From owner-freebsd-questions@FreeBSD.ORG Tue Jul 19 15:20:27 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B49D61065673 for ; Tue, 19 Jul 2011 15:20:27 +0000 (UTC) (envelope-from bonomi@mail.r-bonomi.com) Received: from mail.r-bonomi.com (mx-out.r-bonomi.com [204.87.227.120]) by mx1.freebsd.org (Postfix) with ESMTP id 7FF688FC1B for ; Tue, 19 Jul 2011 15:20:27 +0000 (UTC) Received: (from bonomi@localhost) by mail.r-bonomi.com (8.14.4/rdb1) id p6JFK9d3033870 for freebsd-questions@freebsd.org; Tue, 19 Jul 2011 10:20:09 -0500 (CDT) Date: Tue, 19 Jul 2011 10:20:09 -0500 (CDT) From: Robert Bonomi Message-Id: <201107191520.p6JFK9d3033870@mail.r-bonomi.com> To: freebsd-questions@freebsd.org In-Reply-To: <4E258C98.8010109@my.gd> Subject: Re: Tools to find "unlegal" files ( videos , music etc ) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jul 2011 15:20:27 -0000 > From owner-freebsd-questions@freebsd.org Tue Jul 19 08:55:07 2011 > Date: Tue, 19 Jul 2011 15:54:32 +0200 > From: Damien Fleuriot > To: freebsd-questions@freebsd.org > Subject: Re: Tools to find "unlegal" files ( videos , music etc ) > > > > On 7/19/11 1:57 PM, Robert Bonomi wrote: > >> From owner-freebsd-questions@freebsd.org Tue Jul 19 05:54:52 2011 > >> Date: Tue, 19 Jul 2011 12:54:38 +0200 From: Damien Fleuriot > >> To: "C. P. Ghost" Cc: Frank Bonnet > >> , > >> "freebsd-questions@freebsd.org" > >> Subject: Re: Tools to find "unlegal" files ( videos , music > >> etc ) > >> > >> > >> > >> On 7/19/11 11:06 AM, C. P. Ghost wrote: > >>> On Tue, Jul 19, 2011 at 8:55 AM, Damien Fleuriot wrote: > >>>> On 19 Jul 2011, at 08:15, Frank Bonnet wrote: > >>>>> In France it's illegal and I have my boss's instruction : > >>>>> > >>>>> - find and delete the files that's all. > >>>> > >>>> Bon courage then... > >>>> > >>>> A file can not be illegal per se, so you won't be able to detect > >>>> these by looking up names or contents. > >>> > >>>> Even then, if a file is labeled as personal, privacy protection > >>>> applies and it is *unlawful* for you to process it. > >>> > >>>> (That is in the same way that your employer is strictly forbidden > >>>> from peeking inside your email messages clearly labeled as personal, > >>>> even if they were received on your work mailbox.) > >>> > >>> Exactly! > >>> > >>> Speaking with my university sysadmin hat on: you're NOT allowed to > >>> peek inside personal files of your users, UNLESS the user has waived > >>> his/her rights to privacy by explicitly agreeing to the TOS and > >>> there's legal language in the TOS that allows staff to inspect files > >>> (and then staff needs to abide by those rules in a very strict and > >>> cautious manner). So unless the TOS are very explicit, a sysadmin or > >>> an IT head can get in deep trouble w.r.t. privacy laws. > >>> > >> > >> The poorly written IT TOS of a company can never bypass the law, > >> regardless of anything you agreed to in your company's TOS. > > > > "male bovine excrement" applies. > > > > For example, if it is part of the _terms_of_emplyment_ -- which one > > *agreed* to, by going to work there --that you (the employeee) give > > permission for the company, or it's agents, to examine any file you > > store on the system. > > > >> It *is* unlawful for them to even open your files as long as they are > >> clearly labeled as private. > > > > Oh my. making back-ups is unlawful. Replacing a failed drive in a > > RAID array is unlawful. Re-arranging storage allocation is unlawful. > > *SNORT* > > > > You're playing dumb. On purpose. False to Fact. Using satire to make a point, yes. Obviously, it is _not_ unlawful to 'even open' a file that is 'labelled as private'. Herr Ghost subsequently clarified that he meant 'opened by a person' -- which, if _that_ is an accurate description of the law in question, means that a purely mechanical process, such as a loop running file(1) on all files, and logging a filtered subset of that output would _not_ qualify as 'opening' under the law, either. > That's called trolling. That's frowned > upon, both by the community and by the list's charter. Irrelevant, and immaterial. > Just because you sign a bit of paper doesn't make everything it contains > law. > > I do not have to remind anyone of the number of cases where, for example, > ISPs got condemned for abusive terms in their contracts, and said terms > nullified. No, but