Slashdot Mirror
Sys-Admins Reading the Bosses Mail?
PetManimal writes "Computerworld has an article about IT staff who have access to corner-office email. Systems administrators, database administrators, storage administrators and higher level IT super users are the types who may access sensitive executive information; one source quoted in the article says that in a company with 1,500 employees, there might typically be five to 10 administrators who have this access. As for how many abuse these priviledges, it's hard to tell, but rogue admins out for workplace revenge or personal gain can wreak havoc: '... Experts agree that the severity of these occurrences generally makes them more harmful than external attacks. One of the biggest obstacles to eliminating unauthorized access is determining how many people have it. Access lists are particularly difficult to formulate in both mature companies, where the number and power of administrators have expanded over periods of years, and small companies, where rapid growth leads to undocumented tangles of administrators who are able to maintain their access because nobody has time to assess their status.'"
What about the /. admins who can read our highly sensitive comments?
http://en.wikipedia.org/wiki/BOFH
A friend in the Government once told me that after the Pollard spy scandal the Government rethought the way it handled clearances. So now there is a discreet pool of clearances. There's no reason why a company, new, mature, huge, or small shouldn't be able to institute a similar policy in terms of access.
If brevity is the soul of wit, then how does one explain Twitter?
I get the feeling there is going to be quite a few AC posts on this one.
"No doubt one may quote history to support any cause, as the devil quotes scripture." - Learned Hand
The article mentions the lack of encryption and I suspect if it ever starts being used the same IT folks who have admin access will end up with the encryption keys, so the added admin and overhead won't buy you more security from prying eyes.
I read this last week when my boss submitted the article to that magazine in his outgoing email.
Gotta go, he's sending an email now about outsourcing the IT department!
Do not look at laser with remaining good eye.
Knows how to break IT security, but no longer needs to.
init 11 - for when you need that edge.
Whoever has access to sensitive company information is a threat to the company. It doesn't matter if they are a sysadmin or an executive. Limiting access may help, but at a certain point someone must know these details within a firm. And sysadmins cannot do their jobs without full access to the systems they support.
The solution is regularly teaching business ethics to students. Perhaps even make it mandatory to earn a degree. Certainly mandatory for a graduate degree.
I realize it's a business problem when the CxO doesn't have a clue about encryption, but who's going to demand he get some education?
FWIW, the legal profession actually has directives from the Bar Associations on when it's even permitted to use e-mail, and if so when encryption is required. Sometimes it's nice to actually have authority over you.
Lacking <sarcasm> tags,
I know the BOFH has taught me to maintain my job security and indirectly manage HR.
Would you be upset if your alergist (doctor) had access to your blood work? No. It is his job. Trust is a huge component of system administration, and any company, or corporation, who doesn't understand that the administrator has the keys to the system, needs to take a better look at their corporate layout.
Admins have access to everything. Or at least they should have access to virtually everything. Because who would you call if it was broken? certainly not the corner office.
Trust is necessary. You have to trust your admins. And if you have an admin that leaves under suspicious or grievious circumstances, you protect your corporations ass with a dismissal agreement.
my t-shirt says - "i read your email"
This same issue applies to companies who provide email services for free or charge. I don't think customers are aware that system administrators have access to read their mail and have it still marked as unread.
When anyone will start to consider PGP as a viable solution? I have a key, but really rarely use it. In fact only when I want to send a password to one of my friends. Will this chenge somehow. When all those "supid-proof", uber-popular mail readers will out-of-the box encourage users to use PGP. Or any other encryption in fact.
#
#\ @ ? Colonize Mars
#
If you don't have a chain of trust in your IT department you're fucked... even if you do spend bank on "secure internal IT infrastructure."
The rest of the article is all over the place. There's some mention of rogue admins reading executive e-mail rolled into boilerplate security talk about how X% of security risks are insider threats, and then it finishes up with a vaguely related sales pitch for RSA products, owned by... yep, EMC. The guys providing ComputerWorld with ad revenue on that sidebar.
Hopefully those scared VPs will hire consultants and purchase EMC products to "secure" their infrastructure from "rogue admins" who are probably reading their e-mail RIGHT NOW.
I once worked for a small public company and we always read the executive's email. We did it more to see when the next layoff was coming, but in retrospect I could have used it for insider trading and probably made some money. The stock would make HUGE swings before and after earnings, so I probably would have gone unnoticed.
WTF exactly is the "type to access this sensitive information"?
Access to that information is pretty much required and a given for SOMEBODY. Otherwise, you sorta can't build the system in the first place.
Having the ability to access that doesn't mean they DO. It's just that if the person happens to want to, the ability of accessing it is not a block if they do, in fact have access.
Submitter makes it sound like all IT types are nosy BOFH criminals, which is not the case. Sure, SOME are, but then again I bet there is a higher percentage of criminals in the accounting department and management itself.
If you cant trust your IT staff, fire them. It's a simple as that. Of course, it helps if they DO happen to access something it's not blackmail-able information. So keep your own nose clean too.
Maybe if companies paid their workers fairly and instilled loyalty things like this wouldn't be such a worry. Instead we're asked to do the jobs of several people for fraction of payroll - and not complain about it. What do CEO's think is going to happen?
I've got read access to the entire financial database. I can find out how much they spent for dinner on their last trip and their salary as well. Luckily for them, I just don't care.
What's your next burning question? ``Adolescent boys masturbate?''
...Then the battle is already lost. You may as well close up shop and go home.
Which is not to say there aren't unscrupulous people out there who will abuse positions of trust, but this is a HR issue, not a technical/security one (and is most certainly not one limited to the IT department).
It is not an impossible task to monitor your ACL's to know when they have been modified but it does take a lot of diligence. The biggest problems with undocumented ACL's are lazy administrators. Now as far as administrators themselves abusing their access rights that is much harder to track. In this situation the best you can hope for is your administrator views this type of abuse as unethical and uses self restraint not to abuse his rights.
"Anything tastes good if you deep fry it."
I work for a relatively small company with approximately 100 employees, and being one of the two sysadmins, I could easily go in and look at anyone's email. One of the many reasons I have for not doing so is because I have dignity and want to respect peoples privacy, no matter who they are. Also I could probably find some "dirt" about someone, but in the end it does no good, and in some cases would probably piss me off. If there really is dirt going around the office, I would rather hear about it by traditional means, just like everyone else. I also think that knowing about certain situations that might be going on, which have no effect on my day-to-day duties, affects my ability to treat all employees with the same respect that they deserve.
IT people checking out new web access monitoring software might also discover the boss is surfing personal ad websites in his office next to his wife.
Most companies warn new employees that their email and other electronic activities can and will be monitored. Why should execs be any different?
"It is a miracle that curiosity survives formal education." -Albert Einstein
At least in small business, and probably in all business, it is completely necessary for upper IT staff to have complete access to everything. I've lost count of how many times upper level management has come to me with the 'I forgot my password, can you get my stuff back?' request. This is a normal occurrence. If we take away the privileges of IT to access upper management data, then upper management is very likely to lose that data.
As an anecdote, one of my customers (I am an IT consultant) lost the password to the video surveillance system. They immediately came to me, and were shocked and annoyed when I said 'Sorry, I wasn't involved in the installation of that system and was never informed of the passwords.' In the end, we found that a user had written down the password at one point and were able to get back in that way!
The point really should be that companies better find upper IT staff that they can TRUST! If they can't trust their IT staff, they have big problems.
Odd people are concerned that IT types *might* be reading email when so many of the C*Os give their secretaries their passwords and other sensitive information. I am convinced that my Big Boss's secretary actually runs the place.
with information being so hot these days don't you think organized crime cartels
would do anything to have one or two admins in any network so they can glean
information for their benefits? hmm?
How very true. I have to say that if you don't trust your employees, they can't do their job. If they can't do their job, how are their supervisors going to do supervisory work? etc etc.
From a CEO's perspective you trust that your subordinates do their job, so that their subordinates are able to do their job all the way down to janitorial staff. Granted your level of trust declines proportionally to the level of visibility, but if the janitorial staff fails to take out the garbage for a week...
How much is your data worth? Back it up now.
I already read it in cmdrtaco's inbox. Seriously I bet a good number of IT people own the T-Shirt, "I read your email". We aren't kidding.
Microsoft aggravates my tourettes syndrome.
