×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

IT Creep reading everyones email for his own pleasure
8

IT Creep reading everyones email for his own pleasure

IT Creep reading everyones email for his own pleasure

(OP)
My wife works for a University and her building has it's own server and IT people. The head guy goes around and drops little messages to people when he's talking to them about personal things he's read in their emails. He mainly does this with single young ladies that are newly hired but it's not confined to that. He seems to take a lot of pleasure in letting the workers know that he's Godlike and can do whatever he wants to. The upper people there, like the Dean of the School, don't know Jack about computers or anything related to IT. He comes up to you with a smirky smile and says something to you to let you know he read what you sent someone. Everybody knows that email at work is not personal, etc. But, this guy is a creep and uses it as a power thing. No one knows what to do or how to deal with him.

Here's the thing, people at this place are now getting the feeling that this guy has access to their yahoo, pop3 accounts, hotmail, or any personal accounts that they've check FROM work. He can get their passwords and such if they go through the buildings server and he obvoiusly has NO Ethics. It's like a peeping tom that's throwing it in your face and letting you know that you can't do anything about it.

What would YOU do? How would you catch this creep going into personal email accounts that are not connected with the University? What if he's going into accounts that he can get into because he's obtained passwords by snooping on the server?

Note: My wife works very closely with the Dean - The Dean has not asked this fellow to look at the workers emails, this is different, he's doing it on his own - because he can. It's been brought up to an assistant Dean who was appalled but said that there was probably nothing they could do - she did'n't know about the password thing though and that hasn't been proved to be a fact - yet. I'd love to "set a trap" and catch him doing it.

I just joined this group because I was searching IT ethics and found it. Thanks for any suggestions! Does this behavior ever become illegal? Or it is mainly an ethical issue?

RE: IT Creep reading everyones email for his own pleasure

I guess that it depends where you live. Certainly within the UK this would fall within the data protection act providing his actions were not sanctioned by his employer.

I think the US has a more liberal approach to personnel data.

Pete

RE: IT Creep reading everyones email for his own pleasure

It is certainly more liberal in the US, but for reasons of data protection (such as making sure that certain documentation doesn't get emailed out, etc) , rather than personal gain.

If this guy really is reading other people's email from the office for his own pleasure and turning around and telling people this, then that falls under the category of harassment. Making people think that he's GODLIKE because of his access is a harassing nature.

Also if he IS reading employee hotmail and yahoo accounts, then that's something that needs to be reported and investigated by the police. Reading this type of email is personal and has nothing to do with work (unless the police came to him and said "read these peoples emails" with a warrant, but from the sounds of your post, I highly doubt that).

I would definitely approach this with the Dean. Explain to him the ethics behind the matter and that some people feel threatened by this, even though its work related email. Then show him several emails that were sent to other people for personal reasons, then show this guys' emails that relate to the personal emails.
Also if there is solid proof of the hotmail/yahoo accounts, be sure to bring this to the Dean's attention too.
Then suggest that some of his access be restricted for 6 months. Otherwise if he gets talked to, and no restricted access is done, he could just change his patterns and verbalize everything.

Good Luck!

RE: IT Creep reading everyones email for his own pleasure

How about this? First, make sure the assistant dean is aware of the trap you are about to set. Send an email to your wife's personal account. In the email, outline your "planned" vacation at a nudist colony. Using only activities you both do not do in real life, discuss your agenda of events such as horseback riding, horseshoes, hangliding, limbo contests, skiing, volleyball, etc. Be specific with names and dates. If this person mentions even one of these imaginary things you have him cornered!

Beware of false knowledge; it is more dangerous than ignorance. ~George Bernard Shaw
Consultant Developer/Analyst Oracle, Forms, Reports & PL/SQL (Windows)
My website: Emu Products Plus

RE: IT Creep reading everyones email for his own pleasure

I would simply start sending mail to the FBI stating that I am being harassed by someone in my workplace and asking what I can do about it.

If other workers are feeling threatened about it, they can send in their own eye-witness accounts.

My guess is that either the FBI shows up and demonstrates publicly just how un-Godlike he is, or he'll come around in a hurry and try to calm things down on his own.

Pascal.

RE: IT Creep reading everyones email for his own pleasure

(OP)
Thanks for the discussion on this!

I am thinking about setting up a juicy header on an email and sending this message to my wife's account. In the message I could put a link to a webpage that I created just for this purpose and maybe catch his IP address there (would be great if he checked it from his home computer) Maybe send my wife the password to this page and tell her that it's extremely important that she keeps it secret, etc, make it so he can't stand NOT knowing what it is, etc. I could also give her my password to my (newly created for this purpose) yahoo account, and in that account set the trap with the link to the webpage as well. I design websites for a living. I'm not an expert in the IT area so y'all could tell me if having his IP address would do any good - especially if he's checking it from his computer at work - could he say someone else used it or something? I really want a case against him that STICKS. He's pissed off several people by doing this and made everyone feel violated and so freaked out that they might not even be able to trust ANY email they send - even from their home account that's unrelated to the University. For instance, I set up a family group page for my wife's family and sent the link and password to my wife at work, we figure that he's probably been there and seen what we thought were private family things. My wife has checked my email for me (from work)  I asked her to do this a few times and now the creep has possible access to my account - if he picked up the password from the server - where does it end? I should have known better but you do tend to trust IT people. It's just this one bad apple causing trouble for everyone.

RE: IT Creep reading everyones email for his own pleasure

Personally, I like a combination of both BJCooperIT's and pmonett's ideas.  You want to set a trap?  Try this.  Send your wife an email about going to a nudist colony, or anything else that has a strong sexual underdone to it.  If this creep says something to her about it (and you  know he probably will), she will have grounds for a sexual harrassment charge, and concrete proof that he's been reading her emails.  I would imagine that at a University, just the thought of a sexual harrassment case against them would be enough for them to take care of this guy.  Not to mention the fact that now your wife also has proof and can get the authorities involved on possible other charges.  The University will take care of this situation for you.

Just a devious little idea...but I think this guy deserves it.

Hope This Helps!

ECAR
ECAR Technologies
www.ecartech.com

"My work is a game, a very serious game." - M.C. Escher

RE: IT Creep reading everyones email for his own pleasure

If you can get confirmation of this guy's behaviour it might be best to use this to encourage the dean / assistant dean to carefully and discretely investigate further before hauling the creep over the coals.

Someone with this low level of ethics may well choose to sabotage systems / withhold passwords / other nefarious behaviour rather than go quietly. Steps will need to be taken to prevent this and gather further proof to protect the institution from legal action.

This type of person gives all IT people a bad name - someone with the skills to gain this level of access who can't determine when it is ethical and appropriate to do so doesn't belong in the industry.

Hope you nail him.

TazUk

pc Blue-screening PCs since 1998

RE: IT Creep reading everyones email for his own pleasure

Hmm...you could take the nudist colony thing one step further and email your wife about threesome trip with this guy. Include in there how much you think he's "hot". If he's just reading the ladies emails, then it might just creep him out that another guy is checking him out.

 

RE: IT Creep reading everyones email for his own pleasure

McRocken,

Before setting up a trap for the guy, make sure you are not setting one for your wife. I know that Universities are usually very liberal, especially when it comes to accessing Internet, your private e-mail, etc. - my husband has worked for a few and still teaches from time to time. But when you have a case against the guy and he feels the danger, he may be able to create one against your wife.

