The Trump administration is lashing out at foreign laws aimed at clamping down on online platforms that have gained outsized influence on people’s attention — while trying to avoid launching new trade wars that could threaten the U.S. economy. Over the past month, U.S. officials have paused talks on a tech pact with the United Kingdom, canceled a trade meeting with South Korean officials and issued veiled threats at European companies over policies they believe unfairly penalize U.S. tech giants. Several tech policy professionals and people close to the White House say the recent actions amount to a “negotiating tactic,” in the words of one former U.S. trade official. As talks continue with London, Brussels and Seoul, the Office of the U.S. Trade Representative is pressing partners to roll back digital taxes on large online platforms and rules aimed at boosting online privacy protections — measures U.S. officials argue disproportionately target America’s tech behemoths. “It’s telegraphing that we’ve looked at this deeply, we think there’s a problem, we’re looking at tools to address it and we’re looking at remedies if we don’t come to an agreement,” said Everett Eissenstat, who served as the director of the National Economic Council in Trump’s first term. “It’s not an unprecedented move, but naming companies like that and telegraphing that we have targets, we have tools, is definitely meaningful.” But so far, the administration has shied away from new tariffs or other aggressive actions that could upend tentative trade agreements or upset financial markets. And the new tough talk may not be enough to placate some American tech companies, who are pressing for action. One possible action, floated by U.S. Trade Representative Jamieson Greer, would be launching investigations into unfair digital trade practices, which would allow the administration to take action against countries that impose digital regulations on U.S. companies. “I would just say that’s the next level of escalation. I think that’s what people are waiting for and looking for,” said a representative from a major tech company, granted anonymity to speak candidly and discuss industry expectations. “What folks are looking for is like action over the tweets, which, we love the tweets. Everyone loves the tweets.” Trump used similar investigations to justify raising tariffs on hundreds of Chinese imports in his first term. But those investigations take time, and it can be years before any increases would go into effect. Greer has also been careful to hedge threats of new trade probes, stressing they are not meant to spiral into a broader conflict. Speaking on CNBC’s “Squawk Box” last week, he floated launching a trade investigation into the EU’s digital policies, but said the goal would be a “negotiated outcome,” not an automatic path to higher tariffs. “I don’t think we’re in a world where we want to have some renewed trade fight or something with the EU — that’s not what we’re talking about,” Greer said. “We want to finish off our deal and implement it,” he continued, referring to the trade pact the partners struck over the summer. Greer also raised the prospect of a trade probe in private talks with South Korea earlier this fall, saying the U.S. might have to resort to such action if the country continues to pursue legislation the administration views as harmful to U.S. tech firms. But a White House official clarified that the U.S. was not yet considering such a “heavy-handed approach.” Even industry officials aren’t certain how aggressive they want the Trump administration to be, acknowledging that if the U.S. escalated its fight with the EU over their tech regulations, it could spark a digital trade war that would ultimately end up harming all of the companies involved, according to a former USTR official, granted anonymity to speak candidly. President Donald Trump has long criticized the tech regulations — pioneered by the European Union and now proliferating around the globe. But he’s made the issue a much more central part of his second-term trade agenda, with mixed results. While Trump’s threat to cut off trade talks with Canada got Prime Minister Mark Carney to rescind their three percent tax on revenue earned by large online platforms, his administration has struggled to make headway with the EU, UK and South Korea in the broader trade negotiations over tariffs. The tentative trade deal the administration reached with the EU over the summer included a commitment from the bloc to address “unjustified digital trade barriers” and a pledge not to impose network usage fees, but left the scope and direction of future discussions largely undefined. The agreement fleshed out with South Korea this fall appeared to go even further, spelling out commitments that regulations governing online platforms and cross-border data flows won’t disadvantage American companies. But none of those governments have so far caved to U.S. pressure to abandon their digital regulations entirely, and the canceled talks and threatening social media posts are a sign of Trump’s growing frustration. “You won’t be surprised to know that what we think is fair treatment and what they think is fair treatment is quite different and I’ve been quite frankly disappointed over the past few months to see zero moderation by the EU,” Greer said Dec. 10 at an event at the Atlantic Council. Last week, Greer’s office amped up the rhetoric further, threatening to take action against major European companies like Spotify, German automation company Siemens and Mistral AI, the French artificial intelligence firm, if the EU doesn’t back off enforcement of its digital rules. The threat came a week after the EU fined X, the company formerly known as Twitter, $140 million for failing to meet EU transparency rules. Greer’s office also canceled a meeting planned for last Thursday with South Korean officials, as South Korean lawmakers introduced new digital legislation and held an explosive hearing on a data breach at Coupang, an American-headquartered e-commerce company whose largest market is in South Korea. The South Korean Embassy denied any relationship between the Coupang hearing and the cancellation of the recent meeting. “Neither Coupang’s data breach, the subsequent investigation by the Korean government, nor the National Assembly’s hearing played a role in the scheduling of the KORUS Joint Committee,” said an embassy official. The canceled meetings and frozen talks are significant — delaying implementation of bare bones trade agreements and investment pledges inked in recent months. But the Trump administration has shown little interest in blowing up the deals its reached and reapplying the steep tariffs it threatened over the summer, which could trigger significant retaliation and, as concerns about affordability and inflation continue to simmer in the U.S., prove politically dicey. Launching trade investigations at USTR or fining specific foreign companies could be a less inflammatory move. “What is happening is that these issues are starting to come to a head,” said Dirk Auer, a Director of Competition Policy International Center for Law & Economics, who focuses on antitrust issues and recently testified before Congress on digital services laws. “At some point the administration has to put up or shut up. They need to put their money where their mouth is. And I think that’s what’s happening right now.” Gabby Miller contributed to this report.

