Slashdot Mirror
System Adminstration and Corporate Ethics?
Not-a-BOFH asks: "About seven years ago while SysAdmin'ing for a (then) small software company, I was approached by the CEO regarding a technical issue. He explained to me that he got a bit hot headed at another employee and sent said person an email that he now wished he hadn't sent. His request to me was to dig through this person's email and delete it before he came in that morning. As the SysAdmin, this was certainly possible for me to do, but I've always tried to remain ethical when having such access to sensitive documents. In the case of email, I explained to the CEO that to me it was like tampering with the U.S. Mail, and I wasn't comfortable doing it. Long story short, my boss had no issue with it, and wound up doing it anyway. Looking back now, I'm not really all that surprised that that decision of mine led to my getting fired, but I've always wondered how many other people have had similar situations happen to them, where personal ethics and CEO heavyhanding came into play, and their job security suffered from the clash."
What's ethical about making two people feel really bad? What's so wrong about deleting an offensive message when the sender didn't even want the recipient to see it? I see that as a favor. To say that someone's emotional health is less important than deleting a single email from their inbox is curious, to say the least.
Ceci n'est pas un post
Get off your high horse. It's corporate mail, it's owned by the corporation. You should have just deleted it. Gee someone wrote something they later regreted, there's nothing wrong with deleting the mail in that case.
Most companies have their own internal paper mail system. It's not a lot like the U.S. mail. Internal e-mail seems the same way. If the CEO had wanted to cancel internal delivery of a paper memo, it wouldn't be a problem.
But non-internal e-mail is a different thing altogether. Now, the fact that it is technically legal for companies to eavesdrop on employee email, but not on employee telephone conversations does seem to be very wrong. Email should have some expectation of privacy--with the limitation that writing or reading personal email during company time is as wrong as personal telephone calls.
I have run into simular cases. I am a BOFH, but I have perticular feelings regarding email. Most understanding bosses will understand, and know that they are going to have to write their wrong. I have always held a firm stance regarding service and email. Email has always been something that I don't fuck with. By don't fuck with, I mean, I run mail servers, but I don't go reading people email. Now, thats under normal cases, but I have always been willing to crack open their mailboxes at the first hint of something bad. I respect people's mail boxes, but if they cross the line, the line of only doing good, and goto bad, their mailbox is mine. The same with former employees. I encourage people to clean their mailboxes before leaving a company, I know I do before negotiations, I got fired for doing that a few weeks ago. Well, back to the subject. Once an employee has left the company, I have no problem with cracking open their mailbox, if they had something personal in there, thats their mistake.
These sorts of things are a very fine line. The best thing is to establish your view of things up front when getting the job, but emphasize that if the person is misusing, cheating, lieing, etc. i.e. doing anything bad, their mail is open for review.
I have found that letting your coworkers know your stance on these things can be beneficial to the IT BOFH or BAFH. They will feel more comfortable with you if they are honest. Remember, IT fixes the problems before they are found, past that, IT is damage control.
-LW looking for a job. lw@lwolenczak.net
Next time, please ask Google first.
I don't really understand the full scope of your "ethical dilemma":
1) It's NOT the US Postal Service - it is company email to be used for company business.
2) Most corporate email servers (Exchange, Notes) have a built-in functionality to remove a damaging or sensitive message (and it's reasonably easy, since they store the message ONCE in a database and link it to the multiple recipients). A friend who works at a big law firm recently had this happen - a secretary accidentally released a sensitive personnel memo to the entire firm, and the IT personnel activated this feature to quickly remove it (but not before a bunch of people printed it, forwarded it to their hotmail accounts, etc.).
I think that you should have been fired for this. The company's email is owned by the company, the CEO is the head of the company and his request was not to do something illegal. If he had asked you to delete email talking about plans to break the law, that would be bad. Deleting an email to avoid hurting someone's feelings is neither illegal or immoral. He was 100% within his rights to ask you to delete the email, and he was also asking nothing unethical. A private email system is private, and your postal service analogy is wrong.
Firstly, the assertion that deleting the email was "like tampering with the US Mail" is a bit inaccurate. Corporate email is a corporate asset, and many companies try to make that very clear to their employees (with disclaimers, usage agreements, and the like). The CEO asking you to remove an email is certainly within the bounds of the company's rights.