Check very carefully all Internet and e-mail-related policies that may actually exist, even though not enforced. You may find that, say, accessing your private e-mail, like Yahoo or whatever else is not allowed; or sending e-mail of personal, let alone sexual (as was suggested above) contents from the University equipment is prohibited, or something alike.

You may also want to check what the creep's job description say. You may find that 'watching out' the employees' Internet use is part of his duty (even though he is clearly too eager and not ethical about doing it), buried somewhere deep in the wording.

Whatever you do, first make sure that you don't set up a trap for your wife at the same time. And if you decide, after all, to set something against him, be also careful about making up "juicy details" - they will most likely become widely known, and your wild imagination may bring you some embarrassment.

Good luck.

RE: IT Creep reading everyones email for his own pleasure

3
McRocken, First, and foremost, it sounds to me like the University (surprisingly) lacks a "Univeristy Personal and Data Privacy Policy". Someone should point out to the appropriate Powers that Be that lacking such a policy, the University is exposing itself to potential legal liabilities and entanglements.

The University does not need to rely upon State or Federal privacy laws...they can, of their own accord, implement a privacy-protection policy under their University Ethics and Honor Code charter.

By pushing this aspect, you probably kill multiple birds and one Slime Ball with one stone.

santaMufasa
(aka Dave of Sandy, Utah, USA)
[I can provide you with low-cost, remote Database Administration services: see our website and contact me via www.dasages.com]

RE: IT Creep reading everyones email for his own pleasure

Stella740pl, while sending these types of emails may be prohibited, they can't stop what you receive or everyone would get fired for getting Spam.  No one suggested she send anything out, just that her husband send something to her personal account.  Even with that, she doesn't have to check it at work, but if the IT creep mentions anything about it, he's been in her private email, possibly from a university computer.

SantaMufasa, I'm sure they have a "Univeristy Personal and Data Privacy Policy", it's just this guy doesn't abide by it.  I agree with you that it needs to be enforced, but most people (including administration) just flat out don't care until there's a potential lawsuite because of it.  Then it gets their attention.

Hope This Helps!

ECAR
ECAR Technologies
www.ecartech.com

"My work is a game, a very serious game." - M.C. Escher

RE: IT Creep reading everyones email for his own pleasure


while sending these types of emails may be prohibited, they can't stop what you receive or everyone would get fired for getting Spam.

That's true. But I don't get spam to my work account - probably they have some filter in here, plus, I believe, some e-mail can be quarantined and, yes, reviewed by someone in charge, with rights to do so.

If, however, these messages are sent to a totally private account, not accessed from work, and he still knows about them - that's a totally different story. But, on the other hand, if the creep can hack password and access that private account, it means that at one time or another she did access it from work - and she better check if she was allowed to do so, before setting the trap.

RE: IT Creep reading everyones email for his own pleasure

(OP)
Some great tips here - I agree with being careful, I wouldn't use a sexual message like some have suggested. Something else or just enough of an idea to bait him would be enough. I'm trying to check into the University policy, etc. I'm not going to go off and do something crazy, I'll take my time and see if there are other ways to deal with this. This fellow has mentioned to 3 people, that I know of, about some item that he could only have known through reading their emails and made it clear to them that he's read them.

My wife had to deal with a lot of work related items over the weekend and on Monday, he comes up and with a little grin, says, "I see you were busy emailing this weekend." It's just a little creepy when the guy is always reminding you that he's watching you. This guy is a real gossip monger as well and SOMEHOW always knows whats going on in everyone's life - I wonder how.

RE: IT Creep reading everyones email for his own pleasure

(OP)
Again, here's what I'm proposing. I set up a yahoo account to be used only for this purpose. I send a couple of messages to it so it looks used, and in there I put one message with a subject line something like "personal-stay out!" (I'm not sure about the subject line yet) In this message I'll have a link that goes to a webpage that I create just for this purpose and tell no one about. I'll monitor the hits to this webpage and will be able to capture the IP address of anyone who goes to it. Then I will send, to my wife's work email account, a message saying that I've got a new email address at XXXXX.yahoo.com and that it's only for "talking about our little personal problem" and tell her to be careful not to let anyone have this password to the account or it could be embarrasing to us- and give her the password to the yahoo account. Now, IF he reads her mail he'll have that password, and IF he goes to that personal Yahoo account outside of the University and clicks on that URL, and I can prove it - I think I might have him - a lot of IFs but possible. You IT experts will have to tell me how to connect him with the IP address, I'm not sure how all that works.

What do you think?

RE: IT Creep reading everyones email for his own pleasure


Well, don't want to spoil it for you, but I, personally, wouldn't want my husband to send messages to my work account at all, and with any personal information in particular, especially with an e-mail address and password, be it real or fictional. Whatever he can send me to a private account, better yet - tell me on the phone (preferably my cell), or, the best way, wait a few hours and tell at home, he wouldn't send me to work.

It even looks unnatural - you know that you shouldn't expect privacy in your work e-mail, and that it could be retrieved years later and treated as a business-related document, and you send a message about sharing your "little personal problem" in a personal secret account - and you include the full detail of that said account in it.  If she is not supposed to access that new personal account at work, anyway, what the rush to send it to work and not show it to her at home? Doesn’t look good.

Even if you get him this way, I wouldn't want to be the person who gets this e-mail at work.

Even if he talks about it, it would be a proof for you only. He may as well deny later that he said anything at all. If, however, you can catch him going into that webpage (and he might copy the URL, not click on it), that, I would guess, is not proof enough that he read your e-mail account - he might have been able to find that page by other means. In any case, if you got some proof, one way or another, how would you proceed? Did you think about that yet?

RE: IT Creep reading everyones email for his own pleasure

"I see you were busy emailing this weekend."

While this might be creepy to some people, maybe its just me, but I would reach across, pat him on his head and tell him "Congratulations, you know how to check my email account. Now why don't you go find something useful to do before I find something for you."
If he's trying to use psychology over certain people in the office, that he's like you said "Godlike" then people just need to learn that they should act like they don't care. It'll bruise his ego a bit.

However, if he came up and said "So how was the movie you saw Saturday night?" Then I would note the time, date what he said to me and write it all down on a log and hand that over to the Dean.

RE: IT Creep reading everyones email for his own pleasure

(OP)
Yeah, the "see you were busy emailing" comment is not a big problem as he's in charge of the system - but I only told you that to show you how he flaunts it to the people there. I don't need proof myself because my wife and a couple of her co-workers have had him mention SPECIFIC emails that he read of theirs to their face. There's no question that he's doing it, that's proof enough for me. And, again, nobody expects privacy in their mail at work and that's not the question - the real question is: Can't you expect privacy in your OTHER home accounts? Those that he might have gained access to by getting your password because maybe you checked your PERSONAL home account from work and then, afterwards, he goes after the passwords by looking for them on the school server? This is not really an email issue but one of a person using an online website for banking or checking another personal account from work and he sees the password you used and can then go back later himself - if he so chooses to. Nobody knows if he's gone that far - I'd like to know by giving him the chance.

Of course I know that any real personal stuff should not be sent to my wife at work - I'm just SAYING that it's personal to get his attention in this case. If he goes off of the school server, to an outside Yahoo account that I created to prove that he's doing this, and then he goes into it WITHOUT permission and only has access to it because he read about it and gotten the password to it from an email to my wife - wouldn't you think that's a problem?

