A few weeks after a groundbreaking pronouncement by the Supreme Court finally outlined the boundaries for the use of spyware in criminal investigations, Italian legislators’ interest for regulating the so-called “Trojan Horse” is gaining new momentum within the national political debate.
In fact, the discussion on whether or not the drafting of a specific discipline is needed for strengthening police and judicial enforcement while avoiding mass surveillance at large may soon be back on the Parliament’s agenda.
Although difficult, any attempt to limit the extremely powerful and intrusive features of all kind of trojans on individuals’ rights made so far has been deemed totally incompatible with constitutional guarantees, the Court’s ruling seemed at least quite likely to put back on track public concern over the need to regulate state hacking once and for all.
One step beyond, spyware can be defined as malicious software that can infect a device (smartphone, tablet or PC) and get access to all its activities (phone calls, email, chat, photos, web browsing history, files) also by activating microphone and camera to perform one of the most sophisticated and modern form of surveillance now easily available to worldwide prosecutors as well as authoritarian regimes.
In a country known for being one of the most wiretapped in the world, the echo of a new law specifically targeting the use of spyware by state authorities could mark an important step forward for individuals’ right to privacy and fair trial, while curbing the ongoing aftermath of events like the Snowden revelations or the infamous Hacking Team data-gate scandal of 2015.
However, as of today, the legislative proposal under discussion might only prove smoke and mirrors: Those who think spyware is inherently incompatible with the Constitution will in fact be satisfied as much as those who would like to maintain the status quo and let judges decide on a case-by-case basis.
Contents of the proposed law might include, among others, the principle stating that the use of spyware shall be regulated according to the Italian criminal procedure code’s discipline on search warrant issued by police or judicial authority, as well as the provision stating that any file, video and audio acquisition shall be performed in accordance with current rules and regulations on wire tapping.
In addition to that, in the spotlight there is also the need to allow access to “captured” data to lawyers in order to better comply with the constitutional right to a fair trial and achieve substantial equality between the prosecution and defense.
Furthermore, according to critics, there seems to be neither guarantee over the possibility of data manipulation by the same spyware used to collect them, nor any kind of protection against the possibility of accessing such data by judicial authority before any notification has been sent to a suspect and his lawyer.
In this scenario, the main purpose shall remain to regulate the use of trojans within the framework of national constitutional guarantees, by always keeping an eye on the limited elasticity of the criminal procedure code’s provisions on the collection of evidence within the course of an enquiry.
Another important provision regards the introduction of third-party certification mechanisms for spyware, as well as the creation of a mandatory national registry for keeping track of the dissemination of such tools in the national territory while guaranteeing a strict control on whoever is authorized to use and have access to them and for what purpose.
Is it possible, however, to trust spyware certifications while keeping up with the ever-changing international scenario of technological development? The current legislative proposal does not seem to address this point, therefore the question remains unanswered and up for further discussions to come.
In conclusion, a serious process of reform seems to be finally on the move and although the direction it will take is unpredictable at the moment, there are still good chances of success if the Parliament will receive the proactive support from competent public authorities – with particular reference to the Italian Data Protection Authority, the National Agency for Digital Development and the Ministry of Justice – aiming at building a constructive interaction for finalizing a thorough discipline of state hacking in all its forms.
While ongoing parliamentary debate about the proposal continues, questions on how to cope with the potential intrusiveness of such tools in an effective way or how to better preserve individuals’ rights from state hacking still stands and shows no sign of backing off from the imperishable private vs. security worldwide public debate.
Finally though, space for further legislative maneuvering on the proposal is likely to be needed, and that will definitely impose legislators and regulators to be, first of all, patient and, not less important, show the capability of balancing all the interests at stake in order to avoid the risk of creating a new judicial “Far West” in which the use of spyware could become the rule or, even worse, being left largely unregulated.