Slashdot Mirror
System Adminstration and Corporate Ethics?
Not-a-BOFH asks: "About seven years ago while SysAdmin'ing for a (then) small software company, I was approached by the CEO regarding a technical issue. He explained to me that he got a bit hot headed at another employee and sent said person an email that he now wished he hadn't sent. His request to me was to dig through this person's email and delete it before he came in that morning. As the SysAdmin, this was certainly possible for me to do, but I've always tried to remain ethical when having such access to sensitive documents. In the case of email, I explained to the CEO that to me it was like tampering with the U.S. Mail, and I wasn't comfortable doing it. Long story short, my boss had no issue with it, and wound up doing it anyway. Looking back now, I'm not really all that surprised that that decision of mine led to my getting fired, but I've always wondered how many other people have had similar situations happen to them, where personal ethics and CEO heavyhanding came into play, and their job security suffered from the clash."
What's the question again?
What's ethical about making two people feel really bad? What's so wrong about deleting an offensive message when the sender didn't even want the recipient to see it? I see that as a favor. To say that someone's emotional health is less important than deleting a single email from their inbox is curious, to say the least.
Ceci n'est pas un post
Get off your high horse. It's corporate mail, it's owned by the corporation. You should have just deleted it. Gee someone wrote something they later regreted, there's nothing wrong with deleting the mail in that case.
Most companies have their own internal paper mail system. It's not a lot like the U.S. mail. Internal e-mail seems the same way. If the CEO had wanted to cancel internal delivery of a paper memo, it wouldn't be a problem.
But non-internal e-mail is a different thing altogether. Now, the fact that it is technically legal for companies to eavesdrop on employee email, but not on employee telephone conversations does seem to be very wrong. Email should have some expectation of privacy--with the limitation that writing or reading personal email during company time is as wrong as personal telephone calls.
I don't really see what's immoral about this. Presumably you're talking about a local e-mail that the CEO did in fact send and that the employee didn't yet read. Why is it wrong to delete it? If he had, in the heat of the moment, placed a whoopee cushion on some employee's seat, and then changed his mind later, would it be immoral to take that off his seat?
He wasn't asking you to read anyone else's mail, nor falsify information.. he just wanted to retract communication that he sent! What's the big deal?
This sort of thing happens all the time: sysadmins are in an interesting position where they feel ethical responsibilities to their network and the privacy of their users because they associate this with their jobs.
Sadly, I think that is leftover from the collegiate atmosphere where the sysadmin culture evolved--corporations have no such rules or regard for privacy. The fact that most corporations track every metric and move their employees make.
If you are allowed to have the illusion of freedom and fairness as a sysadmin, enjoy it but make no mistake: it is an illusion, and if it interferes with real work, higher-ups or the bottom line these "ethics" are going to take a walk.
Businesses only respect ethics that are enforced by government agency and carry real penalties--manipulating internal email is not one of these.
What does this have to do with SysAdmin'ing? This theme is as old as dirt. Your boss wants you to do something unethical, or they'll fire you.
And you want to hear more stories about this?
WHY??
I thought the point of Ask Slashdot was to be able to learn something. Why didn't you ask something more interesting, such as, Do you think I can win a lawsuit against this company, and on what grounds would I file?
"And like that
I have run into simular cases. I am a BOFH, but I have perticular feelings regarding email. Most understanding bosses will understand, and know that they are going to have to write their wrong. I have always held a firm stance regarding service and email. Email has always been something that I don't fuck with. By don't fuck with, I mean, I run mail servers, but I don't go reading people email. Now, thats under normal cases, but I have always been willing to crack open their mailboxes at the first hint of something bad. I respect people's mail boxes, but if they cross the line, the line of only doing good, and goto bad, their mailbox is mine. The same with former employees. I encourage people to clean their mailboxes before leaving a company, I know I do before negotiations, I got fired for doing that a few weeks ago. Well, back to the subject. Once an employee has left the company, I have no problem with cracking open their mailbox, if they had something personal in there, thats their mistake.
These sorts of things are a very fine line. The best thing is to establish your view of things up front when getting the job, but emphasize that if the person is misusing, cheating, lieing, etc. i.e. doing anything bad, their mail is open for review.
I have found that letting your coworkers know your stance on these things can be beneficial to the IT BOFH or BAFH. They will feel more comfortable with you if they are honest. Remember, IT fixes the problems before they are found, past that, IT is damage control.
-LW looking for a job. lw@lwolenczak.net
You should have used MS Outlook, it is the most ethical email system since it has the "Recall" feature. The CEO could have recalled the email without presenting anyone with any ethical dilemas
Next time, please ask Google first.
I don't really understand the full scope of your "ethical dilemma":
1) It's NOT the US Postal Service - it is company email to be used for company business.
2) Most corporate email servers (Exchange, Notes) have a built-in functionality to remove a damaging or sensitive message (and it's reasonably easy, since they store the message ONCE in a database and link it to the multiple recipients). A friend who works at a big law firm recently had this happen - a secretary accidentally released a sensitive personnel memo to the entire firm, and the IT personnel activated this feature to quickly remove it (but not before a bunch of people printed it, forwarded it to their hotmail accounts, etc.).
I used to work for a fairly large company - they managed about $3 billion in investments. The IT department was being run by an idiot. One of the IT managers who left becuase the IT department was being run into the ground sent one of the directors an email revealing what was going on in IT. The director was on holidays for a week, but he never got the email becuase the head of IT got one of the sysadmins to delete the mail from his inbox. I quit the company after 4 months after being dressed down for bringing up serious problems in their trading systems.
Reliable, Great Value Hosting: $7.95/mo 2.4G/120G
years ago, I worked at a small web development company. One day, one of the other sysadmins came to me with mail he had found on the mailserver while checking some error he was having, that proved that the CEO's wife (herself a VP) was sleeping with the CEO's best friend (another VP). We sat and decided that the ethical answer was to forward the info to the CEO. After, of course, we had both resigned the company. What do you do? Shoot the hostage?