Think about this - my wife told me that she once (during lunch on her own time) paid a bill online at her bank. This means that the guy could go into our banking account if he got that password. You know how it is... the average person is not savvy to how this stuff works and never imagines that these things can be such problems. If this isn't about ethics, I don't know what is. As an IT person you have access to information - how you use it really shows the TYPE of person you are. Here we obviously have a power crazed peeping tom type guy with no ethics and not afraid to let you know it - he's thumbing his nose at you saying "what are YOU going to do about it?"

If I could prove it, I have connections at the University and will use them to expose this fellow. I know the Dean too but I would never bring it up without proof.

RE: IT Creep reading everyones email for his own pleasure

Quote (ECAR):

I'm sure they have a "Univeristy Personal and Data Privacy Policy", it's just this guy doesn't abide by it.
At the universities around here, any faculty or staff caught breaking the Honor Code or any university-generated ethics policies is dismissed.

If McRocken's institution has a policy that they are not enforcing, McRocken (or spouse) should be able to go to the university's legal counsel and say,

"There is a university employee that is an ethics abuser. He is creating and fostering a threatening work environment that is causing emotions that range from uncomfortable to enraged amongst colleagues. I'm certain that this is not the type of atmosphere and environment that the university wants to tolerate.

"We want to see this behaviour stop and are willing to take action. As university counsel, what do you advise us to do next to prevent this perpetrator for continued misbehaviour?"

The counsel cannot help but feel some level of concern if s/he sees any sort of exposure to liability on the part of the university.

This all hinges upon just how far you and your colleagues are willing to go to make this slime ball stop.

santaMufasa
(aka Dave of Sandy, Utah, USA)
[I can provide you with low-cost, remote Database Administration services: see our website and contact me via www.dasages.com]

RE: IT Creep reading everyones email for his own pleasure

Wow, never seen so many posts in one day!  A nerve has been struck!  I hate this guy sooooooooooooooooooooo much already.  He's an absolute wormsnake

The whole set a trap blah blah blah DO NOT DO IT.  It just tarnishes your reputation.  And its easy to say "oh I overheard that being discussed by some students".

What you need is evidence not circumstancial evidence.

Only the powers that be can deal with this.  

If this guy is the only and most senior IT guy you have to get an external party to come in and start monitoring logs.  Thats what happens when you read other peoples email - you need permission (thats in computer terms, eg username and password) to read another users email and that is logged.  If not you need to turn that auditing back on.

Also he might just be remote desktopping onto the PC and watching what is on your screen and reading mail then, although onpening it with an admin account seems more likely.

In terms of capturing hotmail passwords as an admin thats so easy it should be illegal... oops it is!  I can easily pop a key logger on your PC.  I can just stick a packet sniffer on the gateway.  I can stand over your shoulder and watch your fingers!  If you click that little box "Remember My Password" then more fool you.  Because when you go home I log on to your PC as you and theres all your saved passwords  available for my use.

You also need the external people to check for hidden surprises, document the network incase he gets nasty.

If he worked for me I'd capture the logs make sure I head the evidence then escort him off site permanently.

I think I speak for - almost - all of tek tips in saying GGGGGGGGGGGGRRRRRRRRRRRRRR

curse cannon

RE: IT Creep reading everyones email for his own pleasure


Of course I know that any real personal stuff should not be sent to my wife at work - I'm just SAYING that it's personal to get his attention in this case.

The way I understand it, if it is not work-related, or, at least, of some general interest, it IS personal. Even if you are just SAYING (yes, I understood you correctly the first time) it is personal, and it is not real, it is still personal. Anyway, no one, without hiring an investigator, can truly distinguish whether it is real or imaginary, but just looking at the contents would say that it is personal.

I am not sure that setting up all this trap would be a sufficient proof to the dean, unless he is a technical person. Also, even if it is, he might not want to use it because of the questionable nature of the proof. He wouldn't want problems.

I would favor some combination approach.

First, try to find the policy, if one exists, regarding e-mail and Internet use on the University equipment. Read carefully, to check whether your wife doesn't break it (by opening private accounts, paying bills, etc.) before proceeding. Read what it says about expectation of privacy.

Then, note something to the guy as LadySlinger suggested. If he makes notes about information found in the private e-mail accounts, you can say something like "I see you are watching me. Do you have a warrant to do so?" or something else, to hint that you MIGHT actually do something about it.

At the same time, have your wife (and possibly, some other coworkers would agree to do so) log, as LadySlinger told you, all occurrences of his remarks, with time and date, and other details. When you have more than a few, complain to the dean in writing, preferably with coworkers, too, on unethical behavior and harassment committed by this guy. It might be a proof enough.

At the same time, it might be a ground to push for some Personal and Data Privacy Policy, as SantaMufasa suggested - or to show that the guy doesn't abide by it, and even uses the information that he gets as part of his work duties for his own purposes. You might really get him.

RE: IT Creep reading everyones email for his own pleasure


Is it just me, or the threads that became too wide to fit the screen because of all the  ...GGGRRR... and ...AAAHHH... used to have a horizontal scroll bar? Now it just shows what fits in the window and cuts off the rest. Inconvenient.

(Hello, Spirit winky smile, I would guess I speak for the rest of Tek-Tips: just GGGGGGGGGGGGRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR would have been enough.)

RE: IT Creep reading everyones email for his own pleasure

Whoever the Administrator is for this forum can edit Spirit's post to reduce the "teeth gritting" down to a "narrower" level.

santaMufasa
(aka Dave of Sandy, Utah, USA)
[I can provide you with low-cost, remote Database Administration services: see our website and contact me via www.dasages.com]

RE: IT Creep reading everyones email for his own pleasure

Works fine in FireFox.  tongue

Hope This Helps!

ECAR
ECAR Technologies
www.ecartech.com

"My work is a game, a very serious game." - M.C. Escher

RE: IT Creep reading everyones email for his own pleasure

(OP)
I found this in the Network and Computing Support area online at the University. Don't know if it helps or not....

 Policies

Terms of Use for Computer Accounts

The University of XXXXXXXXX ("University") computer network, equipment, and resources are owned by the University and are provided primarily to support the academic and administrative functions of the University. The use of these computer resources is governed by federal and state law and University policies.

The use of computer accounts is subject to the following terms and conditions:

Each account is for the exclusive use of the individual or organization to whom it was assigned and users may not allow or facilitate access, including by a proxy or anonymous remailer, to University computer accounts, equipment, or restricted files or systems by others. Authorized users are University faculty or staff, currently enrolled students, and retirees, unless their access privileges have been revoked by the University. Divisions and departments may also authorize temporary accounts for use by non-University personnel strictly for the purpose of conducting University business.

The use of the account may not violate any policy of the University.

The use must not overload the University's computing equipment or systems, or otherwise negatively impact the system's performance.

The use must not result in commercial gain or benefit to the users and cannot constitute consulting for a business or running a business. The page or site may not promote commercial activities or display paid advertising.

The use may not violate laws or University policies against discrimination or harassment due to race, sex, religion, disability, age, or other protected status.

The use may not violate state laws or University policies on the use of University equipment, resources, or time for political activities.

The use must not involve sending of soliciting chain letters, nor may it involve sending unsolicited bulk mail messages (e.g., "junk mail," or "spam").

The use may not imply or state University sponsorship or endorsement, nor use University trademarks without permission of the University's Licensing Program.