There's a very strange paranoia to this entire article. Is the next article going to be about how the cleaning staff have access to papers lying on executives desks? I'm sure all the exectives think that someone reading their "high level" email is some kind of worst case scenario. But I highly doubt anyone reading it would have much to gain. There's a lot more sensitive information in a business than some dumb executives new corporate strategy of outsourcing the IT department. Client lists for one thing, pricing information stored in databases, cost lists, etc. It's that low level information that if you found the right buyer (which is probbably a difficult task in itself) it'd be worth something. Admins generally have access to all that stuff, but they only get paranoid about someone reading their lunch plans meeting with Bob from Intel to discuss "strategic planning".
AccountKiller
Knows how to break IT security, but no longer feels the need to.
damaged by dogma
There are ways to run a business that limit the amount of information that has to be classified so that it can be relayed verbally or by sneakernet. Like not defrauding your workers or business associates is a good start, followed by not raking in huge undeserved stock options and bonuses, not downsizing and outsourcing just because it is the latest fad, and in general being competent to the point that the only people who care what's in your email are the rarer criminal element and not every damn single employee.
Ahh, driftnet on the switch monitor port. Never has there been such an artistically odd juxtaposition of shoes, porn, corporate logos, and vacation photos.
Someone had to do it.
My previous company fired me when they found out I had read the local V.P.'s emails. Of course, I was trying to find out more of the impending layoff and closing of our office, and how he was lying about it, but that was beside the point.
Nuns. No sense of humor. -Kurgan
So what?
Do these companies not have data classifications and policies around what must be done with secret/confidential information? Do the employees (including execs) not understand these classifications? Why not?
Any of this is a failure of your organization's ability to create proper security policies and ensure that employees understand what compliance means.
Email is plaintext unless you do something with it. Same goes for any data that is stored on any servers in your company. If it is confidential or secret, then it needs to be handled that way.
If you are granted access to privileged information, then you should not betray that trust.
As an admin I have seen things which I must tread very carefully about.
People do a lot of personal things on their computers, whether it be the company accounting or their personal browsing preferences you have to be tactful and discreet about.
Under normal circumstances I would never break the confidentiality of the people and machines I work on, but I know others are not so disciplined.
I have only been at a crossroads once where a machine had illegal material on and it took a lengthy internal debate to decide how to handle it (I went above the person and they were removed from employment)
As for abusing the information, there is no such dilemma - I will not do it.
Trust is something which when broken can effect you for the rest of your life.
liqbase
As for how many abuse these priviledges, it's hard to tell, but rogue admins out for workplace revenge or personal gain can wreak havoc...
Because the boss that reads YOUR email, who might find something juicy, won't use it against you or the company for personal gain, right?
The average executive considers sysadmins to be more or less janitors with an attitude problem. If they choose to piss all over someone who can fuck either them or the whole company with the flick of a switch, they aren't that bright.
Ethics? show me the money, and some respect.
Oh crap, I hope the boss doesn't read Slashdot! Better check this out... hmmm...no slashdot activity today, BUT there is an unread e-mail just sent to him with a slashdot link it it!! DELETED! Ok everybody, we're safe. Move along, nothing to see here
"It's not whether you win or lose, it's how drunk you get." -- H. J. Simpson
Knows how to break IT security, but no longer needs to because of the fact that he has found valid login information for the various systems that he cares to access.
If it wasn't for the fact that I read his email, I'd probably feel guilty about banging the CFOs wife.
Public key encryption, duh. Then, even if your admins had this access, which they must in some cases, they couldn't read the message anyway. The sooner CEOs catch on, the sooner everyone else will also.
Imagine if you weren't allowed to use roads because a bus company complained about your driving 3 times. --skunkpussy
No shit Sherlock! Did you figure that out all by yourself?!? Of course I can read their e-mail! I'm a sysadmin and I set up the frigging mail system in the first place! Duh!
What they fail to grasp is I don't have time to be going through their shit!
Conversely PHBs don't have time to learn how to admin mail systems, which is what they'd have to do in order to keep me out.
Here's a novel concept: Why don't you simply try hiring people who are trustworthy?
You're using her as bait, Master!
boss: boss, me
With Active Directory it is possible to delegate control of subsets of an organization. Imagine a tree with various branches and sub-branches. You can delegate various administrative permissions to branches without allowing access to higher level nodes. I'm sure is something similar with Unix-style systems.
At any rate, since Exchange is fully integrated with Active Directory, organizations often give administrators control over only certain subsets of e-mail accounts. For instance, if Company has 5 offices there would be one or two primary admins, and perhaps one or two admins per office. Each office only has control over their respective accounts, while the primary admin has control over it all.
This is a fairly simply way of making it easier to manage a large organization's admin accounts.
Sysadmins can read everyone's email!!?? Wow - what else will they find out? Can't wait to see the furor when someone discovers HR's DBAs can see everyone's salary!
Idiots - of course sysadmins can read everyone's email. This is why you should take care in hiring them.
Fear: When you see B8 00 4C CD 21 and know what it means
Jeez. Encrypt your mail if you are *truly* concerned that someone might snoop it.
...this shirt at work. Otherwise the jig is up.
I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
Few years back, I worked in a company that had about 6 admins. Out of those 6, 1 *REALLY* abused his privileges. It got so bad, that even when people started to file formal complaints against him, they would be sent to /dev/null. (Yes, he not only read the upper mangement email he also deleted it) He would screaw with upper management by changing numbers in spreadsheets on the file server shares, changing documents to be terribly misspelled or misleading, etc.
:P
Why did he do all this ? Well, because he could and he got away with it. To make matters worse, he was my boss.
Me and 2 other admins ended up quiting 1 day all at once. We tried to wake up the management about it, but they ignored the complaints thinking we didn't like him. They still never got it.
I don't care anymore, it was good I left there since I now make twice what I did there
It would never occur to me to take advantage of my responsibilities as a sys admin to use private information for personal gain.
John Smith
CIO, CFO, CEO
MegaCorp, Inc.
Employee of the Month
Employee of the Year
Grand Exalted Poohbah
Keeper of Keys
Omniscient All-Seeing Eye
How else would I know what's going on?
I was a consultant on a project two years ago, where we dealt with exactly that issue. I can't go into details, but I will mention that I had to get security clearance for that project.
The general rule is "you have to trust your admins". In this project, we spent a good amount of time dealing dealing with the question "Do you *really* have to trust your admins?"
We were pleased to fi
nd that we really didn't have to trust the admins all that much. The enterprise-grade product in use helped with its many, many security features. Yep, it was Lotus Notes + Domino. And yes, we did consider the server admins, storage admins and the backup guys. Oh, the network guys, too.
Of course, building a system like that does have some negative impact on the admins' and helpdesk's ability to easily help users with problems, but we did manage to accomplish the goal of very, very tight security.
I like the people I work with, but the BOFH is my hero. A few years ago when I was someplace else I got blindsided by politics that did not involve me. I was blamed for missed requests and information above my level that never reached me. I tried to be nice, work things through and figure things out and the situation got worse as the accusations against me piled up. My boss knew it was bullshit but did not want to risk their position, I was a lowly tech minion, not worth the effort of keeping me from being slandered and fired. Literally dropping hard copies of e-mails on the right desk, along with two newspaper reporters names and work addresses, made the offending party step back after the usual pointless threats and bitching. There were things going on that he did NOT want people outside the organization to know about.
I found myself saying a quote I never thought I would: "Never, Ever, Fuck With The Person Who can Read Your Mail."
I went to a better job working for better people, got promoted twice and ended up where I am today doing work and working for people I like. My previous employers shut up, some of them hate me, but they give me no trouble.
Moral of the story is, if you are a tech, always have as much access as you can, be judicious. don't use it unless you have to, and if possible keep anyone you don't trust out or log their actions, preferably without them knowing. The article is right, you really do need to have accurate maps of who has access to what, but if you are a tech it's CYA all the way.
The BOFH cruelty is optional. :)
I was working for an ISP and was doing DNS work. My boss starting blaming me for DNS problems because it would take a while for it to propagate, and he didn't understand the technology. So he starting adding domains himself, but occassionally he wouldn't have the time. So he'd login as root and have me make the changes. I got sick of it and just added my own root account. After that he would occassionally forget that he made changes to stuff.
Of course, you'll need the sysadmin to install that for you .... :P
The encryption companies are of course trying to make sales though.
The lesson is - if you dont trust your sysadmin, you have the wrong sysadmin.
