The 23 December 2016 came into force in Italy the so-called FOIA, or the Freedom Of Information Act publicized as the law that gives all citizens the opportunity to request information and public documents in a free way, similar to what is done in the United States already by 1966.
I do not want to talk about the law but, if anything, its effects and among these also of the risks to which we are going and which perhaps have not been fully taken into account.
To do this I will make use of material published on the internet on the site of a group known as Chaos Computer Club (CCC), an association of hackers (ethical) German born the 12 September 1981 based in Berlin, which has about 5.500 registered members, constituted in non-profit association and with its own code of ethics.
What do you say, a German hacker association with an Italian law?
Just spend a half an hour browsing the internet to understand: Italy's surveillance toolbox, is the title of the video posted on the website of the association and highlights how we can carry out intelligence activities using public information, today even more easily than once thanks to the entry into force of the new law.
The video, recorded during a convention of the 30 club last December, highlights the results of a study conducted by the Italian journalist Riccardo Coluccini. The aim of the project was to take advantage of the availability of public data deriving from purchasing activities, data required by the laws on transparency and anti-corruption, to discover the surveillance capabilities possessed by the Italian government.
From the video it is easy to understand how, from the use of public data and information obtained through the application of anti-corruption laws, it is possible to analyze information such as:
- national capabilities of the surveillance world;
- Italian companies working in the field of surveillance;
- expenditure incurred by the Italian government or its members in the field of surveillance;
- technologies used in the sector;
- economic offers;
- official retailers of foreign technologies in Italy.
As an example, during the conference two projects of the company CY4GATE were analyzed, the WIFI CATCHER project (system for the location of wifi networks) and the NET-INT project (platform for monitoring telephone calls, chat, instant messaging, social media and VoIP).
As I said it is just an example, in the video are also analyzed other Italian companies and proposed projects. Information obtained, as already mentioned, thanks to the possibilities offered by the appeal to the FOIA.
All this information is now made available to everyone, in fact the purpose of the CCC is precisely to make all information available free and available.
I do not want to go into the merits of the usefulness of the work of the CCC but rather, putting myself in the shoes of a state, of the risks that can arise from making information free.
In any case, I would like to underline the fact that a Public Administration can also deny making information public if it considers that these should be protected, something that has happened on more than one occasion and that Coluccini has clearly highlighted.
The problem of course is not in the information itself, but how these could be used and by whom.
What could happen if, instead of being in the hands of ethical hackers, this information was used by unethical hackers who are very interested in profit?
And again, who tells us that this is not already happening?
Nowadays, the availability of interconnected networks makes the world smaller and smaller, technology allows us to gather information quickly, analyze it, process it and use it (or sell it) as possible.
There are tools that allow you to overcome the boundaries of a computer network and to penetrate within companies in search of secrets, projects, patents or personal data, financial etc ...
The question I ask myself is the following: was it really necessary to provide this information publicly on companies that work for the state in certain sectors?
Perhaps the FOIA should be rethought.
To learn more:
- http://www.funzionepubblica.gov.it/articolo/ministro/20-12-2016/freedom-...
- https://media.ccc.de/v/34c3-9148-italy_s_surveillance_toolbox#t=1669.