LONDON — Australia hopes its teenage social media ban will create a domino effect around the world. Britain isn’t so sure.  As a new law banning under-16s from signing up to platforms such as YouTube, Instagram and TikTok comes into force today, U.K. lawmakers ten thousand miles away are watching closely, but not jumping in. “There are no current plans to implement a smartphone or social media ban for children. It’s important we protect children while letting them benefit safely from the digital world, without cutting off essential services or isolating the most vulnerable,” a No.10 spokesperson said Tuesday. Regulators are tied up implementing the U.K.’s complex Online Safety Act, and there is little domestic pressure on the ruling Labour Party to act from its main political opponents.  While England’s children’s commissioner and some MPs are supportive of a ban, neither the poll-topping Reform UK or opposition Conservative Party are pushing to mirror moves down under.  “We believe that bans are ineffective,” a Reform UK spokesperson said.  Even the usually Big Tech skeptic lobby groups have their doubts about the Australian model — despite strong public support to replicate the move in the U.K. Chris Sherwood, chief executive of the NSPCC, which has led the charge in pushing for tough regulation of social media companies over the last decade, said: “We must not punish young people for the failure of tech companies to create safe experiences online.  “Services must be accountable for knowing what content is being pushed out on their platforms and ensuring that young people can enjoy social media safely.” Andy Burrows, who leads the Molly Rose Foundation campaign group, argues the Australian approach is flawed and will push children to higher-risk platforms not included in the ban.  His charity was set up in 2018 in the name of 14-year-old Molly Russell, who took her own life in 2017 while suffering from “depression and the negative effects of online content,” a coroner’s inquest concluded.  Regulators are tied up implementing the U.K.’s complex Online Safety Act, and there is little domestic pressure on the ruling Labour Party to act from its main political opponents. | Ian Forsyth/Getty Images “The quickest and most effective response to better protect children online is to strengthen regulation that directly addresses product safety and design risks rather than an overarching ban that comes with a slew of unintended consequences,” Burrows said.  “We need evidence-based approaches, not knee-jerk responses.” AUSSIE RULES Australia’s eSafety commissioner Julie Inman Grant, an American tasked with policing the world’s first social media account ban for teenagers, acknowledges Australia’s legislation is the “most novel, complex piece of legislation” she has ever seen. But insists: “We cannot control the ocean, but we can police the sharks.” She told a conference in Sydney this month she expects others to follow Australia’s lead. “I’ve always referred to this as the first domino,” she says.  “Parents shouldn’t have to fight billion-dollar companies to keep their kids safe online — the responsibility belongs with the platforms,” Inman Grant told Australia’s Happy Families podcast.  But the move does come with diplomatic peril. Inman Grant has not escaped the attention of the White House, which is pressuring countries to overturn tech regulations it views as unfairly targeting American companies.  U.S. congressman and Trump ally Jim Jordan has asked Inman Grant to testify before the Judiciary Committee he chairs, accusing her of being a “zealot for global [content] takedowns.” She hit back last week, describing the request as an example of territorial overreach.  The social media account ban for under-16s is the latest in a line of Australian laws that have upset U.S. tech companies. It was the first to bring in a news media bargaining code to force Google and Facebook to negotiate with publishers, and was the first major economy to rule out changing laws to let AI companies train on copyrighted material without permission. The U.K. has also upset the White House with its existing online safety measures, and the Trump administration said earlier this year it is monitoring freedom of speech concerns in the U.K. Australia is used to facing down the Big Tech lobby, explains Daniel Stone, who advised the ruling Labor Government on tech policy. “Julie has the benefit of knowing the [political] cabinet is fully supportive of her position,” he said. “It defines what’s permissible across the whole system.”  The social media account ban for under-16s is the latest in a line of Australian laws that have upset U.S. tech companies. | Justin Sullivan/Getty Images “If there is a lesson for the U.K., it is that you don’t have a strong regulator unless you have a strong political leader with a clear and consistent agenda,” Stone adds.  “Australia has its anxieties, too, about pushing U.S. tech companies, but they carry themselves with confidence,” said Stone. “You have to approach Trump from a position of strength.”  Rebecca Razavi, a former Australian diplomat, regulator and visiting fellow at the Oxford Internet Institute, agrees. “The thinking is, we’re a mid-sized economy and there’s this asymmetry with tech platforms dominating, and there’s actually a need to put things in place using an Australian approach to regulation,” she said.  Other countries, including Brazil, Malaysia and some European countries are moving in a similar direction. Last month the European Parliament called for a continent-wide age restriction on social media.  SLOW DOWN Others are biding their time.  The speed at which Australia’s social media ban was approved by parliament means that many of its pitfalls have not been explored, Razavi cautioned.  The legislation passed through parliament last December in 19 days with cross-party and wide public support. “It was really fast,” she said. “There was a feeling that this is something that parents care about. There’s also a deep frustration that the tech companies are just taking too long to make the reforms that are needed.”  But she added: “Some issues, such as how it works in practice, with age verification and data privacy are only being addressed now.”  Lizzie O’Shea, a human rights lawyer and founder of campaign group Digital Rights Watch, agreed. “There was very little time for consultation and engagement,” she said. “There has then subsequently been a lot of concerns about implementation. I worry about experimenting on particularly vulnerable people.”  For now, Britain and the world is watching to see if Australia’s new way to police social media delivers, or becomes an unworkable knee-jerk reaction. 

