Facebook and Telegram seizures reveal the problems that plague the online criminal investigations

by Andrea Monti – Originally published in Italian by Infosec.News

An article published on page 30 of IlSole24Ore of 11 November 2020 reports on the seizure-by-access-blocking of Facebook and Telegram by the Public Prosecutor’s Office of Naples. According to the newspaper, the Public Prosecutor’s Office ordered a “seizure-by-obscuration” of several domain names and a significant number of IPs.

The Guardia di Finanza (Italian tax police force) notified the magistrate’s decision to the operators and internet service providers. While the latter are executing the magistrate’s order, a further note from the Guardia di Finanza arrives asking them not to follow up the inhibition or in any case unblock sixty-six domain names, among which the first two are Facebook (it-it.facebook.com) and Telegram (t.me).

Together with this note comes the order from the prosecutor ordering the release of the IP numbers (and therefore not the domains) indicated in the unblocking request previously communicated by the Guardia di Finanza. These are scanned documents, without digital signature, without signature authentication or official magistrate’s seals.

Two aspects raise concern in this matter.

The first: continuing to use the criminal seizure to prevent the continuation of illegal online activities is wrong, useless and generates paradoxical results (see the case of “confiscation for obscuration” which IlSole24Ore also wrote about). It does not matter that the Court of Cassation patched up such a practice which is and remains merely wrong.

The second: it is clear that the seizure of Facebook and Telegram domains (and the other “unlocked” ones) was an error. It is clear, as well, that the immediate fast backpedals of the Guardia di Finanza, accompanied by a (wrong) measure by the Public Prosecutor, was better than nothing. However, respect for formalities, in the criminal trial, is substance.

The law enforcement could not “revoke on its own initiative” also if subsequently ratified by the magistrate. It would be an abnormal act that would put telecommunication operators between the anvil (violating an order of the magistrate without a valid revocation order) and the hammer (waiting for notification of the magistrate’s order because the simple communication of the Guardia di Finanza has no value, but risking compensation actions).

However, what can be said in the face of a technically wrong measure that confuses IP with domain names and therefore renders the “accompanying note” worthless? Furthermore, what can be done in the face of acts whose substantial provenance no one doubts, but which have not been built according to the rules? Does the “state of emergency” justify the disappearance of forms that guarantee respect for rights?

This affair has made headlines because of the “illustrious victims” of a mistake. However, in criminal investigations, there are several registered cases of web blocking orders issued without worrying too much about the “formalities”.

Often this happens due to haste, other times due to poor technical preparation. No one cares to object to such behaviour until a judge in Berlin will (hopefully) notices what has happened. However, it will take time, and perhaps it will never happen.

Nevertheless, there would be a practical solution: to make available to the authorities (judiciary, but also independent authorities) the possibility to directly execute the blocking by uploading IPs and domains to be blacklisted into a State-owned online platform.

In this way, while “blackouts” remain a useless and ineffective practice, everyone would clearly and directly bear responsibility for the decisions they make, leaving Internet operators free to do their job, instead of becoming “network sheriffs”.

Leave a Reply

Your email address will not be published. Required fields are marked *