=Paper=
{{Paper
|id=Vol-1816/paper-17
|storemode=property
|title=Rules of (Digital) Evidence and Prosecution's Actual Needs. When the Law Falls Behind Technology
|pdfUrl=https://ceur-ws.org/Vol-1816/paper-17.pdf
|volume=Vol-1816
|authors=Andrea Monti
|dblpUrl=https://dblp.org/rec/conf/itasec/Monti17
}}
==Rules of (Digital) Evidence and Prosecution's Actual Needs. When the Law Falls Behind Technology==
https://ceur-ws.org/Vol-1816/paper-17.pdf
In Proceedings of the First Italian Conference on Cybersecurity (ITASEC17), Venice, Italy.
Copyright c 2017 for this paper by its authors. Copying permitted for private and academic purposes.
Rules of (digital) evidence and prosecution's
actual needs. When the law falls behind
technology
Andrea Monti
Adjunct Professor at the Master in System and Network Security
Rome University "La Sapienza"
lawfirm@andreamonti.net
Abstract
This paper analyses the evolution of the methods applied by the Italian Public
Prosecution Service and Law Enforcement community to the digital investigations.
Starting from the early criminal trials, back in 1994, the paper shows how specific
investigative trends have been anticipated by the "field necessity", and how the inability
of the law to keep the pace with the rapidly-changing scenario led to mistrials and bad
decisions that, to "save" a single trial, affected the legal system as a whole and the right
to defense.
1 Introduction
Legal precedent in the field of digital investigations/digital evidence admissibility is
burgeoning, resulting in digital forensic practices that are guided by industry standards
developed from a mix of conjectural empiricism and anecdotal abstraction. In other
words, our techniques are informed by what we think will be admissible and/or reliable
based on how courts have ruled on other types of digital investigations or by
analogizing to rulings on traditional evidence. In the absence of precedent, questions
concerning "will the X evidence be admitted or carry weight if I do loom for digital
investigators, and we are left with inefficient avoidance of risk. (Kennealy & Monti,
2005)
More than ten years have gone by from when this statement was first written and high profile,
computer crime related cases have been tried in court, but the current legal and technical problems of
the digital investigations in Italy are still the same:
166
� Forensics is still at an early-developed stage and the criminal Courts often tend to
underestimate the relevance of properly acquired digital evidence, focusing more on the
merit of the infringement. (RAND Europe, 2002).
Furthermore, network investigations are made difficult by old-fashioned criminal procedural
provisions and a lack of training among the judges, prosecutors' services and the law enforcement
community.
Facing the need to secure at (almost) any cost the result of a digital investigation and often lacking
even a minimal understanding of the science behind the technology (Gennari, 2016), the courts - at all
instances, up to the Corte di cassazione (Supreme Court) - have used their power of interpretation to
allow technically questionable evidence to remain in the triali or to fill either legislative or logistic
gaps. (Monti, 2010)
Notwithstanding the 2008 update ii of the Italian Rules of Evidence by the enforcement of the
2001 Budapest Convention on Cybercrimeiii, a remote computer search or a data seizure still require
heavy paperwork before even leaving the prosecutor's office, thus weakening the effectiveness of the
investigation. And even when the "bureaucracy price" has been paid, the actual execution of the
activities, as will be apparent in the next pages, much too often relies on the expertise of the private
sector, as in the case of e-mail wiretapping, or website blocking.
Last but not least, the very promising 1.136.966 Euros EU funded Cyber Tools Online Search for
Evidence (CTOSE) project launched in 2001 and ended in 2003 (European Commission, 2003), is
now a webpage in Japanese dedicated to allergy issues (Allergy'sABC).
2 Digital Investigations' Technical evolution
2.1 The early days (1994 - 2000)
The core of the Italian digital investigative techniques was originally shaped by copyright and
child pornography cases (Monti, 2004).
