Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

IT Creep reading everyones email for his own pleasure 8

Status
Not open for further replies.

McRocken

Technical User
Dec 14, 2004
10
US
My wife works for a University and her building has it's own server and IT people. The head guy goes around and drops little messages to people when he's talking to them about personal things he's read in their emails. He mainly does this with single young ladies that are newly hired but it's not confined to that. He seems to take a lot of pleasure in letting the workers know that he's Godlike and can do whatever he wants to. The upper people there, like the Dean of the School, don't know Jack about computers or anything related to IT. He comes up to you with a smirky smile and says something to you to let you know he read what you sent someone. Everybody knows that email at work is not personal, etc. But, this guy is a creep and uses it as a power thing. No one knows what to do or how to deal with him.

Here's the thing, people at this place are now getting the feeling that this guy has access to their yahoo, pop3 accounts, hotmail, or any personal accounts that they've check FROM work. He can get their passwords and such if they go through the buildings server and he obvoiusly has NO Ethics. It's like a peeping tom that's throwing it in your face and letting you know that you can't do anything about it.

What would YOU do? How would you catch this creep going into personal email accounts that are not connected with the University? What if he's going into accounts that he can get into because he's obtained passwords by snooping on the server?

Note: My wife works very closely with the Dean - The Dean has not asked this fellow to look at the workers emails, this is different, he's doing it on his own - because he can. It's been brought up to an assistant Dean who was appalled but said that there was probably nothing they could do - she did'n't know about the password thing though and that hasn't been proved to be a fact - yet. I'd love to "set a trap" and catch him doing it.

I just joined this group because I was searching IT ethics and found it. Thanks for any suggestions! Does this behavior ever become illegal? Or it is mainly an ethical issue?
 


do your personal stuff at home. that is the ethical thing to do.



You do not always get what you pay for, but you never get what you do not pay for.
 
Grenage,

The relavent acticle is Article 8, here's a couple of links:


– Item 5

It is all a bit tenuous, and one interpretation is that it may not apply to non-governmental institutions. Inevitably, it will come down to interpretation by the courts.

Rosie
"Don't try to improve one thing by 100%, try to improve 100 things by 1%
 
Ah, I appreciate those links, Rosie. It looks like we should be ok, provided everyone is aware that their e-mails/phone calls are recorded.

Still, as you say, it's all down to the interpretation.

Russell.


Carlsberg don't run I.T departments, but if they did they'd probably be more fun.
 
aarenot,

Checking personal emails does not automatically constitute "personal business" nor unethical behavior. I do a lot of work after hours and much of my work correspondence comes through my "personal email". In a college setting, I would tend to think the situation would be different then what I find myself doing, but as many proffessors are published, have blogs for research, have web/data minning operations, etc, there is justifiable cause to allow access to personal emails. And as many good intentions go, it is probably easier to allow carte-blanche authority of all administrators then it is to try and pick and choose which are allowed and disallowed to have acces to personal emails. But this is all speculation. In either case, it may not be unethical to check personal email from work - it depends on the individual workplaces policies.
 
attrofy,
i see your point, if it is work related.



You do not always get what you pay for, but you never get what you do not pay for.
 
In a university setting it gets really hard to spot the difference between work and private e-mail. Typically ex-colleagues, friends, current-collaborators, rivals, and so on are all drawn from the same pool of people.

You might write an e-mail to discuss a joint piece of work (obviously work related), ask in passing about some work you both did in another university 4 years ago (less work related) and finish with a long section about how the other person's children and hobbies are getting on, and that time you had together in Madrid (totally personal matters). It really wouldn't be sensible for any university IT department to start quantifying whether, on balance, an e-mail is work or personal.

Looking at other people's e-mails without reason is a gross breach of privacy and trust. Postmen shouldn't read letters, telephone engineers & receptionists shouldn't listen in to calls, and surgeons shouldn't tell your neighbours about that embarrassing tattoo; we all rely on professionals to be professional. If this person really has broken that code, they shouldn't be in the job. But of course that's a bit "if" that would need to be settled first.