The Dutch government has quietly removed Google tracking tools from job listings for its intelligence services over concerns that the data would expose aspirant spies to U.S. surveillance. The intervention would put an end to Google’s processing of the data of job seekers interested in applying to spy service jobs, after members of parliament in The Hague raised security concerns. The move comes at a moment when trust between the Netherlands and the United States is fraying. It reflects wider European unease — heightened by Donald Trump’s return to the White House — about American tech giants having access to some of their most sensitive government data. The heads of the AIVD and MIVD, the Netherlands’ civilian and military intelligence services, said in October that they were reviewing how to share information with American counterparts over political interference and human rights concerns. In the Netherlands, government vacancies are listed on a central online portal, which subsequently redirects applicants to specific institutions’ or agencies’ websites, including those of the security services. The government has now quietly pulled the plug on Google Analytics for intelligence-service postings, according to security expert Bert Hubert, who first raised the alarm about the trackers earlier this year. Hubert told POLITICO the job postings for intelligence services jobs no longer contained the same Google tracking technologies at least since November. The move was first reported by Follow the Money. The military intelligence service MIVD declined to comment. The interior ministry, which oversees the general intelligence service AIVD, did not respond to a request for comment at the time of publication. In a statement, Communications Manager for Google Mathilde Méchin said: “Businesses, not Google Analytics, own and control the data they collect and Google Analytics only processes it at their direction. This data can be deleted at any time.” “Any data sent to Google Analytics for measurement does not identify individuals, and we have strict policies against advertising based on sensitive information,” Méchin said. ‘FUTURE EMPLOYEES AT RISK’ Derk Boswijk, a center-right Dutch lawmaker, raised the alarm about the tracking of job applicants in parliamentary questions to the government in January. He said that while China and Russia have traditionally been viewed as the biggest security risks, it is unacceptable for any foreign government — allied or not — to have a view into Dutch intelligence recruitment. “I still see the U.S. as our most important ally,” Boswijk told POLITICO. “But to be honest, we’re seeing that the policies of the Trump administration and the European countries no longer necessarily align, and I think we should adapt accordingly.” The government told Boswijk in February it had enabled privacy settings on data gathered by Google. The government has yet to comment on Boswijk’s latest questions submitted in November. Hubert, the cybersecurity expert, said the concerns over tracking were justified. Even highly technical data like IP addresses, device fingerprints and browsing patterns can help foreign governments, including adversaries such as China, narrow down who might be seeking a job inside an intelligence agency, he said. “By leaking job applications so broadly, the Dutch intelligence agencies put their future employees at risk, while also harming their own interests,” said Hubert, adding it could discourage sought-after cybersecurity talent that agencies are desperate to attract. Hubert previously served on a watchdog committee overseeing intelligence agencies’ requests to use hacking tools, surveillance and wiretapping.  One open question raised by Dutch parliamentarians is how to gain control over the data that Google gathered on aspiring spies in past years. “I don’t know what happens with the data Google Analytics already has, that’s still a black box to me,” said Sarah El Boujdaini, a lawmaker for the centrist-liberal Democrats 66 party who oversees digital affairs. The episode is likely to add fuel to efforts to wean off U.S. technologies — which are taking place across Europe, as part of the bloc’s “technological sovereignty” drive. European Parliament members last month urged the institution to move away from U.S. tech services, in a letter to the president obtained by POLITICO. In the Netherlands, parliament members have urged public institutions to move away from digital infrastructure run by U.S. firms like Microsoft, over security concerns. “If we can’t even safeguard applications to our secret services, how do you think the rest is going?” Hubert asked. The country also hosts the International Criminal Court, where Chief Prosecutor Karim Khan previously lost access to his Microsoft-hosted email account after he was targeted with American sanctions over issuing an arrest warrant for Israeli Prime Minister Benjamin Netanyahu. The ICC in October confirmed to POLITICO it was moving away from using Microsoft Office applications to German-based openDesk.

