Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

IT Creep reading everyones email for his own pleasure 8

Status
Not open for further replies.

McRocken

Technical User
Dec 14, 2004
10
US
My wife works for a University and her building has it's own server and IT people. The head guy goes around and drops little messages to people when he's talking to them about personal things he's read in their emails. He mainly does this with single young ladies that are newly hired but it's not confined to that. He seems to take a lot of pleasure in letting the workers know that he's Godlike and can do whatever he wants to. The upper people there, like the Dean of the School, don't know Jack about computers or anything related to IT. He comes up to you with a smirky smile and says something to you to let you know he read what you sent someone. Everybody knows that email at work is not personal, etc. But, this guy is a creep and uses it as a power thing. No one knows what to do or how to deal with him.

Here's the thing, people at this place are now getting the feeling that this guy has access to their yahoo, pop3 accounts, hotmail, or any personal accounts that they've check FROM work. He can get their passwords and such if they go through the buildings server and he obvoiusly has NO Ethics. It's like a peeping tom that's throwing it in your face and letting you know that you can't do anything about it.

What would YOU do? How would you catch this creep going into personal email accounts that are not connected with the University? What if he's going into accounts that he can get into because he's obtained passwords by snooping on the server?

Note: My wife works very closely with the Dean - The Dean has not asked this fellow to look at the workers emails, this is different, he's doing it on his own - because he can. It's been brought up to an assistant Dean who was appalled but said that there was probably nothing they could do - she did'n't know about the password thing though and that hasn't been proved to be a fact - yet. I'd love to "set a trap" and catch him doing it.

I just joined this group because I was searching IT ethics and found it. Thanks for any suggestions! Does this behavior ever become illegal? Or it is mainly an ethical issue?
 
If he's somehow garnering passwords and logging onto peoples' personal web-based emails, I would think he must be breaking US laws - he certainly would be in the UK.

Rosie
"Don't try to improve one thing by 100%, try to improve 100 things by 1%
 
No one's sure if he's getting passwords and/or checking out of system emails - but you just have to wonder what a person with his kind of ethics would/could do.

McRocken
 
McRocken said:
...you just have to wonder what a person with his kind of ethics would/could do.
What ethics?


[santa]Mufasa
(aka Dave of Sandy, Utah, USA)
[I can provide you with low-cost, remote Database Administration services: see our website and contact me via www.dasages.com]
 
McRocken,

Send him a link to this post. Or mention the link in one of your personal emails. It'd be like sending a letter to Dear Abby, clipping it when it gets published in your newspaper, and leaving the article on the offender's desk.

Maybe he'll get the hint and back off without your having to bring in the IT cavalry. He'll at least realize that the normal world is informed of his behavior, thinks he's a bucket of spit, and wants to crush his jewels.

Phil Hegedusich
Senior Programmer/Analyst
IIMAK
-----------
I'll have the roast duck with the mango salsa.
 
...or he'll continue to do it and just not mention it anymore. The only true way to stop him is for him to lose his job, period. Reprimands, scoldings, and write ups don't mean squat to this guy. "Oh, well, if that's all they're going to do then I just won't tell anyone when I read their email", is how he'll take it.

Hope This Helps!

ECAR
ECAR Technologies

"My work is a game, a very serious game." - M.C. Escher
 

Send him a link to this post.
I wouldn't give him the heads up.

"Oh, well, if that's all they're going to do then I just won't tell anyone when I read their email"

Don't think so.
It seems that showing people that he knows about them and, thus, has power over them, is the biggest part of his pleasure about reading the mail. He would not be able to read it and not say anything!

On the other hand, if they proceed with what was said above, the guy might loose his job - or, after having some problems, will be loaded with some real work, and will be too busy to bother with other people's mail.
 
I would go with Mufasa's approach and hand the document to the Dean himself.
That way you express how it effects the environment at the University.

I would end probably with the message:
If this person has the courage to snoop in others people mail, Mr Dean, surely he is also reading yours.

Probably he will loose his job, or get some real work to do.
Either way I don't have any mercy [evil]

Steven
 
ok,
here is another point of view. your computer is at home, your internet access is at home, your email is at home, your private electronic traffic is at home.

the computer at the office is not private, or yours, the internet access at the office is not private, or yours.
the email at the office is not private, or yours. the electronic traffic at the office is not private, or yours.

the e-security at the office is office security, not your security, it is not your employers job to keep your personal information, email, etc. secure or private, it is yours. if you do not want your information to be within your control, and within your secure e-area, then bring it to the workplace. if you want it within your control, and in your secure place then do not bring it to the workplace.
the first responsibility to keep your data private is yours. it is not your employers responsibility to investigate the lack of security based on your indiscretion. it is also not their job to keep it secure, or incurr cost to do so, or investigate if it is not kept so. you took the risk by exposing your data yourself, you were not instructed, or required to do so. take responsibility for your own data, and learn, if you let it out, then you let it out. if you do not want it out there, then keep it at home.

he is responsible for his actions, but you are responsible for yours. keep your private stuff private, and you wont have this issue. you may not even be allowed to according to policy be bringing or accessing your data on the company owned, maintained, and secured network.

what he did may be an issue, wisdom says watch your own data.
in case you did not know, phone calls on company phones may or may not be private either depending on your local statutes. i install recording devices on business phone systems all the time, and they do not in all jurisdictions even have to tell you, for it to be legal. in some areas, one party knowing the call is being recorded is all that is required to be legal. that may or may not mean one in the call, but the owner of the telephone line itself, meaning the person who pays the bill.

also, there is no way to have data secure on a network, only levels of security.



