Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 19 Jul 2011 17:45:50 +0200
From:      Damien Fleuriot <ml@my.gd>
To:        freebsd-questions@freebsd.org
Subject:   Re: Tools to find "unlegal" files ( videos , music etc )
Message-ID:  <4E25A6AE.2020309@my.gd>
In-Reply-To: <201107191520.p6JFK9d3033870@mail.r-bonomi.com>
References:  <201107191520.p6JFK9d3033870@mail.r-bonomi.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help


On 7/19/11 5:20 PM, Robert Bonomi wrote:
>> From owner-freebsd-questions@freebsd.org  Tue Jul 19 08:55:07 2011
>> Date: Tue, 19 Jul 2011 15:54:32 +0200
>> From: Damien Fleuriot <ml@my.gd>
>> To: freebsd-questions@freebsd.org
>> Subject: Re: Tools to find "unlegal" files ( videos , music etc )
>>
>>
>>
>> On 7/19/11 1:57 PM, Robert Bonomi wrote:
>>>> From owner-freebsd-questions@freebsd.org  Tue Jul 19 05:54:52 2011 
>>>> Date: Tue, 19 Jul 2011 12:54:38 +0200 From: Damien Fleuriot <ml@my.gd> 
>>>> To: "C. P. Ghost" <cpghost@cordula.ws> Cc: Frank Bonnet 
>>>> <f.bonnet@esiee.fr>,
>>>>         "freebsd-questions@freebsd.org" 
>>>>         Subject: Re: Tools to find "unlegal" files ( videos , music 
>>>>         etc )
>>>>
>>>>
>>>>
>>>> On 7/19/11 11:06 AM, C. P. Ghost wrote:
>>>>> On Tue, Jul 19, 2011 at 8:55 AM, Damien Fleuriot <ml@my.gd> wrote:
>>>>>> On 19 Jul 2011, at 08:15, Frank Bonnet <f.bonnet@esiee.fr> wrote:
>>>>>>> In France it's illegal and I have my boss's instruction :
>>>>>>>
>>>>>>> - find and delete the files that's all.
>>>>>>
>>>>>> Bon courage then...
>>>>>>
>>>>>> A file can not be illegal per se, so you won't be able to detect 
>>>>>> these by looking up names or contents.
>>>>>
>>>>>> Even then, if a file is labeled as personal, privacy protection 
>>>>>> applies and it is *unlawful* for you to process it.
>>>>>
>>>>>> (That is in the same way that your employer is strictly forbidden 
>>>>>> from peeking inside your email messages clearly labeled as personal, 
>>>>>> even if they were received on your work mailbox.)
>>>>>
>>>>> Exactly!
>>>>>
>>>>> Speaking with my university sysadmin hat on: you're NOT allowed to 
>>>>> peek inside personal files of your users, UNLESS the user has waived 
>>>>> his/her rights to privacy by explicitly agreeing to the TOS and 
>>>>> there's legal language in the TOS that allows staff to inspect files 
>>>>> (and then staff needs to abide by those rules in a very strict and 
>>>>> cautious manner). So unless the TOS are very explicit, a sysadmin or 
>>>>> an IT head can get in deep trouble w.r.t. privacy laws.
>>>>>
>>>>
>>>> The poorly written IT TOS of a company can never bypass the law, 
>>>> regardless of anything you agreed to in your company's TOS.
>>>
>>> "male bovine excrement" applies.
>>>
>>> For example, if it is part of the _terms_of_emplyment_ -- which one 
>>> *agreed* to, by going to work there --that you (the employeee) give 
>>> permission for the company, or it's agents, to examine any file you 
>>> store on the system.
>>>
>>>> It *is* unlawful for them to even open your files as long as they are 
>>>> clearly labeled as private.
>>>
>>> Oh my.  making back-ups is unlawful.  Replacing a failed drive in a 
>>> RAID array is unlawful.  Re-arranging storage allocation is unlawful.  
>>> *SNORT*
>>>
>>
>> You're playing dumb. On purpose. 
> 
> False to Fact.  
> 
> Using satire to make a point, yes.
> 
> Obviously, it is _not_ unlawful to 'even open' a file that is 'labelled as
> private'.  
> 
> Herr Ghost subsequently clarified that he meant 'opened by a person' -- which,
> if _that_ is an accurate description of the law in question,  means that a 
> purely mechanical process, such as a loop running file(1) on all files, and
> logging a filtered subset of that output would _not_ qualify as 'opening' 
> under the law, either.
> 
>>                                  That's called trolling. That's frowned 
>> upon, both by the community and by the list's charter.
> 
> Irrelevant, and immaterial.
> 
>> Just because you sign a bit of paper doesn't make everything it contains 
>> law.
>>
>> I do not have to remind anyone of the number of cases where, for example, 
>> ISPs got condemned for abusive terms in their contracts, and said terms 
>> nullified.
> 
> No, but you _do_ have to specify the jurisdiction in which it happened.
> The rules _are_  different in different jurisdicitons.
> 

OP is french.
Linked sites are french.
You're still trolling.


>>
>>> Under the laws of _what_ jurisdiction?
>>>
>>
>> http://www.acbm-avocats.com/spip.php?article37
>>
>> Files are considered to be work related UNLESS they're clearly 
>> labeled/named as private.
> 
> AH. _those_ rules *don't* apply to me.
> 

We're discussing OP's situation not yours.