The use may not involve unauthorized passwords or identifying data that attempts to circumvent system security or in any way attempts to gain unauthorized access.

A Web site or page or personal collection of electronic material that is accessible to others must include and display the following disclaimer: "The views, opinions, and conclusions expressed in this page are those of the author or organization and are not necessarily those of The University of XXXXXXXX or its officers or trustees. The content of this page has not been reviewed or approved by The University of XXXXXXX, and the author or organiztion is solely responsible for its content."

Organization accounts are subject to deactivation after notice to the last known sponsor unless the sponsor annually renews the account by submitting to the University an account renewal form (faculty/staff organizations) or by renewing the organization's registration with the Office of the Dean of Students (student organizations) by September 15 of each year.

The University may examine electronic information stored on or passing over University equipment or networks, for the following purposes: (1) to ensure security and operating performance of its computer systems and networks; (2) to enforce University policies or compliance with state or federal law where (a) examination is approved in advance by a dean, vice president, or the president, and either (b) there is reasonable suspicion that a law or University policy has been violated and examination is appropriate to investigate the apparent violation, or (c) examination is necessary to comply with state or federal law. Computer users should have no expectation of privacy in material sent, received, or stored by them on or over University computing systems or networks when conditions of subparagraph (1), or both (2a) and (2b), or both (2a) and (2c) above have been satisfied.

Use that violates the terms of the account agreement, state or federal law, or any University policy may result in referral for action under the appropriate disciplinary procedure and the imposition of sanctions which may include suspension or revocation of access privileges in addition to other sanctions.

RE: IT Creep reading everyones email for his own pleasure

Well, as Spirit says, don't set a trap.  You're only opening yourselves to possible recriminations at a later date should the policy be enforced.

The lines:

"The use may not violate laws or University policies against discrimination or harassment due to race, sex, religion, disability, age, or other protected status."

and

"The use may not violate state laws or University policies on the use of University equipment, resources, or time for political activities."

both apply in this case.  If you wanted to do something without arousing too much suspicion, get the Dean to bring in an external IT security company in to perform a whole range of security testing (so it won't look like you're just looking at this guy's stuff), under the clauses in the AUP.
Make an announcement to all IT staff saying something like
"Due to the sensitive data we hold on our servers relating to research and teaching activities that The University carries out, The Dean and other members of the Senior management team have authorised XYZ IT Security to perform a full range of IT audits to determine if there are holes in any of our systems. No areas are beyond their remit.  All IT personnel are hereby authorised to cooperate fully with them in their investigations and respond appropriately to any queries raised."

You then make sure that this building is one of the areas that the company look at.  They may be able to find files of usernames/passwords, data from confidential files from people's network homespace in his, packet sniffers in key places on the network etc that this guy set up.  
While he could claim that they were for use in ensuring network security, this reasoning should be checked out by an independent network security expert for validity.

Additionally, there's likely to be some sort of clause in his employment contract regarding bringing the University into disrepute, which could possibly happen should this knowledge become public.  This is a problem should any of the "set a trap" techniques get used.

Even if it turns out he is just misusing administrative level priveliges and scaring people, then this itself is a contravention of the policy and he should be dealt with under the same AUP.

John

RE: IT Creep reading everyones email for his own pleasure

I am not an attorney (although I play one on TV), but it seems to me that with the above policy, you can scare the bejeezus out of Slime Ball, even without the co-operation or concurrence of the Dean.

Clearly, Slime Ball is breaking University Policy (as it reads, above). For him to be reading surreptitiously other people's e-mails, either he or the University must prove that his snooping is either:

1) ensuring security and operating performance of its computer systems and networks; or
2) enforcing University policies or compliance with state or federal law...

So, Per Item 1: The burden of proof would be on his shoulders to prove that his reading of others' e-mail is ensuring security and operating performance (notice that he must prove that somehow his snooping ensures both security and performace to justify his behaviour under item 1 (which I would absolutely doubt he can).

Per Item 2: To snoop under the auspices of Item 2, Slime Ball must prove:

   a) He had advanced approval of a dean, vice president, or the president, and one of the following:
   b) There is reasonable suspicion that one of the victims was perpetrating a violation of policy or law and Slime Ball's snooping was appropriate to investigate the suspicion (which I highly doubt he could prove), or
   c) Slime Ball's snooping was in compliance with State or Federal law (which I highly doubt he could prove).

Now here is the clincher:

Quote (University Policy):

Computer users should have no expectation of privacy...when conditions...above have been satisfied.
This implies that if Slime Ball cannot prove that he is snooping under protection of the above conditions that you CAN have an expectation of privacy!!!!

Next, you, or one of the other victims (or all of the victims) each pay $17 for one month's membership in some pre-paid legal service in your area. (I can give you the link to a service that has, since 2000, represented me on over a dozen matters, with 100% positive results in my favour, with no cost to me besides the $17/month membership.)

Such as service will, as just one of the aspects of their benefits, write (on Law Firm letterhead) a "Cease-and-Desist" letter to Slime Ball (with carbon copies to the Dean, the President of the University, and the University's Legal Department), demanding that Slime Ball stop his behaviour.

The letter can be along these lines:

Quote (Cease-and-Desist Letter):

Mr. Slime Ball,

We represent multiple employees of the University of XXXXX. They have requested our firm to represent them in a demand that you show just cause for your repeated accessing of electronic mail from accounts of University of XXXXXXX employees.

Under the policies of the University of XXXXXXX and under statute of the State of XXXXXXX, employees can expect that such electronic files are private (i.e., not for your or University inspection unless) you and the University can prove that:

1) Inspecting (incoming or outgoing) employee e-mail ensures security and operating performance of University computers systems and networks, or

2) That each occurrence of your inspections of employee e-mails occurred:
   a) with advanced approval of a dean, vice president, or the president, plus one of the following conditions:
   b) you can prove reasonable suspicion (prior to your inspections) that each of the employees whose e-mail you inspected, is or was perpetrating a violation of University policy or State or Federal law and that your inspections were appropriate to investigate those pre-existing suspicions, or
   c) Your inspections were in compliance with State or Federal law.

Please forward your responses to this inquiry to our office by <Some date>. Until such time, or absent an acceptable response, we demand that you Cease and Desist such future inspections of e-mails or electronic files of employees and staff of the University of XXXXXXX.

Sincerely,

Jane Q. Lawyer,
Attorney-at-Law
Since you are not bringing any legal action, per se, you needn't disclose either your names or even any proof (at this time) of his misbehaviour. Your legal counsel is simply demanding that Slime Ball not perpetrate any future unauthorised inspections of employee e-mails. It's that simple.
The University need not even know who, specifically, is making this request.

I imagine that once the higher echelons at the University sense the legal risks to which he (individually) is exposing the University (collectively), he will probably either be reassigned, fired, or have his wings otherwise clipped.

Let us know if you decide to pursue such a track, and if so, the outcome.


 santaMufasa
(aka Dave of Sandy, Utah, USA)
[I can provide you with low-cost, remote Database Administration services: see our website and contact me via www.dasages.com]

RE: IT Creep reading everyones email for his own pleasure

oops Sorry!

Kind of got my back up and got carried away with the "R"'s

iain

RE: IT Creep reading everyones email for his own pleasure


SantaMufasa,

I am not an attorney
Doesn't feel like it.

(although I play one on TV)
Hm. Are you serious?