Early methods, dating back to 1994 during the Italian Crackdown (Gubitosa, 1999), involved the
use of the Telemonitor TM 40 (a modem-to-modem wiretapping device), online covert activities to
"engage" the system operators of the pre-Internet Bullettin Board System (BBS) and encryption to
"seize" a part of a mass-memory without removing the whole computer (Chiccarelli & Monti, 2011).
None of the investigative techniques mentioned above included computer forensics methods of
some kind because the then in force Criminal Procedural Code did not make it mandatory.
Furthermore, the use of undercover law enforcement officers - allowed only when investigating drugs
or weapon-related crime - was notwithstanding adopted in a copyright infringement case (the above
mentioned "Italian Crackdown".) Not knowing exactly how to collect evidence of the software
installed into a PC, the law enforcement officers made extensive use of the "print screen" command as
the sole means to document what they did find during an in situ search. This poorly conceived method
has been proven ineffective if not assisted by further verification.
The decision n. 1006/01 issued by the Court of Chieti on November 23, 2001 acquitted the
defendant, charged with copyright infringement, because the Guardia di Finanza failed to check if
the allegedly illegally installed software could actually run on the seized computer. During the trial,
the Prosecutor-appointed digital forensic expert testified that the laptop technical specifications were
much too weak to run the vector-graphics software installed. The implication of this technical
assertion related to the manner in which the defendant could have used the software. The acquittal
came out almost automatically.
167
� While not allowed by the the law then in force, the use of undercover officers in a remotely-
performed investigation was the hint of a real need and a de facto anticipation of the upcoming
amendment to the limit of covert operations set forth in 1998 by the "child pornography act" (CPA).iv
CPA's Sect. 14 empowers the Polizia postale e delle comunicazioni (while not extending the
possibility to the other law enforcement entities such as the Arma dei Carabinieri and Guardia di
Finanza) to set up and manage undercover Internet child-pornography oriented websites or chat.
An interesting enforcement of the CPA comes from two child pornography cases investigated by
the Prosecutors of Torre Annunziata (IT) and - separately - Catania, targeting a users’ community
hosted by Microsoft's MSN.IT.
A letter dated September 25, 2000, signed by Microsoft's Corporate Attorney EMEA reveals that
the users' activity logfiles have been generated, collected and analysed in the USA, sent to Microsoft
Italia and finally given to the Prosecutors. While, of course, there is nothing odd in the fact that a
private company should cooperate with the Prosecution Service, the fact that the computer forensics
has been performed in the USA on USA-based servers (while not even taken into account by the
Prosecutor) anticipates the issues related to shortcutting the formality of the Criminal Procedural Code
and the rules for the international judiciary assistance as emerged in the Pirate Bay case (see infra.)
2.2 Before the enforcement of the Budapest Cybercrime Convention
(2001-2007)
A child pornography case that is strongly pertinent to this paper started in 2001 in Civitavecchia,
Rome (IT), where the Polizia postale contacted a suspect on an IRC channel, exchanged some files -
as allowed by the then recent legislation - and finally identified the young man suspected of being
behind the remote monitor thanks to the information colletected during the IRC sessions. But what the
Polizia postale forgot to do was to mark with a steganographic "sigil" that the images that were being
sent to the suspect and to understand the legal implication of using IRC's Direct Client-to-Client
(DCC) protocol.
The consequence of this carelessness would have been apparent a few years after. During the
cross-examination, the police officer who handled the communication with the suspect acknowledged
that the files sent to the suspect came from an internal police database used for this kind of
investigation. Furthermore he acknowleged that no steganography had been used to make sure that
what he sent was what the suspect actually received . The Court-appointed expert stated that
according to his expertise, the exchange happened privately, via DCC and that Encase, the US
forensics software used by the Polizia postale, produced a non-exact, bit-per-bit copy of the hard disk
seized during the investigation, missing a whole part of the storage (while it has been impossibile to
determine whether this failure was a defect of the software, an error of the operator or both.)
