their personal life?

Posted on

Google executives acquitted in Italy from defamation charges

Today the Court of Milan made public the decision in the criminal trial against four Google executives, charged of defamation and illegal personal data handling in relationship to the publication on the video sharing platform ? of a video containing act of bullyism against a person affected by the Down Syndrome.

The legal basis for the charges, following the prosecutor’s theory of the case, was that those executives failed to exercise a pre-emptive control over the contents published by Google final users’, thus allowing the infringement of the reputation of the concerned person and of an NGO representing Down-Syndrome-affected persons.

The Court acquitted all the defendant from the charges of defamation, while found them liable of the illegal personal data handling charge. The whole sentence (including the legal technicalities that support the decision) will be public within the next 30 days.

This indictment is the last component of a long series of court decisions that kill Network Neutrality and turn ISPs and Telcos into Digital Vigilantes while, in the meantime, no actual protection is given to the victims of online crimes.

The Peppermint and The Pirate Bay cases, the legal argument against Youtube and the one between an entertainment-backed lobbying group by one side and Telecom Italia, the ISP’s association and the Data Protection Authority on the opposite and – finally – this indictment are all linked through the same connection: to erode the absence of the legal duty to preemptively contol internet users’ activity established by the UE directive on e-commerce.

What is bizarre, in this Google trial, is that for the very first time the existence of the ISP’s duty to perform a mass-control of user activities has been asserted thank to the data protection regulation. The same data protection regulation that forbade the disclosure of the identities of people allegedly accused by the entertainment industry of copyright infringement through P2P networks.

Is still to early to understand the Court mind (since the basis for the decision will be disclosed within the next 30 days. It is, nevertheless possible to try an educated guess based on the Court records. To put it short, here is a probable explanation for the decision:

1 – there is a rule of law into the Criminal Code that says: to not stop a fact equals to cause it,
2 – data protection law requires a prior authorization to be obtained before handling personal data,
3 – a video to be posted online is personal data,
4 – therefore Google executives had to check whether the user who posted the video got the preemptive authorisation from the people of the video, and
5 – by failing to do so, they infringed the data protection law
6 – furthermore, by not controlling in advance, they let the video to libel the victim of the violence (this charge has been dismissed.)

It is too early to assess the damages provoked by this decision, but it is not unreasonable to imagine that – should this court decision become “case law” – the telco market will suffer an alteration of the competion among the various players. The smallest one can’t handle the increasing risk (and cost) of being sued or investing in momentum-generating policies. Big international players might find Italy a lesser attractive place to do business in.

Posted on

CNAIPIC… a borderless center

On May 19, 2009 Italian news services announced the creation of a new governmental entity named CNAIPIC (Centro Nazionale Anticrimine Informatico per la Protezione delle Infrastrutture Critiche – National Center Anti-Computer Crimes for the Critical Infrastructure’s Protection. Sorry, still no website up to present.)

While CNAIPIC members will surely use their brains’ computing power to figure out how fight these hideous hacker out there, I wonder if they’re aware that “old school techniques” such as war dialing, still work against big infrastructure even after thirty years or so.

Instead of thinking how to build taller “chinese walls”, they’d better step back and check critical infrastructure default passwords or (supposedly) non connected modem and RAS.

Posted on

Towards the ban of encryption

A BBC report pushed Italy into international hype, for Mr. Maroni (Lega Nord) Ministry of Home Affairs, backed by a group of public prosecutors, started an aggressive campaign against Skype, claiming that ?organized ?crime uses this software to protect their illegal ?activities. This is a clear shift towards encryption’s outlawing – or limitation of its use – that will negatively affects both human rights and private sector activities.

Italy has a “strong” tradition in trying to ban encryption. Key recovery and/or Key Escrow related issues were debated at least since 1995 A draft of one of the many amendments (not included in the final text) of copyright law known as “legge Urbani” tried to establish the principle that using encryption to protect P2P connection deserved a stronger punishment. If passed, this would have been the first provision outlawing the use of encryption.

The problem, nevertheless, is not limited to Skype. Mr. Maroni, launched a global initiative to “seize” technology from users. He first asked Telcos to provide their customers with static IP only (to better identify persons), then he pushed for the adoption of a National DNA Database because he got “reliable information” that in Italy there is a criminal mob dealing with human organs selling, then – all of a sudden – he become concerned about Skype…

It is unlikely that Mr. Maroni claims hide a “global plot” to kill human right. The truth is more sad: magistrates have scarce investigative resources, untrained law enforcement officer (not all, of course), insufficient monies, an erroneous belief that technology-based investigation is a good shortcut.
Basically, they’re scared by technology and – in a Pavlovian mood – their automated reaction to things like Skype is “forbid”, “ban”, “takeover”.

Posted on

Does “Corporate Security” read “Espionage”?

After the investigation started by the Milan Public Prosecutor Office, another case of alleged rogue corporate security and law enforcement officer case hits mainstream media. Former Corporate security head of the Internationally known luxury firm Gucci, together with private investigators and law enforcement officers have been involved into a criminal investigation ran by Florence Public Prosecutor, with charges of computer illegal trespass.