But seriously, corporate mail isn't some sacrosanct thing. It's less like the US mail and more like FedEx. If you discovered that you'd mailed the wrong package, I figure FedEx should return it to you and let you make it right. What you're doing is saving the company from liability: "Oh, crap! I Didn't mail out Teddy Bears to that orphanage, I mailed out Glass Shards!" In all honesty, if you got fired for it, you had it coming. You're someone's employee. Next time check the org. chart.
I think that you should have been fired for this. The company's email is owned by the company, the CEO is the head of the company and his request was not to do something illegal. If he had asked you to delete email talking about plans to break the law, that would be bad. Deleting an email to avoid hurting someone's feelings is neither illegal or immoral. He was 100% within his rights to ask you to delete the email, and he was also asking nothing unethical. A private email system is private, and your postal service analogy is wrong.
Firstly, the assertion that deleting the email was "like tampering with the US Mail" is a bit inaccurate. Corporate email is a corporate asset, and many companies try to make that very clear to their employees (with disclaimers, usage agreements, and the like). The CEO asking you to remove an email is certainly within the bounds of the company's rights.
:)
Is it ethical? Strictly, one would like someone to own up to their own mistakes, so, no. However, if it was an envelope sitting in the mailroom, waiting to be delivered, most people would agree it would be ethical to retrieve the envelope. Even if it had made it to the employee's mailroom pigenhole, I think most would allow the sender to ethically remove it. This situation is just an electronic extension of inter-office mail.
I'd say that people have the ethical right to recall something they've sent out under certain circumstances, and to keep the almost-recipient of their mistaken wrath from receiving the message, especially if they came to their senses right after dropping the message off -- have you ever called someone to chew them out and then hung up right after they picked up the phone? I'd argue that this could be interpreted, ethically, like that.
In fact, some mail systems (Exchange, for example) even let the users themselves recall an email that's been sent out. If the recipient has not yet read it, they never know it was recalled. If they have read it, then I'm not sure what happens -- I think if it's still in their inbox, it gets deleted (and I'm not sure if a placeholder saying "message recalled" is created or not). If it's been copied to another mailbox (particularly to a local folder), it might be missed. I know I've made copies of sensitive messages I've received, on the off chance the sender might try to recall them.
Beyond the ethics, though, is the scary thought that voicing your unease hurt you.
Did this really lead to your being fired? I'd like to think the CEO admired you for standing up to what you believed, and also for ending up helping him out in spite of that, "for the good of the company." On the other hand, maybe he was just a real jerk. (did the firing happen soon after, or years later?)
When I was a sysadmin, I'd been asked to do a couple things that I wasn't entirely comfortable with, ethically, but they were all certainly legally permissable (their network, after all), and my job wasn't to be morals cop, it was to be a good sysadmin. In these cases, I had a good enough relationship with the person making the request that I could voice my concerns, and know that he'd understand them and appreciate my opinion, without fear of recrimination. And, again, I think my ability to show that I had at least considered the ethical implications of what I had been asked to do, coupled with the fact that I was still a good employee and did what was best for the company, strenthened the trust between me and that particular upper-level-manager. So it was a win-win.
It depends on the boss, though, that's for sure.
So, I'd say that it was right for you to raise a concern, in principle, though my *personal* opinion is that you were perhaps oversensitive in this instance. It was also right for you to do what you were told (it is your job, after all). If it really lead to your being fired, then you're better off working for someone who can appreciate your moral compass.
(Note that I'm ignoring cases where the ethical issues are more severe and clear-cut, like a CEO asking someone to do something that, while legal and within his rights, might end up hurting someone else's career or something. Then it becomes MUCH more grey).
you had done this.... Think about it. You were a witness to the CEO doing something unethical. (you did save a copy of the email right?) Good 'ole blackmail (no pun intended) Of course you wouldn't have let on that you had any such intentions and in fact would have been a new buddy for the CEO. You no doubt would get promoted to IT manager and higher. Been given many more such unethical assignments and become well respected by the executive staff. You would have joined the elite realm of the unethical and been rewarded accordingly.
http://tinyurl.com/3t236
Sorry you said corporate so that means that they probably used Microsoft products. (I know I hate the thought too) But in Outlook you can recall the meesage that you sent. And as long as the receiver has not read the message it will delete the mail message and send the sender a note telling them that the recall either succeeded or failed.
...
To do this:
1. Find the message in the sent items folder.
2. open it
3. Go to tools
4. Click on Recall this message.
5. Follow the mini wizard and the it will try to recall the message.
And then optional steps are
6. ???
7. Profit
I am still working on steps 6 and 7 I can never get them to work.
You need to turn the sensitivity meter way down.
:-).
That request wasn't heavy-handed, nor was it even *wrong*. Exchange supports a "retraction" option (I see people try to use it all the time to my Unix box ). So, at least one mail server out there supports such an option, the option to recall a hasty email. What the CEO wanted to do was *correct*, you should have helped him. For him to realize his email was wrong to send is actually a *good thing*, shows some discretion on his part.
So, to be frank, I would have fired you too. You weren't being asked to cover up an oil spill or bury a body, and to get up on a moral high horse over something simple like this? Doesn't show that 'team player' spirit everyone likes
It's a strange world -- let's keep it that way
I have been in a similar position before, though for me it was spamming for a company. I was working for this designer lighting manufacturer as an admin and we were definitely feeling some of the effects of the economy at the time (right after the .com bust). So the CEO came to me with the option of gaining customers through spamming. I have never liked spam, and like most right minded geeks, find its existance annoying and unnessessary. However, I am a college student and jobs like this do not come along all the time (decent pay, good coworkers, very flexible), so I went along with it and did a round of spamming. I did try to convince the boss of other methods, but the fact of the matter is the he had his mind set on this. I figured its either my job, or a lot of pissed off/annoyed people who I will never see. I shot out 27,000 spams, not that much next to some, but 27,000 nonetheless. We got a lot of hate mail the next day, it was actually rather amusing in some respects since the rants were often JeffK worthy. So I kept my job, and 27,000 people got spammed. Those 27,000 people have now completely forgotten about that spam, and I have not forgotten about keeping my job. In short, its a dog-eat-dog world, and sometimes you gotta bite the bullet to stay afloat. If you won't do it, some other monkey with a lot less scruples than you will do it, and probably even worst.
