Privacy & Security
Privacy: the Italian Flavour
In Italy, all kind of messages and information exchange may be intercepted. Most people think first to the snooping of telephone conversation or e-mail, but telefax are equally easy to monitor, and so are data transmission unless appropriate caution is taken, traditional mail, and even – through the use of “bugs” and directional microphones – private face-to-face conversations.
As everybody knows, typical scenarios where eavesdropping often happens are those related to industrial and commercial espionage, acquisition of confidential information for insider trading purposes, and criminal or other administrative investigations.
Basically, there are three possible kinds of privacy infringements:
- those undertaken by a public agency, the police for instance, duly authorised by the court; the information so collected may be used for any purpose, including as evidence at trial, and may even be previously leaked to mass media;
- those of a public agency, without due authorisation; the material obtained cannot be used as evidence in Italian criminal proceedings (unless, perhaps, as exculpatory evidence), and is likely to involve disciplinary and criminal consequences for the officer(s) concerned, but can still be profited from in many other ways, as – for instance – to acquire information which may be useful for further investigations aimed at collecting admissible evidence;
- those of a private third party; again such a privacy infringement involves a criminal liability for his perpetrator, but there is no rule in our system of law preventing its use as evidence in civil proceedings (principle of “male capta, bene retenta ” evidence, as opposed to the doctrine of “fruit of a poisonous tree”), and of course the party concerned can profit from its informational content in any other way.
You must also be aware that attorney-client communications are in Italy confidential, but NOT privileged, in the common law meaning of the word, unless, to a limited extent, with regard to the prosecution evidence in criminal proceedings, after the reform enacted in the mid-eighties.
On the other hand, in Italy we do not have any rules which limit in any way those initiatives aimed at the factual protection of one’s privacy.
You may therefore have your offices and phone lines routinely debugged; hire specialised personnel; adopt any cautionary measures against industrial espionnage which you may deem appropriate. Moreover, you cannot be obliged to disclose prejudicial evidence (unless, to a very limited extent, in IP-related proceedings, as a consequence of the enactment of GATT TRIPS in our jurisdiction); parties of a dispute and criminal defendants can never be examined under oath; and no process such as common law discovery exists in Italy.
Italian lawyers are obliged to secrecy, and must decline answering if they are interrogated with reference to their clients or any information related to the same, being otherwise subject to disbarment and criminal sanctions.
Furthermore, to better protect the confidentiality of the information entrusted to us and the privacy of your communication with the Firm, Studio Legale Sutti is available to participate, in addition to its internal policies already in force and at its own costs, in any measure which you may deem necessary and appropriate.
Security and Encryption
There are four pre-defined levels of privacy in your communications with SLS’s members:
- non-existent : conversation in public places and over mobile phones, mail sent in opened envelops, unencrypted Internet e-mail, IRC chatting, newsgroup postings, etc.;
- low-to-medium : telephone conversations, videoconference and fax transmissions (the latter being slightly better than telephone, being less subject to random eavesdropping), sealed mail, messages through commercial on-line services such as COMPUSERVE e-mail, hand delivery of unencrypted digital data on removable media;
- medium-to-high : point-to-point data transmission, messages sent through a point-to-point connection to our internal e-mail system, conversations in private places;
- high : conversations in secure places (as our offices), encrypted e-mail, or encrypted data, be they transmitted on-line, off-line, or delivered on the removable media of your choice.
We strongly suggest that you carefully consider which level is suitable to the message, documents or data to be exchanged.
We suggest in particular the systematic encryption of all messages and data transmitted to the Firm in digital form, by adopting the ad hoc utilities which are largely available in the market, and even on the Internet for free, this being a very practical, comfortable and fluid way to protect and deliver sensitive information with a high degree of protection.
While we understand that it may not be the case in other countries, such as France, encryption is absolutely legal in Italy, or better is squarely ignored by our system of law but for digital signature purposes, and we hope it will remain this way.
By systematically encrypting your messages, even those having no sensitive content, you also help to protect the privacy of other individuals, as you contribute to making it the standard practice, thus avoiding even the possibility that such a habit is considered as per se suspiciously unusual, as a number of interested entities would like to make everybody think.
If you are interested to learn more with regard to the legal status of cryptography in various countries, an easily accessible and frequently updated source is Bert-Jaap Koops’s Web site Crypto Law Survey, where it is also possible to subscribe to a mailing list announcing updates.
Methods and Keys
Unless otherwise agreed with our correspondents, Studio Legale Sutti utilises RSA asymmetric encryption through PGP (alias “Pretty Good Privacy”) for securing its data and communications, and for authentication purposes.
Such method, besides being virtually impossible to crack, makes it possible to disseminate freely the key used to encrypt data, without affecting the security of the “private” key, which remains necessary to decrypt them, and is not publicly disclosed. You may find further details on technical and legal issues related to PGP and asymmetric encryption, and instructions about where to find a version suitable to your computing platform, on The International PGP Home Page, or on many other Web sites.
You may also obtain the Firm’s PGP public key (version 2.6.3a) by clicking here, or by sending an e-mail requesting a return message with our public key (this is advisable and more practical if your e-mail program offers an automatic key management feature).
If you have not done so yet, you may also wish to communicate us your public key at your earliest convenience; or alternatively, you might use our key above to encrypt and send us a “special” public key, to be used exclusively by Studio Legale Sutti in dealing with you, so that its use will ensure the origin and the authenticity of the messages and data which the Firm will send you in the future.