:)
Is it ethical? Strictly, one would like someone to own up to their own mistakes, so, no. However, if it was an envelope sitting in the mailroom, waiting to be delivered, most people would agree it would be ethical to retrieve the envelope. Even if it had made it to the employee's mailroom pigenhole, I think most would allow the sender to ethically remove it. This situation is just an electronic extension of inter-office mail.
I'd say that people have the ethical right to recall something they've sent out under certain circumstances, and to keep the almost-recipient of their mistaken wrath from receiving the message, especially if they came to their senses right after dropping the message off -- have you ever called someone to chew them out and then hung up right after they picked up the phone? I'd argue that this could be interpreted, ethically, like that.
In fact, some mail systems (Exchange, for example) even let the users themselves recall an email that's been sent out. If the recipient has not yet read it, they never know it was recalled. If they have read it, then I'm not sure what happens -- I think if it's still in their inbox, it gets deleted (and I'm not sure if a placeholder saying "message recalled" is created or not). If it's been copied to another mailbox (particularly to a local folder), it might be missed. I know I've made copies of sensitive messages I've received, on the off chance the sender might try to recall them.
Beyond the ethics, though, is the scary thought that voicing your unease hurt you.
Did this really lead to your being fired? I'd like to think the CEO admired you for standing up to what you believed, and also for ending up helping him out in spite of that, "for the good of the company." On the other hand, maybe he was just a real jerk. (did the firing happen soon after, or years later?)
When I was a sysadmin, I'd been asked to do a couple things that I wasn't entirely comfortable with, ethically, but they were all certainly legally permissable (their network, after all), and my job wasn't to be morals cop, it was to be a good sysadmin. In these cases, I had a good enough relationship with the person making the request that I could voice my concerns, and know that he'd understand them and appreciate my opinion, without fear of recrimination. And, again, I think my ability to show that I had at least considered the ethical implications of what I had been asked to do, coupled with the fact that I was still a good employee and did what was best for the company, strenthened the trust between me and that particular upper-level-manager. So it was a win-win.
It depends on the boss, though, that's for sure.
So, I'd say that it was right for you to raise a concern, in principle, though my *personal* opinion is that you were perhaps oversensitive in this instance. It was also right for you to do what you were told (it is your job, after all). If it really lead to your being fired, then you're better off working for someone who can appreciate your moral compass.
(Note that I'm ignoring cases where the ethical issues are more severe and clear-cut, like a CEO asking someone to do something that, while legal and within his rights, might end up hurting someone else's career or something. Then it becomes MUCH more grey).
How is this an ethical issue?
You were asked by the CEO to delete a message that the CEO himself sent. If the CEO asked you to delete messages from *someone else*, or to otherwise mess with other communications, that would certainly be an ethical issue, but that is not the case.
The corporate email system is not the US postal service, and deleting an email is not against the law (we aren't talking about tampering with evidence here). In fact, as a SysAdmin it certainly is within your capabilities and duties.
It seems like you were trying to teach the CEO a lesson (don't send hot-headed emails) by refusing his request. Instead, you were the one who was taught a lesson by being fired. Judging by the fact you are Asking Slashdot, it is one you probably haven't yet learned.
Beauty is in the eye of the beerholder.
We make all of our users aware that the corp. systems are owned for the company's business; We don't enforce any "No Personal Business" clauses, but also make it known that there is *no* expectation of privacy on *any* of our systems ...
We even log every message coming and going (the whole message, attachments and all), and I haven't one ethical qualm about it. I would, though, if the users were allowed to assume that "their" email was private.
You want privacy at work? Use Hotmail, etc. or an offsite POP3/IMAP with ssl support. Don't expect me to provide it for you; that is not my job.
Let me break it down to you:
Your boss asked for something.
You said no.
He fired you.
Read the above 5 time real fast, let it sink in nice and deep. Don't make the same mistake twice.
It is all fine and dandy that you want to live up to your ideals. It is your ideals that are flawed. Company server, company time, company resources. You were asked to do something, you did not do it. Fix your ethical issue by realizing that your trying to flex your own muscles.