"What can a thoughtful man hope for mankind on Earth, given the experience of the past million years? Nothing." -Bokonon
How is this an ethical issue?
You were asked by the CEO to delete a message that the CEO himself sent. If the CEO asked you to delete messages from *someone else*, or to otherwise mess with other communications, that would certainly be an ethical issue, but that is not the case.
The corporate email system is not the US postal service, and deleting an email is not against the law (we aren't talking about tampering with evidence here). In fact, as a SysAdmin it certainly is within your capabilities and duties.
It seems like you were trying to teach the CEO a lesson (don't send hot-headed emails) by refusing his request. Instead, you were the one who was taught a lesson by being fired. Judging by the fact you are Asking Slashdot, it is one you probably haven't yet learned.
Beauty is in the eye of the beerholder.
We make all of our users aware that the corp. systems are owned for the company's business; We don't enforce any "No Personal Business" clauses, but also make it known that there is *no* expectation of privacy on *any* of our systems ...
We even log every message coming and going (the whole message, attachments and all), and I haven't one ethical qualm about it. I would, though, if the users were allowed to assume that "their" email was private.
You want privacy at work? Use Hotmail, etc. or an offsite POP3/IMAP with ssl support. Don't expect me to provide it for you; that is not my job.
Let me break it down to you:
Your boss asked for something.
You said no.
He fired you.
Read the above 5 time real fast, let it sink in nice and deep. Don't make the same mistake twice.
It is all fine and dandy that you want to live up to your ideals. It is your ideals that are flawed. Company server, company time, company resources. You were asked to do something, you did not do it. Fix your ethical issue by realizing that your trying to flex your own muscles.
Once you realize that your just a high tech janitor the better off you will be. Live and learn, but for christ sakes don't think you have any control because you don't. You want control, start you own company and push your ethics out that way.
Neck_of_the_Woods
#/usr/local/surf/glassy/overhead
At most companies (at least all the ones I've worked for: for profit, not for profit, government, etc) Email is the property on the company. That means that a company executive has every right to go and read/change/delete a person's email.
While you may not think it's ethical, it's usually spelled out in the company handbook of some kind. Ours states that computer, email, and phones are property of the company and should be used only for business use. While no one is going to fire me for checking out CNN, we were able to fire some people a few years back for trading some pretty nasty porn through company email.
Two additional points: our current corporate email system (GroupWise) allows a user to retract an email they've sent as long as the recipient has not read it. That gets the admin and his morals off the hook.
The other is that big boss is lucky he doesn't work is a different industry. A certain government-type place I worked at once upon a time has an obligation to keep all correspondance for a very long time, so there is a system that all email goes through -- be it inbound, outbound, or inter-postoffice -- that stores the message in a database for full text searches. If someone were to nuke that, they're next assignment would be turning big rocks into little rocks.
"All I ever wanted was to see Larry Wall give Bill Gates a Perl necklace."
http://www.eisenschmidt.org/jweisen
You're an idiot, and now you're an unemployed idiot!
Moral: The boss is *always* right, this is the culture you Americans have given the world. If the boss's actions turn out to be wrong, *he*'ll get fired, and you should be golden.
But now, you've been insubordinate. That will hound you for the rest of your life. That's another great contribution of American culture!
One little mistake, and your entire livelyhood is in jeopardy! Ever wonder why people are so violent in that shithole of a country? There's one reason!
(Disclaimer: I am presuming that this didn't happen decades ago before all the lawsuits over email)
:)
This is not flamebait, it's a simple fact. It's been proven time and time again at just about every level of the United States legal system that a company has every right to do whatever they want with their internal email. They own it!
Your CEO is/was head of the company, right? - QED
Hell, I'da fired you too.
Well, okay, maybe it is a little flamebait-ish, but geez!
(Hmm, dirty thought, did Slashdot editors just fall for a cleverly disguised troll?!?
Any discussion of ethics requires a decision of one thing first: Is there a set of universal absolutes? If you argue no then everything is relativeand the discussion really cant go on because tehre is no truely comon reference point. On the other hand if you argue yes then you have to discover what the absolutes are. Now I dont intend to make this into a religeous discussion do I wil stop here on what the absolutes are. .. but try explaining that to a public defender) Ok enough of my ramblings for now ... Ja ne
Assuming you believe in absolutes and have determined them stand by them. Sometimes you will have to pay the price. In your case it was loosing your job, in my case it was being arrested and essentially forced to cop a plea that resulted in my being a felon. Here is a question though, would you have wanted to work in a place that allowed for arbitrary deletion of email? In my case I would say no, just like I would not want to work for a company that routinely pirates software (when i left i deleted my own personal copies of software that was licensed to me, thus resulting in my felony charges - according to the state of georgia i didnt have teh right to do that, though according to the federal govt. copyright law I do
Bad Panda! No Bamboo for you! In matters of importance ACs will not be responded to. Want to say something critical,OK
6. Tell the boss you "programmed" this feature in yourself, and you deserve a raise.
In my years as a sys admin there have been a number of situations where I've prevented a user from reading mail that has been delivered. Two spring to mind immediately. In one case, both a man and his son worked for the same company. The man and his wife were killed in a car accident. This information came out at work before the son could be told. I was instructed to monitor all the son's incoming mail and remove any condolence messages until the son could be found (I think he was traveling) and told about his parents. I could have more easily blocked all incoming mail, but the user would surely have noticed and called the Help Desk about it. So I archived the sympathy messages until he had received the news in person, at which time I returned them to his spool.
The other time someone accidently mailed a bunch of salary information to a large distribution. Thank heaven for single copy message store! I was able to delete it from everywhere fairly quickly. The guys who managed the file servers had a harder job, as they were required to search and destroy any attachments that had already been downloaded and saved.
Since these events one of my qualifications for a mail server is how easily a rogue mail can be excised from the message store.
Basically, I feel like this is one of those things that is part of your job. To say it's unethical is just silly. If the CEO had shoved an envelope under the door of the person's office, and you had had the key to the door, would you have refused to open it?
