Little cybersecurity and too much desire to monitor: privacy matters little to the public sector

In the last month several events have taken place which confirm a bitter truth: the little attention from the public sector (institutions, mayors, ministries, government) for the protection of personal databoth from the point of view of the recognition of the law itself and from that of cybersecurity.

This is not the first time, unfortunately, nor will it be the last. Only two years ago, these days, an eminent politician accused the Privacy Guarantor of constituting an “absurd bureaucratic hitch”. For the record, in that case, the Guarantor was right and, thanks to his indications, the situation of theIO app on which some reliefs had been presented, was resolved in a few days, without the country’s economy crashing as feared.

Going backwards, in chronological order, the news of an attack on the site dates back to a few days ago Ministry of Made in Italy, which has been inaccessible for some time (it is accessible at the time of writing). Little thing compared to the attack of which she was the victim ASL of Abruzzo in early May, with the theft and the publication of over 500 gigabytes of health data, which, in addition to the immediate damage received by the patients most at risk, who have not been able to receive adequate treatment quickly, will continue for an indefinite period of time given that those data can be used for scams and extortion. But the attack on the ASL of Abruzzo still comes after other similar attacks in other Italian regions, without forgetting what happened in the midst of the covid emergency at INPS websiteat a time when accessing that site was particularly important for many.

Considering that we are only citing the latest cases of a long series of attacks on our country, when it is not a matter of inattention by the public bodies themselves, if this would have made us think that it was the case to strengthen the role of the National Cybersecurity Agency (ACN) , on March 6 its first director, the professor Roberto Baldonione of the few national experts in such a delicate matter, was forced to resign, a sign of clear discomfort.

Going backwards, and going from the cases of cyber attacks to those of choices made with little judgment by the administrations, at the end of April the Guarantor sanctioned a municipal company that deals with waste management and which, as a deterrent, had published on Facebook some images of offenses obtained from the video surveillance cameras installed, in which the culprits were however identifiable. The same company, which according to the provisions of the European regulation should have a data protection officer, was found without one. All considering that the GDPRthe European data protection regulation, has just completed its first 5 years since its entry into force.

These examples report the shortcomings, due to lack of training and attention, in a sector such as the IT and digital one which requires it constantly. Everything goes digital and with the new European regulations arriving, such as the Digital Governance Act, the Data Act and the AI ​​Actthe exchange of data between public and private and between companies will be even more commonplace, and not being prepared would be equivalent to being ready to live at any moment without electricity.

Not just hackers, there is a danger of creating an Orwellian state

In addition to shortcomings, we also have cases of conscious choices, such as those who want push on the increased adoption of video surveillance, with the help of facial recognition.

At the beginning of May, the interior minister Piantedosi had said together with sacrosanct things, such as “video surveillance is a fundamental tool”, and that “the right to security must be balanced with the right to privacy” even a more daring one and that is that “the facial recognition gives further possibilities for prevention and investigation”, forgetting or ignoring the many official positions, even at an international level, which have expressed themselves against such drifts. These statements were made in the aftermath of the events at the Milan station.

That of Video surveillance is a topic that many mayors of all political colors like, because it instills a certain perceived security and it’s an easy and visible way to respond to citizens’ demands for a safer city. The Guarantor for the protection of personal data has regulated the phenomenon, first in Europe, since 2000, guaranteeing the full functioning of police and justice prerogatives, without harming people’s rights.

In Italy, however, there is a moratorium on facial recognition in public places, which will be valid at least until the end of the year. Although the Minister has said that he is in dialogue with the Guarantor to see what can be done, so far the Guarantor Authority has limited all attempts to use this technology. Then, on 11 May, the European Parliament approved the ban on this technology in its proposed amendment to the AI ​​Act. Indeed, according to the Parliament, the exceptions envisaged for law enforcement agencies to the ban on surveillance using biometric recognition were too extensive and would risk paving the way for an Orwellian society.

This authoritative position cannot be disregarded.

The European Union, and consequently Italy, must stay faithful to its principles of protection of fundamental rights, where the risk of being identified at any time cannot and must not be justified by security needs, except in extreme cases, carefully identified and in compliance with the principles of proportionality and necessity of the charter of fundamental rights. Opening up to the idea of ​​using facial recognition for “ordinary” security management would mean giving up one’s freedom forever.

Over time, indeed, the risk that it is up to the individual to have to demonstrate not be the framed person in a video it would lead people to no longer want to protest in the square, to frequent certain places, for fear of having to prove their innocence.

The so-called privacy is not an obstacle, but a bulwark and a foundation necessary to guarantee respect for other fundamental rights such as freedom of expression, information and movement.

Technological solutionism cannot and must not be the way forward just because it seems to be the easiest.