you _do_ have to specify the jurisdiction in which it happened. The rules _are_ different in different jurisdicitons. > > > Under the laws of _what_ jurisdiction? > > > > http://www.acbm-avocats.com/spip.php?article37 > > Files are considered to be work related UNLESS they're clearly > labeled/named as private. AH. _those_ rules *don't* apply to me. > In which case the employer may not open said files in the absence of the > employee. > > Just because you do it doesn't make it legal. But, you see, It _is_ entirely legal where *I* live. > >> To open them, they would require a judge's injunction, for example in > >> cases of pedo pornography or the like. > > > > I guarantee you that _I_, as a system administrator, don't need a court > > order to do such things. And, if you claim otherwise, you better be > > prepared to cite the statues that prohibit it. > > Again just because you do it doesn't make it legal. Repeating, What I do *is* entirely legal. > Regarding statutes that prohibit it, see above, plus: > > European Fondamental Rights: > http://www.europarl.europa.eu/charter/pdf/text_fr.pdf > > Code du travail: > http://www.legifrance.gouv.fr/affichCodeArticle.do;idArticle=LEGIARTI00000 > 6901852&cidTexte=LEGITEXT000006072050&dateTexte=20080513 *NONE* of the above are applilcable to me. > > This is a corporate environment, it is in the terms of employment that > > company computers are for "business use only", that anything on the > > machines is 'work done for hire', and thus property of the company. > > > > I hope we'll agree to disagree here. "you don't know what you don't know" applies. I don't mean that offensively, but you have made an unwarranted, unjustified, assumption as to what laws govern _my_ actions. > Jurisprudence allows reasonable use of work computers, given that the > employee respects L120-4 of Code du Travail. > > This one here clearly acknowledges an employee's right to a reasonable > personal use of his employer's internet connection: > > http://www.legifrance.gouv.fr/affichJuriJudi.do?oldAction=rechJuriJudi&idT > exte=JURITEXT000019166094&fastReqId=2101417007&fastPos=1 Again, none of that applies to my situation. > >>>> You may want to look for files that are unusually large. They could > >>>> possibly be ISOs, dvdrips, HD movie dumps... > >>> > >>> Not to forget encrypted RAR files (which btw. could contain anything, > >>> including legitimate content, so be careful here). > >>> > >> > >> It would be unlawful to try to brute force the files' password ;) > > > > The last I knew (admittedly a number of years ago), encryption was > > illegal in France, EXCEPT where the encryption key is on file with the > > Government. Many multi-national corporations made sure to route their > > 'secure' traffic > > _around_ France for that specific reason. > > > > Find an encrypted file, and demand that the user show that the key is > > on file with the gov't. *EVIL*GRIN* > > > > You are not entitled to such a demand. *IF* it is illegal to have encrypted materials without the key on file with the gov't,, then it would seem reasonable, on discovering such, to demand proof that the file -- being that it is _on_my_property_ -- in question is _not_ illegal. > The same way I just can't barge in to your house and demand to see your > permit to build there. Under some circumstances, I _can_. To wit: If you're building on _my_ property, I _do_ have the right to demand proof that you are doing it 'legally'. > The same way I just can't demand your driver's license unless I'm law > enforcement. Under some circumstances, I _can_. To wit: If you want to drive _my_ car, I most certainly can demand proof that you have a license. > By the way, you're wrong again. Encryption is perfectly legal in France > up to a specific key length, above which you are supposed to register it > with the government. As I said, "a number of years ago", that _was_ the situation -- I'm glad to see that France has relaxed their stance on the matter. *LOTS* of countries had lots of 'stupid' rules about ecnryption and encryption technology. the USA used to require an 'international arms dealer' certification to export any encryption technology BTW, the reason I can *legally* do those things you say are unlawful is that I am _not_ in France, Nor even anywhere in the EU. The rules _I_ have to play by _are_ different.