Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 19 Jul 2011 06:57:58 -0500 (CDT)
From:      Robert Bonomi <>
Subject:   Re: Tools to find "unlegal" files ( videos , music etc )
Message-ID:  <>
In-Reply-To: <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

> From  Tue Jul 19 05:54:52 2011
> Date: Tue, 19 Jul 2011 12:54:38 +0200
> From: Damien Fleuriot <>
> To: "C. P. Ghost" <>
> Cc: Frank Bonnet <>,
>         "" <>
> Subject: Re: Tools to find "unlegal" files ( videos , music etc )
> On 7/19/11 11:06 AM, C. P. Ghost wrote:
> > On Tue, Jul 19, 2011 at 8:55 AM, Damien Fleuriot <> wrote:
> >> On 19 Jul 2011, at 08:15, Frank Bonnet <> wrote:
> >>> In France it's illegal and I have my boss's instruction :
> >>>
> >>> - find and delete the files that's all.
> >>
> >> Bon courage then...
> >>
> >> A file can not be illegal per se, so you won't be able to detect
> >> these by looking up names or contents.
> > 
> >> Even then, if a file is labeled as personal, privacy protection
> >> applies and it is *unlawful* for you to process it.
> > 
> >> (That is in the same way that your employer is strictly forbidden
> >> from peeking inside your email messages clearly labeled as personal,
> >> even if they were received on your work mailbox.)
> > 
> > Exactly!
> > 
> > Speaking with my university sysadmin hat on: you're NOT allowed to
> > peek inside personal files of your users, UNLESS the user has waived
> > his/her rights to privacy by explicitly agreeing to the TOS and
> > there's legal language in the TOS that allows staff to inspect files
> > (and then staff needs to abide by those rules in a very strict and
> > cautious manner). So unless the TOS are very explicit, a sysadmin or
> > an IT head can get in deep trouble w.r.t. privacy laws.
> > 
> The poorly written IT TOS of a company can never bypass the law,
> regardless of anything you agreed to in your company's TOS.

"male bovine excrement" applies.

For example, if it is part of the _terms_of_emplyment_ -- which one 
*agreed* to, by going to work there --that you (the employeee) give
permission for the company, or it's agents, to examine any file you
store on the system.

> It *is* unlawful for them to even open your files as long as they are
> clearly labeled as private.

Oh my.  making back-ups is unlawful.  Replacing a failed drive in a RAID
array is unlawful.  Re-arranging storage allocation is unlawful.  *SNORT*

Under the laws of _what_ jurisdiction?

Is Mr. Ghost *in* that jurisdiction?

> To open them, they would require a judge's injunction, for example in
> cases of pedo pornography or the like.

I guarantee you that _I_, as a system administrator, don't need a court
order to do such things.  And, if you claim otherwise, you better be
prepared to cite the statues that prohibit it.

This is a corporate environment, it is in the terms of employment that
company computers are for "business use only", that anything on the
machines is 'work done for hire', and thus property of the company.

> >> You may want to look for files that are unusually large.
> >> They could possibly be ISOs, dvdrips, HD movie dumps...
> > 
> > Not to forget encrypted RAR files (which btw. could contain anything,
> > including legitimate content, so be careful here).
> > 
> It would be unlawful to try to brute force the files' password ;)

The last I knew (admittedly a number of years ago), encryption was illegal 
in France, EXCEPT where the encryption key is on file with the Government. 
Many multi-national corporations made sure to route their 'secure' traffic
_around_ France for that specific reason.

Find an encrypted file, and demand that the user show that the key is
on file with the gov't.   *EVIL*GRIN*

> > Better talk with your users and resolve the problem using
> > non-technical means. Inventive users WILL always outsmart any
> > technical solution that you implement: this is a race you absolutely
> > can't win.
> Head CP's advice Frank, you can't win this, for real.

In a _corporate_ environment, it *is* an easily 'winnable' issue.

It's =not= a technology 'arms race', it is a simple matter of 'personnel
management' and addressable on that basis.

This does _not_ mean that 'technology' cannot serve a function in policy
enforcement -- it simply means that technology, _in_and_of_itself_ is
not "the solution".  

Want to link to this message? Use this URL: <>