Posts

Posted on

Net-Threats: How To Lie With Statistics, Again

Another example of how a non-statistical-based research is turned by poorly informed journalists into “scientific truth”. Net-Threats is a survey collecting the opinions of a certain number of “experts”: as its authors clearly state:

Since the data are based on a non-random sample, the results are not projectable to any population other than the individuals expressing their points of view in this sample. The respondents’ remarks reflect their personal positions and are not the positions of their employers; the descriptions of their leadership roles help identify their background and the locus of their expertise.

But this part of the survey – that nobody but the concerned people will ever read – is missed in the ? poor journalistic account of the news and the readers will be given the wrong idea that the figures quoted are for real and that the findings are “true”.

By the way, as in the other “statistical” research about the value of personal data, I’ve written about, the findings of this survey might even be acceptable. But there is no need to beef it up with figures and percentage show off that give the general reader a wrong information.

But in this case, the culprit is the journalist.

Posted on

The Data Protection Authority Leak And The (Now) Hard To Find Article

The title that links the article about the leaked Italian Data Protection Authority secret report is no more easily accessible on Repubblica.it (the newspaper that did the scoop.) There is no trace of this link in the home-page, and the title is missed in the Technology section.

If you are quick enough, a one minute short video clip gives you the possibility to click an anonymous link (labelled “Leggi su Repubblica.it” – “Read it on Repubblica.it”) and finally the article comes on screen.

Technically speaking, then, the article is still online but now in a hard-to-find form. And this is rather odd, because other older and less important articles (such as the valueless research on the personal data selling price) are still featured in the technology section of this newspaper.

Posted on

Coca-Cola And The True Meaning Of Copyright

The new Coca-Cola marketing campaign in Italy puts on its bottles quotes from popular Italian songs. Of course this has been previously negotiated with the copyrights holders but not with the single artists that sold their song to the music label.

Technically speaking, Coca-Cola did nothing wrong and its activity is perfectly legal. But one of the featured singers, Caparezza, didn’t like his songs to be exploited the Coca-Cola way.

Under Italian Copyright Law, Caparezza and – broadly speaking – an artist have no actual protection in such case since once the tune has been sold to a music label, the musician only retains the “moral right” (mainly the right to be credited as the author, and the right to oppose any mutilation of his work.)

So the question is: whose interests copyright is supposed to take care of?

Posted on

An Italian Data Protecion Authority Secret Report Leak?

According to an Italian newsmagazine, a non-for-public eyes investigation of the Italian Data Protection Act would have found severe security problems in the management of the Internet Exchange Points (the points of the Italian telecommunication network where the various telco networks are mutually interconnected.)

A first remark is that the King is – or might be – naked. If this secret report actually exists (and the IDPA didn’t deny its existence) and has been leaked, the Authority’s information security is not that good, and – therefore – the IDPA should fine itself for this non compliance, instead of just targeting the rest of the (industrial) world.

Coming to the heart of the matter, in the words of the journalists that authored the article:

there is an enormous black hole in the security of the Italian telecommunications. A hole so wide that allows whoever with a proper equipment to have available phone calls, SMS, emails, chat, and social-network posted contents.

The journalists claim that the report verbatim says:

These device are equipped by technical features that can allow the traffic duplication, in real time, of the traffic in transit diverting it to another port (port mirroring)

and that

if somebody wanted to look at the traffic in transit this would be easily done with specific analysis tools …

It is amazing how this article – and the IDPA findings, if proven true – are so poorly legally and technically savvy because:

  • the possibility of performing a port mirroring is necessary to the public prosecution and intelligence agency activities. The point, then, is how and by who these feature are exploited rather than its mere existence, that like-it-or-not are necessary for investigative purposes. One day, maybe, it will be possible to disclose some of the ways traffic data information are asked, but this is another story…
  • there is no evidence of the port mirroring features being abused, misused or cracked,
  • performing a port mirroring in an Internet Exchange Point is not as easy as the article and the IDPA report(?) says: it is not like Independence Day computer virus uploading or Swordfish’s Hugh Jackman “under pressure” hack,
  • there is an easy way, available almost since day one of the pre-internet era to protect users’ communications without caring of what the ISPs do: client-based encryption. But I assume that the Minster of home affair wouldn’t like an IDPA endorsement of the “crypto-for-the-masses” slogan,
  • oddly enough, the IDPA secret report (if true) doesn’t address the serious problem of network devices proprietary firmware and operating systems that prevent an ISP to check on its own the existence of backdoors (as in the recent Cisco affair) and other security flaws.
Posted on

The Internet Bill of Rights. A Dangerous And Useless Idea

Italy (or at least, a little but noisy group of old-school netizens, politicians and academics) is in pole-position at the race for the Internet Bill of Rights, a sort of “constitution” to grant “internet rights” to the people.

The Internet Bill of Rights is useless because doesn’t add a set of rights that we don’t own just yet, and is dangerous because, on the contrary, would add more confusion to a rather chaotic situation.

In the Western World we have plenty of rights such as: data-protection, personal privacy, free-speech, freedom of commerce, freedom for press, copyleft and copyright. But what we actually lack – in Italy for sure – is a FAIR ENFORCEMENT of these rights: the fundamental rights that are taken for granted on paper, when challenged in court or in the parliament are twisted and torched to meet the need of the moment.

Think of the ridiculous extension made by local courts first and then by the Corte di cassazione (the Italian Supreme Court) of the “seizure” legal concept up to including the Internet traffic filter, or the way the Italian Data Protection Authority is working as a censorship machine, taking over the freedom of press, the Communication Authority, that self-gave the power to shut down Internet resources accused of copyright infringement, without any judicial review or, yet, the Antitrust authority that has been given the power (that was supposed to be reserved for a judge) to tell as illegal a contractual provision between a professional and a consumer…

This is typically Italian: pretend to fix a problem by passing a law, and immediately forget to check whether and how is enforced. And when the “need” arises, the old joke comes into play: law is enforced against enemies, interpreted towards friends.