Il Primo Ministro spagnolo Pedro Sánchez ha annunciato che il suo governo avvierà un'indagine nei confronti di Meta, proprietaria di Facebook e Instagram, per una possibile violazione della privacy degli utenti delle sue applicazioni social. Come riferisce l'agenzia di stampa Reuters, l'inchiesta nasce da una ricerca condotta da diversi centri di ricerca internazionali, che hanno scoperto che l'azienda avrebbe utilizzato un meccanismo nascosto per tracciare l'attività web degli utenti di dispositivi Android, ha dichiarato l'ufficio di Sánchez in un comunicato. «In Spagna, la legge è al di sopra di qualsiasi algoritmo o grande piattaforma tecnologica», ha affermato Sánchez, secondo quanto riportato nella nota. «E chiunque violi i nostri diritti ne pagherà le conseguenze». Il governo ha dichiarato che Meta potrebbe aver violato diverse normative dell'Unione Europea in materia di sicurezza e privacy, tra cui il Regolamento generale sulla protezione dei dati (GDPR), la Direttiva ePrivacy, il Digital Markets Act e il Digital Services Act. Fonte qui

Come gradualmente trapelato negli ultimi giorni da vari organi di informazione, la Commissione UE ha segretamente messo in moto una riforma potenzialmente massiccia del GDPR. Se le bozze interne diventassero realtà, ciò avrebbe un impatto significativo sul diritto fondamentale delle persone alla privacy e alla protezione dei dati. La riforma farebbe parte del cosiddetto "Digital Omnibus", che avrebbe dovuto apportare solo adeguamenti mirati per semplificare la conformità per le imprese. Ora la Commissione propone di modificare elementi fondamentali come la definizione di "dati personali" e tutti i diritti degli interessati previsti dal GDPR. La bozza trapelata suggerisce anche di dare alle aziende di IA (come Google, Meta o OpenAI) un assegno in bianco per risucchiare i dati personali degli europei. Inoltre, la protezione speciale dei dati sensibili, come quelli relativi alla salute, alle opinioni politiche o all'orientamento sessuale, verrebbe significativamente ridotta. Verrebbe inoltre consentito l'accesso remoto ai dati personali su PC o smartphone senza il consenso dell'utente. Molti elementi della riforma prevista ribalterebbero la giurisprudenza della CGUE, violerebbero le convenzioni europee e la Carta europea dei diritti fondamentali. Se questa bozza estrema diventerà la posizione ufficiale della Commissione europea, sarà chiaro solo il 19 novembre, quando il "Digital Omnibus" sarà presentato ufficialmente. Schrems: "Si tratterebbe di un massiccio declassamento della privacy degli europei, dieci anni dopo l'adozione del GDPR."

The European Union’s law enforcement agency wants to speed up how it gets its hands on artificial intelligence tools to fight serious crime, a top official said. Criminals are having “the time of their life” with “their malicious deployment of AI,” but police authorities at the bloc’s Europol agency are weighed down by legal checks when trying to use the new technology, Deputy Executive Director Jürgen Ebner told POLITICO. Authorities have to run through data protection and fundamental rights assessments under EU law. Those checks can delay the use of AI by up to eight months, Ebner said. Speeding up the process could make the difference in time sensitive situations where there is a “threat to life,” he added. Europe’s police agency has built out its tech capabilities in past years, ranging from big data crunching to decrypting communication between criminals. Authorities are keen to fight fire with fire in a world where AI is rapidly boosting cybercrime. But academics and activists have repeatedly voiced concerns about giving authorities free rein to use AI tech without guardrails. European Commission President Ursula von der Leyen has vowed to more than double Europol’s staff and turn it into a powerhouse to fight criminal groups “navigating constantly between the physical and digital worlds.” The Commission’s latest work program said this will come in the form of a legislative proposal to strengthen Europol in the second quarter of 2026.  Speaking in Malta at a recent gathering of data protection specialists from across Europe’s police forces, Ebner said it is an “absolute essential” for there to be a fast-tracked procedure to allow law enforcement to deploy AI tools in “emergency” situations without having to follow a “very complex compliance procedure.” Assessing data protection and fundamental rights impacts of an AI tool is required under the EU’s General Data Protection Regulation (GDPR) and AI Act. Ebner said these processes can take six to eight months.  The top cop clarified that a faster emergency process would not bypass AI tool red lines around profiling or live facial recognition. Law enforcement authorities already have several exemptions under the EU’s Artificial Intelligence Act (AI Act). Under the rules, the use of real-time facial recognition in public spaces is prohibited for law enforcers, but EU countries can still permit exceptions, especially for the most serious crimes. Lawmakers and digital rights groups have expressed concerns about these carve-outs, which were secured by EU countries during the law’s negotiation. DIGITAL POLICING POWERS Ebner, who oversees governance matters at Europol, said “almost all investigations” now have an online dimension.   The investments in tech and innovation to keep pace with criminals is putting a “massive burden on law enforcement agencies,” he said. European Commission President Ursula von der Leyen has vowed to more than double Europol’s staff and turn it into a powerhouse to fight criminal groups. | Wagner Meier/Getty Images The Europol official has been in discussions with Europe’s police chiefs about the EU agency’s upcoming expansion. He said they “would like to see Europol doing more in the innovation field, in technology, in co-operation with private parties.”  “Artificial intelligence is extremely costly. Legal decryption platforms are costly. The same is to be foreseen already for quantum computing,” Ebner said. Europol can help bolster Europe’s digital defenses, for instance by seconding analysts with technological expertise to national police investigations, he said. Europol’s central mission has been to help national police investigate cross-border serious crimes through information sharing. But EU countries have previously been reluctant to cede too much actual policing power to the EU level authority.  Taking control of law enforcement away from EU countries is “out of the scope” of any discussions about strengthening Europol, Ebner said. “We don’t think it’s necessary that Europol should have the power to arrest people and to do house searches. That makes no sense, that [has] no added value,” he said.   Pieter Haeck contributed reporting.

