They are Legion, not cyber-terrorists

17th May. At dawn the Roman DA Office and the CNAIPIC[1]kick off operation “Tangodown” against some alleged members of Anonymous Italy: four people end up under house arrest, while six others are searched by police and dozens of computers and IT devices are sequestered by security forces. All those people are charged with the same accusations: criminal conspiracy aimed to damaging IT services, illicit IT communication interruption, abusive access to IT services. In the following weeks Anonymous’ reaction is not long in coming: a steady stream of attacks first hits the Roman tribunal website, and then the ones belonging to security forces’ unions SIULP and SAP. Finally, they go for the big prize: they put the Ministry of Interior in their sights, whose servers get violated while stolen materials are published on the web. This would be enough to deny the prosecutors’ official version that, a few hours after the arrests, was already talking about “having decapitated Anonymous’ leadership”. And yet many other doubts are surrounding police detectives’ conduct: from resorting to anti – terrorism laws towards the activists to charging them with associative crimes that, if confirmed during the trial, could cost the defendants jail terms ranging from three to seven years. Infoaut decided to read between the lines and interviewed lawyer Fulvio Sarzana, jurist and specialist in information law, that has been focusing on digital technologies and internet for ten years.

IFF – It is not the first time that the Anonymous Italy network gets targeted by security forces. In July 2011 already, the Roman DA office ordered dozens of search warrants against alleged members of the movement, notifying them charges of abusive access, damage to IT systems and public service interruption. Even then the investigators’ action was guided by the DA Perla Lori in coordination with CNAIPIC. Nonetheless there is a big difference between the two investigations: during the Tangodown operation the indicted have been charged for the crime of virtual criminal conspiracy, too. Actually, what does it change?

Criminal association is a sort of macro – crime that overlies the others. If we want to use a metaphor, we could say that it is generally used as a covering film: whenever it is notified, some usually forbidden investigations (for example undercover ones) or activities (such as resorting to interception techniques even for the single allegations) are carried out. Thus it implies the possibility to be investigated, with all the consequences, only for having been part of a particular association, regardless of personal responsibility for any action. This is exactly what has happened in the latest Postal Police operation against Anonymous Italy: as much as media have reported so far, one of the involved guys was only moderating a Facebook fan page without having never joined a real attack in any way. But the mere circumstance of being charged for virtual criminal conspiracy – so formulated because all the people were living in different cities and because it is difficult to prove the existence of a stable organisation or a common goal stated during physical meetings – have entailed that people who probably had never joined certain actions nonetheless got included in that criminal allegation.  And this is not the only controversial element about “Tangodown” operation. I’ve found equally odd the recourse to anti – terrorism legislation, which is the so called Pisanu decree. We can more or less criticize the legitimacy of Anonymous’ actions, but if laws like these are used….then, I think that the terrorist activity targeted by the investigators should be somehow publicly disclosed.

IFF – In fact, since the earliest hours after the arrests, you raised strong doubts about the very fact that the investigators decided to opt for art. 7 bis of the Pisanu law – remembering how it has been already questioned in the past for its «operational range». Indeed, we can ask ourselves why they decided to use a norm explicitly formulated (textually quoting) «for the prevention and repression of terrorist activities or for actions aimed to support terrorism by using IT means» in order to hinder the activist form adopted by Anonymous during the last two years in Italy.

We should take into account the context in which this law has been thought and written – immediately after the London terrorist attacks in 2005, that is. By then, its purpose was to repress specific terrorist activities, such as cybernetic attacks that could have disrupted critical Italian infrastructures (that should be under CNAIPIC‘s competence). On the contrary, the activities Anonymous held during the last two years had a demonstrative function. Besides, they have been accomplished by subjects that had neither terrorist nor lucrative purposes: this, in my opinion, should exclude the possibility to consider that law applicable. This is where the uncertainty about the concept of «operational range» does come from. That is to say the doubt comes in advance, about the possibility that structures such as CNAIPIC would be allowed to carry out investigations of this kind. In order to reconstruct a general competence by the CNAIPIC, we should imagine that the protagonists of these actions would have been moved by destructive purposes towards critical national infrastructures. Now, how can we consider the SIAE[2] as a critical national infrastructure? But even if we talk about the attacks against Trenitalia[3]…Then we are talking about websites, about showcase portals, surely not about crucial Italian IT infrastructure nodes nor about private banks, whose destruction would entail certainly broad repercussions.

IFF – Let’s go back for a while to the virtual criminal conspiracy offence. You pointed out how this crime has been more than once considered not applicable both in judgement and trial venues. Besides, the Court of Cassation during a judgement in 2005 specified how determining this type of offence requires proof of some particular requirements during the investigations. Among these, the presence of a stable associative bond, an organisational structure, recruitment procedures and affiliation practices are included. They are elements little matching per se with the organisational forms developed in the web, and in particular with Anonymous’ own one – notoriously shaped by heterogeneous and temporary alliances, disposed to take on the traits of a swarm rather than of a centralized and structured avant – garde. The message that appears in all Anonymous’ chats is exemplifying in this sense: «Rule n. 1: never ask how to join Anonymous». How is it possible, then, that the Roman DA office is opting for the virtual crime conspiracy allegation?

