Category: IT Security

Posted on

Data Retention in Italy. The state of the art

This table summarizes the new Italian Data Retention Regulation.

Data Retention timeframe
(italian version taken from Interlex)

Data and Retention scope Retention Duration Provision
Traffic-related data not included in Sect. 123 para I and II Data protection code Anonnymized or deleted when no more necessary Sect. 123, Para I
Traffic data strictly needed for billing purposes, and/or support customer claims 6 mpnths, or more, in case of legal action Sect. 123, Para 2
Traffic data for marketing purposes, or Value Added Serice purposes As needed, only if the customer opted-in Sect. 132, Para 3
Traffic data (voice) for criminal investigation purposes 24 months Sect. 132, Para 1
Traffic data (digital) for criminal investigation 12 months Sect. 132, Para 1
Unanswered call-related data 30 days Sect. 132, Para 1-bis
Network related Traffic Data – upon concerned authorities order, for preemptive investigation and/or prosecute specific crimes – From 90 Days, up to six months Art. 132, c. 1-quater
Posted on

A 40.000 Euros tax to get your data back (or, computer forensics’ hidden cost)

In Italy, whenever you ask for an official copy of a trial-related document you must pay a specific tax established by a Presidential Decree (Testo Unico sulle Spese di Giustizia).

So – as happened today during a computer forensics phase of a criminal trial – a client had to withdraw the request of getting a 120Gb hard disk copy, because the final tax amount would have been about 40.000 Euros. The Testo Unico, in fact, set a rate of 258 Euros-per-CD.

Thus, if you do the math…

Posted on

What’s ahead in security?

This is the title of a speech Withfield Diffie gave in Rome at University La Sapienza last Jan. 31 2008, where I have been invited to attend the round table the followed. Other participants were Corrado Giustozzi, Giovanni Manca (CNIPA – National Centre for Information Technology in the Public infrastructures), prof. Luigi Mancini and Luisa Franchina (ISCOM).

There are a few online account for the day but none of them tells about the “content” of the conference. Mr. Diffie’s talk was professional and fascinating – if you don’t belong to the IT security professional’s circle. And this is the point: how is it possible that in 2008 we – Italians – still are so far from moving (even a few) steps ahead from what we were talking in 1995?

“Fighting terrorism” was – as usual – the “leading concern” to advocate defense and civil rights suspension in Italy. And each time I ear some Italian civil servant singing that song I remember about Michael Crichton’s State of fear, whose lesson – creating a state of fear to let powers and lobbies pursue their goals – is largely missed. This is not to say that terrorism is a fake issue. But when security of the State become a political (i.e. partizan) weapon, all we get is neither effective anti-terrorism measures nor freedom protection.

As Benjamin Franklin said,

They that would give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety

And this is what we are doing right now.

Posted on

More on the Iphone unlock legal issues…

In its final judgment n. 33768 released on Sept. 3, 2007, the Corte di cassazione (Italian Supreme Court) Sezion III penale, seems to have overruled the previous decision by Bolzano’s Lower Court asserting the right of a consumer to hack a Sony Playstation. If confirmed – the decision text is still not available – this might negatively affect the conclusion I’ve drafted in my previous post about the Iphone unlock legal issue.