Category: Intelligence

Posted on

Meeting Pompeo – Di Maio, the unresolved contradictions of Italian national security

The coincidence of strategic positions between the EU and the US has disappeared if ever it existed, but Italy still does not decide and finds itself playing on three tables without knowing which one to bet by Andrea Monti – initially published in Italian by Infosec News

The statements made by Italian Foreign Minister Di Maio after the meeting with US Secretary of State Pompeo reveal once again the stalemate in which Italy finds itself, unable to decide between the EU, the US and China. Although it is the Cold War II between the USA and China that occupies the international limelight, the less intense conflict between the EU and the USA is no less essential and requires Italy to make clear choices. Continue reading “Meeting Pompeo – Di Maio, the unresolved contradictions of Italian national security”

Posted on

Zhenhua and the risk for the data-economy ecosystem

Collecting information and profiling people are widely practised all over the world. In Italy, though, a provision of the Testo Unico delle Leggi di Pubblica Sicurezza  (TULPS) dating back to the Mussolini’s rule prohibits activities of this kind. Open-source intelligence and data-brokerage are at risk? Prof. Monti’s analysis – published in Italian by Formiche.net

The “Zhenhua case”, involving a Chinese company accused of creating the Oversea Key Information DataBase (Okid) to catalogue data from public sources relating to people of millions, was presented as yet another hostile action by China towards the rest of the world. In reality, however, Okid is no different from its Western equivalents which, at least in Italy, could be prohibited by the Public Security legislation. Continue reading “Zhenhua and the risk for the data-economy ecosystem”

Posted on

GDPR and the Next Italian Unified Telecommunication Network

The presence of non-EU subjects among the owners of the single network poses national security problems that have already emerged in the case-law of the European Court of Justice by Andrea Monti

Among the many aspects related to the creation of the unified Italian telecommunication network, the relationship between personal data protection, the presence of non-EU owners in the corporate structure and national security deserves special consideration. Indeed, given the criticality of the telecommunications sector, the absence of full control by Italy opens up the risk of foreign interference in the protection of the fundamental interests of the State, as highlighted in the Huawei case.

The nature and extent of the problem become apparent by recomposing the different tiles of the current political and legal mosaic. Continue reading “GDPR and the Next Italian Unified Telecommunication Network”

Posted on

Pro Huawei (and all national security technology providers)

Passed to manage national security problems caused by the use of Chinese technology,  a Prime Minister Decree dictates new and problematic rules for contracts negotiation in the Italian telco market by Andrea Monti – published initially in Italian by Infosec.News

This article analyses the issues related to the practical application of the Conte-Huawei Decree issued last August 7, 2020, which sets out the conditions under which TIM S.p.a. can use Huawei’s 5G technology, reducing to an acceptable level the national security risk also feared by the Italian Parliamentary Committee on Secret Services (COPASIR), after the alarms launched by the USA. The article highlights the critical issues arising from a legally incorrect approach and concludes that the solution adopted by the Italian Government is worse than the problem it tried to fix.

Before going ahead, however, it would be preferable to read another article that analyses the strategic problems affecting the Decree. Continue reading “Pro Huawei (and all national security technology providers)”

Posted on

Prevention and Repression of Computer Crime against the EU: the problem is clear, the solution doesn’t

On May 17, 2019 the Council of the European Union has established

a framework which allows the EU to impose targeted restrictive measures to deter and respond to cyber-attacks which constitute an external threat to the EU or its member states, including cyber-attacks against third States or international organisations where restricted measures are considered necessary to achieve the objectives of the Common Foreign and Security Policy (CFSP).

In other words, this framework allows the EU to enforce a series of sanctions – including the prohibition of entry into the EU – to  those who attack the computer resources located in the Union from other countries. At first glance, everything would look normal and – all in all – acceptable. But since the devil is in the details, a more in-depth look at the matter reveals a few problems.

Firstly, the violation of the principles of due process: a computer attack is a crime and for sanctions to be applied to the culprits,  a proper trial is necessary. In the outline envisaged by the Council of European Union, this is not foreseen.  A blatant violation of the fundamental rights of the individual (also) recognized by the Nice Charter.

Secondly, even if the first condition is met, it must be remembered that in criminal matters the jurisdiction belongs strictly and solely to the national legislator. What cases and which penal codes or similar rules will be applied in order to decide whether we are dealing with an event which falls within the scope of the ‘framework’ laid down by the Council?

Thirdly, are we talking about public policy, state security or the defense of the interests of the Union? The question is not trivial because in the first case the “domain” is that of a hypothetical “EU Ministry of the Interior”, in the second of the hypothetical “European secret services” and in the third case of the “Ministry of Defense”. Ambiguously, however, the Council speaks of “discouraging” (i.e. “preventing”) and “opposing” (i.e. “reacting”) in order to achieve the objectives of the foreign policy “And” those of the common security. This means that “prevention” and “reaction” to the cyber attacks are instruments of “enforcement” of the foreign policy of the EU also independently of security issues.

Let’s get ready to face very interesting issues…