A hypothetical moral dilemma in the internet age.

Assume you are a network admin or something like that. You have access to a woman employee's password for her work computer and work email.

Assume you look in her work emails (as is allowed by your job) and find out she sends herself notes from her work email to personal email (gmail, hotmail, etc). And note further that she has a facebook account.

Noting that she uses the same password for work computer and work email. Then if you try the same password with her gmail/hotmail and facebook.

When looking through her personal hotmail/gmail you notice several photos in her sent email that she sent to a lover. Photos of her in various states of undress down to no clothes.

WOULD YOU:

1. Do nothing.
2. Share with her your concerns about using the same password at several different locations on the internet.
3. Download the photos for your personal enjoyment.
4. Go into her Facebook, put the photos on her wall, forward the photos to all of her facebook friends, change the password so she can't delete it.
5. Go to her with this information. Explain she has to bring you to her bank and give you 90% of her savings or else you will do 4 above.

Explain why you chose what you chose.

What she does outside the job isn't a SysAdmin's business, and going to those extremes is STALKING.

But let us not worry about the law, shall we?

Invasion of privacy on this level is criminal, not to mention just damned psycho-creepy.

If i was managing an office, and found out a SysAd was doing this, the tech's ass would hit the curb before you could say "nosy."

suggest that an IT worker who did such a thing should not be fired and prosecuted?

Your hypothetical is bogus, since the original act was immoral and illegal. Such a situation should never occur.

;-) :thumbsup:

Enjoy your Saturday!

they can even read your hotmail, as it is unencrypted and the courts have already said that anything on the network belongs to them.

The only thing that will stop this is legislation to protect privacy.

Just because the corporation have gained the power to look through a person's email does not make it ethical. Email is now a necessity and as long as they are not abusing it and it is available there should be nothing wrong with an occassional communication with friends.

But this kind of snooping, regardless if it is legal or not, is unenlightened.

It is a hypothetical.

It wasn't clear which part of it was "hypothetical". I changed the wording of the above post. Unfortunately it looks like I wasn't the only one who misunderstood the situation.

I HATE that in the US we are turning our workplaces into authoritarian bootcamps. And our attitudes toward having some occassional humanity, such as talking to each other or getting an occassional personal phone call, border on fascism.

No, because you are obviously breaking the law.


"Then if you try the same password with her gmail/hotmail and facebook. " - This is a felony. I've worked in IT Security now going on 20 years, and I would fire you faster then lightening for this. It's one thing to take domain over corporate emails, quite another to steal passwords and break into third party systems.

on edit: If this came to light we would all be screaming bloody murder about another eeeeevil corporation breaking into employee's personal accounts. When in reality, it's some twisted IT employee.

Read their files and emails in company computers, yes. Reset the password to some arbitrary text you decide, yes. But retrieve the current password, no. In fact, in any minimally well-managed network, that should be technically impossible.

Passwords should never be stored without a minimum of md5 hashing or using reversible encryption (AD). Not only is this a "best practice", not doing so could result in a SOX, PCI, or HIPAA exception.

at all. That would be unethical and I should be fired for doing so. How did you leave that out of your questions?

What does she look like?

:evilgrin:

Actually I can think of: 5) Go to her with this information. Explain she has to give you a personal performance or you will do 4 above..

But then I'm an evil asshole.

I keed, I keed..

Probably the least embarrassing thing to do while still being helpful is to leave an anonymous message noting her password naivete.

decided to access the employee's personal accounts. All options are, therefore, morally indefensible.

Hopefully, said network admin would attempt #2, 4, and/or 5 . . . so the employee could kick said admin's arse into the next county, report them to their supervisor, and let everyone in the company know that they are untrustworthy and disgusting.

is OK.

Followed by intensive remedial ethics training, and therapy for my disgust at learning that I'm such a slimy intrusive bastard.

YMMV

1. Do nothing. - If it is my job to make sure that she is not misusing company equipment and resources, I clealry can not do #1.
2. Share with her your concerns about using the same password at several different locations on the internet. - Looking at work would be within my job, but unless she is violating company rules and regualations I am not sure that it is legal for me to open up her private email. It certainly isn't ethical. Now, if she were sending material home that was propriatary informaiton, I would contact HR to determine what I could do.
3. Download the photos for your personal enjoyment. - Only a complete slime ball would do that, and it would be a violation of company ethics rules in places I've worked.
4. Go into her Facebook, put the photos on her wall, forward the photos to all of her facebook friends, change the password so she can't delete it. - I am not sure there is a word for a person who would do this. In companies I've worked at, this would be a violation of company ethics rules and get you fired.
5. Go to her with this information. Explain she has to bring you to her bank and give you 90% of her savings or else you will do 4 above. - At this point it has become a felony. This person should go to jail where he or she will become the persaonl joy toy of the meanst SOB in the prison.

Clearly, I wouldn't do any of those.

Under the facts give, I'm supposed to have gotten into her personal, off site, email by using her password, that I only know because of my IT position. That's a misuse of information right away. The action regarding facebook is simply way over the line.

Telling her or taking any action that would signify someone has gained entry into her private accounts would make her aware you had committed a firing offense and a criminal offense. Well intentioned or malicious, any such actions would therefore be very unwise.

I would certainly not do 2, 3, 4, or 5.

2. opens you up to firing and criminal charges.

3. is morally wrong and creates evidence which can be traced to you.

4. is a crime and morally wrong.

5. is morally wrong and a crime of even greater magnitude.

are, beyond creep

Folks better push for more privacy legislation. You *think* your emails are private and people are following what seems to you ethical limits? Get your heads out of the sand. We have groomed a culture of authoritarianism. Many of our leaders and bosses have a completely different understanding of "ethics" than we on the "bottom" do. You are only protected by law, and the law has not caught up yet with technology.

We can stamp our feet all we want, but a quick walk through the rougher neighborhoods on the internet shows this is easily/commonly done. I saw a 4. done earlier today.

At a minimum, as a non-tech guy, I changed my passwords to never use a password in common.

unconstitutional, SCOTUS decisions, this would also land you in jail.

At this stage *Then if you try the same password with her gmail/hotmail and facebook.* the morals of a sewer rat kick in.

no matter how you came across her password. You are a creep, plain and simple and you should be fired for your creeping.