Data on my machine - who owns it and who is liable?

seamus

Right, something I'm not entirely sure of here.

I have a machine running XP Pro. I have two other logins set up - my brother and my housemate, both set up as power users. This is to allow them as much freedom in using the machine as possible (short of admin) but stopping them from seeing my data.

Housemate contributes to the cost of the net connection, so I let him use my machine. My brother has his own laptop, so he'd never use my machine unless he needed to change one of the shares.

Anyway, the point. Housemate likes his porn. He goes online when there's no-one else in the house, downloads a few vids, nothing major. Obviously I keep an eye on what he does since it's my machine. I'm not going to question anyone's sexual preferences, but there's nothing even mildly strange or disturbing in what he downloads. It doesn't bother me. I only limit the size of his profile to force him to clean it out.

My question is what if there was? What if, for example, he downloaded child porn, or something else that was illegal in this country? If he paid for child porn, it would be easily traceable, but what if he didn't? What if he was a member of some ****ed up bulleitn board, or managed to get himself onto IRC, and find some of this crap?

The Gardai come knocking on my door. The machine is in my possession, the data essentially belongs to me, and the only defence I have is that the data is under his profile (actually this has reminded to force his password to change - I know it, so that wouldn't bode well in my favour). Is the onus on me to prove that it was he that downloaded it, or is the onus on the Gardai to prove that I did, even though the dodgy data belongs to me?

I'm fairly sure that he wouldn't see this. It's a concern that my gf brought up when she found out he downloaded porn. Obviously if he did d/l anything iffy, I would see it and catch it long before the Gardai came knocking, but even then I'd have to prepare my defence. I couldn't just delete it and pretend it wasn't there. That would definitely be illegal, methinks.

K!LL!@N

That's an interesting one.
I'd imagine it's your responsibility what's on the machine.
I mean you have total control over the machine, you could if you wanted log in under his username and download stuff.
It could be argued that he could be set up by you.
You'd need alibis to prove you were nowhere near the house at the time of it being downloaded but even then it's still be hard to nail down who did what.

Killian

Fenster

I'd say better safe than sorry and just ask him not to download porn on your machine.

Rew

I wont claim to be an expert but here's what I think.

You would be liable if you knew and dint report him for a start. Next thing is you own the PC so your liable for its use. Same goes for the net connection id say (assuming its in your name). If the cops batter down the door and take the laptop they are going to get specialists to go thorough it bit by bit (pardon the pun) and could come up with stuff that was deleated months ago. Your house mate may say he knows nothing about it and point the finger at you. What proof do you have that its not you?

Anyway without being an expert and obviously just making up situations as I go along I reckon that if the **** hit the fan I doubt you would come out of it unscathed.

By the sounds of it it would never come to it and you keep an eye on it anyway so no big deal.

scojones

You could get him to set up his own internet account, a non "free" one, where he has his own username and pw. I'm not too sure where you stand on this one, like say you have a shell account on a box in, say, Clare, and you dl something illegal onto said box. Is the owner of the box held responsible? or is the user? That's exactly what the question is here. I would consult a legal advisor if i were you. It would really be worth your while.

leeroybrown

You're responsible for the data unless you can prove that you're not responsible for it being there. There is a UK computer forensics company (name eludes me) who do a lot of the court work both proving for the gardaí/police that defendants are guilty and proving that there is reasonable doubt for defendants. If I remember correctly a few people have been found not guilty on the basis of expert testimony that malware on their PC could have caused the illegal content to be there.

Capt'n Midnight

The law is a bit funny there. You aren't allowed to monitor his usage closely, but you are liable if he does something and you can't prove it wasn't you.

Perhaps some monitoring software on the system to track usage or some way of logging the time people use it. You would need consent. The Guards etc will get info from the ISP with details of IP addresses and times. If you could show who logged on when it would help. You would need to remove the ability for others to change the local time. (And stop them booting into BIOS or a DOS boot disk to change it manually either.)

net nanny ?

seamus

Capt'n Midnight wrote:

You aren't allowed to monitor his usage closely.

Are you sure about this? I'm an individual, not a company, law may differ here. I would have thought that if I lend someone my car, I'm entitled to track where and when they're going, and inspect the vehicle upon its return - don't many car rental places do this already?

Capt'n Midnight

I don't think it would be legal to record everything he does without his consent.
anonymous tracking, where you record times and IP's is OK AFAIK

zt

A similar case I've wondered about is wireless connection.

If you have a wireless connection that is used for dodgy purposes (without your permission) are you responsible?

K!LL!@N

zt wrote:

A similar case I've wondered about is wireless connection.

If you have a wireless connection that is used for dodgy purposes (without your permission) are you responsible?

I wouldn't imagine so.
If they came looking for proof, they wouldn't find any as it wouldn't be on your machine.
And the router wouldn't store anything.
I'd say you'd be fine.

Killian

Victor

If you are worried talk to a solicitor.

K!LL!@N wrote:

You'd need alibis to prove you were nowhere near the house at the time of it being downloaded but even then it's still be hard to nail down who did what.

In this day and age you don't need to be anywhere near a PC to use it. Remote log-on from a PDA or mobile, timed boot-up .... all very possible.

Seamus, without getting into the details of the law, I understand it is largely down to who did what, not who's equipment they used. That said, should anyone become aware of anything, it is best to report it and not just turn a blind eye and delete it, as this may be misconstrued later.