Anyway, looks like you did a great job parsing and analyzing that policy, then drafting the legal document.

Have a star from me.

RE: IT Creep reading everyones email for his own pleasure

Thanks, Stella, for the Star.

As to my comment, "I am not an attorney (although I play one on TV)...", because you don't waste your intellect by watching a lot of television, you probably don't recognise my take-off on a televsion add from a few years ago where a TV ad featured a highly recognisable soap-opera actor who was hawking some sort of over-the-counter pain medication. He began the ad by saying, "I'm not a doctor, although I play on on TV...".

So, in reality, I don't even play an attorney, but I am always interested in ways to apply the law to turn Slime Balls out into the street, especially when they arrogantly mock and deride their victims as tastelessly as McRocken's "piece of work" seems to be doing.

santaMufasa
(aka Dave of Sandy, Utah, USA)
[I can provide you with low-cost, remote Database Administration services: see our website and contact me via www.dasages.com]

RE: IT Creep reading everyones email for his own pleasure

The only question I have with Mufasa's excellent suggestion, is what happens when Mr. Slime turns the table and sheepishly wonders aloud to the Dean why he is being harassed by his co-workers - as he would clearly, never ever in a million years read anyone’s email - never!  It must clearly be a plot by all his jealous co-workers to harass him with such unfounded and slanderous attacks.

I do believe that Spirit and jrbarnet are on the right track and I think combining with Mufasa's idea, there could be a real end put to this issue - but some of the higher ups would have to be involved, and it would basically become a full blown "official" investigation.  Keystroke logging would be the most effective method - unless as McRocken speculates he is doing most of the nefarious work from home - or some remote public outside location (library, internet cafe, wireless terminal, etc) and using a remote entry to log on as the user, etc.  My bet is if he is willing to express his GODLIKE abilities openly to the people he is GODDING over, then I am also guessing he is covering his tracks pretty tightly.  As jrbarnett indicated, many of the methods he employees could be blown off as network security, and if he is hiding behind a cloak of "legitimacy" due to the nature and power of his position, he has a built in excuse as to why those devices are in place.  Anything that comes in the nature of an "outside" attack (legal, circumstantial, whatever) will clearly fall into the "accusational" my-word-against-his catergory, and could end up backfiring.  Proving misuse of University given power is a whole different subject then proving his ability to misuse the power.  Definitely illicit the help of the Dean, assistant Dean, or some other University sanctioned investigator.  This is clearly a case of harassment, and should be dealt with in the same manner as a sexual, religious or racial harassment.  With enough cooperative co-workers, this case could be clearly "proven" to any investigating team - just as any of the above mentioned harassment cases would be.

RE: IT Creep reading everyones email for his own pleasure

It could be considered creating a hostile work environment.  I think it most states that is grounds for legal action.

BJ

RE: IT Creep reading everyones email for his own pleasure

BJ is right, especially if the slimeball is keylogging everything you do on the web

If it is illegal in your state, then definitely get the authorities involved (if SantaMufasa's suggestion doesn't hinder the guy). If you do your site and catch the guy in the act, most likely if legal action is taken, this evidence will be thrown out because of lack of warrants, or not being done by proper authorities.
As much fun as your idea may be, it would only go so far as your knowledge rather than anything else unfortunately.

Good Luck!

RE: IT Creep reading everyones email for his own pleasure

SantaMufasa is spot-on with his analysis.

After reading the policy myself, Slimeball is *way* in over his head.

However, I would start with a letter to the Dean, stating examples of information that would ONLY be known if Slimy was reading e-mails, quoting the policy back, and asking that it be addressed.

Remember, that if you *ask* the dean to address it, as opposed to demanding it, you will get farther.  When you demand help, you're "playing a trump card".

Entrapment of Slimy is never a good idea.  Besides, the Dean *may* already be aware of it, and is just collecting enough evidence to get rid of the bozo, which you would only be hindering.  Bring it to the Dean's attention, but continue to give Slimeball enough rope to hang himself with.

(It makes me feel guilty about the joking bumper sticker I have on my jeep that read "I read your e-mail".... lol)

Just my 2¢

"In order to start solving a problem, one must first identify its owner." --Me
--Greg  http://parallel.tzo.com

RE: IT Creep reading everyones email for his own pleasure

I must say, I totally agree with Greg: By going (in a highly professional manner) to the Dean, you still retain the option to follow-up later with an (independent) legal process (which can be a "big hammer" if the Dean fails to act).

Well done, Greg. (Hava Star.)

santaMufasa
(aka Dave of Sandy, Utah, USA)
[I can provide you with low-cost, remote Database Administration services: see our website and contact me via www.dasages.com]

RE: IT Creep reading everyones email for his own pleasure

Awww... shucks.  :D

You're a good guy, Dave... no matter what the rest of these guys say about you. ;)

Just my 2¢

"In order to start solving a problem, one must first identify its owner." --Me
--Greg  http://parallel.tzo.com

RE: IT Creep reading everyones email for his own pleasure

Greg!!!  You weren't suppose to tell him we were talking about him!!!  

rofl

les

RE: IT Creep reading everyones email for his own pleasure

(OP)
Thanks everyone for your comments. The guy is being watched by several concerned employees and documenting any time he does it again. We want to make sure that the info he mentions could ONLY be known through reading the mail before bringing in the big guns. I'm sure he'll hang himself soon enough.

McRocken

RE: IT Creep reading everyones email for his own pleasure

If nothing else, McRocken, the amount of time that Slime Ball spends reading other people's e-mails, then "creeping" around to show off his creepiness represents a clear Dereliction of Duty -- He cannot be doing his "real work" while he's being creepy/slimey.

That, in and of itself, should be enough for his superiors to be disappointed enough to take action. How would the superiors feel if everyone emulated Slime Ball's work "ethic"?...The University would never accomplish anything of worth. (Bring that point up to the Dean when you all finally "lower the boom" on Slime Ball.)

...And, keep us posted on your progress.

santaMufasa
(aka Dave of Sandy, Utah, USA)
[I can provide you with low-cost, remote Database Administration services: see our website and contact me via www.dasages.com]

RE: IT Creep reading everyones email for his own pleasure

The documentation part of this is a very good point. Even if it is just little shorts like

“Sept 12th. Slime ball said he read this." “Sept 13th Slime ball asked if my sick mother was better.” Everything.

That is legal documentation and carries a lot of weight believe it or not. Have all that are concerned do it on every event. Give this to the dean. This should make him take some sort of action. If not the legal services will.

"Wise men speak because they have something to say; Fools because they have to say something."  
(Plato)
 
 

RE: IT Creep reading everyones email for his own pleasure

If he's somehow garnering passwords and logging onto peoples' personal web-based emails, I would think he must be breaking US laws - he certainly would be in the UK.  

Rosie
"Don't try to improve one thing by 100%, try to improve 100 things by 1%"

RE: IT Creep reading everyones email for his own pleasure

(OP)
No one's sure if he's getting passwords and/or checking out of system emails - but you just have to wonder what a person with his kind of ethics would/could do.

McRocken

RE: IT Creep reading everyones email for his own pleasure

Quote (McRocken):

...you just have to wonder what a person with his kind of ethics would/could do.
What ethics?

santaMufasa
(aka Dave of Sandy, Utah, USA)
[I can provide you with low-cost, remote Database Administration services: see our website and contact me via www.dasages.com]

RE: IT Creep reading everyones email for his own pleasure

McRocken,

Send him a link to this post. Or mention the link in one of your personal emails.  It'd be like sending a letter to Dear Abby, clipping it when it gets published in your newspaper, and leaving the article on the offender's desk.  