On the other hand, I totally understand leading users to *believe* that recalling sent messages is impossible. You don't want them to get into the habit of using you as a safety net! When push comes to shove, however, you do your job. Delete the mail and keep your mouth shut.
That said, assuming you were in otherwise good standing they should not have fired you for this. I imagine you could have had a pretty good unlawful termination suit had you been so inclined.
Sarah
I'd delete it. You don't have to read the rest of the guy's mail to do so, and so are violating no one's privacy. The mail system (pick any) doesn't have some sort of unimpugnable integrity. This is pretty much the equivalent of picking a sealed envelope with a pink slip in it up off of someone's desk, before they come into work in the morning, but after HR says they made a mistake.
I'd also tell the boss that in order to fulfill his request, I need a quick look at the original in his sent mail. I would then confirm that there were no BCCs, for obvious reasons.
Otherwise, barring some sort of registered email scheme, you aren't violating ethics or rules of evidence.
Certainly this isn't behavior to encourage in the boss, any more than building a mailserver and recovering a message store in order to recover an accidentally deleted message is. But if the dumb mistake isn't a habit, help both parties out.
As admins, we have to be able _not_ to see things that we shouldn't, and occasionally even to forget that we saw things. When you're helping a user troubleshoot their email, you'll see more about their personal lives than you would ever want to know. Those aren't things I speak about to no-one.
Don't tell me your password!
Assembly is the reverse of disassembly.
7 Years ago and you are now just getting around to posting it on Slashdot? Why didn't you contact Taco about this when he was still in his dorm room fiddling with Chips & Dip?
Forget your ad hoc (and really lame) analogies. This comes down to one question, and one question only:
What is the written policy on this?
Can anyone ask the sysadmin to 'unsend' mail? Is this privileged limited to responses, or superiors sending mail to subordinates, or just people with fancy titles and corner offices?
You can defend pretty much any policy (since a corporate email account serves the corporation, not the individuals employed by it) as long as it's published and available to anyone who's affected by it.
Of course, in the real world management considers deciding this policy and committing to writing a very low priority (unless they've been nailed by a lawsuit because they lacked a formal policy and differences in treatment were attributed to the employees' race, gender, religion, or similar protected status). That's why SAGE (System Administrator Guild, www.sage.org) has established a model policy.
If your company doesn't have a formal policy, ask them to include the SAGE policy by reference. If they refuse to establish a policy, or don't honor whatever policy they have, find another job. It's a hassle, but all it takes is one lawsuit where you're named co-defendent because an employee is suing the company for "arbitrary and capricious" enforcement of IT policies to make you wish you had never shown up for your job interview.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
and then read it
jeesh, dont they teach you anything in America ?!
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
What's wrong with you? I'd have made a personal copy of the message and used it to blackmail me a key to the executive washroom.
-- Don't Tase me, bro!
If the user has read the email, then the recall fails.
(And this is how I find out about Outlook's recall features)
The "sysadmin" at my old company sent out a big powerpoint presentation on how to send an attachement as a shortcut instead of an attachement because they were having trouble with filespace. Would you care to guess how he sent out the presentation?
"Tax preparation software eliminates errors your[SIC] may make...." From IRS home page.
This phrase is your friend. I've used it to put off bosses who've asked for things that seemed dubious, like tracking web surfing habits of individuals from our proxy logs.
;)
Bottom line is if you say "I won't", the boss might fire you but, if you say "I can't, because..."[1] - and can be convincing[2] - you can get away with not doing unethical things.
-Baz
[1] eg 'editing the mail spool by hand would invalidate the CRC's on the mail files, and might bring the server down. I could try it, but we could lose everybody's email back to the last backup - its a big risk'
[2] warning - dont try this crap on a CEO who is also a techie
The SAGE Code of Ethics seems useful for this situation.
Canon 2, "A system administrator shall not unnecessarily infringe upon the rights of users", seems to apply to this particular case. The relevent portion is:
"System administrators will not exercise their special powers to access any private information other than when necessary to their role as system managers, and then only to the degree necessary to perform that role, while remaining within established site policies. Regardless of how it was obtained, system administrators will maintain the confidentiality of all private information."
I read that to mean that if there is a site policy regardign email, the ethical thing to do is to follow the policy. Failing the existence of a policy, the ethical thing to do is to not infringe on the rights of the users.
"The purpose of argument is to change the nature of truth." -- Bene Gesserit Precept
One difference between you, dschuetz, and the original poster is the quality of your writing. Simply put, and no offense intended to the original poster, your writing is better than his. If (please note the conditional) writing styles can be used as indicators of overall communication skills, then I am tempted to suggest that the original poster was not able to articulate to his boss his concerns in a way that would not cause offense.
On the other hand, I also think the original poster made a mountain out of a molehill. As others have stated, corporate email is an entirely corporate-owned resource. In addition, the request to withdraw occurred before receipt, not after. So the intended recipient does not own the message, the corporation does. And if the CEO decides that the company's interests are best served by deleting that email prior to receipt, then that is indeed what the original poster should have done.
On top of that, what right, legal or moral, does the intended recipient have to an email message that has not even been received? I just don't even comprehend the moral issue, for which I apologize to the original poster.
On the face of it, the CEO intended to send the email, and then changed his intention prior to receipt. The original poster had the power to enable the overriding intention, but refused, while his immediate superior acceded to the request.
I think that no moral imperative to deliver a piece of email exists. I just don't see that there is some moral good attached to delivering mail, e- or snail-. I see a lot of utility inherent in communication, but no moral requirement for communication in general. I think that some moral good may be facilitated or hindered by communication, but now we are speaking in terms of particular instances, rather than in general terms. So, we must evaluate this particular instance.
In this particular case, the original poster has not specified that there was something in the email message that would have caused or facilitated something morally good. In fact, he specified that the email message was a hasty flame that the CEO, on further reflection, decided to withdraw -- in other words, the message would have hurt the recipient, without justification, thus being a moral wrong.
So, with no a priori moral reason to deliver email, and with the particular message's contents being morally wrong, I conclude that the original poster was, in fact, morally wrong to have refused to delete the email.