>> In which case the employer may not open said files in the absence of the 
>> employee.
>>
>> Just because you do it doesn't make it legal.
> 
> But, you see, It _is_ entirely legal where *I* live.
> 

We're discussing OP's situation not yours.


>>>> To open them, they would require a judge's injunction, for example in 
>>>> cases of pedo pornography or the like.
>>>
>>> I guarantee you that _I_, as a system administrator, don't need a court 
>>> order to do such things.  And, if you claim otherwise, you better be 
>>> prepared to cite the statues that prohibit it.
>>
>> Again just because you do it doesn't make it legal.
> 
> Repeating, What I do *is* entirely legal.
> 

We're discussing OP's situation not yours.

You claim that OP may lawfully open his users' private files.
Under your jurisdiction he might, under ours he shan't.

Given that OP is under french jurisdiction and not US, your statement is
incorrect and possibly dangerous for him.

OP may not open his users' private files without taking the following
precautionary steps:

1/ open the document in the employee's presence
or
2/ formally inform the employee that his document will be opened


>> Regarding statutes that prohibit it, see above, plus:
>>
>> European Fondamental Rights: 
>> http://www.europarl.europa.eu/charter/pdf/text_fr.pdf
>>
>> Code du travail: 
>> http://www.legifrance.gouv.fr/affichCodeArticle.do;idArticle=LEGIARTI00000
>> 6901852&cidTexte=LEGITEXT000006072050&dateTexte=20080513
> 
> *NONE* of the above are applilcable to me.
> 

We're discussing OP's situation not yours.


>>> This is a corporate environment, it is in the terms of employment that 
>>> company computers are for "business use only", that anything on the 
>>> machines is 'work done for hire', and thus property of the company.
>>>
>>
>> I hope we'll agree to disagree here.
> 
> "you don't know what you don't know" applies.  I don't mean that offensively,
> but you have made an unwarranted, unjustified, assumption as to what laws
> govern _my_ actions.
> 
>> Jurisprudence allows reasonable use of work computers, given that the 
>> employee respects L120-4 of Code du Travail.
>>
>> This one here clearly acknowledges an employee's right to a reasonable 
>> personal use of his employer's internet connection:
>>
>> http://www.legifrance.gouv.fr/affichJuriJudi.do?oldAction=rechJuriJudi&idT
>> exte=JURITEXT000019166094&fastReqId=2101417007&fastPos=1
> 
> Again, none of that applies to my situation.
> 

We're discussing OP's situation not yours.


>>>>>> You may want to look for files that are unusually large. They could 
>>>>>> possibly be ISOs, dvdrips, HD movie dumps...
>>>>>
>>>>> Not to forget encrypted RAR files (which btw. could contain anything, 
>>>>> including legitimate content, so be careful here).
>>>>>
>>>>
>>>> It would be unlawful to try to brute force the files' password ;)
>>>
>>> The last I knew (admittedly a number of years ago), encryption was 
>>> illegal in France, EXCEPT where the encryption key is on file with the 
>>> Government. Many multi-national corporations made sure to route their 
>>> 'secure' traffic
>>> _around_ France for that specific reason.
>>>
>>> Find an encrypted file, and demand that the user show that the key is 
>>> on file with the gov't.   *EVIL*GRIN*
>>>
>>
>> You are not entitled to such a demand.
> 
> *IF* it is illegal to have encrypted materials without the key on file with
> the gov't,, then it would seem reasonable, on discovering such, to demand
> proof that the file -- being that it is  _on_my_property_ --  in question 
> is _not_ illegal.
> 

Under french jurisdiction, this can't be done.

An employee is forbidden to encrypt work documents if the goal is to
prevent his employer from accessing them.

However, said employee may encrypt his own private documents and his
company can cry a river, he can't be compelled to open said documents
unless by a court order.


>> The same way I just can't barge in to your house and demand to see your 
>> permit to build there.
> 
> Under some circumstances, I _can_.
> 
> To wit: If you're building on _my_ property, I _do_ have the right to demand 
> proof that you are doing it 'legally'.
> 

You're rewording my example in the wrong way.

My example is: I can not come to your house (obviously on your own piece
of land) and demand to see your permit to build.


>> The same way I just can't demand your driver's license unless I'm law 
>> enforcement.
> 
> Under some circumstances, I _can_.
> 
> To wit: If you want to drive _my_ car, I most certainly can demand proof 
> that you have a license.
> 

See above.

My example, as understood by any sane person is:

You can't come to me while I'm driving my own car in a public street and
ask that I prove:
1/ ownership of the car
2/ ability to drive (ownership of a driver's license)

That is for law officials to ask, you're just a nobody in that respect.


>> By the way, you're wrong again. Encryption is perfectly legal in France 
>> up to a specific key length, above which you are supposed to register it 
>> with the government.
> 
> As I said, "a number of years ago", that _was_ the situation -- I'm glad 
> to see that France has relaxed their stance on  the matter.
> 

Even "a number of years ago" you still could encrypt things up to a
specific key length.

Encryption has never been illegal per se in France, AFAIK.


> *LOTS* of countries had lots of 'stupid' rules about ecnryption and 
> encryption  technology.  the USA used to require an 'international arms
> dealer' certification to export any encryption technology
> 
> 
> BTW, the reason I can *legally* do those things you say are unlawful is
> that I am _not_ in France,  Nor even anywhere in the EU.  The rules _I_
> have to play by _are_ different.
> 

That is acknowledged, however the OP lives in France and his problem
falls within french law.

There are things he will be able to do and others he won't, regarding
his users' files.



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?4E25A6AE.2020309>