On Mar 2, 2015, at 10:03 AM, Mike A <mikea@mikea.ath.cx> wrote:
On Mon, Mar 02, 2015 at 05:53:33PM +0000, Naslund, Steve wrote:
Don't know who this is but the legalities are pretty clear I think. The DC is not required to know what data is stored but if the cops can prove that someone DID know what was stored, that person can be criminally charged. IANAL but I have worked with LE on a similar case and that is how it was explained to us by the FBI. It will be hard to prove anyone knew however since anyone that knew and did not report it committed a crime. Charging the company will be a stretch unless they can prove that at least one corporate officer knew. Otherwise the company will fire whichever employee knew and say "He should have told us".
This is all about who knew what and when.
True in the USA, I think; but what about Canadian law?
AFAIK it's generally the same in Canada. If a provider is aware of (reported, accidental discovery or otherwise) the existence of child pornography on their network that existence must be reported to LE and the content must be cease to be publicly available. What I've done in the past when such a report is received is created an archive of the whole directory and subdirectories in question, collected all the customer data related to the account including logs of logins and file transfers and sent that directly to law enforcement and through https://www.cybertip.ca/ <https://www.cybertip.ca/>. Some information for Canadian service providers is in the reporting system itself: https://www.cybertip.ca/app/en/service_provider_report