From owner-freebsd-questions@FreeBSD.ORG Tue Jul 19 16:25:33 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 15E4D106566C for ; Tue, 19 Jul 2011 16:25:33 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx01.qsc.de (mx01.qsc.de [213.148.129.14]) by mx1.freebsd.org (Postfix) with ESMTP id B914F8FC14 for ; Tue, 19 Jul 2011 16:25:32 +0000 (UTC) Received: from r55.edvax.de (port-92-195-103-124.dynamic.qsc.de [92.195.103.124]) by mx01.qsc.de (Postfix) with ESMTP id 3E9553CB3D; Tue, 19 Jul 2011 18:25:31 +0200 (CEST) Received: from r55.edvax.de (localhost [127.0.0.1]) by r55.edvax.de (8.14.2/8.14.2) with SMTP id p6JGPUjm003609; Tue, 19 Jul 2011 18:25:30 +0200 (CEST) (envelope-from freebsd@edvax.de) Date: Tue, 19 Jul 2011 18:25:29 +0200 From: Polytropon To: Damien Fleuriot Message-Id: <20110719182529.3068ced4.freebsd@edvax.de> In-Reply-To: <4E25A6AE.2020309@my.gd> References: <201107191520.p6JFK9d3033870@mail.r-bonomi.com> <4E25A6AE.2020309@my.gd> Organization: EDVAX X-Mailer: Sylpheed 2.4.7 (GTK+ 2.12.1; i386-portbld-freebsd7.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Tools to find "unlegal" files ( videos , music etc ) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Polytropon List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jul 2011 16:25:33 -0000 On Tue, 19 Jul 2011 17:45:50 +0200, Damien Fleuriot wrote: > You claim that OP may lawfully open his users' private files. > Under your jurisdiction he might, under ours he shan't. A way around such a situation is to PROHIBIT the users (e. g. the employees of a company) to store private files on corporate servers, or even to do private web surfing during work time. You also often find regulations in office settings where the following policy is maintained: Workers _may_ use the web in a private manner for a time that definitely does _not_ keep them from working (i. e. an acceptable percentage), but they _will_ be monitored, e. g. by a proxy server that logs which sites are requested to make sure to track illegal use of corporate equipment (e. g. for illegal file sharing) can be tracked down to an INDIVIDUAL. It may also be possible that the screen of the user is monitored. Here in Germany, some companies, and also governmental installations do follow similar policies. The employee usually has to sign an agreement regarding this regulation. However, this does _not_ cover giving up privacy on matters that are under basic laws of freedom, both granted by the EU and (partially) acknowledged by the German state. With "partially" I mean things like this: ISPs and phone operators are caching _any_ connection data for a given time, as an agreement with the government. This is mainly intended for criminal investigation, and in such cases, the order of a judge is essentially required. However, history has taught many times that this mechanism is constantly abused, so nearly anybody with "substantial interests" (means: power and/or money) can get access to such data, even if the individuals getting into scope are NOT subject to any investigation. > OP may not open his users' private files without taking the following > precautionary steps: > > 1/ open the document in the employee's presence > or > 2/ formally inform the employee that his document will be opened I think the 2nd requirement can be encapsulated in terms of service? Just an assumption, not a claim! See my example at the beginning. > Under french jurisdiction, this can't be done. > > An employee is forbidden to encrypt work documents if the goal is to > prevent his employer from accessing them. Basically, the work an employee does is "owned by the employer", so _this_ is the level where rights may be granted (e. g. for data protection - a possilbe requirement). > However, said employee may encrypt his own private documents and his > company can cry a river, he can't be compelled to open said documents > unless by a court order. Correct - unless, of course, the employee is explicitely (!) prohibited to use / bring / access such stuff AT WORK. Such restrictions sometimes are part of the work contract. > >> The same way I just can't demand your driver's license unless I'm law > >> enforcement. > > > > Under some circumstances, I _can_. > > > > To wit: If you want to drive _my_ car, I most certainly can demand proof > > that you have a license. > > > > See above. > > My example, as understood by any sane person is: > > You can't come to me while I'm driving my own car in a public street and > ask that I prove: > 1/ ownership of the car > 2/ ability to drive (ownership of a driver's license) > > That is for law officials to ask, you're just a nobody in that respect. Just as an analogy: If you got trapped stealing in a shop, the owner of the shop may put you under temporary arrest. He may _not_ demand you to hand out an ID card or passport to him. Instead, he has to call the police who will ask you for your identity, and you'll have to prove it TO THEM. > There are things he will be able to do and others he won't, regarding > his users' files. Creating restrictions PRIOR to system access would be the preferred way, but it's quite hard to apply them afterwards. However, people should be clever enough... erm... well, maybe that's a bad beginning. Let me try again. :-) People should have learned that whenever they are using a device connected to the Internet, be it their own laptop or the desktop at work, NOTHING is private. And in worst case, "by accident" everything will open up. There are too many parts in the chain: Employer, admins, ISP, company that runs the datacenter, phone operator... and in the end, 1984 is TODAY. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...