It’s the weirdest element in the whole story. During a press conference the public prosecutor pointed out that this is the first time that such a crime allegation is used in Italy. Press news state that at least four people would have attempted to get profit from their position and from the Anonymous’ brand. Yet, the same activists unaffected by the police roundup have strongly denied this reconstruction. Moreover, using the elements we have, it seems that at least two of the arrested had not been involved in any lucrative activity. This is strongly remarkable under the juridical profile as, if it was true, the minimum required number of people established by law to configure the criminal conspiracy offence (which is three) would be missing. The investigators speculate about a criminal association committed to software cracking activities upon payment. And for whom? For only four people? Or even for the other six searched people? What is the proof of the lucrative purpose? We will see the investigative evidence but, as regards what we have seen so far on the newspapers, I do not see elements about economic requests. In my opinion I strongly doubt that the criminal conspiracy type of offence can be held after a judicial evaluation. Moreover we should stop for a while to analyse the characteristics that the Anonymous phenomenon has acquired on a global and not only Italian level: there are no chiefs, an ad hoc association does not exist, nor a top-down structure do. How can you think about applying this type of offence against such an entity? I would like to do a counter – example to be clearer: it is like notifying an associative bond to different people living in different countries who decide to join a netstrike (or any form of web demonstration). It is an hypothesis not included to this day by any penal action modality.

IFF – For at least 30 years Italian judicial tradition has seen the emergence of a clear trend. In order to introduce associative types of offence, the institutions tend to exploit sensational events with the purpose of getting ad – hoc laws out of that: the outcome is what we could define as a emergency laws’ stratification lacking a codified discipline in a traditional sense. One example could be the 1975 Reale Law, the Eighties’ Cossiga Law and the 1989 401 law, tightened up after the events in Catania that led to the death of police inspector Filippo Raciti. Aren’t we in front of the same scheme even in this case? What is happening with Anonymous Italy’s hacktivists (immediately addressed as “cyber – terrorists” by some newspapers) could not be the ideal test bench to fine-tune the virtual criminal conspiracy type of offence?

Unfortunately in Italy, starting from Reale law, emergency purposes have been introduced by urgency decrees. The problem is that the urgency runs out, but the laws remain. We have been having for more than thirty years a norm that prevents from wearing crash helmets during demonstrations, as it can configure a face misrepresentation. We also had norms that prevented to fill a bottle with petrol, even in case of a motorcycle breakdown, because it could be a Molotov cocktail. Now, I believe that the same scheme is coming up again with the web. Even for this reason these guys’ trial events should be watched carefully in the future. Yet, we have to consider that until 2008 jurisprudence used to state that there was no chance of inhibiting the access to websites. Even the Court of Cassation spoke out clearly about that, especially regarding providers’ status: they are not allowed to practice censorship, neither by blocking IP addresses nor through the DNS. Then suddenly jurisprudence changed, and nowadays in Italy there is a requisition through providers every three days. This image is the litmus test of the ongoing changes. Surely, should we be coming up with a jurisprudential definition of the virtual criminal conspiracy, it could mean that people unknown to each other and attending a selfsame forum – maybe deemed as subversive by authorities – could be considered part of a criminal association, even though they never met outside the web.

IFF – The operation against Anonymous Italy is also impressive because of the context in which it stands. On an international ground, in the last months we have seen an escalation of tension (luckily limited only to media accusations) between China and United States precisely about cyber – security, a theme that Obama has addressed as a priority to achieve in his second mandate. Then, if we stick to the Italian scenario, the last months have been filled by alarming signals. Only to mention some of them: the statements by the Chamber of Deputies president Laura Boldrini, by the Senate president Grasso and by other members of the Parliament that seem to indicate a total continuity with the ones made by the Italian political class during the last ten years about digital rights; the re – proposition of the Alfano decree (renamed “blog – killer”) by the PdL[4] member Costa; the AGCOM[5] comeback for the approval of a norm in copyright’s defence – whose real purpose seems only to satisfy the Industrials’ Association and to strike OTTs such as Facebook and Google; not to mention the Monti decree in January about cybernetics protection and IT national security, that includes the possibility for the intelligence to access private and public operators’ databases without a judiciary intervention. Is a crackdown against internet freedom coming up in the future?

From ten years to now the web has been targeted by a campaign that includes diverse requests in order to penalize dissent on it. And not only in Italy: we have seen the same thing during these days, with the arrest of 24 guys that were using Twitter to tell the world what was going on in Gezi Park. If they were to succeed in introducing an emergency law the damage would be huge: this would not be about a delimited setting, as it had been for street demonstrations during the Seventies, but it would have a much broader extent, which is the whole online information world, especially the free one. The ongoing attempt is about making identifiable – and then subject to control – the netizens. The end of web anonymity represents a means for the institutions to prevent criminal activities. But its consequence it’s the possibility to put a gag on the web in order to limit the dissent that crosses it. This is why, in my opinion, the real battleground will be anonymity. The point at issue will be the idea of web freedom itself, and the possibility to get the nickname and the identity that everyone prefers (which, nowadays, it is totally licit and legal). Then, on the other side of the barricade, we will find those who, starting from the abolition of anonymity, would want to take the chance to introduce a broader surveillance dispositif; toward a medium that nowadays, to all intents and purposes, is one of the most important places for sociality as well as for information.

InfoFreeFlow (@infofreeflow) for Infoaut

[1] Centro nazionale anticrimine informatico per la protezione delle infrastrutture critiche, a specialized unit of the Postal Police working to prevent and curb computer crimes directed against critical national infrastructures.

[2] Società Italiana degli Autori ed Editori, a body responsible for the protection and exercise of copyright in Italy

[3] The primary train operator in Italy, owned by Italian government

[4] Popolo delle Libertà, Berlusconi’s centre-right party

 [5] Autorità per le Garanzie nelle Comunicazioni, regulator and competition authority for the communication industries in Italy.

  1. Nessun commento ancora.
(non verrà pubblicata)