Please forgive the descent into philosophy, but that is my background, and I couldn't resist the temptation...
-WolfWithoutAClause
"Gravity is only a theory, not a fact!"I've been in many of these "CEO wants a bad thing" scenarios, and I have come to belive the best solutions is this:
Clearly explain why you think this is the wrong thing to do. Then do it anyway. There will always be another lackey to do their will. Once you've done you best to persuade them, the ball is back in their court, ethically speaking. And you won't get fired, although they will start thinking of you as "difficult," a fate I have long since accepted.
The all-important last step is to start looking for a job where you are valued and respected as a free-willed entity. If they'll fire you for having scruples, they are not worth the sweat of your brow.
A few years ago I was working for a e-commerce fuckup..er, startup. I was young and wet behind the ears. I was asked the by the CEO (and the CFO, and the CTO) to forge some sales data for a certain product. Our continued ability to sell this product relied on our trial sales data and the data that I forged convinced the vendor to continue to let our trail continue.
:)
I felt HORRIBLE afterwards. I approached the three of then regarding this and told them that if they asked me to do it again I'd report it to the vendor. There was huffing and puffing but in the end I guess they either a) thought I had them by the balls or b) they regretted it as well. They assured me I'd never have to do anything so dishonest again and I didnt...
Work related, at any rate...
It's internal, corporate email. You aren't a rep of the U.S. Postal Service, you're not an arbitrary third party entrusted with the delivery of a letter, and besides that, it was the guy who requested it who sent the letter to begin with! What difference does it make?
Anal system admins like you give us all a bad name.
Ok, the /. consensus is that corp e-mail is not USPS, CEO can retract e-mail.
... it's like paper shredding while the cops are kocking on the door. Where's the line? Is one e-mail Ok? 1000 Ok? All the accounting records?
Now, in this case it's a single e-mail. What if the CEO were named Skilling and the company were named Enron and not one e-mail but 1000's. Most people would object
I don't have an answer... just the question.
While managing a web/e-commerce system at a company who's name rhymes with "Bogue Shave", I noticed once that a customer had inadvertently been identified and charged the "international" rate for some software. It meant he paid a fair amount more than he should have, and the wrong sales rep got the commission.
I brought it up with the head of sales, who told me "he'd look into it" and eventually just told me to leave it as is. I expressed my discomfort to this solution to my own boss (head of IT) who also said, "He'd look into it". Of course by then I knew what that meant.
In hind site, I should have just sent the customer and the sales rep who got screwed out of a commission a quiet little email and let them raise a stink about it. Or should I have just sucked up to the corporate way like some people here seem to think?
To make it look like it's going to be an all-night job that will take hours of your time and might screw up the mail server.
"I'll start on it now boss, but it's going to take several hours. I don't know what something like this might do to the mail server, it's not really designed to do this."
That alone should scare most people away from it.
If it doesn't, generate some random errors, turn off a few mailboxes and blame it on the 'manual deletion of messages outside of the normal messaging interface'.
Of course, you have to fix it quickly, and then you'll look even better.
At our firm we let new employees sign a letter before they start working that we archive ALL EMails they send. We treat Emails as business correspondence. We file letters that we send in an official capacity, EMails are the same.
Our sendmail server sends all mails going out (and coming in) to a central mailbox.
That said, we also provide peole with TWO addresses, one is private and is never tampered with, the other one is public and is put inthe files. They know this, and can decide which one to use to send the mails. We are also not anal retentive about sending personal mails and phone calls from work. I mean, they are people, not machines.
However, sending business mails under your personal account is frowned upon.
This systems works well and we never had any problems with it. Also, access to the central mail file is the same as access to business files in that only some managers may look into it. But generally business EMails are treated like any other busniess correspondence: filed as it should be.
This policy has helped us a lot when people leave, but they knew beforehand that their mailboxes are open.
The dangers of excessive individualism are nothing compared to the oppressiveness of excessive collectivism
An anonymous coward must comment...
If you look at the full Hotmail or Yahoo e-mail headers, they contain the IP address of the client; in other words, your computer (this is the case with messages I send from home, anyway). I don't know enough about TCP/IP to know if this is always true; my semi-educated guess would be that it would be.
Yes, using DHCP does toss some uncertainty into the mix, but realistically, if your lease is a long-enough duration (I think Microsoft Win2K DHCP leases default to 7 days), it's not enough for anonymous cowards.
You are not responsible for the actions of others; and as a Systems Administrator you should not tamper with the information systems being utilized by your customers. If this supervisor wanted to go to that individual and ask them not to open that email, please delete it, then that is what they should have done. If you were fired on this ground I do believe you had a right - no, an obligation - to fight this in court - even if you didn't want the job after that you could have come off with a chunk of cash. Yeah yeah, get pissy because I said 'sue' - even I don't believe in frivolous suits - but this is something I don't feel is frivolous at all. In this case you were likely very unfairly treated.
I think with the interesting people, their lives can't possibly be wrapped up into a nice little package.
At first glance I thought to myself, "Wow, you got screwed." But then I got to thinking: The courts have seen to it (in the U.S. anyway, just ask M$) that email is not as private as some want to think. When was the last time we got outraged by someone reporting that their employer instituted all sorts of no-privacy policies with regard to corporate email? Not recently, because we've all come to accept that when playing on someone else's network, we have to play by their rules. And more often than not, their rules mean our email is not inviolate, and that sys admins probably can read it anytime they want. From there, it's only a very short stretch to what you described. The only leg you would have had to stand on would be if your former employer had a written policy ensuring the privacy of electronic communications, and I doubt they did.
My first gig out of school, my ethically challenged boss asked me to back-date a FAX to our client. Tell the client that we had sent it a month ago, they must have lost it. The FAX pretty much said they'd be responsible for such and such at such and such a rate, and that if they didn't pay on time we'd collect damages, blah blah.
I did it.
I don't really see that what you did was a problem. Consider this.... Who ended up looking bad for sending out the spam? Was it you? Quite doubtful. The lighting manufacturer is left holding the bag.