 
You know, the slimeball is probably reading the college kids' e-mails too.....



Just my 2¢

"In order to start solving a problem, one must first identify its owner." --Me
--Greg
 
Reverse psychology always works.

Send an email to you wife with the link to a website, have the website send an email to your personal address everytime someone views it.
NEVER GO TO THE WEBSITE.
wait for the email regarding his visit... and then immediately have your wife go to his office to tell him:

"Hey, thank you for visiting our website! I can't wait to hear from you what you thought about it... write me an email one of these days with your thoughts.. ok? Take care now!"

as you can see, you just need to put him on the other side of the curtain ;)

If he doesn't 'Get It' then, he deserves to be punished.




Daren J. Lahey
Programmer Analyst
FAQ183-874 contains Suggestions for Getting Quick and Appropriate Answers to your questions.
 
I guess I deserve to be punished....

I don't get it.

[rofl]



Just my 2¢

"When I die, I want people to say 'There was a wise man' instead of 'Finally, his mouth is shut!'" --Me
--Greg
 
The point has been raised. University email facilities most often allow students to use their email for personal use with guidelines. Many sites do log information automatically about email but this is usually limited in what they collect. IE they do not store subject and message content. Collecting more information normally needs authorisation from higher authorities. Even if an IT person has been instructed to read emails they cross the line when they tell anyone about messages outside of the scope of their duties.

Take a look at [URL unfurl="true"]http://www.unisa.edu.au/policies/codes/miscell/it-student.asp[/url] for an example.

As for employees of the university that might be under more strict guidelines the said IT person has crossed the line by discussing email contents outside of the scope of his duties. That is, of course, ignoring the fact that he has probably not been authorised in any way to read said emails in the first place. Saying its the employees fault because they exposed themselves is like blaming a woman for getting assaulted or blaming a victim of a peeping tom because they didn't have their curtains fully closed. You can go to beaches here in Australia and look at women sunbathing topless but try to take a picture and you'll learn that you've just stepped over the line. This employee has stepped over the line.


Hope I've been helpful,
Wayne Francis

If you want to get the best response to a question, please check out FAQ222-2244 first
 
i am looking at the title, information technology ethics. i do see that the creep has few scruples, and i have never questioned that. does the employer have a responsibility to mount an expensive investigation into the matter of your private data, i say no.

does wisdom say, keep your private data private by keeping it at home, i say yes.

reality is probable the person who had their emails read probable spends two hours a day on the internet doing personal surfing, playing games, etc., while being paid. not any more ethical than what the creep is doing. if true, and statistically it is likely. he is stealing her personal data, while she is stealing company time on the network doing personal business. she may be the statistical anomally and only doing approved personal surfing on her unpaid time, but it is not likely.

be real here, ethics is a real challenge for everyone, and most people fail that challenge on a daily basis. so let's not crucify this guy, and give ourselves a pass for what we do, because we dont find our own ethical failures offensive.

i would like to challenge everyone in this way. if you do not spend company paid time on personal internet activities, or other activities which are not work related, then respond. since you are not guilty of an ethical failure yourself, just as this creep is, be they the same failure or not.
i will not be responding on this thread again, in response to my own challenge, as i fail ethically at times as well. i do however give 15 minutes a day off the clock because i know i take a little time on the clock for myself on occasion. it makes me feel better about wasting five minutes now and then.

often times the difference between offensive ethical failures, and no-offensive ones are whether we are the ones commiting them or not.

 
if you do not spend company paid time on personal internet activities, or other activities which are not work related, then respond
I see. If I cannot prove that I'm perfect, then I should certainly not have anything to say about rapists, thieves, embezzlers or company-paid internet surfers.

Well, that certainly limits social interaction, doesn't it ?

Pascal.


I've got nothing to hide, and I'd very much like to keep that away from prying eyes.
 