Listen on * Spotify * Apple Music * Amazon Music Europe faces a growing dilemma: how to protect children online without breaking digital privacy for everyone.  A new report from the Internet Watch Foundation found that 62 percent of all child sexual abuse material discovered online last year was hosted on EU servers. It’s a shocking statistic that has left Brussels locked in a heated debate over how far new regulations should go — and whether scanning encrypted messages could be justified, even at the cost of privacy and the risk of mass surveillance.  Host Sarah Wheaton is joined by POLITICO’s Sam Clark, Eliza Gkritsi and Océane Herrero to unpack Europe’s child safety regulations — and the balance between protecting kids, protecting privacy and policing platforms. The conversation also touches on the latest controversy out of France, involving Shein — the fast-fashion giant caught selling childlike sex dolls online.   Then, from Europe’s digital dilemmas to Albania’s digital experiment: Gordon Repinski, host of POLITICO’s Berlin Playbook podcast, sits down with Albanian Prime Minister Edi Rama, who has appointed the world’s first artificial intelligence minister — a virtual woman named Diella. Rama explains why he believes Diella could help fight corruption, cut bureaucracy and speed up Albania’s path toward EU membership. 

BRUSSELS — The European Commission said it is “not empowered to take action” amid concerns about the appointment of a former tech lobbyist to Ireland’s privacy regulator. The Irish Council for Civil Liberties — a non-profit transparency campaign group — on Tuesday filed a complaint calling on the Commission to launch an inquiry into how Niamh Sweeney was appointed to co-lead the Irish Data Protection Commission. Citing reporting from POLITICO, the complaint alleges the appointment process “lacked procedural safeguards against conflicts of interest and political interference.” It’s the first formal challenge to the decision after Sweeney took up her role as one of three chief regulators at Ireland’s top data regulator this month. Her prior experience as a lobbyist for Facebook and WhatsApp reignited concerns that the regulator is too close to Big Tech. In response to the complaint, Commission spokesperson Guillaume Mercier said that “it is for the member states to appoint members to their respective data protection authorities.” The Commission “is not involved in this process and is not empowered to take action with respect to those appointments,” Mercier told a daily press briefing Tuesday. He emphasized that countries do need to respect requirements set out in EU law — that the appointment process must be “transparent,” and that those appointed should “have the qualifications, the experience, the skills, in particular in the protection of personal data, required to perform their duties and to exercise their powers.” The complaint asked the Commission to look into the appointment as part of its duties to oversee the application of EU law, claiming these responsibilities had not been met by Ireland. Sweeney was appointed by the Irish government on the advice of the Public Appointments Service, the authority that provides recruitment services for public jobs, which has previously expressed its full confidence in the process.

MILAN — Nothing about the sand-colored façade of the palazzo tucked behind Milan’s Duomo cathedral suggested that inside it a team of computer engineers were building a database to gather private and damaging information about Italy’s political elite — and use it to try to control them.   The platform, called Beyond, pulled together hundreds of thousands of records from state databases — including flagged financial transactions and criminal investigations — to create detailed profiles on politicians, business leaders and other prominent figures.  Police wiretaps recorded someone they identified as Samuele Calamucci, allegedly the technical mastermind of the group, boasting that the dossiers gave them the power to “screw over all of Italy.”  The operation collapsed in fall 2024, when a two-year investigation culminated in the arrests of four people, with a further 60 questioned. The alleged ringleaders have denied ever directly accessing state databases, while lower-level operatives maintain they only conducted open-source searches and believed their actions were legal. Police files indicate that key suspects claimed they were operating with the tacit approval of the Italian state.  After months of questioning and plea bargaining, 15 of the accused are set to enter their pleas at the first court hearing in October.   The disclosures were shocking, not only because of the confidentiality of the data but also the high-profile nature of the targets, which included former Prime Minister Matteo Renzi and Ignazio La Russa, co-founder of the ruling Brothers of Italy party and president of the Senate.  The scandal underscores a novel reality: that in the digital era, privacy is a relic. While dossiers and kompromat have long been tools of political warfare, hackers today, commanded by the highest bidder, can access information to exploit decision-makers’ weaknesses — from private indiscretions to financial vulnerabilities. The result is a political and business class highly exposed to external pressures, heightening fears about the resilience of democratic institutions in an era where data is both power and liability.  POLITICO obtained thousands of pages of police wiretap transcripts and arrest warrants and spoke with alleged perpetrators, their victims and officials investigating the scheme. Together, the documents and interviews reveal an intricate plot to build a database filled with confidential and compromising data — and a business plan to exploit it for both legal and illegal means.  On the surface, the group presented itself as a corporate intelligence firm, courting high-profile clients by claiming expertise in resolving complex risk management issues such as commercial fraud, corruption and infiltration by organized crime.   