Slashdot Mirror
System Adminstration and Corporate Ethics?
Not-a-BOFH asks: "About seven years ago while SysAdmin'ing for a (then) small software company, I was approached by the CEO regarding a technical issue. He explained to me that he got a bit hot headed at another employee and sent said person an email that he now wished he hadn't sent. His request to me was to dig through this person's email and delete it before he came in that morning. As the SysAdmin, this was certainly possible for me to do, but I've always tried to remain ethical when having such access to sensitive documents. In the case of email, I explained to the CEO that to me it was like tampering with the U.S. Mail, and I wasn't comfortable doing it. Long story short, my boss had no issue with it, and wound up doing it anyway. Looking back now, I'm not really all that surprised that that decision of mine led to my getting fired, but I've always wondered how many other people have had similar situations happen to them, where personal ethics and CEO heavyhanding came into play, and their job security suffered from the clash."
This sort of thing happens all the time: sysadmins are in an interesting position where they feel ethical responsibilities to their network and the privacy of their users because they associate this with their jobs.
Sadly, I think that is leftover from the collegiate atmosphere where the sysadmin culture evolved--corporations have no such rules or regard for privacy. The fact that most corporations track every metric and move their employees make.
If you are allowed to have the illusion of freedom and fairness as a sysadmin, enjoy it but make no mistake: it is an illusion, and if it interferes with real work, higher-ups or the bottom line these "ethics" are going to take a walk.
Businesses only respect ethics that are enforced by government agency and carry real penalties--manipulating internal email is not one of these.
You should have used MS Outlook, it is the most ethical email system since it has the "Recall" feature. The CEO could have recalled the email without presenting anyone with any ethical dilemas
I used to work for a fairly large company - they managed about $3 billion in investments. The IT department was being run by an idiot. One of the IT managers who left becuase the IT department was being run into the ground sent one of the directors an email revealing what was going on in IT. The director was on holidays for a week, but he never got the email becuase the head of IT got one of the sysadmins to delete the mail from his inbox. I quit the company after 4 months after being dressed down for bringing up serious problems in their trading systems.
Reliable, Great Value Hosting: $7.95/mo 2.4G/120G
I have been in a similar position before, though for me it was spamming for a company. I was working for this designer lighting manufacturer as an admin and we were definitely feeling some of the effects of the economy at the time (right after the .com bust). So the CEO came to me with the option of gaining customers through spamming. I have never liked spam, and like most right minded geeks, find its existance annoying and unnessessary. However, I am a college student and jobs like this do not come along all the time (decent pay, good coworkers, very flexible), so I went along with it and did a round of spamming. I did try to convince the boss of other methods, but the fact of the matter is the he had his mind set on this. I figured its either my job, or a lot of pissed off/annoyed people who I will never see. I shot out 27,000 spams, not that much next to some, but 27,000 nonetheless. We got a lot of hate mail the next day, it was actually rather amusing in some respects since the rants were often JeffK worthy. So I kept my job, and 27,000 people got spammed. Those 27,000 people have now completely forgotten about that spam, and I have not forgotten about keeping my job. In short, its a dog-eat-dog world, and sometimes you gotta bite the bullet to stay afloat. If you won't do it, some other monkey with a lot less scruples than you will do it, and probably even worst.
"What can a thoughtful man hope for mankind on Earth, given the experience of the past million years? Nothing." -Bokonon
Email systems (and voicemail for that matter) have over the years sporadically supported a feature that allows the sender to delete unread/unlistened messages. Sadly, I know of know OSS email system that supports this functionality.
Where I work, we use MS Exchange configured in Enterprise mode. There is a feature to allow unread email messages to be "recalled"; however, the implementation of the feature is such that each email-reader (User Agent) can disable the feature completely or disregard individual recall requests.
My personal use of the feature is most often to recall an email that contains an error. I then substitute a corrected version of the email. When this works, and the message is recalled successfully, it removes from my communication the possibility that the receiver will save the email that contained the bad data, and not save a follow-up email that explains the errors of the first email.
While some will argue that it is a user's *right* to be able to read every email sent to them, it is just as easy to construct an argument that until an email is read it is the sender's *right* to be able to un-send it. To my mind, anytime we can put in place technology that allows poeple to correct their mistakes (be they emotional mistakes or technical/informational ones) it makes it easier for us to all get along with one another. The less stress we inject into our workplace/relationships, the better!
The ethical issue is that he believes that it is wrong to go through someone else's email and delete one, whatever the circumstances. Finding an arbitrary exception will breach those ethics,or require them to be reevaluated.