Once you realize that your just a high tech janitor the better off you will be. Live and learn, but for christ sakes don't think you have any control because you don't. You want control, start you own company and push your ethics out that way.
Neck_of_the_Woods
#/usr/local/surf/glassy/overhead
In my years as a sys admin there have been a number of situations where I've prevented a user from reading mail that has been delivered. Two spring to mind immediately. In one case, both a man and his son worked for the same company. The man and his wife were killed in a car accident. This information came out at work before the son could be told. I was instructed to monitor all the son's incoming mail and remove any condolence messages until the son could be found (I think he was traveling) and told about his parents. I could have more easily blocked all incoming mail, but the user would surely have noticed and called the Help Desk about it. So I archived the sympathy messages until he had received the news in person, at which time I returned them to his spool.
The other time someone accidently mailed a bunch of salary information to a large distribution. Thank heaven for single copy message store! I was able to delete it from everywhere fairly quickly. The guys who managed the file servers had a harder job, as they were required to search and destroy any attachments that had already been downloaded and saved.
Since these events one of my qualifications for a mail server is how easily a rogue mail can be excised from the message store.
Basically, I feel like this is one of those things that is part of your job. To say it's unethical is just silly. If the CEO had shoved an envelope under the door of the person's office, and you had had the key to the door, would you have refused to open it?
On the other hand, I totally understand leading users to *believe* that recalling sent messages is impossible. You don't want them to get into the habit of using you as a safety net! When push comes to shove, however, you do your job. Delete the mail and keep your mouth shut.
That said, assuming you were in otherwise good standing they should not have fired you for this. I imagine you could have had a pretty good unlawful termination suit had you been so inclined.
Sarah
I'd delete it. You don't have to read the rest of the guy's mail to do so, and so are violating no one's privacy. The mail system (pick any) doesn't have some sort of unimpugnable integrity. This is pretty much the equivalent of picking a sealed envelope with a pink slip in it up off of someone's desk, before they come into work in the morning, but after HR says they made a mistake.
I'd also tell the boss that in order to fulfill his request, I need a quick look at the original in his sent mail. I would then confirm that there were no BCCs, for obvious reasons.
Otherwise, barring some sort of registered email scheme, you aren't violating ethics or rules of evidence.
Certainly this isn't behavior to encourage in the boss, any more than building a mailserver and recovering a message store in order to recover an accidentally deleted message is. But if the dumb mistake isn't a habit, help both parties out.
As admins, we have to be able _not_ to see things that we shouldn't, and occasionally even to forget that we saw things. When you're helping a user troubleshoot their email, you'll see more about their personal lives than you would ever want to know. Those aren't things I speak about to no-one.
Don't tell me your password!
Assembly is the reverse of disassembly.
You should have used MS Outlook, it is the most ethical email system since it has the "Recall" feature. The CEO could have recalled the email without presenting anyone with any ethical dilemas
It's interesting you should mention this, because the designers of NT (and VMS) actually did consider that there are cases in which the administrator of a system should not have access to certain files on the system. For example, should the sysadmin have the ability to view or even edit the payroll file? Or HR records? Unix does nothing to prevent it - root has access to all files. On NT, however, any user can have an ACL that denies the sysadmin rights to access a file or folder, and can log attempts by anyone including the sysadmin to do so. Another difference is that on NT you have to "take ownership" of a file, but on Unix you can "change ownership" of a file. That means that if you change the ACL on a file you had no read access to to give yourself access to it, you cannot change it back to what it was.
There is a special privilege on NT called "Backup Operator" - it allows you to copy any file to tape, or back again, but does not let you read the file. The developers of Unix, in an academic environment, did not consider how the system would be used outside of that setting, and many of the architectural choices they made are ill-suited to the corporate world.
AOL allows you to do this with other AOL users. I suppose doing it with the current SMTP/POP setup, though, would require certificates and digital signatures, else anyone would be able to cancel anyone else's mail with little effort. Oh, and we'd also have to get every mail admin to upgrade his MTA to one that supports this kind of thing. Or we could all get AOL accounts...
