From owner-freebsd-questions@FreeBSD.ORG Tue Jul 19 17:20:44 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8B2841065670 for ; Tue, 19 Jul 2011 17:20:44 +0000 (UTC) (envelope-from ml@my.gd) Received: from mail-fx0-f44.google.com (mail-fx0-f44.google.com [209.85.161.44]) by mx1.freebsd.org (Postfix) with ESMTP id 2541C8FC0A for ; Tue, 19 Jul 2011 17:20:43 +0000 (UTC) Received: by fxe6 with SMTP id 6so272678fxe.17 for ; Tue, 19 Jul 2011 10:20:43 -0700 (PDT) Received: by 10.223.17.151 with SMTP id s23mr12329668faa.13.1311096043136; Tue, 19 Jul 2011 10:20:43 -0700 (PDT) Received: from [192.168.0.47] (paris.c-mal.com [88.170.200.60]) by mx.google.com with ESMTPS id h9sm90607faa.15.2011.07.19.10.20.40 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 19 Jul 2011 10:20:42 -0700 (PDT) References: <201107191520.p6JFK9d3033870@mail.r-bonomi.com> <4E25A6AE.2020309@my.gd> <20110719182529.3068ced4.freebsd@edvax.de> In-Reply-To: <20110719182529.3068ced4.freebsd@edvax.de> Mime-Version: 1.0 (iPhone Mail 8J2) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Message-Id: <629B5A90-7251-4EE0-A25B-B84C518B9FE4@my.gd> X-Mailer: iPhone Mail (8J2) From: Damien Fleuriot Date: Tue, 19 Jul 2011 19:20:31 +0200 To: Polytropon Cc: "freebsd-questions@freebsd.org" Subject: Re: Tools to find "unlegal" files ( videos , music etc ) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jul 2011 17:20:44 -0000 On 19 Jul 2011, at 18:25, Polytropon wrote: > On Tue, 19 Jul 2011 17:45:50 +0200, Damien Fleuriot wrote: >> You claim that OP may lawfully open his users' private files. >> Under your jurisdiction he might, under ours he shan't. >=20 > A way around such a situation is to PROHIBIT the users > (e. g. the employees of a company) to store private files > on corporate servers, or even to do private web surfing > during work time. You also often find regulations in > office settings where the following policy is maintained: > Workers _may_ use the web in a private manner for a time > that definitely does _not_ keep them from working (i. e. > an acceptable percentage), but they _will_ be monitored, > e. g. by a proxy server that logs which sites are requested > to make sure to track illegal use of corporate equipment > (e. g. for illegal file sharing) can be tracked down to > an INDIVIDUAL. It may also be possible that the screen > of the user is monitored. >=20 It cannot be prohibited under french law, as long as the use is reasonable. Regarding proxies, the law offers companies the right to monitor web browsin= g so that one is okay. > Here in Germany, some companies, and also governmental > installations do follow similar policies. The employee > usually has to sign an agreement regarding this regulation. >=20 > However, this does _not_ cover giving up privacy on > matters that are under basic laws of freedom, both granted > by the EU and (partially) acknowledged by the German state. >=20 > With "partially" I mean things like this: ISPs and > phone operators are caching _any_ connection data for > a given time, as an agreement with the government. This > is mainly intended for criminal investigation, and in > such cases, the order of a judge is essentially required. > However, history has taught many times that this mechanism > is constantly abused, so nearly anybody with "substantial > interests" (means: power and/or money) can get access > to such data, even if the individuals getting into scope > are NOT subject to any investigation. >=20 >=20 >=20 >> OP may not open his users' private files without taking the following >> precautionary steps: >>=20 >> 1/ open the document in the employee's presence >> or >> 2/ formally inform the employee that his document will be opened >=20 > I think the 2nd requirement can be encapsulated in terms > of service? Just an assumption, not a claim! See my > example at the beginning. >=20 >=20 Robert asked the same thing and I replied in private to reduce noise on the l= ist. I think that would be too broad and vague to be acceptable at court. >=20 >> Under french jurisdiction, this can't be done. >>=20 >> An employee is forbidden to encrypt work documents if the goal is to >> prevent his employer from accessing them. >=20 > Basically, the work an employee does is "owned by the > employer", so _this_ is the level where rights may be > granted (e. g. for data protection - a possilbe requirement). >=20 >=20 Aye. Documents on a work computer are, by default, considered non personal. >=20 >> However, said employee may encrypt his own private documents and his >> company can cry a river, he can't be compelled to open said documents >> unless by a court order. >=20 > Correct - unless, of course, the employee is explicitely (!) > prohibited to use / bring / access such stuff AT WORK. Such > restrictions sometimes are part of the work contract. >=20 >=20 That might be a disproportionate restraint of the employee's rights, there i= s a provision of fair use of work equipment for personal stuff. As long as it doesn't disrupt the employee's work flow, that is, thus te ter= m "reasonable" being used in the law. >=20 >>>> The same way I just can't demand your driver's license unless I'm law=20= >>>> enforcement. >>>=20 >>> Under some circumstances, I _can_. >>>=20 >>> To wit: If you want to drive _my_ car, I most certainly can demand proof= =20 >>> that you have a license. >>>=20 >>=20 >> See above. >>=20 >> My example, as understood by any sane person is: >>=20 >> You can't come to me while I'm driving my own car in a public street and >> ask that I prove: >> 1/ ownership of the car >> 2/ ability to drive (ownership of a driver's license) >>=20 >> That is for law officials to ask, you're just a nobody in that respect. >=20 > Just as an analogy: >=20 > If you got trapped stealing in a shop, the owner of the > shop may put you under temporary arrest. He may _not_ > demand you to hand out an ID card or passport to him. > Instead, he has to call the police who will ask you for > your identity, and you'll have to prove it TO THEM. >=20 >=20 That is correct :) >=20 >> There are things he will be able to do and others he won't, regarding >> his users' files. >=20 > Creating restrictions PRIOR to system access would be > the preferred way, but it's quite hard to apply them > afterwards. >=20 > However, people should be clever enough... erm... well, > maybe that's a bad beginning. Let me try again. :-) >=20 > People should have learned that whenever they are using > a device connected to the Internet, be it their own laptop > or the desktop at work, NOTHING is private. And in worst > case, "by accident" everything will open up. There are > too many parts in the chain: Employer, admins, ISP, > company that runs the datacenter, phone operator... and > in the end, 1984 is TODAY. >=20 >=20 >=20 > --=20 > Polytropon > Magdeburg, Germany > Happy FreeBSD user since 4.0 > Andra moi ennepe, Mousa, ...