Maybe he'll get the hint and back off without your having to bring in the IT cavalry.  He'll at least realize that the normal world is informed of his behavior, thinks he's a bucket of spit, and wants to crush his jewels.

Phil Hegedusich
Senior Programmer/Analyst
IIMAK
http://www.iimak.com
-----------
I'll have the roast duck with the mango salsa.

RE: IT Creep reading everyones email for his own pleasure

...or he'll continue to do it and just not mention it anymore.  The only true way to stop him is for him to lose his job, period.  Reprimands, scoldings, and write ups don't mean squat to this guy.  "Oh, well, if that's all they're going to do then I just won't tell anyone when I read their email", is how he'll take it.

Hope This Helps!

ECAR
ECAR Technologies
www.ecartech.com

"My work is a game, a very serious game." - M.C. Escher

RE: IT Creep reading everyones email for his own pleasure


Send him a link to this post.
I wouldn't give him the heads up.

"Oh, well, if that's all they're going to do then I just won't tell anyone when I read their email"

Don't think so.
It seems that showing people that he knows about them and, thus, has power over them, is the biggest part of his pleasure about reading the mail. He would not be able to read it and not say anything!

On the other hand, if they proceed with what was said above, the guy might loose his job - or, after having some problems, will be loaded with some real work, and will be too busy to bother with other people's mail.

RE: IT Creep reading everyones email for his own pleasure

I would go with Mufasa's approach and hand the document to the Dean himself.
That way you express how it effects the environment at the University.

I would end probably with the message:
If this person has the courage to snoop in others people mail, Mr Dean, surely he is also reading yours.

Probably he will loose his job, or get some real work to do.
Either way I don't have any mercy evil

Steven

RE: IT Creep reading everyones email for his own pleasure

ok,
   here is another point of view.    your computer is at home, your internet access is at home, your email is at home, your private electronic traffic is at home.

    the computer at the office is not private, or yours, the internet access at the office is not private, or yours.
the email at the office is not private, or yours.   the electronic traffic at the office is not private, or yours.

     the e-security at the office is office security, not your security, it is not your employers job to keep your personal information, email, etc. secure or private, it is yours.  if you do not want your information to be within your control, and within your secure e-area, then bring it to the workplace.   if you want it within your control, and in your secure place then do not bring it to the workplace.   
     the first responsibility to keep your data private is yours.   it is not your employers responsibility to investigate the lack of security based on your indiscretion.   it is also not their job to keep it secure, or incurr cost to do so, or investigate if it is not kept so.  you took the risk by exposing your data yourself, you were not instructed, or required to do so.  take responsibility for your own data, and learn, if you let it out, then you let it out.   if you do not want it out there, then keep it at home.   

he is responsible for his actions, but you are responsible for yours.   keep your private stuff private, and you wont have this issue.   you may not even be allowed to according to policy be bringing or accessing your data on the company owned, maintained, and secured network.

what he did may be an issue, wisdom says watch your own data.
in case you did not know, phone calls on company phones may or may not be private either depending on your local statutes.   i install recording devices on business phone systems all the time, and they do not in all jurisdictions even have to tell you, for it to be legal.   in some areas, one party knowing the call is being recorded is all that is required to be legal.   that may or may not mean one in the call, but the owner of the telephone line itself, meaning the person who pays the bill.   

also, there is no way to have data secure on a network, only levels of security.   

You do not always get what you pay for, but you never get what you do not pay for.

RE: IT Creep reading everyones email for his own pleasure

aarenot:

I'm not sure I fully agree with you.

There's an unwritten (well, actually, it's probably written somewhere) code of ethics for systems administrators.

I'm sure that this person doesn't stop with e-mail.  He's probably reading private files as well, including staff reprimands and so forth.

As a system administrator, do I have access to read people's e-mail and private word documents?  Sure.  Do I do it?  No.  To me it's just data.  And (as I've said before), my job is to make sure that the data is available to those who need it, backed up as part of my disaster recovery plan, and secured from those who don't need it.

Guaranteed, if it was a hospital or a bank that this creep worked at, he would be terminated, if for no other reason that HIPAA or GLBA policies were violated.

Users are aware that as a system administrator I can look at their documents.  They also are aware that my morals keep me from doing so.  Without the trust in a systems administrator, users are in a hostile work environment.

Just my 2¢

"In order to start solving a problem, one must first identify its owner." --Me
--Greg  http://parallel.tzo.com

RE: IT Creep reading everyones email for his own pleasure

i was trying to convey a different point of view which says, if it is not business, it does not belong on the business network.   i have actuallly seen e-policies which state that non-work related usage is not private, nor authorized on the company network.   the company assumes no responsibility for the security of non-work related data on the network.  also, that it is forbidden to use the company network for personal purposes, and therefore the company is not responsible for it, or its security.  

administrators ethics aside, as company systems administrator you have enough to do without worrying about the security of the data for those to cheap or lazy to do their own business on their own devices.   user ethics not aside, they should do their personal data on their own time, and equipment.   if they do not, user beware.

You do not always get what you pay for, but you never get what you do not pay for.

RE: IT Creep reading everyones email for his own pleasure

Actually I beleive that the human rights act was questioned on this issue not that long ago, and it was decided that individuals have a right to privacy whether they be at work OR at home, and that the right to a private life continues whilst in the work place.

So I'm with gbaughma on that one.

Fee

The question should be Is it worth trying to do? not Can it be done?

RE: IT Creep reading everyones email for his own pleasure

2

Quote:

Actually I beleive that the human rights act was questioned on this issue not that long ago, and it was decided that individuals have a right to privacy whether they be at work OR at home, and that the right to a private life continues whilst in the work place.

Unless stiulated in a signed agreement.  We have one such agreement here.  Of course, that doesn't mean that people without authority have the right to browse your e-mail or files, as they please.


Carlsberg don't run I.T departments, but if they did they'd probably be more fun.

RE: IT Creep reading everyones email for his own pleasure

I may be wrong then - I thought I read that someone had challenged that in the ECHR and won. That would still only be true for Europe of course...

Helpfully I can't tell you where I read it - that would be too easy!

Fee

The question should be Is it worth trying to do? not Can it be done?

RE: IT Creep reading everyones email for his own pleasure

i have seen policies that state that the network is not to be used for personal web browsing, or personal business, and will not be considered private since it is forbidden.

only in that situation do i refer to some of what i have said.   i do think it is not the system administrators job to waste their time investigating privacy issues of personal data in that situation.

   if that activity is not forbidden, and in reference to private data, i still doubt it is worth company time to investigate, although they may be required to address it.

You do not always get what you pay for, but you never get what you do not pay for.

RE: IT Creep reading everyones email for his own pleasure

Fee

I'd heard that too. Our legal people have advised that we can no longer have a policy forbidding private use of email as a result of the HRA.

Rosie
"Don't try to improve one thing by 100%, try to improve 100 things by 1%"

RE: IT Creep reading everyones email for his own pleasure

Of course what aarenot says has some bearing IF - and only IF - there is such a policy in place at the University that forbids people from checking personal emails on company networks/systems.  

