Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 19 Jul 2011 19:20:31 +0200
From:      Damien Fleuriot <ml@my.gd>
To:        Polytropon <freebsd@edvax.de>
Cc:        "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Subject:   Re: Tools to find "unlegal" files ( videos , music etc )
Message-ID:  <629B5A90-7251-4EE0-A25B-B84C518B9FE4@my.gd>
In-Reply-To: <20110719182529.3068ced4.freebsd@edvax.de>
References:  <201107191520.p6JFK9d3033870@mail.r-bonomi.com> <4E25A6AE.2020309@my.gd> <20110719182529.3068ced4.freebsd@edvax.de>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help


On 19 Jul 2011, at 18:25, Polytropon <freebsd@edvax.de> wrote:

> On Tue, 19 Jul 2011 17:45:50 +0200, Damien Fleuriot wrote:
>> You claim that OP may lawfully open his users' private files.
>> Under your jurisdiction he might, under ours he shan't.
>=20
> A way around such a situation is to PROHIBIT the users
> (e. g. the employees of a company) to store private files
> on corporate servers, or even to do private web surfing
> during work time. You also often find regulations in
> office settings where the following policy is maintained:
> Workers _may_ use the web in a private manner for a time
> that definitely does _not_ keep them from working (i. e.
> an acceptable percentage), but they _will_ be monitored,
> e. g. by a proxy server that logs which sites are requested
> to make sure to track illegal use of corporate equipment
> (e. g. for illegal file sharing) can be tracked down to
> an INDIVIDUAL. It may also be possible that the screen
> of the user is monitored.
>=20

It cannot be prohibited under french law, as long as the use is reasonable.

Regarding proxies, the law offers companies the right to monitor web browsin=
g so that one is okay.


> Here in Germany, some companies, and also governmental
> installations do follow similar policies. The employee
> usually has to sign an agreement regarding this regulation.
>=20
> However, this does _not_ cover giving up privacy on
> matters that are under basic laws of freedom, both granted
> by the EU and (partially) acknowledged by the German state.
>=20
> With "partially" I mean things like this: ISPs and
> phone operators are caching _any_ connection data for
> a given time, as an agreement with the government. This
> is mainly intended for criminal investigation, and in
> such cases, the order of a judge is essentially required.
> However, history has taught many times that this mechanism
> is constantly abused, so nearly anybody with "substantial
> interests" (means: power and/or money) can get access
> to such data, even if the individuals getting into scope
> are NOT subject to any investigation.
>=20
>=20
>=20
>> OP may not open his users' private files without taking the following
>> precautionary steps:
>>=20
>> 1/ open the document in the employee's presence
>> or
>> 2/ formally inform the employee that his document will be opened
>=20
> I think the 2nd requirement can be encapsulated in terms
> of service? Just an assumption, not a claim! See my
> example at the beginning.
>=20
>=20

Robert asked the same thing and I replied in private to reduce noise on the l=
ist.
I think that would be too broad and vague to be acceptable at court.


>=20
>> Under french jurisdiction, this can't be done.
>>=20
>> An employee is forbidden to encrypt work documents if the goal is to
>> prevent his employer from accessing them.
>=20
> Basically, the work an employee does is "owned by the
> employer", so _this_ is the level where rights may be
> granted (e. g. for data protection - a possilbe requirement).
>=20
>=20

Aye.
Documents on a work computer are, by default, considered non personal.


>=20
>> However, said employee may encrypt his own private documents and his
>> company can cry a river, he can't be compelled to open said documents
>> unless by a court order.
>=20
> Correct - unless, of course, the employee is explicitely (!)
> prohibited to use / bring / access such stuff AT WORK. Such
> restrictions sometimes are part of the work contract.
>=20
>=20

That might be a disproportionate restraint of the employee's rights, there i=
s a provision of fair use of work equipment for personal stuff.

As long as it doesn't disrupt the employee's work flow, that is, thus te ter=
m "reasonable" being used in the law.


>=20
>>>> The same way I just can't demand your driver's license unless I'm law=20=

>>>> enforcement.
>>>=20
>>> Under some circumstances, I _can_.
>>>=20
>>> To wit: If you want to drive _my_ car, I most certainly can demand proof=
=20
>>> that you have a license.
>>>=20
>>=20
>> See above.
>>=20
>> My example, as understood by any sane person is:
>>=20
>> You can't come to me while I'm driving my own car in a public street and
>> ask that I prove:
>> 1/ ownership of the car
>> 2/ ability to drive (ownership of a driver's license)
>>=20
>> That is for law officials to ask, you're just a nobody in that respect.
>=20
> Just as an analogy:
>=20
> If you got trapped stealing in a shop, the owner of the
> shop may put you under temporary arrest. He may _not_
> demand you to hand out an ID card or passport to him.
> Instead, he has to call the police who will ask you for
> your identity, and you'll have to prove it TO THEM.
>=20
>=20

That is correct :)


>=20
>> There are things he will be able to do and others he won't, regarding
>> his users' files.
>=20
> Creating restrictions PRIOR to system access would be
> the preferred way, but it's quite hard to apply them
> afterwards.
>=20
> However, people should be clever enough... erm... well,
> maybe that's a bad beginning. Let me try again. :-)
>=20
> People should have learned that whenever they are using
> a device connected to the Internet, be it their own laptop
> or the desktop at work, NOTHING is private. And in worst
> case, "by accident" everything will open up. There are
> too many parts in the chain: Employer, admins, ISP,
> company that runs the datacenter, phone operator... and
> in the end, 1984 is TODAY.
>=20
>=20
>=20
> --=20
> Polytropon
> Magdeburg, Germany
> Happy FreeBSD user since 4.0
> Andra moi ennepe, Mousa, ...



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?629B5A90-7251-4EE0-A25B-B84C518B9FE4>