With such a flawed investigation, and in particular because the police did engage in an illegal
activity [since covert operation aren't allowed by law in a private exchange (like IRC'DCC technically
is)], on October 2004, 27 the Court of Civitavecchia decision n. 1277/04 declared null and void the
evidence and acquitted the defendant.
This trial has been in many way crucial in the history of digital investigation.
First, it exposed the overconfidence of the investigators in their technical prowness. Secondly, it
raised in court the issue of closed-source computer forensics tool, and third it pointed to the
importance of remembering that during an investigation, the law comes first, even when surfing the
Net. Had the police kept in mind that DCC is a point-to-point communication and that law doesn't
allow covert activities in this case, the investigation would have possibly taken another path and
maybe would never had landed in Court at all.
In the meantime, the public pressure on the child pornography issue led in 2006 to a regulationv
that settled the "Centro Nazionale per il contrasto della pedopornografia sulla rete Internet - CNCPO"
(National Centre for Online Child Pornography Contrast). Under this new law, the CNCPO is ordered
168
�to maintain a website blacklist to be implemented in the Internet Service Providers (ISPs) DNSs to
pre-emptively block the access to illegal contents.
In the same year, Parliament approved a similar provision targeting an online gambling website,
and enforced the (now defunct) EU directive on online traffic data retention.
While not directly relevant to the digital investigations regulation, these laws grounded the idea,
lately exploited by Public Prosecutors, that it was possible to block access to a website by hijacking
the Internet traffic toward it.
Another element of interest of the child-pornography and online gambling traffic hijacking laws -
together with the enforcement of the data-retention directive - is the cultural trend that keeps
emerging: the privatisation of the criminal investigations and the necessary support role of the ISPs.
Obtaining logfiles from an ISP has always been the investigators' top priority. But the time
constraints of the police activity (and the lack of training) led the authorities to adopt shortcuts that, in
the long term, have backfired.
On March 2, 2006, issuing the final decision for a hacking case pending since 2001, the Court of
Chieti (IT) stated that
... The investigation has been executed without deeper findings, because [the Polizia
postale] just asked the ISP without any formal acquisition of the data and without any
check about the data freezing to guarantee the evidentiary value in term of integrity and
reliability over time. (Tribunale penale di Chieti, 2006)
This decision is particulary relevant because it is the first to recognise, with no ambiguity, the need
to adopt computer-forensics based investigative methods when accessing Internet traffic data.
The fact that the investigators tried to skip the formalities set forth by the Italian Data Protection
Act - IDPA (Legislative Decree 196/03, sect. 132) is understandable while, of course, not excusable
when facing multiple investigations that involve multiple ISPs and huge quantities of digital
information. In these cases, strictly following the rules would prove to be a perfect way to stop
chasing criminals.
To obtain Internet traffic data, the law enforcement officer must ask the Prosecutor for a written
(i.e. paper) warrant which must be formally notified to the concerned ISP. If this notification is not
made in person because the ISP is located somewhere else in Italy, the Prosecutor must send the
written order to the local Police, Carabinieri or Guardia di Finanza headquarters to proceed with the
formality. Otherwise the magistrate should authorize the use of any other remote communication
means that guarantee the reliability of the notification. And when the order has been successfully
notified, the law enforcement officers should perform, in person or with the help of a technician , all
the activities necessary to extract the relevant information.
An empirical finding, based on the author's professional experience of the last twenty years, shows
that there are several cases where law enforcement officers try to obtain access to Internet traffic data
by simple fax or regular e-mail, refusing to go back to the prosecutor to ask for a formally correct
order, and delegating to the ISP the technical activities of search and consignement of the data stored
in the ISP's data-centre. Byzantinism of legal interpretation apart, this way of handling the Internet
traffic data carries the risk of jeopardizing the upcoming trial, as the above mentioned case law shows.
