Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 19 Jul 2011 19:20:31 +0200
From:      Damien Fleuriot <>
To:        Polytropon <>
Cc:        "" <>
Subject:   Re: Tools to find "unlegal" files ( videos , music etc )
Message-ID:  <>
In-Reply-To: <>
References:  <> <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

On 19 Jul 2011, at 18:25, Polytropon <> wrote:

> On Tue, 19 Jul 2011 17:45:50 +0200, Damien Fleuriot wrote:
>> You claim that OP may lawfully open his users' private files.
>> Under your jurisdiction he might, under ours he shan't.
> A way around such a situation is to PROHIBIT the users
> (e. g. the employees of a company) to store private files
> on corporate servers, or even to do private web surfing
> during work time. You also often find regulations in
> office settings where the following policy is maintained:
> Workers _may_ use the web in a private manner for a time
> that definitely does _not_ keep them from working (i. e.
> an acceptable percentage), but they _will_ be monitored,
> e. g. by a proxy server that logs which sites are requested
> to make sure to track illegal use of corporate equipment
> (e. g. for illegal file sharing) can be tracked down to
> an INDIVIDUAL. It may also be possible that the screen
> of the user is monitored.

It cannot be prohibited under french law, as long as the use is reasonable.

Regarding proxies, the law offers companies the right to monitor web browsin=
g so that one is okay.

> Here in Germany, some companies, and also governmental
> installations do follow similar policies. The employee
> usually has to sign an agreement regarding this regulation.
> However, this does _not_ cover giving up privacy on
> matters that are under basic laws of freedom, both granted
> by the EU and (partially) acknowledged by the German state.
> With "partially" I mean things like this: ISPs and
> phone operators are caching _any_ connection data for
> a given time, as an agreement with the government. This
> is mainly intended for criminal investigation, and in
> such cases, the order of a judge is essentially required.
> However, history has taught many times that this mechanism
> is constantly abused, so nearly anybody with "substantial
> interests" (means: power and/or money) can get access
> to such data, even if the individuals getting into scope
> are NOT subject to any investigation.
>> OP may not open his users' private files without taking the following
>> precautionary steps:
>> 1/ open the document in the employee's presence
>> or
>> 2/ formally inform the employee that his document will be opened
> I think the 2nd requirement can be encapsulated in terms
> of service? Just an assumption, not a claim! See my
> example at the beginning.

Robert asked the same thing and I replied in private to reduce noise on the l=
I think that would be too broad and vague to be acceptable at court.

>> Under french jurisdiction, this can't be done.
>> An employee is forbidden to encrypt work documents if the goal is to
>> prevent his employer from accessing them.
> Basically, the work an employee does is "owned by the
> employer", so _this_ is the level where rights may be
> granted (e. g. for data protection - a possilbe requirement).

Documents on a work computer are, by default, considered non personal.

>> However, said employee may encrypt his own private documents and his
>> company can cry a river, he can't be compelled to open said documents
>> unless by a court order.
> Correct - unless, of course, the employee is explicitely (!)
> prohibited to use / bring / access such stuff AT WORK. Such
> restrictions sometimes are part of the work contract.

That might be a disproportionate restraint of the employee's rights, there i=
s a provision of fair use of work equipment for personal stuff.

As long as it doesn't disrupt the employee's work flow, that is, thus te ter=
m "reasonable" being used in the law.

>>>> The same way I just can't demand your driver's license unless I'm law=20=

>>>> enforcement.
>>> Under some circumstances, I _can_.
>>> To wit: If you want to drive _my_ car, I most certainly can demand proof=
>>> that you have a license.
>> See above.
>> My example, as understood by any sane person is:
>> You can't come to me while I'm driving my own car in a public street and
>> ask that I prove:
>> 1/ ownership of the car
>> 2/ ability to drive (ownership of a driver's license)
>> That is for law officials to ask, you're just a nobody in that respect.
> Just as an analogy:
> If you got trapped stealing in a shop, the owner of the
> shop may put you under temporary arrest. He may _not_
> demand you to hand out an ID card or passport to him.
> Instead, he has to call the police who will ask you for
> your identity, and you'll have to prove it TO THEM.

That is correct :)

>> There are things he will be able to do and others he won't, regarding
>> his users' files.
> Creating restrictions PRIOR to system access would be
> the preferred way, but it's quite hard to apply them
> afterwards.
> However, people should be clever enough... erm... well,
> maybe that's a bad beginning. Let me try again. :-)
> People should have learned that whenever they are using
> a device connected to the Internet, be it their own laptop
> or the desktop at work, NOTHING is private. And in worst
> case, "by accident" everything will open up. There are
> too many parts in the chain: Employer, admins, ISP,
> company that runs the datacenter, phone operator... and
> in the end, 1984 is TODAY.
> --=20
> Polytropon
> Magdeburg, Germany
> Happy FreeBSD user since 4.0
> Andra moi ennepe, Mousa, ...

Want to link to this message? Use this URL: <>