Banca Mediolanum, said it had paid “€3,000 to Equalize to gather more public information regarding a company that could have been the subject of a potential deal, managed by our investment bank.” | Diego Puletto/Getty Images Prosecutors accuse the gang of compiling damaging dossiers by illegally accessing phones, computers and state databases containing information ranging from tax records to criminal convictions. The data could be used to pressure and threaten victims or fed to journalists to discredit them.  The alleged perpetrators include a former star police investigator, the top manager of Milan’s trade fair complex and several cybersecurity experts prominent in Italy’s tech scene. All have denied wrongdoing.  SUPERCOP TURNED SUPERCROOK  When the gang first drew the attention of investigators in the summer of 2022, it was almost by accident.  Police were tracking a northern Italian gangster when he arranged a meeting with retired police inspector Carmine Gallo at a coffee bar in downtown Milan. Gallo, a veteran in the fight against organized crime, was a familiar face in Italy’s law enforcement circles. The meeting raised suspicions, and authorities put Gallo under surveillance — and inadvertently uncovered the gang’s wider operations.  Gallo, who died in March 2025, was a towering figure in Italian law enforcement. He helped solve high-profile cases such as the 1995 murder of Maurizio Gucci — carried out by the fashion mogul’s ex-wife Patrizia Reggiani and her clairvoyant — and the 1997 kidnapping of Milanese businesswoman Alessandra Sgarella by the ‘ndrangheta organized crime syndicate.  Yet Gallo’s career was not without controversy. Over four decades, he cultivated ties to organized crime networks and faced repeated investigations for overstepping legal boundaries. He ultimately received a two-year suspended sentence for sharing official secrets and assisting criminals.  When he retired from the force in 2018, Gallo illegally carted off investigative material such as transcripts of interviews with moles, mafia family trees and photofits, prosecutors’ documents show. His modus operandi was to tell municipal employees to “get a coffee and come back in half an hour” while he photographed documents, he boasted in wiretaps.  Still, Gallo’s work ethic remained relentless. In 2019, he co-founded Equalize — the IT company that hosted the Beyond database — with his business partner Enrico Pazzali, presenting the firm as a corporate risk intelligence company.  Gallo’s years as a police officer gave him a unique advantage: He could leverage relationships with former colleagues in law enforcement and intelligence to get them to carry out illegal searches on his behalf. Some of the information he obtained was then repackaged as reputational dossiers for clients, commanding fees of up to €15,000.  Gallo also cashed in his influence for favors, such as procuring passports for friends and acquaintances. Investigators recorded conversations in which he bragged of sourcing a passport for a convicted mafioso under investigation for kidnapping, who planned to flee to the United Arab Emirates.  The supercop-turned-supercriminal claimed that Equalize had a full overview of Italian criminal operations, extending even to countries like Australia and Vietnam.  When investigators raided the group’s headquarters, they found thousands of files and dossiers spanning decades of Italian criminal and political history. The hackers even claimed to have — as part of what they called their “infinite archive” — video evidence of the late Prime Minister Silvio Berlusconi’s so-called bunga bunga parties, which investigators called “a blackmail tool of the highest value.”   Enrico Pazzali cultivated close ties to right-wing politicians, including Attilio Fontana, president of the Lombardy region, and maintained a close association with high-level intelligence officials. | Alessandro Bremec/Getty Images Gallo’s sudden death of a heart attack six months into the investigation stirred unease among prosecutors. They noted that while an initial autopsy found no signs of trauma or injection, the absence of such evidence does not necessarily rule out interference. Investigators have ordered toxicology tests.  ‘HANDSOME UNCLE’  Gallo’s collaborator Pazzalli, a well-known businessman who headed Milan’s prestigious Fondazione Fiera Milano, the country’s largest exhibition center, was Equalize’s alleged frontman.  Pazzali, through his lawyer, declined to comment to POLITICO about the allegations.  The Fiera, a magnet for money and power, made Pazzali a heavy hitter in Milanese circles. Having built a successful career across IT, energy and other sectors, and boasting a full head of steely gray hair, he was known to some by the nickname “Zio Bello,” or handsome uncle.   Pazzali cultivated close ties to right-wing politicians, including Attilio Fontana, president of the Lombardy region, and maintained a close association with high-level intelligence officials. He would meet clients in a chauffeur-driven black Tesla X, complete with a blue flashing light on the roof — the kind typically reserved for high-ranking officials.  Since 2019, Pazzali held a 95 percent stake in Equalize. If Gallo’s role was sourcing confidential information, Pazzali’s was winning high-profile clients, the prosecutors allege. Leveraging his reputation and political connections, he helped secure business from banks, industrial conglomerates, multinationals, and international law firms, including pasta giant Barilla, the Italian subsidiary of Heineken, and energy powerhouse Eni.   Documents show that Eni paid Equalize €377,000. Roberto Albini, a spokesperson for the energy giant, told POLITICO that the firm had commissioned Equalize “to support its strategy and defense in the context of several criminal and civil cases.” He added that Eni was not aware of any illegal activity by the company.  Marlous den Bieman, corporate communications manager for Heineken, said the brewer had “ceased all collaboration with Equalize and is actively cooperating with authorities in their investigation of the company’s practices.”  Barilla declined to comment.  