It's your job to make a given company's computer systems perform the tasks that they want them to perform. If that includes sending out spam, well - we all know it's a stupid idea, but let them figure that out for themselves.
I see much more of an ethical question coming up if you're asked to do something that negatively affects your co-workers. Those are much stickier situations, that do directly pit you against other employees. (Your co-workers either know, or will find out, who is behind a measure taken that affects them. They won't simply blame the company, as though it was an individual, and be done with it.)
I was fired for being responsibly careful in initial checkout and test of temporary external heart pacemakers.
Knowing how whistleblowers rank lower than the priest(s) who founded NAMBLA, I decided to stay silent. Have never been happy about this, and am glad Slashdot permits anon. posting.
How asinine is this? Does anyone really think this kind of mythical security bullshit really works? I can damn well read anything I can copy to tape. If M$ has fooled CEO's into believing otherwise, I guess it's all the better for me.
"I assumed blithely that there were no elves out there in the darkness"
Why couldn't the CEO just catch the recipient before the message is read... then just apologize, pre-emptively?
...anyway...
Maybe a sticky-note? A phone call?
You work for a company which gives all it employees free housing on its own property, including all equipment - TV, phone, computers, and answering machine.
You are responsible for security on the premises, and your boss tells you that he left a phone message on that employee's answering machine. He wants you to use your key, enter the apartment, and quickly go through the messages on the answering machine, and delete his message.
No ethical problem here?
I agree wholeheartedly with replies made above: unless there is a policy that explicitly allows you to go through employees e-mails, you should never touch those, even if asked to do so by your boss.
The company may own the premises, the employees' time, etc, but it should not change its privacy policy of how it treats the employees without telling them, to give them the opportunity to quit.
ethical issues aside, f that hothead, he needs to learn to cool his jets and not spout off like an idiot saying things he wants to later take back.
heck, having a conflict, and then resolving it will likely bring those 2 closer together, opening the road to honest communication.
or they could be pissy and have more arguments, who cares, at least the mails gets through, that's your job, keep the system running.
"The Most Fun Possible on 4 wheels" is at SunBuggy in Las Vegas
I don't know about any of you other Linux Zelots...
but when I get to where I work and have to log into that wintooK screen it makes me feel dirty and unclean.
is this an ethical issue or am I just sick in the head?
"The Most Fun Possible on 4 wheels" is at SunBuggy in Las Vegas
Although, as stated, one could easily single out and erase automatically one email without seeing any of them, I am happy to see there are others like me, sticking to their work ethics.
I think, therefore thoughts exist. Ego is just an impression.
Here's something most seems to have missed; the freedom of speach is granted in the constitution. How does a CEO have the right to chalenge that. To the point, an email system is the property of the corporation, but the words the employees write are "free speech". In that sense, the ethical dilema becomes quite clear. Niether I nor the CEO has an ethical right to tamper with the email system. If the BOSS wants something done like that, then I as SysAdmin would give him the tools to do so himself ... and since I was hired to do this work I would do it for him. If it was anyone but the CEO, it would be an ethical problem!
If they had the time, the resources and the security to do it.
IANAL, but that letter is really yours until it's in the hands of other person. The USMail, no matter what they say, is just a carrier.
IMO, the reason they don't do it is because it would be almost impossible to protect themselves from social engineering while doing it, and the overhead of processing those cancellations would just kill the delivery times.
"If you could only see what I've seen with your eyes..." - Roy Batty
Here you had the boss really needing your service to cover up his embarrasing screw-up and it wasn't illegal and only morally gray for you. This would have been the opportunity to discuss a raise, a new laptop, telecommuting, etc., "while you were working on it."
immoral != unethical.
Not all that is legal is moral or ethical. Not all that is illegal is immoral or unethical.
Not all that is moral is legal or ethical. Not all that is immoral is illegal or unethical.
Not all that is ethical is legal or moral. Not all that is unethical is illegal or immoral.
There's a reason we have three words for the three concepts. There is very significant overlap, but there are differences. I see it as follows: Legality refers to whether the laws of the land (as in, the laws passed by the legislature) permit or deny a particular action. Morality refers to whether one's moral code (usually religious and nearly always subjective in nature) permits or denies a particular action. (aka. "WWJD".) Ethics refers to a more objective sense of guiding philosophy, which may or may not be rooted in religion, and may sometimes be at odds with it. (aka. What Would Spock Do?)
For instance, for a member of the Church of Latter Day Saints, taking two or more wives is a moral act. It is not a legal act. Ethics don't quite play in, unless you take one or more wives under false pretenses. (And the false pretenses, there, happen to be immoral.)
Now consider this situation. (That is, deleting an unread email from the recipients folder at the sender's request.) In some countries, the action may be illegal, and in others, legal. As long as no deceit occurs (that is, one doesn't deny deleting the email when confronted), I don't see how it's inherently immoral. This action was certainly deemed unethical by the admin posing the question, though.
Three separate concepts people. It's just like confusing Copyrights with Patents with Trademarks.
--Joeare what rises up here.
94.56% of the replies say that the mail is corporate property and the ceo can do anything they want with it.. while this might be certainly true in usa there are countries where this is not valid, probably even some countries where you can't even sign out these rights, if it's 'protected/private' (equivalent to)mail.
while it's not as bad as this; you're an accountant, and ceo comes to you and tells you to change some numbers on paper(corp. property, ceo telling you to do something to it). 18months later your company is on the headlines guess for what..
us corporate ethics seem more and more twisted every day.. and sadly they're infecting the rest of the world with it(everything goes as long as it's for the good of the company on short run).
world was created 5 seconds before this post as it is.
Some years back, I was the UNIX admin at a company.
One of the company's managers came up to me and said she thought one the people under her was spending her time writing personal email rather than doing work, and please could I have a look.
I said no, absolutely not. As far as I was concerned, her email may contain personal information and I would not breach her privacy. Even if she had been abusing the system by e.g. sending hundreds of multiple-megabyte messages an hour, I still wouldn't actually _read_ it. I'd just tell her to stop it.
So, I apologised, but said she'd have to find a different way to get to the bottom of the matter.