You do not always get what you pay for, but you never get what you do not pay for.
 
aarenot:

I'm not sure I fully agree with you.

There's an unwritten (well, actually, it's probably written somewhere) code of ethics for systems administrators.

I'm sure that this person doesn't stop with e-mail. He's probably reading private files as well, including staff reprimands and so forth.

As a system administrator, do I have access to read people's e-mail and private word documents? Sure. Do I do it? No. To me it's just data. And (as I've said before), my job is to make sure that the data is available to those who need it, backed up as part of my disaster recovery plan, and secured from those who don't need it.

Guaranteed, if it was a hospital or a bank that this creep worked at, he would be terminated, if for no other reason that HIPAA or GLBA policies were violated.

Users are aware that as a system administrator I can look at their documents. They also are aware that my morals keep me from doing so. Without the trust in a systems administrator, users are in a hostile work environment.



Just my 2¢

"In order to start solving a problem, one must first identify its owner." --Me
--Greg
 
i was trying to convey a different point of view which says, if it is not business, it does not belong on the business network. i have actuallly seen e-policies which state that non-work related usage is not private, nor authorized on the company network. the company assumes no responsibility for the security of non-work related data on the network. also, that it is forbidden to use the company network for personal purposes, and therefore the company is not responsible for it, or its security.

administrators ethics aside, as company systems administrator you have enough to do without worrying about the security of the data for those to cheap or lazy to do their own business on their own devices. user ethics not aside, they should do their personal data on their own time, and equipment. if they do not, user beware.



You do not always get what you pay for, but you never get what you do not pay for.
 
Actually I beleive that the human rights act was questioned on this issue not that long ago, and it was decided that individuals have a right to privacy whether they be at work OR at home, and that the right to a private life continues whilst in the work place.

So I'm with gbaughma on that one.

Fee

The question should be [red]Is it worth trying to do?[/red] not [blue] Can it be done?[/blue]
 
Actually I beleive that the human rights act was questioned on this issue not that long ago, and it was decided that individuals have a right to privacy whether they be at work OR at home, and that the right to a private life continues whilst in the work place.

Unless stiulated in a signed agreement. We have one such agreement here. Of course, that doesn't mean that people without authority have the right to browse your e-mail or files, as they please.


Carlsberg don't run I.T departments, but if they did they'd probably be more fun.
 
I may be wrong then - I thought I read that someone had challenged that in the ECHR and won. That would still only be true for Europe of course...

Helpfully I can't tell you where I read it - that would be too easy!

Fee

The question should be [red]Is it worth trying to do?[/red] not [blue] Can it be done?[/blue]
 
i have seen policies that state that the network is not to be used for personal web browsing, or personal business, and will not be considered private since it is forbidden.

only in that situation do i refer to some of what i have said. i do think it is not the system administrators job to waste their time investigating privacy issues of personal data in that situation.

if that activity is not forbidden, and in reference to private data, i still doubt it is worth company time to investigate, although they may be required to address it.



You do not always get what you pay for, but you never get what you do not pay for.
 
Fee

I'd heard that too. Our legal people have advised that we can no longer have a policy forbidding private use of email as a result of the HRA.

Rosie
"Don't try to improve one thing by 100%, try to improve 100 things by 1%
 
Of course what aarenot says has some bearing IF - and only IF - there is such a policy in place at the University that forbids people from checking personal emails on company networks/systems.

In either case, wouldn't the ethical thing for the Sys Admin be to report those violations and not read through someones personal email.

Moreover, where does his personal responsibility begin if he takes information he gained through proper channels and uses them for his own purposes? Is this any different then a person that runs a credit card through a retail business then uses that credit card number to make unauthorized purchases? The information was still gained through appropriate means, the customer even williningly gave the credit card info to the person. What the person does after that point is where the unethical part begins. Even though there is no financial theft in the original posters point, isnt it the same issue really?
 
Rosie/Fee:

Oh really? I was always under the impression that companies were entitled to forbid personal use of their resources. Has anyone got any links or idea where I might be able to find more information on the subject?

Something that needs changing here, if that is the case.


Carlsberg don't run I.T departments, but if they did they'd probably be more fun.
 
This might be helpful,


I havne't read it through though, so it may not be the original thing I read that stated that.

I think there are exceptions though (M15 strikes me as a suitable one!), so I wouldn't like to promise I am right!


Fee

The question should be [red]Is it worth trying to do?[/red] not [blue] Can it be done?[/blue]
 
I can understand if Slime Ball were going through the mail queue on the server or even through individuals mailboxes (Exchange Server?) that he would find out private info. That, in and of itself is bothersome and I would force the school to investigate it because of the atmosphere he's created.

However, if Mr. Ball has knowledge of private e-mails in private (yahoo, hotmail, gmail, etc) e-mail accounts, I believe he is doing some type of logging that I'm sure the school does not approve of. He's either reading a keylog or utilizing it to scrape up passwords.

IMO, if the school admin is aware of the situation but not doing anything about it, go over their head to the next person, and so on until someone actually listens. If the person you are complaining to does not understand (they're not stupid, just not computer savvy), you'll need to "dumb down" what you are saying to ensure complete comprehension of the situation.

And to Grenage, I think read something about a marine last week or the week before who won a lawsuit in reference to his personal e-mail account. I'll try to find details.
 
Thank you for that, Fee. It seems to recommend not reading private e-mails, but also says that the workplace has no obligation to allow use of e-mail/the phone etc.

As with all government literature, it's so ambiguous!


Carlsberg don't run I.T departments, but if they did they'd probably be more fun.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top