I am a Sysadmin. I built the network, I built the mail server, I built the VOIP system, and I built the DVR security system. I have control over all of these things. I know what happens here before anyone else does. I see your every move, can listen to your every phone call, and yes, I can read your email.
We are not regular employees. We aren't the boss. We occupy a grey area, because we control everything.
My system has millions of dollars flowing through it. You trust me with that, but have a problem with reading an email?
I am a Sysadmin. Trust me or not. Me reading your email is the least of your problems should you choose not to trust me.
By law, anyone who has been drinking is "sober" until he or she "cannot hold onto the ground." Actual lexington, KY law
I have a question. Have you been hearing funny clicks during telephone conversations? Have strangers been unusually interested in your garbage? Notice any packet sniffing going on at work that looked suspicious?
Just wondering.
..there's a little bastard in all of us, no? ;)
And when you gaze long enough into the code, the code will also gaze into you.
1) MOVEit DMZ with Secure Messaging (http://www.standardnetworks.com/moveitdmz) Many companies (and especially company HR departments) buy this web-based product so that they have an encrypted NOT-EMAIL channel to send secure messages.
2) If you don't mind the administrative hassle, SMIME/PGP-encrypted email will also protect you.
I have 15 mail-accounts (besides my own) directly accessible in my Lotus Notes, and I could access just about everyones mail if I wanted to. That includes the higher management. I occasionally need to glance at those 15 accounts to do my job. No, I don't read stuff I'm not supposed to read, and I don't comment on the things that I do read.
It's all about trust. If you don't have that trust, then you have bigger problems than sysadmins reading your mail. Hell, senior management trust their secretaries with just about everything, including their mail. What's the issue with the IT-department?
Lesbian Nazi Hookers Abducted by UFOs and Forced Into Weight Loss Programs - -all next week on Town Talk.
Tha admin will always have access to the machines. That is why he is called the admin. ;)...
If you want security, use PGP... Oh I forget... if you do, the boss wont be able to read other people's mail and this is bad
Policies are more red tape vs. trust. Some compliance regulations and governing authorities require us to have certain policies in place, and in those cases, we need to make sure that the policy is realistic and makes sense - not just wording to avoid a problem.
Define security roles implementing a tight security policy where there is (theoretically) no need for an ultimate root or admin role because all necessary operations are defined in the roles and can be done through, for example, sudo. Then randomize the root/admin password and print it, face down, on a sheet of paper. Fold the paper in half and put it in a safe, just in case you forgot something and really do need root/admin priveleges. Now your admins only have enough privilege to do their day to day admin jobs without, for example, the ability to read email, but if anything really is broken, you go get that paper out of the safe. Sometimes it is necessary not to trust, for example in highly classified computing.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
Sure, I can read e-mails for anyone in the company. No, I don't care to read any of them (heck I barely pay attention to my own e-mails). On occasion I do need to glance at somebody's mail spool to make sure something in the e-mail system is working, and I have sometimes seen things I didn't want to (the latest one was talking about S&M). But the only time I'd ever be tempted to read other people's e-mail of my own volition would be if I was suddenly feeling very insecure about my job. And honestly, this is one of the reasons why I still use POP3 everywhere and never IMAP. I just don't want all of my e-mails sitting on the mailserver, conveniently browsable by anyone with access to it. They should at least have to work at it and gain access to my own personal machine first...:-)
As the e-mail admin receiving the bounces are even more enlightening. There was a torrid love exchange in e-mail going on but they'd put an extra, invalid e-mail address in so the thread kept bouncing down to us. We tried to let them know about the problem but they were ignoring our messages.
:D
I created a t-shirt for work a couple of years back when I heard someone saying that we were reading their e-mails.
"I Read Your E-mail"
" It's Boring "
[John]
Shit better not happen!
Admins need to be able to see the message and move the messages around, but they don't need to see the content. If you're transmitting sensitive data, encrypt it!
Many years ago, in the days when the one IBM PC was still a novelty, I worked as a janitor for a government project. I was also union shop steward at bargaining time.
Part of our job was to go into the management offices at 6 AM each morning to clean the desks and carpets and empty garbage.
To this day I don't think that the bosses have figured out how we always seemed to know what they had planned next.
It was almost like we had ESP or something.
I guess that lowly syadmins and lowly cleaners have one thing in common - they work under the radar.
Three Squirrels
I'll echo a previous poster's comment about Computerworld's fear-mongering aimed at clueless executives. All the measures in the article will just interfere with efficiency and other necessary work. The best way to avoid a project like this is to tell the execs "We'll all have to memorize a few more passwords, and if we forget them then we're locked out of the email system forever." That will bring them to their senses.
A guy I know used to be admin in an ISP here in Argentina. Once he wanted to read his girlfriend's e-mail... since his girlfriend was a user of the ISP he worked at this is what he did:
1 - Create a false Hotmail frontpage that would store username and passwords entered in a text file in his server and then redirect you to some type of error page, or something (perhaps redirecting to the real Hotmail).
2 - Modify the DNS to point to his fake Hotmail page.
3 - Leave it running all night.
4 - In the morning he removed the DNS entry and examined the text file... which listed not only his GF's password, but those of a couple hundred customers of that ISP.
So even if you never fall for phishing scams, browse with all scripting and ActiveX off, use virtual keyboards to enter e-banking passwords, etc. you may be easily pwned by a black hat ISP admin.
As a Slashdot discussion grows longer, the probability of an analogy involving cars approaches one.
The root problem here is that standard email is intrinsically insecure. Most people imagine it as a digital letter, but it is more of a digital postcard. Anyone can read the message contents on any mail server queue it sits in. To solve this problem properly, you really need to start using encrypted email. Then you don't have to worry about the IT people (unless they installed a keyboard sniffer while you were on vacation) reading your mail, or anyone for that matter even if there is a server break in.
Indeed, blackmailing the bosses is a job that only janitors should have the access to do.
Here's some news. Internal attacks by rogue operators can be more harmful than external attacks. This is something that every security manager should have burned into memory. Background checks are very important, but regardless of how draconian one's access control scheme becomes, there will always be an individual with the keys to the castle who can wreak havoc. The general idea is to make sure no one person can disrupt business continuity, but there will always be people who ignore this I suppose. It's a good thing that nobody relies on email for business continuity.. *chuckle*
What moronic corporate e-mail program allows administrators to READ other people's mail? (My company use Novell Groupwise and I am the admin, and can NOT read other's mail w/o knowing their password, and the data is encrypted. Indeed, Groupwise was chosen in part because of this feature). An admin should certainly be able to *reset* passwords so a lost password can be reset or in an emergency someone can get into someone else's e-mail. But resetting the password is the way to go, so the original user knows something has happened.
Kind of a stupid point - who watches the watchers? Hint: I bet your HR person knows what everyone's paid, too.
Unless your CEO is an ubergeek willing to handle network admin her- or himself, and as long as your company insists that email is not private and must be accessible by SOMEONE in authority, then your IT admin (at least) will be able to read your CEOs email.
Duh. If you don't trust your IT admin to be discreet, you have bigger problems than them reading the occasionally confidential email.
If it's that big a freaking deal, you have perhaps 3 choices (none of which are great):
- hand everyone who 'needs' confidential email access a gmail (or whatever) account. Yes, there are confidentiality issues there too, but less contextually sensitive than to someone IN the company. And it means that they will be able to send emails unsupervised as well - so if they send a gmail with that bestiality pr0n movie, nobody would know.
- tell them (like all employees) that their email is readable. Confidential docs / communication should be sent in encrypted attachments like a passworded RAR file.
- let them use an email client that supports encrypted emails, and teach them how to use it when needed.
-Styopa
What do they care if admins can read it.
No intelligent executive* would throw a sensitive memo into the company trash or recycling can without shredding it. Any janitor can fish papers out of the bin and read them. Any competitor employing industrial espionage or any SEC investigator could fish the papers out of the dumpster and read them. No intelligent executive would keep confidential documents laying around public areas of the workplace. He would keep them in a locked office in a locked file cabinet or even a safe. When transporting them he would use a locking briefcase. Why would the same executive that shreds his discarded files throw the same digital files in the his windowing environment's trash/recycle bin? Any IT guy could recover the files easily enough. Any IT staff, competitor, or legal investigator might obtain them off of resold or released hard disks if they are not stored in an encrypted form. Deleted files should be shred. Stored files should be kept under lock and key (encryption). Files transported over any network (LAN, WAN, or Internet) should be use encrypted by some layer of the network stack. Some execs may trust some members of IT enough to share high level information with them. If the execs care at all about security, this should only be done deliberately.
