My wife works for a University and her building has it's own server and IT people. The head guy goes around and drops little messages to people when he's talking to them about personal things he's read in their emails. He mainly does this with single young ladies that are newly hired but it's not confined to that. He seems to take a lot of pleasure in letting the workers know that he's Godlike and can do whatever he wants to. The upper people there, like the Dean of the School, don't know Jack about computers or anything related to IT. He comes up to you with a smirky smile and says something to you to let you know he read what you sent someone. Everybody knows that email at work is not personal, etc. But, this guy is a creep and uses it as a power thing. No one knows what to do or how to deal with him.
Here's the thing, people at this place are now getting the feeling that this guy has access to their yahoo, pop3 accounts, hotmail, or any personal accounts that they've check FROM work. He can get their passwords and such if they go through the buildings server and he obvoiusly has NO Ethics. It's like a peeping tom that's throwing it in your face and letting you know that you can't do anything about it.
What would YOU do? How would you catch this creep going into personal email accounts that are not connected with the University? What if he's going into accounts that he can get into because he's obtained passwords by snooping on the server?
Note: My wife works very closely with the Dean - The Dean has not asked this fellow to look at the workers emails, this is different, he's doing it on his own - because he can. It's been brought up to an assistant Dean who was appalled but said that there was probably nothing they could do - she did'n't know about the password thing though and that hasn't been proved to be a fact - yet. I'd love to "set a trap" and catch him doing it.
I just joined this group because I was searching IT ethics and found it. Thanks for any suggestions! Does this behavior ever become illegal? Or it is mainly an ethical issue?
Here's the thing, people at this place are now getting the feeling that this guy has access to their yahoo, pop3 accounts, hotmail, or any personal accounts that they've check FROM work. He can get their passwords and such if they go through the buildings server and he obvoiusly has NO Ethics. It's like a peeping tom that's throwing it in your face and letting you know that you can't do anything about it.
What would YOU do? How would you catch this creep going into personal email accounts that are not connected with the University? What if he's going into accounts that he can get into because he's obtained passwords by snooping on the server?
Note: My wife works very closely with the Dean - The Dean has not asked this fellow to look at the workers emails, this is different, he's doing it on his own - because he can. It's been brought up to an assistant Dean who was appalled but said that there was probably nothing they could do - she did'n't know about the password thing though and that hasn't been proved to be a fact - yet. I'd love to "set a trap" and catch him doing it.
I just joined this group because I was searching IT ethics and found it. Thanks for any suggestions! Does this behavior ever become illegal? Or it is mainly an ethical issue?