One difference between you, dschuetz, and the original poster is the quality of your writing. Simply put, and no offense intended to the original poster, your writing is better than his. If (please note the conditional) writing styles can be used as indicators of overall communication skills, then I am tempted to suggest that the original poster was not able to articulate to his boss his concerns in a way that would not cause offense.
On the other hand, I also think the original poster made a mountain out of a molehill. As others have stated, corporate email is an entirely corporate-owned resource. In addition, the request to withdraw occurred before receipt, not after. So the intended recipient does not own the message, the corporation does. And if the CEO decides that the company's interests are best served by deleting that email prior to receipt, then that is indeed what the original poster should have done.
On top of that, what right, legal or moral, does the intended recipient have to an email message that has not even been received? I just don't even comprehend the moral issue, for which I apologize to the original poster.
On the face of it, the CEO intended to send the email, and then changed his intention prior to receipt. The original poster had the power to enable the overriding intention, but refused, while his immediate superior acceded to the request.
I think that no moral imperative to deliver a piece of email exists. I just don't see that there is some moral good attached to delivering mail, e- or snail-. I see a lot of utility inherent in communication, but no moral requirement for communication in general. I think that some moral good may be facilitated or hindered by communication, but now we are speaking in terms of particular instances, rather than in general terms. So, we must evaluate this particular instance.
In this particular case, the original poster has not specified that there was something in the email message that would have caused or facilitated something morally good. In fact, he specified that the email message was a hasty flame that the CEO, on further reflection, decided to withdraw -- in other words, the message would have hurt the recipient, without justification, thus being a moral wrong.
So, with no a priori moral reason to deliver email, and with the particular message's contents being morally wrong, I conclude that the original poster was, in fact, morally wrong to have refused to delete the email.
Please forgive the descent into philosophy, but that is my background, and I couldn't resist the temptation...
I've been in many of these "CEO wants a bad thing" scenarios, and I have come to belive the best solutions is this:
Clearly explain why you think this is the wrong thing to do. Then do it anyway. There will always be another lackey to do their will. Once you've done you best to persuade them, the ball is back in their court, ethically speaking. And you won't get fired, although they will start thinking of you as "difficult," a fate I have long since accepted.
The all-important last step is to start looking for a job where you are valued and respected as a free-willed entity. If they'll fire you for having scruples, they are not worth the sweat of your brow.
Ok, the /. consensus is that corp e-mail is not USPS, CEO can retract e-mail.
... it's like paper shredding while the cops are kocking on the door. Where's the line? Is one e-mail Ok? 1000 Ok? All the accounting records?
Now, in this case it's a single e-mail. What if the CEO were named Skilling and the company were named Enron and not one e-mail but 1000's. Most people would object
I don't have an answer... just the question.
So if the mailroom guy fired off an angry email to the CEO then freaked and asked you to delete it, would you?
My first gig out of school, my ethically challenged boss asked me to back-date a FAX to our client. Tell the client that we had sent it a month ago, they must have lost it. The FAX pretty much said they'd be responsible for such and such at such and such a rate, and that if they didn't pay on time we'd collect damages, blah blah.
I did it.
You work for a company which gives all it employees free housing on its own property, including all equipment - TV, phone, computers, and answering machine.
You are responsible for security on the premises, and your boss tells you that he left a phone message on that employee's answering machine. He wants you to use your key, enter the apartment, and quickly go through the messages on the answering machine, and delete his message.
No ethical problem here?
I agree wholeheartedly with replies made above: unless there is a policy that explicitly allows you to go through employees e-mails, you should never touch those, even if asked to do so by your boss.
The company may own the premises, the employees' time, etc, but it should not change its privacy policy of how it treats the employees without telling them, to give them the opportunity to quit.
This establishes a few things. First, it gives them food for thought about the consequences of what they're wanting you to do. Second, it establishes WHAT they're wanting you to do (and let's them know--I'm documenting the fact you're wanting me to do this fucked up thing). And third, it gives you something to fall back on in case they want to fire you for not doing this. By making them look bad for firing you, you have some sort of leverage for court, severance, etc.
I know this doesn't solve the entire dilemna, but it at least protects you in case the shit really hits the fan later.
Remember: you're the piss ant. People in power can (and WILL) fuck you up. Take a few precautions and CYA!