Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 19 Jul 2011 18:25:29 +0200
From:      Polytropon <freebsd@edvax.de>
To:        Damien Fleuriot <ml@my.gd>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Tools to find "unlegal" files ( videos , music etc )
Message-ID:  <20110719182529.3068ced4.freebsd@edvax.de>
In-Reply-To: <4E25A6AE.2020309@my.gd>
References:  <201107191520.p6JFK9d3033870@mail.r-bonomi.com> <4E25A6AE.2020309@my.gd>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Tue, 19 Jul 2011 17:45:50 +0200, Damien Fleuriot wrote:
> You claim that OP may lawfully open his users' private files.
> Under your jurisdiction he might, under ours he shan't.

A way around such a situation is to PROHIBIT the users
(e. g. the employees of a company) to store private files
on corporate servers, or even to do private web surfing
during work time. You also often find regulations in
office settings where the following policy is maintained:
Workers _may_ use the web in a private manner for a time
that definitely does _not_ keep them from working (i. e.
an acceptable percentage), but they _will_ be monitored,
e. g. by a proxy server that logs which sites are requested
to make sure to track illegal use of corporate equipment
(e. g. for illegal file sharing) can be tracked down to
an INDIVIDUAL. It may also be possible that the screen
of the user is monitored.

Here in Germany, some companies, and also governmental
installations do follow similar policies. The employee
usually has to sign an agreement regarding this regulation.

However, this does _not_ cover giving up privacy on
matters that are under basic laws of freedom, both granted
by the EU and (partially) acknowledged by the German state.

With "partially" I mean things like this: ISPs and
phone operators are caching _any_ connection data for
a given time, as an agreement with the government. This
is mainly intended for criminal investigation, and in
such cases, the order of a judge is essentially required.
However, history has taught many times that this mechanism
is constantly abused, so nearly anybody with "substantial
interests" (means: power and/or money) can get access
to such data, even if the individuals getting into scope
are NOT subject to any investigation.



> OP may not open his users' private files without taking the following
> precautionary steps:
> 
> 1/ open the document in the employee's presence
> or
> 2/ formally inform the employee that his document will be opened

I think the 2nd requirement can be encapsulated in terms
of service? Just an assumption, not a claim! See my
example at the beginning.



> Under french jurisdiction, this can't be done.
> 
> An employee is forbidden to encrypt work documents if the goal is to
> prevent his employer from accessing them.

Basically, the work an employee does is "owned by the
employer", so _this_ is the level where rights may be
granted (e. g. for data protection - a possilbe requirement).



> However, said employee may encrypt his own private documents and his
> company can cry a river, he can't be compelled to open said documents
> unless by a court order.

Correct - unless, of course, the employee is explicitely (!)
prohibited to use / bring / access such stuff AT WORK. Such
restrictions sometimes are part of the work contract.



> >> The same way I just can't demand your driver's license unless I'm law 
> >> enforcement.
> > 
> > Under some circumstances, I _can_.
> > 
> > To wit: If you want to drive _my_ car, I most certainly can demand proof 
> > that you have a license.
> > 
> 
> See above.
> 
> My example, as understood by any sane person is:
> 
> You can't come to me while I'm driving my own car in a public street and
> ask that I prove:
> 1/ ownership of the car
> 2/ ability to drive (ownership of a driver's license)
> 
> That is for law officials to ask, you're just a nobody in that respect.

Just as an analogy:

If you got trapped stealing in a shop, the owner of the
shop may put you under temporary arrest. He may _not_
demand you to hand out an ID card or passport to him.
Instead, he has to call the police who will ask you for
your identity, and you'll have to prove it TO THEM.



> There are things he will be able to do and others he won't, regarding
> his users' files.

Creating restrictions PRIOR to system access would be
the preferred way, but it's quite hard to apply them
afterwards.

However, people should be clever enough... erm... well,
maybe that's a bad beginning. Let me try again. :-)

People should have learned that whenever they are using
a device connected to the Internet, be it their own laptop
or the desktop at work, NOTHING is private. And in worst
case, "by accident" everything will open up. There are
too many parts in the chain: Employer, admins, ISP,
company that runs the datacenter, phone operator... and
in the end, 1984 is TODAY.



-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20110719182529.3068ced4.freebsd>