Another interesting inside about the investigative techniques adopted by the Italian Public
Prosecutors comes from the decision n. 1577/2010 issued on 2010, February 22 by the 7th Section of
the Criminal Court of Milan.
The investigation for an alleged online defamatory publication started in 2003 and targeted the
unidentifiable author of a series of articles related to the Italian VIP world. After about a year without
having succeeded in discovering the true identity of the suspect, the Public Prosecutor decided to send
a "poisoned" e-mail to the address used by the suspect that, once read, would have grabbed the client-
related information, thus revealing the IP, the operating system, the browser and so on. Furthermore,
the prosecutor relied upon social engineering to lure the suspect into opening the message.
169
� Initially, this technique failed to provide any useful results because the suspect was hidden behind
the NAT of his ISP, so the prosecutor ordered the setting up of a server with a static IP number inside
the ISP's network and to have the "poisoned" e-mail linked to this IP. This way, once opened, the e-
mail reveled the internal IP actually assigned to the user.
While a clever technique, it is hard to accept the idea, expressed by the decision, that this is a
method that can be used without a Court warrant, solely upon the Prosecution's order because of the
nature of "digital tailing". The technique adopted by the Prosecutor, indeed, is more akin to a some
sort of wiretapping and thus – given the silence of the law - should have been treated as such.
The very same problem affected other decisions that, around 2008, had to deal with the legal
notion of (some sort of) traffic hijacking as an investigative tool.
The Italian investigation started in 2008 against a website called The Pirate Bay, a Swedish based
torrent engine whose owners were accused of copyright infringement, came to a sudden halt when the
prosecutor of Bergamo (IT) realized that he had no jurisdiction in Sweden. In other words, there was
no quick way to both collect evidence by way of a seizure and stop the ongoing "crime".
With what could be rightly called a semantic somersault, the prosecutor asked the Court
conducting the investigation (Giudice per le indagini preliminari - GIP) for a seizure warrant of the
Internet traffic against the Swedish server. Accordingly, the Court ordered
the preemptive seizure of the ... website, ordering that the ISP, and specifically those
operating on the Italian soil ... prevent their users from accessing the address
www.thepiratebay.org, its current and future alias and domain names, and any further
static IP associated to the very same names, now and in the future. (Giudice per le
indagini preliminari di Bergamo, 2008)
The technical oddity of this decision is apparent: to seize something to somebody means taking the
thing away from him, or preventing him from either accessing or using the thing. Asking third parties
(the ISPs) to block other people (their customers) not involved in the criminal proceedings is frankly
too much even for the most prosecutor-inclined among the judges.
A partially reversed judgement came a few weeks later on September 24, 2008, when the
Tribunale della libertà (the appellate court for the GIP's decision) while confirming the Italian
jurisdiction over the case, ruled against the possibility of extending the legal notion of "seizure" to
include Internet traffic hijacking.
Finally, on Sept. 29 2009, the III Criminal Section of the Corte di cassazione, with the decision n.
49437, re-affirmed the Italian prosecutor’s jurisdiction even if there were no evidence of an actual
involvement of Italian citizens, by not excluding, in theory, this possibility and, with a convoluted and
thus weak logic, sustained the very first interpretation of the law adopted by the GIP.
As always happens in the legal world, once a break is open into the granite wall of technology,
everybody tries to sneak into the hole, no matter whether this make sense or not. So at the very same
moment of the The Pirate Bay quarrel, other prosecutors and GIPs adopted the Bergamo Ruling.
On September 29, 2008 the GIP of Milan, upon the request of the prosecutor investigating a case
of cigarette smuggling, issued a Bergamo-like Internet traffic hijacking order. A certain number of
ISPs that were notified of the order tried to counter it by claiming its technical infeasibility but to no
avail. On December 12, 2008 the Tribunale della libertà rejected the ISPs claim on the basis of a
convoluted and technical unsavvy logic that affirmed the equivalence between seizing an object and
preventig third parties to touch it. The very same logic enforced later by the Corte di cassazione in the
final verdict on the investigation methods adopted by the prosecutor in the The Pirate Bay case.
