Wiretaps with Computer Malware: The Court of Cassation and Specific Justification (Judgment No. 29382/2025)

In the current digital landscape, the use of advanced investigative tools such as computer malware constantly confronts the legal system with the need to balance investigative effectiveness with the protection of fundamental rights. The Court of Cassation, with Judgment No. 29382, filed on August 8, 2025, has provided essential clarifications on the justification requirements for authorizing the use of these devices, particularly when wiretaps occur in private residences.

Computer Malware: Between Investigative Effectiveness and Constitutional Guarantees

Computer malware, a software capable of installing itself on electronic devices, allows for the recording of conversations and acquisition of data, effectively transforming a private environment into a monitored location. Its extremely invasive nature makes it a powerful tool, but at the same time raises concerns regarding the inviolability of the home (Art. 14 of the Constitution) and the secrecy of communications (Art. 15 of the Constitution). Article 614 of the Criminal Code, which protects the home, is central in this context, usually requiring enhanced safeguards when wiretaps invade private spheres.

Judgment 29382/2025: New Boundaries for the Use of "Trojan" Malware

The ruling of the Court of Cassation, presided over by L. P. and drafted by E. M. M., concerning the case of the defendant F. S., focused precisely on this delicate issue, partially annulling with referral a decision by the Tribunal of Liberty of Palermo. The judgment offers a crucial interpretation of the obligation for specific justification for wiretaps using computer malware.

In matters of wiretaps through the use of computer malware on portable electronic devices, in proceedings for the offenses referred to in Article 51, paragraphs 3-bis and 3-quater, of the Code of Criminal Procedure, registered after August 31, 2020 – unlike what is required for offenses against Public Administration within the limits of Article 266, paragraph 2-bis, of the Code of Criminal Procedure – it is not necessary to indicate in the authorization decree the specific reasons that justify its use even in the places indicated by Article 614 of the Criminal Code, similarly to what is provided for organized crime proceedings registered by August 31, 2020, subject to the previous regulations which, according to the interpretation provided by United Sections Scurato, do not provide for a specific justification burden.

The Supreme Court draws a fundamental distinction based on the type of offense and the registration period:

• Organized crime offenses (Art. 51, paragraphs 3-bis and 3-quater of the Code of Criminal Procedure) registered after August 31, 2020: For these serious offenses (such as mafia and terrorism), the judgment clarifies that specific justification is not required in the authorization decree for the use of malware in private places (Art. 614 of the Criminal Code). This position aligns with the already established orientation for organized crime proceedings registered by August 31, 2020, for which the previous regulations, as interpreted by the United Sections "Scurato" (Judgment No. 26889 of 2016), excluded such a burden. The reason lies in the presumption that, for offenses of such gravity, the home itself may be the place where the crime is committed or prepared, making additional justification superfluous.
• Offenses against Public Administration (Art. 266, paragraph 2-bis of the Code of Criminal Procedure): In these cases, the law explicitly requires that the authorization decree indicate the specific reasons that justify the use of computer malware in private residences. The Court of Cassation, therefore, confirms greater caution for offenses against Public Administration compared to organized crime offenses.

This decision consolidates an approach that modulates safeguards based on the nature and gravity of the criminal context, balancing the need for public safety with the protection of individual rights.

Conclusions: A Constant Balance

Judgment No. 29382 of 2025 represents a firm point in the complex regulation of wiretaps with computer malware. It reiterates the differentiation of justification requirements based on the gravity and type of offense: no specific justification for the use of malware in private places for organized crime offenses (registered after August 31, 2020), while this burden remains essential for offenses against Public Administration. This balance, constantly redefined by jurisprudence, is essential to ensure that investigative tools are effective, but always in compliance with the principles of legality and proportionality that underpin our legal system, while protecting the freedom and security of all.