Tomorrow, together with Stefano Chiccarelli, co-author of Spaghetti Hacker, I give a talk at the University of Rome about the Hacker Ecosystem.
Everybody is invited:)
The Fake Data Processor and The True Criminal Liability
Under Legislative Decree 196/03 (the Italian enforcement of the Data Protection Directive) one of the most common practice when developing the data-protection corporate policy of a company is to appoint the heads of the various departments as “Data Processor”.
Although easy on the short term, this solution might backfire the company itself. A recent Corte di cassazione (Italian Supreme Court) decision – ? III penal section – Dec. n.20682/14 – ruled that under the workplace safety regulation, the employer that appoints a safety manager who is not fit for the job because of his lack of competence, ? commits a criminal offense.
The very same principle can be applied by analogy to the Data Protection Directive. The DPD – and its Italian enforcement – make mandatory to appoint a data controller actually fit for the job.
By choosing people on different basis (not because they know the matters, but just because they’re company’s heads) means that in case of data-protection-related criminal offenses the data controller (and, most important, the prosecutor and the court) can’t blame (only) the data processor itself.
Then, in terms of management, the decision is between only formally comply with the legal requirements, and actually comply by appointing capable data processors.
In the first case the company is accepting the risk of a future (but uncertain both in “if” and “when”) accident but saves on the short term effort and time.
In the second case the company spends more, has to possibly change its internal processes in the anticipation of an event that might not happens at all.
Mesh Networks and BBS. Re-inventing the Wheel?
An important Italian online magazine just “discovered” today the possibility to build a “parallel-Internet” by using WI-FI antennas, no need to purchase an access-plan and (allegedly) free form NSA’s peeping eyes. Of course, the buzzword is “revolution”.
I can’t stop being amazed by the candid ignorance of these contemporary “digital cognoscenti” or “digital natives”. They think that the ICT world was born with Facebook and that beforehand there only was a gravitational singularity.
Today only some mature former(?) geek can remember of the BBS Era and witness how does the world worked at those times: mesh networks are nothing but a way to create an independent network like Fidonet was; with the only difference that Fidonet was software-indepedent, while mesh networks might become hardware independent too. In this sense mesh networks are an evolution and not a revolution, and omitting the “r” at the beginning of the word makes a great difference.
But semantics isn’t the (only) issue to deal with. Why, somebody might in fact ask, should we be concerned by this granny’s style rant? Things evolve so do people: who cares anymore about relics such as Bocamodem or Fidonet?
Answer: because the experience of the BBS Era is the basis of all of the modern (social, political and economical) ways to exploit a network and a lot of answers to a lot of questions have already been provided. Just think of issues like online anonymity, forum posting liability, online free speech, online journalism: these are just a few examples of the topics that once were hot and today we still struggle with. The difference between yesterday and today is that the “old school” users were and are more conscious about the actual impact of technology in their own life, while the “digital natives” actually are part of a dumb generation of technology’s passive users. A condition that is everything but different than the one reserved to the human part of The Matrix: fuel for the machines.
The XP’s EOL. History Will Teach Us Nothing
Windows XP is dead in Redmond, but alive and kicking in a huge quantity of devices such ? ATMs. When the news hit the media, waves of “concerns” for the security of our money and safety stormed the public, with no actual effect on the Microsoft’s strategies. And history keeps repeating with domotics, wearable technologies and in-car systems.
This aftermath was easy to foresee when some “clever” IT manager chose to go proprietary when moving its ATM infrastructure “to the next step”, but between this and the open source alternative a third option would have spare us all the current trouble: just put into the agreement a source-code escrow provision, to guarantee the (big) client against the End-of-Life of the software.
Sure, this wouldn’t have been a cheap solutions (we’re not talking about a bunch of PHP code, here) but there are no free beers and easy life can’t last forever. If you go proprietary and enjoy the safety(?) of having somebody else who cares about bugs, patches and updates, you need to have a contingency plan for the moment when your licensor plugs-off the cord that keeps alive the software you’re using.
And now history is re-repeating itself. We’re on the edge of a new invasion of pervasive technology based on Apple’s OSX or – again – Microsoft Windows Whatever, and in a bunch of years we will complain again that because of a copyright issue we can’t enter our home, use the fridge, watch the television, start the car, know what’s the time, have a medical diagnosis and so on…
A final, collateral, question: where do the corporate lawyers were, when those agreement have been signed?
Google, the European Court of Justice and the End of History
The European Court of Justice ruling against Google Spain is another step toward the deletion of the History (capital “H”) and collective memory. In the name of “privacy” the Court allowed the possibility to completely remove a lawful information from public scrutiny, as is clearly stated at the end of the ruling:
Article 12(b) and subparagraph (a) of the first paragraph of Article 14 of Directive 95/46 are to be interpreted as meaning that, in order to comply with the rights laid down in those provisions and in so far as the conditions laid down by those provisions are in fact satisfied, the operator of a search engine is obliged to remove from the list of results displayed following a search made on the basis of a person’s name links to web pages, published by third parties and containing information relating to that person, also in a case where that name or information is not erased beforehand or simultaneously from those web pages, and even, as the case may be, when its publication in itself on those pages is lawful. (emphasis added)
Now, with the support of this decision, corrupts politicians, scammers, con artists, bad payers and similar breeds can easily re-gain their anonymity, and historians from the future will not be able to discover and understand how our society was working.
And, to some extent, this wouldn’t be a bad thing…