Imagine your car (motorbike ) is used in a bank robbery and it hasn't been reported stolen. Can you imagine the cops not using a sledge hammer on your front door? Yes, you can explain you loaned the bike to your mate, but your door is coming down.

Be afraid, but not afraid. And tell your mate to get his own PC. Or at least some sanitary wipes for your mouse.

https://www.hotline.ie/

Under this act, it is illegal for anyone to knowingly possess child pornography

Capt'n Midnight

me wrote:

The law is a bit funny there. You aren't allowed to monitor his usage closely,[edit]without letting him know, invasion of privcy or something[/edit] but you are liable if he does something and you can't prove it wasn't you.

seamus wrote:

Are you sure about this? I'm an individual, not a company, law may differ here. I would have thought that if I lend someone my car, I'm entitled to track where and when they're going, and inspect the vehicle upon its return - don't many car rental places do this already?

I don't think you'd be able to record what they said while in your car even then.

As for the original query, do you have an AUP* ?
*acceptable usage policy - saying what he ain't allowed to do.

In theory the stuff someone downloaded and sites visited should be in their temporary internet files area, unless they cleaned down the history file of course. But you should also be able to see the logon times and usernames inside event viewer if audit is turned on - this should also indicate who would have been logged on when anything dodgy happened.

Random

The way I see it...

You are responsible for your pc and internet connection along with it's usage.
You are allowed to track his habits on the pc, it's your pc, he's using it. Wouldn't harm to let him know you were doing it though, this would mean he'd not take risks like such illegal content you mentioned above.
You are responsible for your wireless connection and it's security.

My Life

Its your PC your problem.

Either stop him using the PC or restricy his access (dont give him download rights)

Sounds like it is a problem in the making which you need to nip in the bud now......

norbert64

A similar question for you guys & gals in the know.

Last week our main server crapped out @ work, and B4 you even ask it wasn't my fault.

Anywho seemingly some electro magnetic thingy flew thru all the computers and fried most of them. Thankfully a few were salvageable, mine and about 10 others, so instead of shelling out the moola 4 a whole new range of P.C.'s, the company is sending mine & the 10 others 2 be fixed.

Great news you might say since it'll save my work, but you would be wrong. As you can imagine i aint always working during the day, and more than once have checked out some adult sites.

I would just like to ask if their is written law that if a P.C. is sent in 4 repair anywhere, are the tech dudes told to check 4 adult sites etc. I am not sure but i think i overheard 1 of my colleagues say, that our boss will be checking the computers, but even if he didn't order the scan, will the tech dudes do it anyway.

Thanx in advance
An anxious Norbert64

seamus

There's a good chance that any engineer will see the data. You may be lucky in that your hard drive got fried, and they'll either feck it out or format and reinstall.

If the purpose is to save your data, then they probably will find your "inappropriate" content. What they do with it depends on what they're doing. We need more info. If they're told to only try salvage certain files (doc, rtf, xls, pdf etc) then you may be lucky, but unless we know what they need to do to fix the machine, there's not much more info I can give you.

norbert64

Great news, the boss didn't ask them to save everything, only to salvage all the business dealings, in Word, Excel, Database etc, so maybe i will be safe after all.

Although if i may ask Seamus, do you mean the engineer has a good chance of finding it, Bcoz there looking 4 it or will they simply come across it by accident.

Thanx in advance
A slightly calmer Norbert64

seamus

If there's a chance they'll salvage .html and .htm files too, then you may find yourself in trouble.

What happens after they salvage the files? Will they burn them onto CD and give them back to you, or will they give them back to your boss with a big long list of all the files they found?

Cos you don't want the latter

It's quite likely that in the process of salvaging/searching that the engineers will come across your stuff.

norbert64

They were told not to salvage any of the HTML files, only doc, pdf, rtf etc.
Anyways we only used internet access for research purposes and sending emails, and the boss has all the relevant email addresses 4 the business, on his own personal laptop, so that is O.K.

So i guess i am safe, aint I. :cool:

Capt'n Midnight

norbert64 wrote:

I would just like to ask if their is written law that if a P.C. is sent in 4 repair anywhere, are the tech dudes told to check 4 adult sites etc.

Garry Glitter got shopped by PC World.
Interesting, are they allowed to look at your data ??

Gavin

If they don't salvage the information in a forensicly reliable manner, then that information cannot be used to build a case against you.

(It wasn't me, I was away from my pc at all those times, I swear guv)

In the original post, I would imagine that the machine would be taken and examined by the fraud/computer crimes squad. The forensic expert would investigate the pc, and state the facts of where the data was found and examination of any extraneous info. Log in times, browsing activity, other information that can be used to build a profile of a user at a specific time. So if the particular user logged into their online banking in the same session as porn browsing was done, that's fairly reliable info..

Of course if that information doesn't exist, there ain't much they can do !
Child porn has to be reported at once to the gardai & if logging is done, then yeah the person being logged has to be notified.

Gav

norbert64

''If they don't salvage the information in a forensicly reliable manner, then that information cannot be used to build a case against you.''

R you saying i can be done for looking @ adult sites. I thought in Ireland, we were allowed to check out our favourite pornstars on their sites.

Anywho i just dont want the boss 2 see what i have been doing during work. He will fire my ass 4 sure, & my job is pretty savage so i would like to keep it.

''Garry Glitter got shopped by PC World.
Interesting, are they allowed to look at your data ??''

Unfortunately in the world we live in today, big Brother watching us & all that, i fear they probably R told 2 look 4 anything suspicious.

Anywho thanx 4 all the info guys.