*Do intelligent executives exist?
------ Take away the right to say fuck and you take away the right to say fuck the government.
There will be problems as long as people continue to believe this. Email is a like a post card. Are you going to send sensitive information using post cards? Unless you're a complete and utter moron you're going to use an envelope. PGP is the email equivalent.
PGP really is not difficult to use. Enigmail for Thunderbird does the "hard" parts for you and assists in creating a key. To encrypt a message is as simple as clicking the encrypt button when composing. It's also that easy in Evolution.
"It ain't a war against drugs.it's a war against personal freedom" --Bill Hicks
If the IT Admins are threats to the Executives... make all the IT guys Executives :)
We run in an Exchange environment. Our company has a lot of turnover so we used an app called ESRA to kill legacy permissions (like the account is deactivated but for some reason the user had strange access rights). I suppose this app could do the same thing...
....end commercial :-/
Here's what I just helped a small corp do: Setup proper data encryption with key-recovery.
The layout is simple, the CEO/CIO/CFO and any other data that's subject to Sar-Box is encrypted using a key where the PW is only known to the individual who's responsible for that data. The only difference involves the CEO/President key that is the master, with all others being derived from it as s/he is supposed to have total access.
The key-recovery solution requires 5 key shares, 3 of which are must be from the Board along with 2 independent holders. What this means is that they need 3 board members and the two outside agents to recover any data that's encrypted should the CEO/President be incapacitated, otherwise, the CEO/President can reencrypt the data with the key of the replacement Senior Exec without involving the board directly as that's within the CEO's authority as designated by the Board.
Does this work? Well it was a bitch to setup and get everyone up to speed but it certainly seems to be working as designed and implemented.
The problem is: how will PGP stop an admin? Clickity-click, I just logged keystrokes and got Mr. Fancy Pants' private key password. You have to trust your admins to some degree.
/var/mail/*'.
PGP means you have to trust them less. Current, I have to trust my ISP admin not to read my e-mail, because
it's stored on his server in plaintext. He can't get into my house to install key logging software, so he can't steal my private key password. Using PGP means he can't snoop my mail.
Or, suppose I'm a developer, with no admin access. I control the contents of my desktop; and my private key never leaves my desktop. The UNIX admin who controls the UNIX machines I work on can't read my emails if they're encrypted.
With PGP, it's just the desktop admins (if you have any) who you have to trust not to swipe your private data. And if they're caught logging keystrokes by some savvy developer, they'll face criminal charges for data theft. That means they either can't log everyone's computer, or they'll risk being caught.
It's also a lot more work to do data mining. In order to search through all the emails on the system, they'ld first have to install keyloggers on every desktop, analyse everyone's traffic, get everyone's password, and log in and scan the emails sequentially. Compare all that with 'grep
PGP won't solve all your admin problems, but it can certainly mitigate them.
Next we'll be hearing that the accounting and HR people know how much everyone makes!
At one small company I once worked at, my Windows box popped up a strange notice one day that someone else was using my IP. Since my IP was fixed (so that I could access various IP-restricted network devices) this immediately raised some red flags. We began looking for the culprit; something must've tipped off the hacker because we found ourselves locked out of our mail server. Since access to the mail server was only permitted from inside our network, we shut off our net access, hoping to block the hacker while we got back into our server.
We tracked the hacker down. It turned out it was another admin, who had gone some kind of crazy. He had three NICs in his desktop box all configured to impersonate different machines, he had re-routed the boss's email through his mailbox (and some clients' mail too), and had all kinds of other things going on. And he had sat there the whole time we were trying to ID the hacker, pretending nothing was going on, all the while trying to stay ahead of us. Strangest thing I ever saw.
Yes, he was fired. He really didn't seem to know why he'd done it (none of it made rational sense) and he'd really put his family in a bind. I think he was sick, but I'm not a psychiatrist.
People are never as simple as their stereotypes. This applies equally to Christians, Muslims, and Emacs-lovers.
Tons of people think nothing of sending important information over email. Certainly it's sometimes more convenient/fast than by phone, and it does tend to leave something more of a record.
But it isn't open to abuse. I was talking to my supervisor the other day as he was going through an administrator's old email to find an old message (with a request to do so from the admin) and we were discussion what one might do if in the act of such things, he came across something that referenced himself. The best solution for a good tech seems to be just to do one's best to avoid personal emails, but when you're fixing people's mail clients, debugging mailservers, and many others you never know what you might come across by accident. Certainly an abusive sysadmin could use the system to read other's mail, or CC himself a copy, filter anything that had his name, etc.
I remember a case where a slightly misconfigured mailserver at a school was sending all the bounce messages to me (the sysadmin). The funny thing that was many of them were threats from rather unintelligent students to other students, but they had spelled the recipient address wrong. Before I found the error and fixed it, I happily forwarded said emails on the students' principals.
Between the amount of pr0n and other personal things I've found on the computers of private clients, I'd say that part of being a tech is knowing when to turn the other way - although at times I've come up with suggestings to various clients on how to implement better privacy for themselves.
Who watches the watchmen?
Dont talk to me about life!
i have access to pretty much everything at my work place, email, files, im traffic, etc., but quite frankly, i don't have the time or the interest to give a rat's ass about what other people talk about. i'd rather spend my time coding up new solutions/problems for the agency. (i guess that makes a geek).
sigs suck
There are methodologies that can ensure that certain types of actions cannot be done without two admins working together. Can this be done for the action of reading someone elses email? If it was possible, they would have to conspire to read the bosses email. Anyone has any good links?
... for my name and the word "sex" if its a slow day.
...and choose your sysadm. as you would choose a husband for your daughter.
The sysadm must be a trusted employee, if you can't choose the right person for sysadm. then you are sitting in the wrong chair.
and make it clear.
As the email Admin, it's my responsibility to make sure that mail is secure and compliant with company usage policies.
It's those same Execs that will inevitably call me into their office and pull down all off Suzy Receptionist's emails for the past year to see if she's been fucking the new VP, or is passing out trade secrets.
Why shouldn't the Execs get the same treatment? SEC or FBI comes knocking on my door with a warrant wanting all email transactions from the previous year on some CEO, or other Exec, you bet I'll give it to them.
Email shouldn't be a tool for passing around sensitive information anyway.
Do I read email? NO. But my server does, and it stores it in a database for easy searching and recovery, investigations, and backup.
So I guess I indirectly do.
In small business, there is (noramlly) no need for high security beacuse you can't Really Fuck Things Up (TM) like you can in big business where there are billions at stake.
In big business, the data should be secure. Period. You lose your password, you lose your information - it's that simple. Oh, sure, you can^Wmust have a contingency plan (the three board members and an outside law firm) if somebody gets hit by a bus, but it really should be a hard process to implement retrieval. Would that embarrass the forgetee? Hell yes; that's the point.
If you're in charge of IT you should _want_ there to be no way for you (or any single individual other than the owner) to retrieve that data. And you should have that policy in writing, with buy in from the top.
The key here is that losing data is not an excuse for lax scurity. All data in business can be reproduced, at the cost of time and effort (=$$). It's a simple cost of doing secure business, and an incentive for executives to be midful of their responsibilties. Don't worry, they get paid enough to figure out how to commit a password to memory. If your executives don't believe that such security is necessary, then they either really don't need security (cough*bullshit*cough) or they shouldn't be making these kinds of decisions (cough*McDonaldsManager*cough).
Is it just my observation, or are there way too many stupid people in the world?
I've said it before but I'll say it again: Professionals working in the computer industry should be given the same requirement/protection as doctors, lawyers and priests. This is a two-way sword and yes, it will cut both ways for society but there will come a day that the people realize it is necessary.
Consider the wave of horror that would sweep through corporate America if IT "whistleblowers" started reporting Enron-style tactics to the press. It brings to mind the scene in fight club where Brad Pitt's character and a bunch of lowly caterers hog-tie a rich fat-cat politician and tell him that the lowly people he is talking about are all around him and literally guard him while he sleeps. I once stumbled across an Excel sheet while I was cleaning up a sloppy group directory that outlined the cost savings of eliminating my contract. What if I had decided to alter the conclusion? There have been posts about how there's too much volume of information, why would some IT worker care? I'd bet dollars to pesos that every single person who has held admin rights to a significant data volume has tried a search on his or her name at least once. As many have pointed out...it is an impossibility to demand IT be able to protect and secure all data, even lost or destroyed material, without giving them access to that data. Therefore, the only solution is a legal one. Doctors cannot betray their patient's medical privacy, lawyers cannot betray their attorney-client privaledge and priests are not supposed to reveal their confessions. Likewise, a computer profession should not be allowed to unilaterally reveal the contents of the data he's charged with managing. The various trade-offs to society for the exceptions to the rule and a matter for the courts.