Following this lead, in the next year, seizure-by-traffic-hijacking became a standard, unchallenged
operating procedure for every investigation involving network resources located abroad.
The common denominator of these decisions is that every player in the game acknowledged that
the usual, paper-based investigation rules were simply unfit for the speed and the complexity of a
criminal offence involving digital assets so, using the prerogatives that the law grants to the judiciary
the judges fecerunt de albo, nigro. But by fixing a temporary problem, they opened the way to the
170
�disruption of the legal notion of jurisdiction as geographical limit of the State's power, creating a
reciprocity that could permit the authorities of other countries legitimately to shut down “disturbing”
websites hosted in Italy.
2.3 After the enforcement of the Budapest Cybercrime Convention
(2008-Today)
Notwithstanding the hype generated in the computer forensics community, the enforcement of the
Budapest Cybercrime Convention didn't actually benefit digital investigations. True, digital forensics
techniques have been elevated to "evidence status", but the non-use of these techniques has no
consequences in Court because there is no provision that excludes the weakened digital evidence from
the Court (Senor, 2012)
While a lot of attention has been paid to the digital forensics-related legal innovations, one of the
Convention's core provision is the mandatory adoption, in every State, of a 24/7 network to realise
effective, mutal cooperation for the investigation of transnational computer crimes. (Luparìa &
Ziccardi, 2007, Luparìa, 2009). Needless to say, there is no trace of this 24/7 network that would have
solved many (if not all) the jurisdictional problems that were raised early in 2000 by the Torre
Annunziata and Catania's child pornography investigations and later by the Pirate Bay case (see
supra.)
So far, therefore there is no evidence of a broad use of the digital investigation tools set forth by
the Italian enforcement of the Convention. Many Public Prosecutors continue asking the ISP to
provide, often by email, the suspect's traffic data and don't care about the need to adopt adequate
measures to secure the information. It is, then, safely (and sadly) possible to say that the Cybercrime
Convention just passed almost unnoticed in the Italian digital investigative system.
Nevertheless, a couple of cases involving the use of viruses by the Prosecution Service to collect
digital evidences confirm the assumption that the dialogue between Law and Technology is
(conveniently) a dialogue of the deaf.
In Italy, the use of viruses and malware to remotely retrieve content and information from a
computer was first accounted (from the "wrong" side of the barricade) in the Telecom-Sismi trial
(Pompili, 2008), but gained "public status" in 2015 with the Hacking Team scandal.
On July, 2015 the Milan-based IT security firm’s internal emails were leaked into the "wild" by
way of an illegal access to its systems. As a results, the public and the media discovered, "all of a
sudden", that the Italian government's secret services employed malware designed by Hacking Team
to perform its activities and stealthily gather information from remote computers.
While Galileo (this is the Hacking Team's software name) and its siblings are perfectly fit for the
scope of gathering information for intelligence purposes, the "as is" transposition of its modus
operandi in the criminal investigation domain is not so easy.
The main difference between the two realms is the role of the digital forensics.
While in the intelligence and military circles the use of digital forensics-grade techniques is a low
priority because none of these information are supposed to ever land in Court, the very same approach
doesn't work for the "regular" investigation where rules of evidence reign. (Mancini, Panico, & Monti,
2017).
Confronted with the Prosecution Service's use of a malware to hack into a mobile device used by a
suspect to record his conversations, the Corte di cassazione exposed three times the specific
techniques involved in these cases.
From the first ruling (Vth Branch, decision n. 16556, issued on 2009, October 14), it appears that
in 2004 the Prosecutor of Palermo accessed the suspect's PC with the excuse of obtaining a copy of
the file stored in the disk, while actually installing a backup utility verbatim named "gosth" - but more
probably, (Norton) "Ghost", to be able to seize, from time to time, all the files newly created.
