Skip to content or view screen version

autistici/inventati review II

((i)) | 24.06.2005 08:36 | Repression | Social Struggles | London

english translation of the second review by autistici/inventati

Let's try and summarize the facts.

The cryptographic services (those which guarantee e-mail
confidentiality, for example) offered by the Autistici/Inventati server
located at Aruba's webfarm have been compromised on 15.6.2004. We have
become aware of this on 21.6.2005. One year after.

On that day, one year ago, the officiers - aka Polizia Postale - working
on the enquiry that leaded to the suspension of a mailbox
(croceneraanarchica-at-inventati.org), in collaboration with Aruba's
staff, switched off our server, giving no notice or communication
whatsoever, and copied the keys they needed in order for them to be able
to decrypt the Webmail, which works under the encryption protocol
recognizable by the https acronym; since then, they potentially got
access to the whole content on the disk, including each user's private
data.

When we became aware of the impossibility to reach the server, we
repeatedly phone-called aruba webfarm's again and again, asking for
explanations about the down. They invented some false techincal
problems, comfortably deciding that their customers, their contracrual
agreements, their user's rights aren't worth a phone call to inform the
server's owners; that's a place where lies and lack of respect for the
most fundemantal civil rights rule.

Our presence and that of our lawyers during their action would have made
it possible to let them collect the data with no violation of the
privacy of all the users who utilize our encryption services: at least
we could and would have warned our users in time.

We always suspected that a company with such a self-explaining name
['aruba' reminds of stealing], with a webfarm located in Sergio Ramelli
street (S.R. was a much extimated fascist martyr, according to what
Paolo Landi, reception clerk at the webfarm, told us), was not to be
trusted, not under a personal perspective nor under a technical one.

The awful service they provided got us sadly used to hearing poor
excuses for lots of technical problems.

Unfortunately, in june 2004, we had no other choice. The server had to
be located and none of the other places we had found gave more
guarantees about customer's privacy and respect of contractual duties.
We decided to rely on them, and we did wrong.

What happened is very serious for us, and we don't want to hide behind
unlikely prospects of revenge. It will be a difficult battle, that we'll
fight on every possible field, including the legal one.

Our daily paranoy about personal data security, aimed at defending all
our user's data, did not suffice, for lack of resources and maybe for a
subconscious and inappropriate confidence in laws which rule privacy
rights.

We interrupted our cryptography services, since at this time they're no
longer secure, and we'll soon interrupt our mail service too. We will
soon reactivate a second cleansed-up server at a different provider.

But this will not suffice. It's quite clear that in order for us to face
an ever growing use of men and instruments for systematic violation of
user's privacy, it's necessary for us to rethink the sense and strategy
of our project.

Aware as we are of the state of weakness we are in (sadly proved by the
fulfilment of the worst theoretic scenery), we have been working for one
year now on re-building our facilities, adjusting as much as possible
the attention needed for a minimum user's privacy. Soon (within the end
of summer, we hope), we'll give out technical details which we hope will
make some clearness about the extent of the effort that is needed to
build the minimum necessary facilities which can assure those which in
theory should be civil rights [...].

But there's one thing that has to be clearly understood by everyone:
it's not possible to delegate privacy management to someone else. No
political structure or technological tool can assure your privacy.

Therefore we invite everyone, once again, to autonomously provide
his/herself with strong cryptography tools (such as gpg) and utilize
them for securing email communications and data storage on their disks
without blindly relying on others. Consciousness should do the rest.

As far as we can be concerned, we just can assure we'll keep on doing
what we can to protect your and our communication's confidentiality, and
freedom for everyone to express and communicate.

2005-22-06. Autistici/Inventati collective.

((i))
- Homepage: http://italy.indymedia.org/news/2005/06/819001.php