In either case, wouldn't the ethical thing for the Sys Admin be to report those violations and not read through someones personal email.

Moreover, where does his personal responsibility begin if he takes information he gained through proper channels and uses them for his own purposes?  Is this any different then a person that runs a credit card through a retail business then uses that credit card number to make unauthorized purchases?  The information was still gained through appropriate means, the customer even williningly gave the credit card info to the person.  What the person does after that point is where the unethical part begins.  Even though there is no financial theft in the original posters point, isnt it the same issue really?

RE: IT Creep reading everyones email for his own pleasure

Rosie/Fee:

Oh really? I was always under the impression that companies were entitled to forbid personal use of their resources.  Has anyone got any links or idea where I might be able to find more information on the subject?

Something that needs changing here, if that is the case.


Carlsberg don't run I.T departments, but if they did they'd probably be more fun.

RE: IT Creep reading everyones email for his own pleasure

This might be helpful,

http://www.tuc.org.uk/tuc/privacyatwork.pdf

I havne't read it through though, so it may not be the original thing I read that stated that.

I think there are exceptions though (M15 strikes me as a suitable one!), so I wouldn't like to promise I am right!

Fee

The question should be Is it worth trying to do? not Can it be done?

RE: IT Creep reading everyones email for his own pleasure

I can understand if Slime Ball were going through the mail queue on the server or even through individuals mailboxes (Exchange Server?) that he would find out private info.  That, in and of itself is bothersome and I would force the school to investigate it because of the atmosphere he's created.

However, if Mr. Ball has knowledge of private e-mails in private (yahoo, hotmail, gmail, etc) e-mail accounts, I believe he is doing some type of logging that I'm sure the school does not approve of.  He's either reading a keylog or utilizing it to scrape up passwords.  

IMO, if the school admin is aware of the situation but not doing anything about it, go over their head to the next person, and so on until someone actually listens.  If the person you are complaining to does not understand (they're not stupid, just not computer savvy), you'll need to "dumb down" what you are saying to ensure complete comprehension of the situation.

And to Grenage, I think read something about a marine last week or the week before who won a lawsuit in reference to his personal e-mail account.  I'll try to find details.

RE: IT Creep reading everyones email for his own pleasure

Thank you for that, Fee.  It seems to recommend not reading private e-mails, but also says that the workplace has no obligation to allow use of e-mail/the phone etc.

As with all government literature, it's so ambiguous!


Carlsberg don't run I.T departments, but if they did they'd probably be more fun.

RE: IT Creep reading everyones email for his own pleasure



do your personal stuff at home.   that is the ethical thing to do.   

You do not always get what you pay for, but you never get what you do not pay for.

RE: IT Creep reading everyones email for his own pleasure

Grenage,

The relavent acticle is Article 8, here's a couple of links:

http://www.charity-commission.gov.uk/supportingcharities/ogs/g071c002.asp#a4

http://www.jisclegal.ac.uk/humanrights/humanrights.htm#employees – Item 5

It is all a bit tenuous, and one interpretation is that it may not apply to non-governmental institutions.  Inevitably, it will come down to interpretation by the courts.

Rosie
"Don't try to improve one thing by 100%, try to improve 100 things by 1%"

RE: IT Creep reading everyones email for his own pleasure

Ah, I appreciate those links, Rosie. It looks like we should be ok, provided everyone is aware that their e-mails/phone calls are recorded.

Still, as you say, it's all down to the interpretation.

Russell.


Carlsberg don't run I.T departments, but if they did they'd probably be more fun.

RE: IT Creep reading everyones email for his own pleasure

aarenot,

Checking personal emails does not automatically constitute "personal business" nor unethical behavior.  I do a lot of work after hours and much of my work correspondence comes through my "personal email".  In a college setting, I would tend to think the situation would be different then what I find myself doing, but as many proffessors are published, have blogs for research, have web/data minning operations, etc, there is justifiable cause to allow access to personal emails.  And as many good intentions go, it is probably easier to allow carte-blanche authority of all administrators then it is to try and pick and choose which are allowed and disallowed to have acces to personal emails.  But this is all speculation.  In either case, it may not be unethical to check personal email from work - it depends on the individual workplaces policies.

RE: IT Creep reading everyones email for his own pleasure

attrofy,
     i see your point, if it is work related.   

You do not always get what you pay for, but you never get what you do not pay for.

RE: IT Creep reading everyones email for his own pleasure

In a university setting it gets really hard to spot the difference between work and private e-mail. Typically ex-colleagues, friends, current-collaborators, rivals, and so on are all drawn from the same pool of people.

You might write an e-mail to discuss a joint piece of work (obviously work related), ask in passing about some work you both did in another university 4 years ago (less work related) and finish with a long section about how the other person's children and hobbies are getting on, and that time you had together in Madrid (totally personal matters). It really wouldn't be sensible for any university IT department to start quantifying whether, on balance, an e-mail is work or personal.

Looking at other people's e-mails without reason is a gross breach of privacy and trust. Postmen shouldn't read letters, telephone engineers & receptionists shouldn't listen in to calls, and surgeons shouldn't tell your neighbours about that embarrassing tattoo; we all rely on professionals to be professional. If this person really has broken that code, they shouldn't be in the job. But of course that's a bit "if" that would need to be settled first.

RE: IT Creep reading everyones email for his own pleasure

You know, the slimeball is probably reading the college kids' e-mails too.....

Just my 2¢

"In order to start solving a problem, one must first identify its owner." --Me
--Greg  http://parallel.tzo.com

RE: IT Creep reading everyones email for his own pleasure

Reverse psychology always works.

Send an email to you wife with the link to a website, have the website send an email to your personal address everytime someone views it.
NEVER GO TO THE WEBSITE.
wait for the email regarding his visit... and then immediately have your wife go to his office to tell him:

"Hey, thank you for visiting our website! I can't wait to hear from you what you thought about it... write me an email one of these days with your thoughts.. ok? Take care now!"

as you can see, you just need to put him on the other side of the curtain ;)

If he doesn't 'Get It' then, he deserves to be punished.


Daren J. Lahey
Programmer Analyst
FAQ183-874 contains Suggestions for Getting Quick and Appropriate Answers to your questions.

RE: IT Creep reading everyones email for his own pleasure

I guess I deserve to be punished....

I don't get it.

rofl

Just my 2¢

"When I die, I want people to say 'There was a wise man' instead of 'Finally, his mouth is shut!'" --Me
--Greg  http://parallel.tzo.com

RE: IT Creep reading everyones email for his own pleasure

The point has been raised.  University email facilities most often allow students to use their email for personal use with guidelines.  Many sites do log information automatically about email but this is usually limited in what they collect.  IE they do not store subject and message content.  Collecting more information normally needs authorisation from higher authorities.  Even if an IT person has been instructed to read emails they cross the line when they tell anyone about messages outside of the scope of their duties.

Take a look at http://www.unisa.edu.au/policies/codes/miscell/it-student.asp for an example.

As for employees of the university that might be under more strict guidelines the said IT person has crossed the line by discussing email contents outside of the scope of his duties.  That is, of course, ignoring the fact that he has probably not been authorised in any way to read said emails in the first place.  Saying its the employees fault because they exposed themselves is like blaming a woman for getting assaulted or blaming a victim of a peeping tom because they didn't have their curtains fully closed.  You can go to beaches here in Australia and look at women sunbathing topless but try to take a picture and you'll learn that you've just stepped over the line.  This employee has stepped over the line.