Consider also the well-known fear that companies and or individuals have in seeking help. No company wants to admit they were broken into, or have that matter become public. So instead they often times hide that fact (although California passed a law making notification a requirement) or fail to seek out advice when it matters and it isn't too late to fix. As computers get more and more interconnected and gain more and more importance, we may find that it is necessary to give shield to the people charged with maintaining them so that people don't avoid getting "treatment" for fear that suddenly everything they've said or done online may show up one day and bite them in the Foley.
-JoeShmoe
-- I wonder which will go down in history as the bigger failure: the War on Drugs or the War on Filesharing
but the title is still insightful. This is old news. At work, I'm a domain admin. I have unrestricted access to all the files on tends of thousands of workstations. And to countless shares on hundreds of servers, with lots of infos and documents. And several Exchange servers. And many large databases. Webservers too. You name it, I can access it, totally unrestricted. I have access to tape backup libs. I can read the CEO's mail and documents no problem. I could install keyloggers or anywhere or do packet sniffing or such.
But, well paid employees in a job that doesn't suck aren't typically motivated to do immoral stuff. I get paid well, I'm respected, my hours are decent, etc. I have no reason to be disgruntled and do bad stuff. On the other hand, I can say I'm a fairly ethical person (saying otherwise would be false modesty). The idea is to have good employees, and keep them happy.
Now, if I was some guy paid below what I deserve, in a high stress job that sucks, risking to be outsourced and all, with management making every second of your life miserable and such, poor workplace politics and the old backstabbing between co-workers, then yeah, I wouldn't be surprised when something bad happens... It's old news, disgruntled ppl will sometimes do that kind of stuff.
Any company should have reasonable policies in place (so that employees at least know when and why data may be accessed) and should employ Systems Administrators that take their Code of Ethics seriously.
Any employee who indicates by deed or word that they aren't willing to live up to that level of professionalism should not be allowed access to sensitive or private data.
This is old news, I guess every X years someone has to write a story to fill a spot.
I'm an SA (going on 11 years now) I've got full access to everything, usually every place I've worked (Cause I'm been one of a handfull of SA's or part of the team that ran everything so we had it all, router passwords, etc, etc).
While I can very very easily read peoples email, send email as them, do pretty much anything I feel like doing on the corp network I don't. For 1 simple fact. Professionalism.
imo I consider it unethical for a SA to read private email, go through peoples home directories (Unless there is a specific need too) snoop there traffic, anything like that. and being unethical is being an un-professional SysAdmin in my mind. And too may times I've seen people with the raw skills, but the ethics/professionalism of a .
oogly boogly!
Confessions and medical histories are not off limits because doctors and priests have rights normal people do not. They are off limits because in the confessional and in the doctor's office, /you/ have a reasonable expectation of privacy. A conversation you have with your priest, lawyer or doctor in a situation where this expectation does not obtain is fair game.
Consequently, IT professionals (at best) should only have similar responsibilities vis a vis privacy where the data being considereed is in a context where the owner can reasonably expect it to be private. There is no expectation of privacy in the vast majority of email systems. SMTP (and most proprietary systems) shovel email across the network unencrypted plain as day for anyone to read. A reasonable expectation of privacy only obtains where the user has taken steps to ensure privacy such as using encryption.
Either you trust your admin or you don't. There is no product or service you can purchase that will help you trust your admin. Chances are, your just going to piss him off.
But before you do so ask yourself why you do not trust your admin, is it really her/him? Or is it you?
I think you underestimate just how much I just dont care.
And what does make a sysadmin happy? - Well that's a good question, but as long as you feed them and let them have toys to play with you will actually let them focus on things outside reading other peoples mail.
Another way is to keep them busy all the time with strange annoying calls of things that doesn't work. (buy a multitude of printers all different models and brands will ensure this for a looong time).
And don't forget that company reorganizations will normally affect every department except the IT department, but will keep the IT department busy for a while when they try to figure out how to organize other persons access rights and where they are located this week.
Oh - and don't forget - limit your actual amount of sensitive data to a minimum. Not many sysadmins are that fond of reading through the mailboxes with 200+ emails with customer correspondence co-worker complaints and the shopping lists from spouses plus a gazillion of well-known internet jokes.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
A sysadmin has the access to read anything he wants and can get away with it as long as he doesn't tell anyone.
deserve what they get. One of my jobs in college was working as a customer service rep at a call center for a major apparel company. I handled all of the customer service via email, which also put me in charge of a catch-all account. The CEO was lousy with computers and had a fat finger problem.
I received several high level employee reviews that year, and many personal email from his friends and family. I did not read them as I did not really care, but I received them.
The average computer user actively refuses to learn anything about security. CEO's and department heads are often the worst offenders with this kind of stupidity. Who needs root when the world is full of morons. I had the sensitive info served to me on a platter as a starving college kid making $10 an hour.
Before they worry about Sys Admins, maybe they should make sure the temp does not check their IE history, or copy their saved browser passwords. You don't need to be 1337 to screw with sensitive information.
Janitor cleans office
Secretary answers phone
Xerox duplicates sensitive information.
That's why you need our new and improved executive tinfoil hat. $1,499.
OSGGFG - Open Source Gamers Guide to Free Games
This article is just plain paranoia. IT people don't CARE about your personal emails, and we don't read them. If we DO read them, we selectively block it from memory and simply move ON. The same thing goes for user passwords we know, personal information we find out, etc. Everytime I run into a user who is embarrassed because I caught him browsing ebay at work, or everytime someone hesitates at telling me his system password so that I can login to a system as him to better assist him I have to go through this a tiny bit. However, MOST users don't care, and they trust IT. About 5% of people don't. About 1% trust us so little that they will refuse help if it involves something so little as me looking over their shoulder to see what the problem is. There is no public outcry over the access IT Admins have except these paranoid few. When was the last time you heard about a major scandal at a company caused by an IT admin abusing his authority? I can't think of one. HP has showed us that IT admins are the LAST people we have to be worried about. The ones we need to be worried about are the over-controlling bosses and board members who believe they are entitled to pry into the lives of anyone they perceive as "below" them.
e-Mail per se has the same level of security as a postcard. Any company rellying on the mail being kept secret are just complete idiots.
As you point out, the only solution is to keep the data safe. In case of e-Mail, any critically confident infromation should be PGP/GPG crypted, and they cryptographic key kept only by the revelent people.
This way IT people can have full access to the infrastructure (e-mail servers, database, etc...) and the sensitive information that may be in those systems is kept confidential (even if the sysadmin has full access to the humour chain mails).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
So these bosses shouldn't expect any privacy over what emails are sent.
Same as the grunts.
There are several comments that says "you have to trust your IT staff". This is all very fine, you can trust them just as much you can trust your Finance department to never leak financial information to selected stock brokers before the quarterly report is released. And we all know that never happends. We can also trust IT staff as much as police officers, and we all know that police officers never snoop on the wife's lover or on the daughter's boyfriend. Yeah, right. Wake up.
My point is that trust is fine but not nearly enough. It is a known fact that the trust will be broken so there must be failsafes built into the system to recover from failures, just like you have a disaster recovery procedure for your servers.
Usually this involves a lot of logging to at least make someone accountable for the inevitable mis-use of information.
Tell your friends about xenu.net
Like you've never thought about setting some hotties computer to subliminally re-program her and get yourself layed.
One frame in sixty or so. Just don't do it on a flakey box as it could crash with your message on screen.
Where I used to work (Medata - http://www.medata.com/ the bosses read EVERYONE's mail. The poor sysadmin was required to CC all inbound and outbound mail to a common email address for review by a "committee" (read Owner and his minions). This was to ensure that everyone was addressing issues in a timely manner. It also succeeded in dropping corporate morale.
It started as only mail from specific clients (domains), but then ballooned into everything (including SPAM) in. When one side of the picture wasn't good enough it then it ballooned into a separate system for the east coast office. When they realized that they were getting more spam than not, the sysadmin then had to filter the SPAM first. The only relief some employees found was to use PGP encryption for some messages (which the sysadmin conveniently filtered out since the minions were requesting the ability to decrypt the messages).