Italy’s third-largest bank, Banca Mediolanum, said it had paid “€3,000 to Equalize to gather more public information regarding a company that could have been the subject of a potential deal, managed by our investment bank.” The bank added, “Of course we were not aware that Equalize was in general conducting its business also through the adoption of illicit procedures.”  The group’s reach extended beyond Italy. In February 2023, it was hired by Israeli state intelligence agents in a €1 million operation to trace the financial flows from the accounts of wealthy individuals to the Russian mercenary network Wagner. In exchange, the Israelis promised to hand over intelligence on the illicit trafficking of Iranian gas through Italy — a commodity that, they suggested, might be of interest to Equalize’s client, the energy giant Eni.  Equalize rapidly grew into a formidable private investigation operation. Police reports noted that Pazzali recognized data as “a weapon for enormous economic and reputational gains,” adding, “Equalize’s raison d’être is to provide … Pazzali with information and dossiers to be used for the achievement of his political and economic aims.”  During the 2023 election campaign for the presidency of the Lombardy region, Pazzali ordered dossiers on close affiliates of former mayor of Milan, Letizia Moratti, who was challenging his preferred candidate, the far-right Fontana.  Prime Minister Matteo Renzi warned of a deeper political risk associated with the gang. | Vincenzo Nuzzolese/Getty Images A spokesman for Fontana called the allegation “science-fiction” and said “nothing was offered to the president of the region, he did not ask for anything, and he certainly did not pay anything.”   In 2022, Pazzali was in the running to manage Italy’s 2026 Winter Olympics as chief executive. Wiretaps suggested he ordered a dossier on his competitor, football club AC Milan’s Chairman Paolo Scaroni, but found nothing on him.  Business was booming, but Pazzali and Gallo were thinking ahead. They had become reliant on cops willing to leak information, and those officers could be spooked — or caught in the act. That was a vulnerability.  They started to envisage a more sophisticated operation: a platform that collated all the data the group had in its possession and could generate the prized dossiers with the click of a button, erasing the need for bribes and cutting manpower costs — a repository of high-level secrets that, once operational, would give Pazzali, Gallo, and their team unprecedented power in Italy.  Pazzali declined to comment on the investigation. He is due to plead before a judge at a preliminary hearing in October. ‘THE PROFESSOR’ AND THE BOYS   Enter Samuele Calamucci, the coding brain of the operation.  Calamucci is from a small town just outside Milan, and before he began his career in cybersecurity, he was involved in stonemasonry.   Unlike his partners Gallo and Pazzali, Calamucci wasn’t a known face in the city — and he had worked hard to keep it that way. He ran his own private investigation firm, Mercury Advisor, from the same offices as Equalize, handling the company’s IT operations as an outside contractor.  Calamucci knew his way around Italian government IT systems, too. In wiretapped conversations, he claimed to have helped build the digital infrastructure for Italy’s National Cybersecurity Agency and to have worked for the secret services’ Department of Information for Security.  Known within the gang as “the professor,” Calamucci’s role was to recruit and manage a team of 30 to 40 programmers he called the ragazzi — the boys.  With his best recruits he began to build Beyond in 2022, the platform designed to be the digital equivalent of an all-seeing eye.  To populate it, Calamucci and his team purchased data from the dark web, exploited access through government IT maintenance contracts and siphoned intelligence from state databases whenever they could, prosecutors said.  Beyond gave Pazzali, Gallo, and their gang a treasure trove of compromising information on political and business figures in a searchable platform. Wiretaps indicated the plan was to sell access via subscription to select clients, including international law firm Dentons and some of the Big Four consultancies like Deloitte, KPMG, and EY. | Aleksander Kalka/Getty Images In one police-recorded conversation, Calamucci boasted of a hard drive holding 800,000 dossiers. Through his lawyer, Calamucci declined to comment.  “We all thought the requested reports served the good of the country,” said one of the hackers, granted anonymity to speak freely. “Ninety percent of the reports carried out were about energy projects, which required open-source criminal records or membership in mafia syndicates, given that a large portion concerned the South.” Only 5 percent of the jobs they carried out were for individuals to conduct an analysis of enemies or competitors, he added.  The hackers were also “not allowed to know” who was coming into Equalize’s office from the outside. Meetings were held behind closed doors in Gallo’s office or in conference rooms, the hacker told POLITICO, explaining that the analysts were unaware of the company’s dynamics and the people it associated with.  Beyond gave Pazzali, Gallo, and their gang a treasure trove of compromising information on political and business figures in a searchable platform. Wiretaps indicated the plan was to sell access via subscription to select clients, including international law firm Dentons and some of the Big Four consultancies like Deloitte, KPMG, and EY.  Dentons declined to comment. Deloitte and EY did not respond to a request for comment. Audee Van Winkel, senior communication officer for KPMG in Belgium, where one of the alleged gang members worked, said the consultancy did not have any knowledge or records of KPMG in Belgium working with the platform.   ‘INTELLIGENCE MERCENARIES’  In Italy’s sprawling private investigation scene, Equalize was a relative newcomer. But Gallo, Pazzali and their associates had something going for them: They were well-connected.  One alleged member of the organization, Gabriele Pegoraro, had worked as an external cybersecurity expert for intelligence services and had previously made headlines as the IT genius who helped capture a fugitive terrorist.  