I don't know if this had any direct consequence, but I ended up being fired a few weeks later, after being set up (reprimanded for running a password cracker (er, I was root on every machine in the company) - running a password cracker to check the hardness of everyone's passwords is standard practice for sysadmins, no ? - and for messing up a backup - which was actually my superior's mistake, but he wanted rid of me.)
I stopped doing sysadmin work after that episode.
He's talking about privacy from the company, not privacy from Yahoo/Hotmail and/or the recpient. It's not the company's job to keep you anonymous on the Internet.
Which brings up the point that many corporations DO monitor webmail accounts (and it's a security sensitive environment, they damn well should, because that's by far the easiest leak point). Found this out the hard way after I called a consulting client a "fat smelly dyke" in private email to a coworker on hotmail. Fortunately my boss thought it was pretty funny message.
So you feel it's unethical to delete other's mail? I can see where you're coming from.
So, to protect both your ethics and job, do this next time. Open up the guys email. Tell the boss you won't hit the delete key because you don't want to be responsible, and tell the boss that if he wants to hit the delete key, that's his choice.
Conundrum solved, and I doubt this would get you fired, and the only fallout might be a little uneasyness between you and the boss for a couple of weeks. Big deal.
Either way, things like this are the reason why I set my work email to be forwarded instantly to home. Delete away, I still have a copy.
If you could be told what you can see or read, then it follows that you could be told what to say or think - BoC
it was critical to understanding your problem.
First of all, pretend you are in the Army. Your platoon sargent give you an order. It may be stupid, unethical, or illogical but you still carry it out as long as it doesn't violate the Geneva convention rules of warfare. Once you've carried it out, you are free to question the order up through the chain of command. That is what you should have done. The order was not illegal and you should have done it first and questioned your boss about the ethics later. Second point. Your boss screwed up big time. He did not explain the above to you beforehand and he did not patch things up with the executive that fired you. That's his job. You'd still have yours if after deleting the email he had immediately gone to the executive and explained that you were just trying to do the right thing for the company, and that he had set you straight. What you did was idealistic and perhaps foolish, but you should not have been fired for it. And I'd put a lot of blame on your boss.
"Eve of Destruction", it's not just for old hippies anymore...
This should be a crime. Especially in a corp. environment. Ethics are important. We will all lose faith in the system. I don't give a rats lass if the company owns it. ABUSE IS ABUSE.
Today he asks you to delete a single email. Next week he asks you do delete a bunch he wished he didn't send, like an email asking his accountants to shred the Enron documents.
That is the seed that starts a dangerous trend.
I agree with others here that you don't argue with the CEO on the point. It's his company and his email system.
But I would have started looking for another job right away. The best way to feel good about your ethics is to surround yourself with others who feel the way you do. Obviously you wern't in the best eviroment for you. And you certainly wouldn't want to be there when the feds come around looking for evidence that was deleted.
. Quit playing Monopoly with Bill. Switch to one of many non-Microsoft products today.
I am not absolutely sure I agree with you. Obviously, it would be totally unethical to delete a third parties email. But you were being asked to delete an email by its originator - someone who could be regarded as its owner. Obviously (IMO), once the recipient has read and taken in the content of that email, s/he has the right to keep it, if only to produce it as evidence of harrassment. But while they are still unaware of the emails existence, I think that ownership of the email remains with the author. So, if the author is requesting that you delete it and you can do so without (as other people have pointed out) infringing the recipients privacy, it seems to me quite ethical to do so.
As for the "it'll teach him to think before he posts" - I think that lesson has been learned, as far as it can be. You don't thunk an executive *likes* having to plead with a sysadm for a favour?
Consciousness is an illusion caused by an excess of self consciousness.
This establishes a few things. First, it gives them food for thought about the consequences of what they're wanting you to do. Second, it establishes WHAT they're wanting you to do (and let's them know--I'm documenting the fact you're wanting me to do this fucked up thing). And third, it gives you something to fall back on in case they want to fire you for not doing this. By making them look bad for firing you, you have some sort of leverage for court, severance, etc.
I know this doesn't solve the entire dilemna, but it at least protects you in case the shit really hits the fan later.
Remember: you're the piss ant. People in power can (and WILL) fuck you up. Take a few precautions and CYA!
Was that your professional legal opinion? I'm no lawyer, but I'm afraid I fail to see how either of the articles you cited supports such a black and white view.
The BBC article is two years out of date and not particularly technical, so I'll ignore it.
From the second article:
A little research suggests that there has not yet been any serious test case on the issue of e-mail monitoring by employers, which makes bold claims such as yours dubious anyway. There is, however, a lot of lawyerly ass-covering about the possibilities of misinterpretation of the legislation by businesses, the risks of monitoring everything rather than specifics and of monitoring content rather than usage, and the possibilities of employees taking legal action under data protection legislation, the HRA itself, or just claiming constructive dismissal and going after the employer that way.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Sure, particularly when you're the type of CEO who sends personal rants at people and then realises he ****ed up.
Personally, I wouldn't have had a problem if the techie guy could just zap the message without any side effects. I'm not exactly full of sympathy for an executive who forgot to think before speaking, though.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
But the thing is, should any employer have the right to say that? You're not employing machines, you're employing human beings. Those human beings may have family situations that need urgent attention, or may need to book their car into the garage, or may need to arrange delivery of a parcel. There are plenty of things that people simply need to do during the day, and your average employee is busy at work for the whole day, at least while other businesses are open as well.
I'm not advocating totally free use of as much work time as you like for personal matters, but I think it should be illegal for an employer to completely forbid the use of communications resources and company time for personal reasons. Instead, there should simply be an understanding that employees should not do this excessively, and wherever reasonably possible, lengthy problems should be resolved on their own time.
Now, if an employer feels that an employee is abusing the system, they are at liberty to let them go. If an employee feels they've been let go unfairly, they can take it to a tribunal or a full court and ask for compensation, and an impartial third party can decide whether the personal use was reasonable under the circumstances.