To top it off, the sysadmin then had to PRINT every piece of mail (which required a tricky, yet impressive procmail fed, email to HTML to Postscript conversion before sending to a CUPS printer cluster). The stacks of Yellow paper complete with yesterday's SPAM and your letters to Aunt Sally were simply ridiculous, not to mention a tree forest's worst nightmare. They duplicated this for a second office as well, with some obvious overlap. When I finally left the company, each office had a dedicated room with 1 or more Email Review stations, 3 printers (2 in a cluster for automated printing), and a third for manual re-printing or printing of attachments, and a dedicated team of 3-4 people with little spine to carry out the orders. At one point, the president's office had it's own machine to print his email, though he rarely used it (I think deep down inside he objected to the idea as well).
It was bad enough when you just got the email from "Client A" when a copy of it with your name and a "Have you seen this?" message appeared on your desk not more than 15 minutes later (which was 10 minutes after you replied and solved the issue). Others were fired based on email correspondence caught via this process if it wasn't to management's satisfaction.
I think I'd take a rogue BOFH any day over Medata's super controlling micro-managing email reviewing and printing. Some companies have people paranoid about others reading email. This one did it openly.
The issue with Sendmail, QMail and all the rest that are your basic POP style e-mail systems, is that they either store the data in plain text, or even if stored on database servers they still store as plain text. Hence any sysadmin can read the mail in its raw form and no one knows this happened.
GroupWise stores everything in its own database which is first compresed (LZH) then 128 bit encrypted. There is no way a system admin can read anyones e-mail without using either the GW Client ( X-Platform of course ), the built in web interface or some of the more sophisticated e-mail monitoring tools that are available for GW. Without the tools, you MUST know someones password to get into their e-mail account. Now unless you have a list of passwords you will never be able to do so unless you change their password, as a system admin can, but they will be alerted because they will no longer be able to get their e-mail
Now you can use deception, ie: change their password, do whatever it is you want/need to do, then when they can't access their e-mail, you claim ignorance and cheerfully set them a new password and then tell them to be sure and change it, which they more then likely will not do and then rely on their laziness to then continue on with snooping, but at some point this will make someone think something is rotten in IT
The bottom line is that e-mail security is only as good as a System Admin who can change / monitor things, which is their job. At some point you have to trust someone to keep your system up and running
Why yes I AM a Novell fan boy, whats your fucking point!
Hey KID! Yeah you, get the fuck off my lawn!
It was always entertaining to read the e-mail of managers who were 'devout christians' who were cheating on their wives.
E-mails between the secretary pool and their sweeties was occasionally interesting, but not nearly as satisfying as seeing that the managers really were hypocrites.
In Soviet H-P, Boss reads YOUR email!
stuff |
That's generally how it works. The places I've worked so far, the sysadmins have pretty good about not reading mail, or at least able to keep up appearances. But making sure that your sysadmins have integrity is only one part of the puzzle.
The few sites I have observed running MS Exchange seem to spend a significant number of days per year compromised in one way or another. Usually it's warez, pron or films, but it could just as easily be a competitor. Many of those sysadmins don't exactly rush to sanitize the server because it takes so long, so they'll let it slide until someone complains or until it interferes with services in some way or other. A quiet unobtrusive intruder could be there reading the mail quite some time before having to find his way in again. But I digress, that's only one MTA of many possible.
A more problematic aspect that affects nearly all mail servers, regardless of which one, is that more or less all mail goes in clear text still, not even encrypted from server to server. I mean GPG has been out how many years and we're still working this way? The web caught up and starting using HTTPS many years ago, but not mail. All it takes is a sniffer on the same subnet as the mail server and all the mail can be collected and read. Set it up right and it's not detected either. Many developers and non-mail sysadmins would be in position to set up such a beast.
At one site, I figured out that a consultant was doing just that, sniffing e-mail. I was on my way to a new job and eager to leave all that site's problems so I only dropped some hints to my boss about it, but stopped at that. I came close to baiting the consultant with a false e-mail that would have caused him to act on the fictional message. It would have been best, looking back now, if I had done that.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
-cough- If you know a Sysadmin who is NOT reading their boss' email.....perhaps you should nominate them for Sysadmin of the year. It's a contest sponsored by Slashdot/SourceForge.net/Digg/Splunk/Usenix.
The first 2500 sysadmins nominated receive a free thinkgeek tshirt.
Tell your Sysadmin that you appreciate them not reading your email.....nominate them for Sysadmin of the year 2006.
This is amazing how clueless many of these posts that I've read are. I've actually been in the situation, where I have had co-workers that monitored emails (and other electronic communications) of management, and key players in the company. This was a small company, maybe 100-300 employees. It is extremely easy to get access to the mail server, and change permissions on folders and such, and the boss would have NO CLUE what was happening. Completing a security and/or ethics course would have done nothing for the employees involved, and implementing a policy is worthless, because there are no checks and balances in just creating a policy for 5 members of IT that serve a company size of 100-300.
The only real way I see of defeating this, is to have a higher-up that is completely trusted by high management, and is able to understand how to check for abuses like this, and how to see them occuring. Or create some sort of checks and balances system, and pit the sysadmins against one another, and that one would tell on the other if it occurred. I don't know how to accomplish the latter, good luck on that one.
(It had to be done)
I, for one, welcome our new insensitive.... Oh nevermind...
Check out Unsealed: Whispers of Wisdom! http://unsealed.k3rnel.net It's an action-RPG about Open Sourcerers.
Yeah, the first thing that popped into my head when I read the summary was that there have been times when I really would have liked to have had admin access to the email system: namely, when the future of the company was in question but the execs were keeping tight-lipped about layoff plans for business reasons. If I thought I was about to be laid off, damn right I'd read the boss's email to find out about it in advance.
Oh yeah I read the bosses email...
Fuck I've been fired!!
It's left blank because I have nothing to say to you punks!
Let me think, when all this email started getting popular in the mid 1990's wasn't the advice to treat it as postcard....
ie it could be read during transmission buy the post-office worker (sys-admin)....
just a gentle reminder.
That makes it safe not only on the server, but in transit as well which may be more of a benefit.
Interestingly, this very topic came up recently and you might find the following interesting:
(my emphasis above)
That's an EC resolution - a finished decision. We've known about the problem for years and years, we've had the solution at hand since PGP/GPG, and even the politicians have caught on: EU member states are called on to use encryption for e-mail, not only use software which can be independently code audited. Now, why aren't we following it yet?
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
I might be misinterpreting what you are saying here, but - exactly - does groupwise prevent a sniffer from working ? Unless it is encrypted before being put on the wire, your e-mail is readable by anyone who can sniff that port.
Any number of lower level non-IT staff have access to executive comunications. These include secretaries, file clerks, mailroom staff, cleaning people. The list goes on and on and this has always been the case. Nothing new here except now the info is on a computer and sysadmins have access.
Wanna fight ? Bend over, stick your head up your ass, and fight for air.
Look. If you're worried about people reading your email, go invest the 20 minutes it takes to learn about PGP and then find a plugin for your favoritest mail client. Make it 25, and you can even get your key uploaded to a public key server so that'll be easy for anyone else in the world to send encrypted mail to you.
Also, it might be a good idea to stop printing out your emails filled with "sensitive information" (like who you're going to fire and which companies are offering you how much to buy which division) to the public printer next to the break room that sales uses.
Bottom line: if you feel you need to keep secrets, then you'd better learn how to, like... keep secrets.
S/MIME is supported out of the box by Apple Mail, Lotus Notes, Thunderbird, and Exchange.
Just get yourself an S/MIME certificate and you're all set.
The problem is most people are too lazy to set it up, or don't know it exists.
I have S/MIME set up so when I e-mail my mother to tell her to do something, she can tell it's really me and not some phisher.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
As a non-IT guy, this strikes me as the perfect revenge for all of the bosses out there who read their employee's email.
Email encryption: Who's with me?!
Last place I worked at, the Director of IT insisted on being an Enterprise Admin in active directory. She was a fucking pencil-pusher, and had no need for those privileges; I can only assume she wanted to read peoples mail, among other things.
And what about people with blackberrys that want to check their email? There has to be an account set up to reach out and grab their mail from Exchange.
It really does. I know of a popular irc channel that had one of its ops decide to join a server to the network.
It came out that he logged all traffic, public and private, that passed through his server, almost certainly for
nefarious reaons !
