Search Form Portlet
Interception of Communications 05
Interception of Communications – Guidance Povided by the Garante
Following a deep-ranging investigation carried out by the Italian DP Authority between August and December 2005 in respect of the mechanisms whereby telecom operators comply with judicial requests to enable interception of communications, the findings obtained clarified that the operators do not access the contents of the intercepted communications and merely duplicate the communication line pertaining to the person under judicial investigation by routing the said line towards a telephone interception centre specified by the competent judicial authority.
However, partly on account of the processing of personal data concerning both the person under investigation and third parties as well as of the additional services provided by telecom operators in these cases (e.g. geo-location of the relevant user, retrieval of data contained in the census register), some specific safeguards to be implemented when carrying out such operations were set out by the Italian DP Authority. They include:
organisational measures: limiting the number of the persons in charge of processing the interception data; implementing strict quality and consistency controls as for authentication credentials; separating accounting data from other data as produced during the interception activities; implementing robust authentication procedures for the staff in charge of accessing the data, including the use of biometrics;
measures to enhance security in communications with judicial authorities: use of electronic signature to encrypt documents; use of certified electronic mailing; use of up-to-date technologies to communicate with judicial authorities by avoiding, for instance, facsimile communications;
measures to improve data protection: development of information tools to ensure supervision of the activities carried out by each staff member via creation of an audit log; implementation of advanced encryption systems for as long as the data remain in the telecom operators´ databases; erasing the data immediately they have been communicated as appropriate to judicial authorities.
A six-month term was set out for telecom operators to comply with these instructions.
Nuove misure di sicurezza presso i gestori per le intercettazioni - 15 dicembre 2005 [doc. web n. 1203890]