Under normal circumstances, though, reasonable personal use of company resources is in the best interests of both the human beings who work for a company and also the company itself. Employees who are constantly abused in this way have little loyalty and even less job satisfaction, both of which are directly and seriously damaging to the company. Employees who are trusted and treated well by their employers have more loyalty and are much more productive.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Let's not limit the scope of such requests to CEOs. Yeah, CEOs suck. But the folks that make these kinds of requests are more likely to be lieutenants on the rise. I always found senior managers (one rung below partner in most consulting practices) to be the most absurd. These are the kinds of "users" that'll have an issue, you'll check in on them, and their system tray has conquered everything to the right of the Start button.
Company monitors webmail accounts?
1. Get a remote Unix account with inbound SSH access.
2. Install tinyproxy or your favorite http or SOCKS proxy on port X of the remote host.
3. Set up an ssh tunnel from port 8080 on your workstation to port X on the remote host.
4. Tell your browser to use a proxy sitting on localhost port 8080.
5. Hit www.hotmail.com and your company won't be able to read a single byte of it. (Barring serious ssh vulnerabilities.)
grep -ri 'should work'
I am not sure about the laws in the US, but here in Germany, it might even be illegal. There are certain cases when it can be done. I work for a large corporation; practice here is that we (as the administrators of the email systems) may NEVER access any user's mail except in two cases:
a) The user himself okay's the access (in writing)
b) The superior of the user can request access to business documents in the user's mailbox, but has to get approval from the "Betriebsrat" (Babelfish translates it as work council; basically, it is the employee's representatives in the corporation).
Basically, here eMail DOES fall under the same laws as any other kind of mail, and is covered by the same rules of secrecy etc. Yes, we all know that there are differences, but I think it is a good way to handle it.
Now, about your specific case: I think you acted correctly; however, I think the boss had a valid request. I would've handled like this: Have him put the request in writing (including a clause he takes full responsibility), then have someone neutral around to witness that you did not access any email except the one in question. Do not look at any of the other mails, just access the index, and delete the mail in question.
If the company has a lawyer, get his opinion on the matter. Also, to be prepared for the next time this kind of thing happens, you might want to read up on relevant laws, and/or suggest to your employers to create a written policy about such issues.
Email is like a postcard. It's there for all who handle it to see and read.
Don't write anything in email that you wouldn't put on a postcard.
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
ive done it and im afraid that ethics take second place from keeping my job as ive got a wife and kids to feed.
Go to Actions (not Tools).
Fact is...If my CEO asks me to delete an employee, I do it. That guy would be lucky to get ANY email that day, just to make sure.
Ok, I have been reading this thread. There is one thing that bothers. NO one has commented on the responsibility of the CEO. OK, now I know there are some out there laughing at me. But isn't the whole idea that the one that gets the promotion or better job is because they do the job better.
Ok, go ahead and laugh. But the from the facts posted. The CEO wrote an e-mail that he really shouldn't have. Shouldn't he bear the responsibilty of his words. Sure, he can just walk over the IS and demand they delete. But is that really fixing the problem? As an admin for several companies over the years. I have learned that if anyone asks you to do anything out of the ordinary. You need a signed get out of jail free card. Otherwise you are left holding the bag. I agree with the person who said get the CEO to sign a request with the affected email attached. Because if you do this without a paper trail. The CEO could just as easily say you did it on your own. And you lose your job. Again, this brings up a previous point that companies will only do what they are made to do under the law. Otherwise, they will rape you.
I have had to send lots of email in a highly stressful/charged environment. This has required some careful thought on wording. And no matter what, you ARE going to offend someone. Whether or not you meant to. Face it. Some people just want to take offence.
So, back to the CEO. Why should his mistake be yours? I don't want to hear the simple answer because I work in IS. Admin people aren't daycare. Where is the users responsibilty? Most CEOs I have worked with are the worst users. They abuse their own policies. A system in a company works only if everyone does it. Because if you aren't going to use the system. Why have it at all? If the lowest user can't request to have the email deleted. Then the CEOs shouldn't either. I don't want to hear rank has it's privledge. That is a simplist answer.
I imagine a parallel case in which the message in question is saved to the CEO's email client outbox, and he wishes to delete it rather than sending it. Assuming it's within your power to trim the message from the spool without violating anyone's privacy, this seems more a technical question than a moral one.
Instead, always say "Yes, sure I'll do it."
Then, come back after 1/2 an hour and say, "Hey boss, I was just looking into it, and I have a feeling that if I try to delete that one e-mail, it's linked to an entire thread of other e-mails, and it could affect hundreds of other people.... I don't think it's possible..."
Think of some really highly technical answer why you can't do it. Do you really think that your CEO/manager is going to know that you are bullshitting? If he is that technical, then give him the root password, let him do it himself, and change the password later on.
But I'll bet anything that it'll be easy to just overwhelm him with technobabble that will quiet him down.
If he brings someone else to do it, just play dumb... "Really? Are you sure about it? But what about this...." and put up a little bit of a fight as to why you don't think it's technically possible, not ethically possible, and then let the other guy do it.
What really matters to the CEO is you intention, and what really matters to you is your action. This way, atleast to your CEO/manager it looked like you wanted to help him, but you weren't smart enough. This isn't nearly as bad as you being so arrogant as to refuse his request.
Again, never, ever, EVER tell your manager "No".
GO TO RED ALERT. Space and Time are grinding to a halt.
Fucking idiot SHITSTAIN McGuspaz is speaking.
Fat man living off of government or with parents with no sex jerking off to pedophile porn and trolling Slashdot is speaking. WOOP WOOP.
Captain, people cant take much more of this shit. I'm giving it all shez got.
The alien Guspaz, with his corpulent fat face and fronds of flash drooping over belly into cheap assed keyboard try is coming. He farted on the left nacelle!
NO!!!!! That will massage his prostate, GUSPAZ likes anal pleasure, we must go to warp 69!
FAT SEXLESS GUSPAZ pursues the captain in a long brown skidmarking journey through space.
Fat fucking pig. Fat stupid. All Your Base Are Belong To Us was meant to be funny, its not the 11th commandment you dumb motherfucker.
FUCKING ASSHOLE ALARM.