171
� While the previous case didn't actually involve any malware, the ruling n. 27100 issued by the
Corte di cassazione,VI branch on May, 26 2015 dealt with proper malicious software secretely
installed in a smartphone, and used to wiretap the private conversations of the suspect.
About a year later, the Sezioni Unite (the assembly of all the single Corte di cassazione branch)
issued the ruling n. 26889/2016, meant to be the definitive rule of law about the use of malware to
eavesdrop private conversations. In this ruling, the Sezioni Unite didn't enter into the technical merit
of the malware exploitation, limiting its analysis to the evidentiary value of the intercepted
communication, and taking for granted that there were no technical issues to account for.
The last publicly known use of malware in criminal investigation (at the time of the submission of
this paper) is reported by IlSole24Ore in 2016, October 10. (Monti, 2016.)
The Prosecutor of Modena installed malware into a server of a public authority , so to obtain a
copy of all the emails belonging to the suspect. The technical aspects of the investigation have not yet
been made public, so it is not known whether the malware simply copied the messages already
downloaded locally, or if it actively accessed the suspect's Gmail account to retrieve the content from
the USA (or wherever the files were located.) In this latter case, as in the Torre Annunziata and
Catania 200's investigation, once again we would face an investigative activity performed outside the
Italian jurisdiction, and unbeknownst to the authorities of the "targeted" country.
3 Lesson learned and Conclusions
The analysis of the parallel evolution of the digital forensics techniques and of the rule of evidence
clearly shows that the legal framework is largely unfit to both ensure an effective investigation and
respect of the rights of the defense.
When investigating minor crimes involving digital assets located abroad, the effort required to
activate (when possible) the international cooperation with the authorities of other countries is
paramount in respect of the damage suffered by the victim (this is especially true, for instance, in
phishing cases.) The situation is aggravated by the growing number of (often trivial or petty) claims
made by the public that overloads the response capacity of the Prosecution Service.
The pragmatic reaction of the justice and law enforcement communities is to widely use the power
of interpretation to fill the logistic and legal gap of the Italian investigative rules, while there is no hint
of a long-term strategy to mitigate the effects of the two above mentioned concurring factors that
hinder the effectiveness of a computer-based investigation.
The effect of the disease is clear, the way to cure it, not. And the cure is still largely unknown
because of the lack of reliable metrics on the contribution of digital evidence when the court issues its
final verdict.
Without such kind of analysis there is no way to tell which forensics methodologies are sound
enough to stand in court, or what is the bare minimum to grant the digital forensics outcomes a "trial
evidence status", making impossible to draft a coherent set of legislative provisions. So we will
continue the endless and useless quadrilateral confrontation among lawyers, magistrates, law
enforcement and technical experts where every involved subject grounds his position either on
personal beliefs or (limited) experience instead of relying upon figures and fact-checking.
The danger of this approach is that it trades short terms results (not always achieved) for bad
caselaw whose verdicts are largely based on the (lack of) knowledge of a single magistrate rather than
upon a strong and shared set of scientific principles applied to the decisional process.
By failing to recognize both the important scientific and technical aspects of the problem and the
need of fair enforcement of the letter of the law, the road to justice is paved with mistrials and both
innocents and culprits will be denied of the justice they deserve.
172
� Works Cited
Allergy'sABC. (n.d.). Difference and side effects of the effects of the anti-allergy drug. Retrieved
10 1, 2016, from アレルギーに関するイロハ (Iroha on Allergy): www.ctose.org
Chiccarelli, S., & Monti, A. (2011). Spaghetti Hacker (2nd edition ed.). Pescara:
Monti&Ambrosini editori.