Hope I've been helpful,
Wayne Francis

If you want to get the best response to a question, please check out FAQ222-2244 first

RE: IT Creep reading everyones email for his own pleasure

i am looking at the title, information technology ethics.   i do see that the creep has few scruples, and i have never questioned that.   does the employer have a responsibility to mount an expensive investigation into the matter of your private data, i say no.

does wisdom say, keep your private data private by keeping it at home, i say yes.   

reality is probable the person who had their emails read probable spends two hours a day on the internet doing personal surfing, playing games, etc., while being paid.  not any more ethical than what the creep is doing.  if true, and statistically it is likely.  he is stealing her personal data, while she is stealing company time on the network doing personal business.   she may be the statistical anomally and only doing approved personal surfing on her unpaid time, but it is not likely.

be real here, ethics is a real challenge for everyone, and most people fail that challenge on a daily basis.   so let's not crucify this guy, and give ourselves a pass for what we do, because we dont find our own ethical failures offensive.  

i would like to challenge everyone in this way.   if you do not spend company paid time on personal internet activities, or other activities which are not work related, then respond.  since you are not guilty of an ethical failure yourself, just as this creep is, be they the same failure or not.   
i will not be responding on this thread again, in response to my own challenge, as i fail ethically at times as well.  i do however give 15 minutes a day off the clock because i know i take a little time on the clock for myself on occasion.   it makes me feel better about wasting five minutes now and then.

often times the difference between offensive ethical failures, and no-offensive ones are whether we are the ones commiting them or not.

RE: IT Creep reading everyones email for his own pleasure

Quote:

if you do not spend company paid time on personal internet activities, or other activities which are not work related, then respond
I see. If I cannot prove that I'm perfect, then I should certainly not have anything to say about rapists, thieves, embezzlers or company-paid internet surfers.

Well, that certainly limits social interaction, doesn't it ?

Pascal.


I've got nothing to hide, and I'd very much like to keep that away from prying eyes.

RE: IT Creep reading everyones email for his own pleasure

winky smile  Like nobody is in this forum during work hours... I save it *ALL UP* and wait until I get home to log onto tek-tips.

NOT.

rofl

But, in my own defense, I do use Tek-Tips for a LOT of work related stuff, including coding tips and so forth...

By the same token, I'm salary, on call 24x7, and if I want to take 5 mins to write a snappy response to someone, by golly, I will!

Just my 2¢

"When I die, I want people to say 'There was a wise man' instead of 'Finally, his mouth is shut!'" --Me
--Greg  http://parallel.tzo.com

RE: IT Creep reading everyones email for his own pleasure

Quote:

Let he who is without sin, cast the first stone (John 8:7 KJV)

Sorry, I couldn't resist. /wink

While most of us probably access Tek Tips at work, I doubt anyone can say they have not benefited immensely.


Carlsberg don't run I.T departments, but if they did they'd probably be more fun.

RE: IT Creep reading everyones email for his own pleasure

Grenage - that severely deserves a star!

Phnar...

Fee

The question should be Is it worth trying to do? not Can it be done?

RE: IT Creep reading everyones email for his own pleasure

You're too kind, Fee. :)


Carlsberg don't run I.T departments, but if they did they'd probably be more fun.

RE: IT Creep reading everyones email for his own pleasure

McRocken:

I, personally, would *Love* to hear an updated status on this situation... is the creep still there?  Did he get busted?  Has anybody taken any action?  What were the results?

Just my 2¢

"When I die, I want people to say 'There was a wise man' instead of 'Finally, his mouth is shut!'" --Me
--Greg  http://parallel.tzo.com

RE: IT Creep reading everyones email for his own pleasure

Quote:

does the employer have a responsibility to mount an expensive investigation into the matter of your private data, i say no.
Sadly, aaernot will not be checking this thread anymore, so he will be missing valuable perls that I am casting out...but...
I say the employer DOES have a responsibility to mount that expensive investigation even if it is about personal data.  And the reason being because the means by which that data was obtained.  It was through company resources.  This implicitly ties the company to the perpetrators actions.  It is now the employers responsibility.  If nothing else, to clear their name from the devious actions of the IT creep.  Otherwise, they are at risk that the perception will be they not only approve of this behavior, but possibly sanction it since they are provifding the means for this action to happen.

Bottom line is no one else is responsible for your ethical conduct - didnt the Nuremberg trials prove that?  Despite following orders, (percieved or directed) you are still responsible for your own actions.  That is the point of this entire thread.  Justification has no bearing.  Therefore, any actions others comit (ethical or otherwise) are at their own discretion with their own series of consequences that must be faced by them.  The ethical thing that the slime ball is required to do is report any offenses - period.  If someone "deserves" the punishment, it is not up to the slime ball to decide.  Likewise, he does not get to decied who is worthy of spying on and who is not.  He is only worthy of reporting his findings to his superiors and letting them dish out any appropriate behavior modifications.

Hopefully this is enough to lay the groundwork of how devastating this line of thinking is.  Continuing the vein of thought, it would not be hard to instill marshall law in any circumstances from running red lights, to persuing rapists and murderes and metting out punishment that is seen as "justifiable".

Lynch mob anyone???

RE: IT Creep reading everyones email for his own pleasure

(OP)
Ok - an update. Nothing has happened, nothing has been done. Things are the same as the first post - the creep is being more careful but he possibly slipped up in the last few days by telling an employee that he was sorry to hear about her health problems (the employee never mentioned it to him but emailed a friend about it - she was creeped out by the comment) No one really knows if he got the info from reading email or some other way. But, the point is, everyone is feeling like the guy is reading their mail whether he is or not because he's let people know in the past that he was. The management is screwed up at the place and no one wants to rock the boat or make a big deal about it - they are just living with it.

In regards to Aaaernot's comments, my wife never plays games or screws around on her computer and does the work of 3 normal people. In fact, because of this, she has now put in her notice and is leaving this screwed up place - not because of the email situation, but the whole work environment is depressing. She is at management level and can come and go as she pleases - she manages her own time -  and she has full permission to use the email to communicate to personal contacts if she wants to - as everyone there does - including the Dean. She is highly regarded by everyone there and has received great job reviews from her boss since working there. She will be hard to replace and won't have trouble getting a job with a better working environment.

RE: IT Creep reading everyones email for his own pleasure

Quote:


...by telling an employee that he was sorry to hear about her health problems...

OMG... that, in itself, is a termination offense.  That is in violation of HIPPA laws.

How terribly sad that it continues to happen.

Just for grins, you should send the Dean a link to this thread the day after your wife leaves.

Just my 2¢

"When I die, I want people to say 'There was a wise man' instead of 'Finally, his mouth is shut!'" --Me
--Greg  http://parallel.tzo.com

RE: IT Creep reading everyones email for his own pleasure

Quote:

Just for grins, you should send the Dean a link to this thread the day after your wife leaves.
Excellent idea

RE: IT Creep reading everyones email for his own pleasure

i know i said i would not respond any further to this thread, i lied.   i felt a responsibility to apologize.
   i apologise for any inferrence, or statement that your wife was wasting company time for personal internet surfing.  

  i tried to communicate, 'if true'  in regard to wasting paid time.   i obviously failed to do so, and so i take responsibility for that.   which means i owe your wife an apology.

   i am sorry.

   i hope this will suffice.

   
 

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close