(hello #macfilez)
How do you differentiate between having access to do system administration and access to the data? In theory, you could store everything encrypted so that the sysadmin could backup and recover your data without ever having the ability to see it. In practice, this is not a practical solution. How many applications that normal people (non-geeks) use will encrypt their data by default? In my experience, it's approximately 0.
Just make the Sysadmin a senior VP and include him in all talks.
How the fuck do you think the cutting-edge stuff at defense contractors gets protected?
That's right, exactly the same way as the overnment does it. Compartmentalisation and Need To Know.
Jeezuz, the hoops I have to get through to get some guy from project "A" to come to a meeting regarding project "B"....
Security Controller: "But he's not cleared for 'B'!!! Can he come in part way through and do a presentation on (specific, sanitised parts of) 'A', then just leave?"
Me: "The 'B' guys will want to ask questions, though..."
Security Controller: "Oh no! Just the questions will tell him a lot about 'B'!"
Me: "????"
Security Controller: "How about if he presents via video link. After he's done we turn him off, then I can filter the questions. Any that are simple, we turn him back on and I ask the questions. Anything more complicated and we give him a set of sanitised written questions and he can present the answers in -oh, say a week..."
Me: "!!!!"
And people wonder why high-tech defense equipment costs so friggen much!
Political language
This actually happened at a former company of mine. I was the Network Administrator and on more than one occasion I caught my Director of IT (Essentially the CTO for the company) accessing other personnel's mail including his staff, but most importantly other Senior Managers mail. He was given admin rights because he demanded them (And who was going to tell the highest in the chain no??? I tried, but was rejected) What he didn't realize was that I was able to look at the event logs and see when someone was accessing a mailbox that they were not the primary owner of.
As things worked out, we had a falling out due to his micro-management style, and I left the company never being comfortable knowing he was abusing his priveleges accessing other peoples email- among other things.
"I will not Lie Steal or Cheat, nor tolerate among us anyone who does. Furthermore, I resolve to do my duty and live ho
I bet a lot of night custodians read bosses emails since most of the bosses I know print hard copies of emails and leave them sitting on their desks.
``Sys-Admins Reading the Bosses Mail?''
That's nothing. I _write_ the boss's email!
Please correct me if I got my facts wrong.
I've worked in both large corporate environments with high security, as well as working for small companies. I've done work regulated by HIPAA, SOX and government regulations in the past. Not only that, but I served as Director of Technology for several middling size ISP's, all of which I served as unofficial security liason/abuse person.
Seems to me that, as with anything, any company should consider the risk, and try to set rules based on acceptable risk as well as best practices. Using google should allow you to research both.
For instance, there may be situations where a company needs to restrict information. I can think of several ways off the top of my head to do this, even with email. Lets say you have a company, large or small, that deals with Intellectual Property, patents or code or somesuch. There is an obvious need to restrict access to some of that information, if only legal discussions or strategy. For such a firm, information *IS* the most important thing. So find a strategy to segment information. Put the code on its own server, instead of a share of the main fileserver for every Tom, Dick, and Harry. If email is a necessary evil in sharing information, then segment the key users on their own server. If that company has several admins, identify the trusted admins and only give them access to those servers. It should be obvious that the low-end tech who sets up normal file sharing and printer shares doesn't need access to the IP information, so use AD or *nix to ensure his access. As well, make sure that you have proper legal coverage in place in the forms of contracts, NDA's and other such things.
For every issue, it comes down to cost versus benefit, but there are both technical and non-technical mechanisms in place to do this. They may not be free, but they exist. Compared to the risk of losing millions of dollars when some disgruntled tech steals your code and gives it to a competitor, an extra server makes sense.
No matter, there are always ways to minimize risk and the amount of hassle while still having some assurance that your security needs are met.
I'm also reminded of a few experiences I've had. My favorite was when I found out that my boss, a director of a Fortune 500 company, had completely and utterly shared is Exchange Email folder with the entire company. I never abused it, but every single person in the company could have read his email 24 hours a day, even from OWA.
Another anecdote comes to mind. When I worked for the ISP's, I had access to tremendous amounts of user information. I got every bounced email, had access to news server logs, could read anyone's email spools, etc. Looking back, I'm still amazed by what an end-user would put and/or attach to an email sent to an address that didn't exist, whether through typos or just stupidity. I can't tell you how many users of that ISP I saw butt-naked, but it was a damn significant percentage.
Bottom line is, we have rules because you simply can't underestimate human stupdity.
Gybrwe
Sysadmins are like surgeons, they are the only ones that can access all my systems. They can kill me if they want to. I'm very careful about choosing my surgeon.
If you set Lotus Notes to encrypt your received email (i'm not talking about encrypt the database), nobody but you can read your emails.
No, I think we're on the same page here WRT academic ethics classes. One of my replies notes that taking a university ethics course is -- at best -- a prophylactic measure. It cannot insure ethical behavior of those who have taken the course. However, I do believe that many do not understand the intellectual rigor involved in succeeding in such a class. The education is worthwhile, for anyone who must act in a responsible capacity.
I just filter it to trash :)
-T
I've more or less been caught up in this very predicament. Over the last several years I built, or helped to build, every aspect of a new production system from the ground up, including the WAN, the servers, business processes, phone and field support, etc. I was fully aware that I could at any time create chaos that would require weeks to clean up without getting out of my chair, and could potentially ruin the division. I could have stolen backup tapes undetected and sold them for a pretty penny. I could have falsified checks and changed title on properties and commit any number of other forms of fraud. Apparently I should have.
I imagine that a year or so ago a similar to article ended up on the desk of the national IT boss, who determined that the only people he could trust with administrative access was his miniscule crew of 5-6 admins, and proceeded to strip our rights away. Since this took place, our overall service level and system reliability has plunged, and we are still trying to determine who is allowed to access what. We are forced to explain procedures that take 30 seconds for us to techs who have never seen our system, have no interest in understanding it, let alone improving it. When they botch it and complain about our system or us, their ill-informed word is gold, and ours is worthless. They attempt improvements that we know at the outset will not work as intended, but refuse to admit it even when we proven correct.
Apparently, NOT wrecking the place for years isn't evidence that I won't wreck it tomorrow. Just as with the fact that your email isn't 100% private, there must be an article of faith in IT. If you do not trust enough, you become short-handed. If you trust too much, then you leave yourself open to dangers. However, removing trust for no good reason is no way to build up morale or service levels. I have no role in my company at this time, and only the hassle of finding a new gig is keeping me here, though I hope to change this soon. I suppose I am lucky compared to some, but it seems a shame to have done my best for this company for so long, only to be treated so harshly.
Shaw's Principle: Build a system even a fool could use, and only a fool would want to use it.
Of the last 5 jobs I've had I still have access to 3 of the 5. One of the jobs wasn't a little company but the admin staff is severely over worked, they just don't have the time to pull me from all the systems. Shrug. You couldn't keep most admins out of systems they previously worked on if you wanted to... to intimately familiar with the security vulnerabilities and too many friends in the admin staff.
Shadus
Not just sys admins, also network admins and random developers running ethereal. Bottom line - if you're not running CTU; simply make sure that you hire good honest people. If you ARE running CTU; install a cell phone jammer and keep a better eye on Chloe.
[Insert pithy quote here]
This article is especially funny in light of the fact that I was wearing my O'Really "Snooping E-mail for Fun and Profit" t-shirt yesterday (yes, to work).
MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
The fact that some users will have a huge level of access to company information is unavoidable as long as you also want someone to be able to support the complex multi-platform solutions that proliferate these days.
;), one usually requires some specialist third party tool to generate such reports and notify the
responsible managers automatically if something seems out of place.
The trick is to know at all times who has access to which systems, at what level, and who granted them that access. Since most systems have their own logs or access databases (some general SQL or LDAP, others strange and unusual
It's near impossible to find a single identity and workflow management tool to cover all the bases, unfortunatly. Each company needs to evaluate its own needs individually.
The company I work for produces several such tools which of course, I think are the best ones for the job =)
The important thing is to understand that someone always needs access to sensitive data, all you can hope for is that your HR department did good screening and that the managers care enough to follow up on access rights regularly. All too often people retain rights when switching departments...
Anthony Whitehead
NordicEdge AB
http://www.nordicedge.se/
Think about it. You are hiring someone to deal with your computer systems, no matter WHAT business you're in the computer systems are not just necessary, they are mandatory. Stop treating them as if they arn't important.