Pegoraro said he “carried out only lawful operations using publicly available sources” and “was in the dark about how the information was used.”  According to wiretaps, Calamucci and Gallo had worked with several intelligence agents to provide surveillance to protect criminal informants.   On one occasion, Calamucci explained to a subordinate that the relationship with the secret services “was essential” to continue running Equalize undisturbed. “We are mercenaries for [Italian] intelligence,” he was heard saying by police listening in on a meeting with foreign agents at his office.   The services also helped with data searches for the group and created a mask of cover for the gang, prosecutors believe. A hacker proudly claimed that Equalize had even received computers handed down from Italy’s foreign intelligence agency, while law enforcement watched from bugs planted in the ceiling.  THE PROSECUTION  In October 2024, the music stopped.  Prosecutors placed four of the alleged gang members, including Gallo and Calamucci, under house arrest and another 60 people under investigation. They brought forward charges including conspiracy to hack, corruption, illegal accessing of data and the violation of official secrets.  Franco Gabrielli, a former director of Italy’s civil intelligence services, warned that even the toughest of sentences are unlikely to put an end to the practice. | Alessandro Bremec/Getty Images “Just as the Stasi destroyed the lives of so many people using a mixture of fabricated and collected information, so did these guys,” said Leonida Reitano, an Italian open-source investigator who studied the case. “They collected sensitive information, including medical reports, and used it to compromise their targets.”  News of what the gang had done dropped like a bombshell on Italy’s political class. Foreign Minister Antonio Tajani told reporters at the time that the affair was “unacceptable,” while Interior Minister Matteo Piantedosi warned the parliament that the hackers were “altering the rules of democracy.”  The Equalize scandal “is not only the most serious in the history of the Italian Republic but represents a real and actual attack on democracy,” said Angelo Bonelli, MP and member of the opposition Green Europe.  Prime Minister Renzi warned of a deeper political risk associated with the gang. “It is clear that Equalize are very close to the leaders of the right-wing parties, and intended to build a powerful organization, although it is not yet certain how deep an impact they had,” he told POLITICO. Renzi is seeking damages as a civil plaintiff in the eventual criminal trial.  Equalize was liquidated in March, and some of the alleged hackers have since taken on legitimate roles within the cybersecurity sector.  There are many unresolved questions around the case. Investigators and observers are still trying to determine the full extent of Equalize’s ties to Italian intelligence agencies, and whether any clients were aware of or complicit in the methods used to compile sensitive dossiers. Interviews with intelligence officials conducted during the investigation were never transcribed, and testimony given to a parliamentary committee remains classified. Police documents are heavily redacted, leaving the identities of key figures and the full scope of the operation unclear.  While Equalize is unprecedented in its scale, efforts to collect information on political opponents have “become an Italian tradition,” said the political historian Giovanni Orsina. Spying and political chicanery during and after the Cold War has damaged democracy and undermined trust in public institutions, made worse by a lethargic justice system that can take years if not decades to deliver justice.   “It adds to the perception that Italy is a country in which you can never find the truth,” Orsina said.  Franco Gabrielli, a former director of Italy’s civil intelligence services, warned that even the toughest of sentences are unlikely to put an end to the practice. “It just increases the costs, because if I risk more, I charge more,” he said.   “We must reduce the damage, put in place procedures, mechanisms,” he added. “But, unfortunately, all over the world, even where people earn more there are always black sheep, people who are corrupted. It’s human nature.” 

Matteo Piantedosi è intervenuto all’evento per i 20 anni del Centro nazionale anticrimine informatico per la protezione delle infrastrutture critiche (Cnaipic). Il ministro dell’Interno ha indicato questo nuovo bilanciamento di diritti a cui spera le piattaforme di messaggistica (da WhatsApp a Signal fino a Telegram) si adeguino presto per consentire alle Forze dell’Ordine di “rompere” la crittografia end-to-end per le attività investigative contro i cyber criminali. “Le policy delle grandi piattaforme sono molto incentrate sull’offerta della privacy degli utenti”, ha osservato Piantedosi. “Io credo”, ha aggiunto il ministro, “che il bilanciamento di interessi, tra libertà democratiche, costituzionalmente garantite, e elementi di sicurezza è il vero snodo su cui si gioca la sfida del futuro, ossia tra la attività di Polizia per contrastare i crimini e la privacy”. Durante lo stesso evento, il prof. Sala ha dichiarato “secondo me una soluzione su cui lavorare c’è per consentire gli scopi della Forze dell’Ordine, perché, essendo l’algoritmo crittografico una forma matematica, il modo in cui è utilizzato e l’ambiente in cui è sviluppato, permette dei margini in cui si può, in qualche modo, indebolire un pochino la sicurezza del sistema, tenendola, però, sempre accettabile, consentendo quindi le investigazioni della Polizia”. Quindi, come aveva già annunciato il ministro in estate, il governo italiano sarebbe al lavoro per ridurrre il livello di sicurezza della crittografia end to end, per favorire le attività poliziesche: “Una nuova autorità pubblica sotto il Ministero dell’Interno – in particolare presso la Polizia Postale – per vigilare sui servizi di messaggistica crittografata come WhatsApp, Signal e Telegram” Quindi, se Chat Control sembra per il momento bloccato, in Italia già si pensa a un sistema simile, che ci porterebbe a essere molto vicini ai regimi dittatoriali come Cina e Russia. Fonte web