Andrea Monti – Page 112 – On ICT law, politics and other digital stuff

March 5, 2014March 5, 2014

Data Protection vs Data Retention

One of the oddities of the Data Protection legal framework is the relationship between Data Retention and Data Protection and the (wrong) notion that when the retention period has expired, the retained data must be deleted.

Let’s start from scratch: as soon as the services work properly, an ISP has no need to preserve the traffic data, but since we don’t live in a perfect world, problems happen so it is necessary to retain some information for troubleshooting and traffic shaping; furthermore, customers’ claims, billing and legal issues strongly support the need to save some more information. Thus, ISPs – though on a voluntary basis – do collect and retain traffic-related information as long as these information are useful to pursue legitimate goals.

Enter the Data Retention. With a questionable motive, ISPs are now forced – forced – to retain for a limited time some traffic data for the sake of the law enforcement community. In other words, what before the Data Rention Era was voluntary, now is mandatory.

But what happens when the mandatory retention period expires? The answer is (supposed to be) easy: the ordinary Data Protection legal regime comes back into force, so the ISPs are – or should be – free to either continue keeping those data (for legitimate purposes) or deleting it.

March 3, 2014

On Death and Corporate Culture

Giancarlo Livraghi, who passed awat last Feb. 22, is not only one of the Fathers of the Italian Internet and a civil rights advocate. He is one of the most influential player of the international advertising business.From 1980 to 1993, until he retired to focus himself on the cultural implication of the (then) newborn Internet, he founded and directed the Livraghi, Ogilvy&Mather, now just Ogilvy Italia.

The sad news made a fast round in the advertising community, but neither the Ogilvy corporate site nor the Italian spent a single word to say “good-bye” to one of its top men ever (at least: I thoroughly looked for, and found nothing, even through Google.) This fact reinforced a disturbing belief I’ve developed interacting with the US-based management style: when you’re gone, you’re gone, no matter how good you did for the company. After all, a human being is just a “resource”.

Then compare this approach to the management style of Adriano Olivetti. True, Olivetti ? – the company that, before Richard Stallman, invented the powerful concept of Open System Architecture – is no more than a vague name in the ICT business. But its management style is still an unsurpassed way to make people work together.

February 28, 2014February 28, 2014

Reverse Engineering of the gray world: Intelligence as a black-box

Back to one of my first love: next March 11 (Rome University La Sapienza) and 20 (Milan University Statale) I have been asked to talk about “Reverse Engineering of the gray world: Intelligence as a black-box” and “Use(less) online Open Source Intelligence”.

February 27, 2014

A sad news

Giancarlo Livraghi, a great man, passed away last Saturday.

So long, my friend.

February 25, 2014

The EU Cookie Directive: there is not just HTTP out there!

The EU Cookie Directive, the “privacy-hyped” piece of legislation that forces websites to display a “cookie-waring” for the sake of “privacy protection” is flawed by two weakness.

The first is technical: HTTP (the web, in other words) is not the only protocol around and – though admittedly there are a lot of people using it – there are other ways to use a network that don’t involve a browser. I know, the “command-line” era is gone (it actually is?), there are no “clients” anymore to chat or to do other stuff (there aren’t anymore, actually?) and so on, but what the EU Cookie Directive was built upon is simply a misunderstanding of how the Internet works. By focusing on a single, tiny piece of technology, the EU allowed the idea that technologies have to be regulated instead of the use that humans do of it.

The second mistake is legal: as soon as a network(ed) resource ‘s user is not identifiable than there are no personal data involved. Thus, the privacy of somebody who access a website without disclosing somehow his personal identity is not at stake. Of course I’m aware of the issues related to the anonymous profiling, the fact that no matter if I know exactly who you are, I’m nevertheless able to lure into your personal habits and so on.

But the law is made of both words and definitions: as much as you can stress one or all of them you can’t do it up the reverse the basic meaning of the rules – its ratio as the Latins scholars loved to say – i.e. no identification, no privacy protection. We may, rightfully, disagree on that and claim that a further protection is needed. But this doesn’t justify turn the law upside-down.