European Commission. (2003, 09 30). CTOSE. (European Commission) Retrieved 10 1, 2016,
from Community Research and Development Information Service:
http://cordis.europa.eu/project/rcn/60288_en.html
Gennari, G. (2016). Nuove e vecchie scienze forensi alla prova delle corti. Milano: Maggioli
editore.
GIP Bergamo - Decreto di sequestro preventivo, p.p. n. 3277/08 (Tribunale penale August 01,
2008).
Gubitosa, C. (1999). Italian Crackdown. Milan: Apogeo.
Kennealy, E. E., & Monti, A. (2005). Case study: A failure success' clothing. Digital Investigation
, 2 (4), 247-253.
Luparìa, L. (2009). Sistema penale e criminalità informatica. Milano: Giuffrè.
Luparìa, L., & Ziccardi, G. (2007). Investigazione penale e tecnologia informatica. Milano:
Giuffrè.
Mancini, L., Panico, A., & Monti, A. (2017). SOF on Trial. The technical and legal value of
battlefield digital forensics in Court . TBP.
Monti, A. (2016, October 10). Il virus trojan non sostituisce il sequestro. IlSole24Ore .
Monti, A. (2010, February 10). Notifiche irrituali nel sequestro ai pirati. IlSole24Ore .
Monti, A. (2004). The Legal Duty of IAPs to Preserve Traffic Data: A Dream or a Nightmare? .
INTERNATIONAL REVIEW OF LAW COMPUTERS & TECHNOLOGY , 18 (2), 221-230.
Pompili, A. (2008). Le tigri di Telecom. La sicurezza italiana e le sue deviazioni attraverso un
eclatante scandalo mediatico. Roma: Stampa Alternativa.
RAND Europe. (2002). Handbook of Legislative Procedures of Computer and Network Misuse in
EU Countries . European Commission, Directorate-General Information Society , Brussels.
Senor, M. (2012). Informatica forense. In U. Pagallo, & M. Durante, Manuale di informatica
giuridica e diritto delle nuove tecnologie (p. 251). Torino: UTET Giuridica.
Tribunale penale di Chieti - Decision 175/06, 2774/01 (Tribunale March 2, 2006).
i
Court of Appeals of Bologna, decision n. 369 issued on 2008, January 08 - made
public on March, 2008, 27 - http://www.ictlex.net/?p=692 - retrieved 2016, October
01.
ii
Legge 18 marzo 2008, n. 48 - "Ratifica ed esecuzione della Convenzione del
Consiglio d'Europa sulla criminalità informatica, fatta a Budapest il 23 novembre
2001, e norme di adeguamento dell'ordinamento interno published in Gazzetta
Ufficiale n. 80, 4 aprile 2008 - Supplemento ordinario n. 79 -
http://www.parlamento.it/parlam/leggi/08048l.htm - retrieved 2016, October 01.
iii
The Convention on Cybercrime of the Council of Europe (CETS No.185),
known as the Budapest Convention, is the only binding international instrument on
this issue. It serves as a guideline for any country developing comprehensive national
legislation against Cybercrime and as a framework for international cooperation
173
�between State Parties to this treaty - http://www.coe.int/en/web/cybercrime/the-
budapest-convention - retrieved 2016, October 01.
iv
Legge 3 agosto 1998, n. 269 Norme contro lo sfruttamento della prostituzione,
della pornografia, del turismo sessuale in danno di minori, quali nuove forme di
riduzione in schiavitu' published on Gazzetta Ufficiale n. 185 del 10 agosto 1998 -
http://www.camera.it/parlam/leggi/98269l.htm - retrieved 2016, October 01.
v
Legge 6 febbraio 2006, n. 38 Disposizioni in materia di lotta contro lo
sfruttamento sessuale dei bambini e la pedopornografia anche a mezzo Internet
published in Gazzetta Ufficiale n. 38 del 15 febbraio 2006 -
http://www.camera.it/parlam/leggi/06038l.htm - retrieved 2016, October 01.
174