;-) Like nobody is in this forum during work hours... I save it *ALL UP* and wait until I get home to log onto tek-tips.

NOT.

[rofl]

But, in my own defense, I do use Tek-Tips for a LOT of work related stuff, including coding tips and so forth...

By the same token, I'm salary, on call 24x7, and if I want to take 5 mins to write a snappy response to someone, by golly, I will!



Just my 2¢

"When I die, I want people to say 'There was a wise man' instead of 'Finally, his mouth is shut!'" --Me
--Greg
 
Let he who is without sin, cast the first stone (John 8:7 KJV)

Sorry, I couldn't resist. /wink

While most of us probably access Tek Tips at work, I doubt anyone can say they have not benefited immensely.


Carlsberg don't run I.T departments, but if they did they'd probably be more fun.
 
Grenage - that severely deserves a star!

Phnar...

Fee

The question should be [red]Is it worth trying to do?[/red] not [blue] Can it be done?[/blue]
 
You're too kind, Fee. :)


Carlsberg don't run I.T departments, but if they did they'd probably be more fun.
 
McRocken:

I, personally, would *Love* to hear an updated status on this situation... is the creep still there? Did he get busted? Has anybody taken any action? What were the results?



Just my 2¢

"When I die, I want people to say 'There was a wise man' instead of 'Finally, his mouth is shut!'" --Me
--Greg
 
does the employer have a responsibility to mount an expensive investigation into the matter of your private data, i say no.
Sadly, aaernot will not be checking this thread anymore, so he will be missing valuable perls that I am casting out...but...
I say the employer DOES have a responsibility to mount that expensive investigation even if it is about personal data. And the reason being because the means by which that data was obtained. It was through company resources. This implicitly ties the company to the perpetrators actions. It is now the employers responsibility. If nothing else, to clear their name from the devious actions of the IT creep. Otherwise, they are at risk that the perception will be they not only approve of this behavior, but possibly sanction it since they are provifding the means for this action to happen.

Bottom line is no one else is responsible for your ethical conduct - didnt the Nuremberg trials prove that? Despite following orders, (percieved or directed) you are still responsible for your own actions. That is the point of this entire thread. Justification has no bearing. Therefore, any actions others comit (ethical or otherwise) are at their own discretion with their own series of consequences that must be faced by them. The ethical thing that the slime ball is required to do is report any offenses - period. If someone "deserves" the punishment, it is not up to the slime ball to decide. Likewise, he does not get to decied who is worthy of spying on and who is not. He is only worthy of reporting his findings to his superiors and letting them dish out any appropriate behavior modifications.

Hopefully this is enough to lay the groundwork of how devastating this line of thinking is. Continuing the vein of thought, it would not be hard to instill marshall law in any circumstances from running red lights, to persuing rapists and murderes and metting out punishment that is seen as "justifiable".

Lynch mob anyone???

 
Ok - an update. Nothing has happened, nothing has been done. Things are the same as the first post - the creep is being more careful but he possibly slipped up in the last few days by telling an employee that he was sorry to hear about her health problems (the employee never mentioned it to him but emailed a friend about it - she was creeped out by the comment) No one really knows if he got the info from reading email or some other way. But, the point is, everyone is feeling like the guy is reading their mail whether he is or not because he's let people know in the past that he was. The management is screwed up at the place and no one wants to rock the boat or make a big deal about it - they are just living with it.

In regards to Aaaernot's comments, my wife never plays games or screws around on her computer and does the work of 3 normal people. In fact, because of this, she has now put in her notice and is leaving this screwed up place - not because of the email situation, but the whole work environment is depressing. She is at management level and can come and go as she pleases - she manages her own time - and she has full permission to use the email to communicate to personal contacts if she wants to - as everyone there does - including the Dean. She is highly regarded by everyone there and has received great job reviews from her boss since working there. She will be hard to replace and won't have trouble getting a job with a better working environment.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top