E-mail Privacy

[Gary Heston]

In article <51171 at prls.UUCP> sccs at prls.UUCP (Source Code Control System) writes:
>
>       I view the computer as an extention of my desk.  The
>    company may own the desk, the envelope and even the paper but they still
>    have no right reading my mail.

Sure they do. Check the postal regulations--if it's addressed to you at 
work, even if their name isn't on the envelope, even if it's marked "personal".
Ask anyone at Xerox, it's a policy there (according to a former X-er I've
worked with) to open EVERYTHING that comes in. I've had the same problem at
a small company; the office manager opened everything. Until he opened
something personal addressed to the owner.... :-)

>                                    Prehaps I should keep valuables locked
>    up (a sad commentary on our society) but one can not 'lockup' messages
>    from the privelaged account holder (root).

Sure you can. There's a function called "crypt" that can eliminate your
concerns. Being root doesn't allow reading the files once encrypted.

>                                                Root's privelages are
>    available only becouse there exist a genuine administrative need for
>    them.  Using the privelage to read other peoples personal files is an
>    abuse of those powers and a violation of the trust users expect.

I disagree. As an admin, it's my job to look at anything on the system 
necessary to make sure it's up and running for ALL the users. If that 
means finding out what a 10MB file cluttering up a spool directory is,
and it turns out to be email, fine. 

What I don't do is read files I don't have reasons or orders to. There 
are some companies that monitor (i.e., capture a copy of and read) ALL
email traffic. We don't, and I'll recommend against it if the question
arises. Something else I don't do is talk about what I find in files.
That would be a violation of trust. (Resumes and job search letters
aren't uncommon, and I have in fact covered for a user in the past, 
when some files got left somewhere noticable.)

Looking when I have to is my job, not an abuse. Forwarding a copy of
email on a personal matter to the rest of the company would be.

>      In the original article, the author wondered if looking for the file
>   (memo) may be OK since the owner is now an ex-employee.  I would argue
>   that the person may be an ex-employee but he/she is not an ex-person. It
>   seems doubtfull that the correct file can be found without violating
>   the account holder's privacy.  

The point is, the files were LEFT BEHIND by the ex-employee. Therefore,
they were of no concern to the ex-employee. When someone here leaves, I
generally expect them to clear all personal stuff from their directory,
and document what's left. There's no longer any privacy to violate.

The only situations I can see where this won't happen are twofold:
1) termination by employer, and 2) death. In either of these cases,
once again, it's the admins' job to separate things. Under case 1,
I'd try to forward any non-company private stuff, including email,
to whoever was fired. Under case 2, I'm not sure what would happen--
I haven't run into it yet, and don't look forward to it.

>                                  Prehaps you could contact the individual
>   and ask if the file exist and if so, ask for the filename.  Try a
>   civil approach first - maybe it will prevent the morality issue altogether.

I don't see a morality issue coming up, unless it's unauthorized use of
company resources for personal applications. I don't balance my checkbook
on this machine, and don't keep personal/confidential stuff on here. 
There may be some things that are more my interest than the companys'
generally technical items or copies of stuff from the net, but not
personal items. I don't even keep a copy of my resume on any systems
around here.

By the way, most ex-employees aren't interested in trying to remember
filenames and such after they've left, or answering any type of questions
about what they were working on. They did have reasons for leaving,
after all. Usually, there's someone who has to take over the work that
the departing individual was doing, so they must have access to everything
left behind. Unless you think a company should stop a project just 
because a programmer leaves, to respect their privacy? Should AT&T stop
working on UNIX if one of their staff leaves? 

>      I see no problem retrieving the memo IF one knew the file name it had
>    been saved under, and the request came from the author of the memo.

However, mail is generally in a few big files that are conglomerations
of many messages, so it'd mean Mr. Admin would have to grep for the senders'
name, vi the file to verify that it was the desired message, and copy it
out. Which means Mr. Admin is going to see a lot.

I think you have an overly idealistic concept of what these computers
in the office are for--certainly not for maintaining a confidential,
secure place for you to keep mail. If it isn't work related, don't
leave it laying around. If it's on a system, expect it to be seen.

-- 
Gary Heston   System Mismanager and technoflunky   uunet!sci34hub!gary or
My opinions, not theirs.    SCI Systems, Inc.       gary at sci34hub.sci.com
I support drug testing. I believe every public official should be given a
shot of sodium pentathol and ask "Which laws have you broken this week?".