Reevaluating one's ethics does not happen in a matter of minutes.
The SAGE Code of Ethics seems useful for this situation.
Canon 2, "A system administrator shall not unnecessarily infringe upon the rights of users", seems to apply to this particular case. The relevent portion is:
"System administrators will not exercise their special powers to access any private information other than when necessary to their role as system managers, and then only to the degree necessary to perform that role, while remaining within established site policies. Regardless of how it was obtained, system administrators will maintain the confidentiality of all private information."
I read that to mean that if there is a site policy regardign email, the ethical thing to do is to follow the policy. Failing the existence of a policy, the ethical thing to do is to not infringe on the rights of the users.
"The purpose of argument is to change the nature of truth." -- Bene Gesserit Precept
At our firm we let new employees sign a letter before they start working that we archive ALL EMails they send. We treat Emails as business correspondence. We file letters that we send in an official capacity, EMails are the same.
Our sendmail server sends all mails going out (and coming in) to a central mailbox.
That said, we also provide peole with TWO addresses, one is private and is never tampered with, the other one is public and is put inthe files. They know this, and can decide which one to use to send the mails. We are also not anal retentive about sending personal mails and phone calls from work. I mean, they are people, not machines.
However, sending business mails under your personal account is frowned upon.
This systems works well and we never had any problems with it. Also, access to the central mail file is the same as access to business files in that only some managers may look into it. But generally business EMails are treated like any other busniess correspondence: filed as it should be.
This policy has helped us a lot when people leave, but they knew beforehand that their mailboxes are open.
The dangers of excessive individualism are nothing compared to the oppressiveness of excessive collectivism
At first glance I thought to myself, "Wow, you got screwed." But then I got to thinking: The courts have seen to it (in the U.S. anyway, just ask M$) that email is not as private as some want to think. When was the last time we got outraged by someone reporting that their employer instituted all sorts of no-privacy policies with regard to corporate email? Not recently, because we've all come to accept that when playing on someone else's network, we have to play by their rules. And more often than not, their rules mean our email is not inviolate, and that sys admins probably can read it anytime they want. From there, it's only a very short stretch to what you described. The only leg you would have had to stand on would be if your former employer had a written policy ensuring the privacy of electronic communications, and I doubt they did.
Yep - it is. To make it worse, there are two laws that literally contradict each other. There is the Regulation of Investigatory Powers Act 2000(RIPA) act, where as a sysadmin responsible for a lot of users I'm required by law to keep full text mail logs for 28 days (which you are not allowed to delete!). I can be asked by the police to supply log data at any time (admittedly it has to come from a senior officer) and if this happens, I'm not allowed to mention it to anyone that I've been asked to supply the information, including a judge(!) on pain of 2 years imprisonment. (I kid you not).
I think you will be looking at this like we all were and going "HUH??" by now, as obviously it makes thing extremely difficult! Basically you can think of it as a Big Brother type of law. Oh and if you are thinking "no problem - I'll just use crypto" that's 2 years in prison if you refuse to hand over your encryption keys.
Then we have the The Human Rights Act 1998 which strenghens the privacy of the individual. This is the one where I'm not allowed to look at personal information, however under RIP I *can* open up mailboxes if I'm investigating "an incident" however if I see anything else (non work related) while I'm there I'm not allowed to discuss it or use that information in any way. *phew*. Obviously all this stuff can be a nightmare, and so they way that we get around it is to have company policies about email, such as clearly documented allowed uses and document that all mail is potentially going to be read etc, however even that can get awkward as under the Human Rights Act 1998 we have to provide private means of communications of individuals. This includes things like staff having access to personal email (in practice a viral back door nightmare) and guaranteed un-monitored phones (i.e. payphones). All in all it's quite a complicated profession nowadays - lol.
I am not absolutely sure I agree with you. Obviously, it would be totally unethical to delete a third parties email. But you were being asked to delete an email by its originator - someone who could be regarded as its owner. Obviously (IMO), once the recipient has read and taken in the content of that email, s/he has the right to keep it, if only to produce it as evidence of harrassment. But while they are still unaware of the emails existence, I think that ownership of the email remains with the author. So, if the author is requesting that you delete it and you can do so without (as other people have pointed out) infringing the recipients privacy, it seems to me quite ethical to do so.
As for the "it'll teach him to think before he posts" - I think that lesson has been learned, as far as it can be. You don't thunk an executive *likes* having to plead with a sysadm for a favour?
Consciousness is an illusion caused by an excess of self consciousness.