Take three simple steps.
A. Make sure your IT department is trust worthy. First step. Background checks. We all hate them, guess what, those should be mandatory, in all businesses. Get back information at least. You don't have to disqualify, but at least know who you're hiring. Not doing this makes you friendlier, but it's dangerous on every level. Don't like that idea. Don't work at that company, but if you have valuable data, why arn't you doing this?
If you heard of them screwing over someone else, you better not hire them, no matter what they say. Contact old employers, they might be able to say some stuff, but listen to what they say, if they say something like "There was a large problem at the end of his term" don't risk it if you don't know what the problem was. They might not say something about this, but it's better safe then sorry. Realize also if he leaves on bad terms some places will slander him even though they arn't supposed to, but at least you might know what to expect.
B. Treat them well. Don't under pay employees first off. I had a job in Finance where I was payed 24K yearly for 60 hours of work weeks and I was doing all the certification (not enjoyable at all.) I'm a moral guy, if I wasn't I could figure out an easy way to skim. That company did over a million dollars of business a day, you don't think some of those 0s and 1s could get to another account easy? Again I'm moral but why risk it, I could easily have read other people's mail if I felt the need. I didn't but again I have morals. Treat them like human beings. Not amazing, but don't shit on them (and that company really did that too).
C. Make sure you have a head tech that is extremely dependable and willing to lock out people on a moment's notice, from home, from Mars, from the bathroom. I don't care how much you trust people. I don't care how rude you think this is. If there's any hint that something like this might happen you better be sure as hell to lock them out. If someone quits on good terms, you still lock them out when you both agree it's over. If someone quits on bad terms you make sure they don't touch a computer alone, their computer is locked down immediatly, and all processes attributed to them are deader then dead. If someone is extremely pissed off at the company one day, for what ever reason you might want to subtly track what they do. You won't catch everyone, and you should catch no one. But if you catch someone doing something it's worth it.
One other thing is don't ask them to spy on anyone with out a reason. If you see someone doing something secretive that might be a good reason, if you know someone is unhappy, maybe, but generally spying on people will either make them think more devious or make them feel wrong. Not good in either way.
This doesn't mean monitor everyone every second of the day, but you sure as hell better know what's going on and make sure your top level security guy is trustworthy because this only works if he's happy, never think two guys are more trustworthy as one, that's a huge mistake. If your head's are in on a screw deal, you're screwed, even if you did everything else right.
And don't hide shit from computer guys. They eventually will find out and it just proves you don't trust them. That alone makes them angrier than anything. If you want them to be an admin give them 100 percent admin. Don't let them resent you.
I read my boss's emails; the ones forwarded to me.
Seriously why it is such an issue? Yes - admins have access to most everything. So what? - its one of the upsides of being a sysadmin. you have to run backups , configure systems and such- your CIO will not do that (and most probably does not have skills for this either) . Now there is logging tools /products for auditing all secure object level access, but who is gonna implement them and put it in place? -That right exact same people .
,or auto mechanic driving your car in repair bay , so don't bitch about people carrying weight of systems support of having necessary privileges.
/data - in no way I would want them have that if I could) -but corporate culture justifies that .At least with sysadmins its a pretty good technical justification.
You don't bitch about plumber having access your basement
I can bitch about HR too - they have the most private information about employees (I saw HR files
I worked for a small website design company (60 employees) a few years back taking care of site statistics and site updates for a number of our clients. As we were upgrading to a new stats package I needed access to the server room to configure the package directly. While doing so I came across a cron job set up by the sysadmin for the owner of the company. At several times each day the server would reach out to every employees email client and download their mail box (eudora). There was another cron that would then burn a copy of the downloaded mailboxs to CD. Everyday I saw the sysadmin take the CD's and hand them over to the owner.
It turned out that the owner went through everyones mail at night and used the information to either promote, suspend or fire employees. She was a real peach of an employer. After a small "accident" in the server room it seemed that the entire process was removed from the server as well as the back-up tapes (ooops!). Knowing that someone and found out what was going on, a different approach to grab the email was set-up. Most of us had enough sense to use other email accounts to talk openly and to avoid having anything in our email that might cost us our jobs.
Over the last 6 years the company has shrunk down to less than 12 employees and half of them only work 3-4 days a week.
Personally I think that any employer that has to stoop this low to spy on their employees should go out of business. But if this sort of tactic is needed to protect the company and it's products, a third party company should be the ones reading the mail and making the call about what is or isn't "actionable" conduct.
Just my two cents on the subject.
- Goran
Carpe Scrotum - The only way to deal with your competition.
I too have seen many knee-jerk reactions by management to any number of real or perceived problems.
Think about it. A group of highly paid MBAs sit in a room and come up with an IT solution you are supposed to implement.
It really doesn't matter whether or not their solution is workable. You MUST embrace it.
If you do not embrace it, you will always be remembered as the "difficult one".
And really, the stupider the idea is, the faster it will go away and be forgotten. It is kind of like evolution, good ideas live and bad ideas die.
In the end, the managers will not remember the solution, or the problem. All they will remember is whether or not you were a "team player" or the "difficult one". Just always agree and do your best to implement. When it dies, let it die quietly. No funeral. No wake. Just let it go.
Admins having superuser access are, at the very least, a necessary evil. If you don't let them have it, then they likely can't fix it when it breaks.
Now, IMHO, if an Admin has -time- to snoop an Exec's email, then there's something wrong. Most IT people that I know barely have time to have lunch, and it's usually on the go. I can go on about IT Staff becoming Wage Slaves in Corporate America, but that's probably a different topic.
The bottom line is that you need to keep your Admin's happy, and they ought to be busy enough on their own not to have time to go snooping around where they don't need to be anyway. You want to trust your IT.
Awk! Pieces of eight. Pieces of eight. Pieces of seven... ERROR: General Protection Fault. [Paroty Error.]
Keep those "Trusted" people busy doing their job and they will have no time to read others Email, Hell I hardly have the time to read my own.
... followed by not raking in huge undeserved stock options and bonuses ...
While I agree that there have been terrible abuses here, I also recognize that sometimes these options and bonuses are appropriate but that is not always readily apparent. First there is the agent problem. The boss is sometimes merely an agent of the owner(s), how do you make sure he acts in a manner that improves the owners situation rather than his own? Options are one way. This also works up and down the ranks, for bosses and workers. The other area where a big seemingly undeserved bonus is appropriate is for the founder(s) who lost interest/investment income by spending his/her saving to start a business, lost salary income as he/she worked for no salary or a partial salary in the early days of the business, who risked their financially security and reputation to pursing a dream, etc. If they get a couple of big bonuses to repay and compensate for the preceding once the company becomes established, IMHO that is fair. I've seen small companies get bought out, and I've seen employees complain that they got a far smaller bonus than the founder they worked side by side with. What these employees failed to realize is that they took little risk, and that their boss made personal sacrifices so that their payroll checks were there on schedule.
Is the above a typical scenario? I have no idea, but I have seen it a couple of times. I believe it happens often enough to warrant mentioning among the stream of expected "bosses are evil and all profit should go to those doing the work" follow ups. Like many topics, things are far more complicated than they seem.
I had to fix a Lotus Notes client for a lady and asked for her password so I could do it while she was off to lunch (I think I was setting it up). She smuggly replied with "Well, what if I don't want you reading my email." I came back with "What makes you think I need your password to read your email." The look of surprise/defeat on her face was priceless as she handed over the post-it note that had her password on it.
:wq
Sorry for being so blunt, but so *&*&ing what? The (US) courts have decided that by agreeing to be an employee at a company, you are acknowledging that the company might read your work email (and some cases, have even supported that company reading ANY email accounts you access from work.) Why should it be any different for the people at the corner office? If you don't trust your IT department, then you shouldn't hire them. You're giving them complete control over your computer systems after all...
/.ers will attempt to woo you, I'd advise setting up some sort of nimble fingers challenge for the would-be suitors.)
*sigh*
Seriously, unless your IT staff is severely underworked, they have better things to do then read your mail. However you should know that there are a few people that run greps for interesting words, such as boobs. Usually this is an inverse relationship with how often said person gets laid. Perhaps it is in your best interest to not describe your sexual encounters via email, or at the very least, buy your IT admin(s) a hummer every so often to keep those naughty thoughts out of his head. Ok, perhaps seriously was the wrong word to start this paragraph with...
(Note I'm refering to male admins, female tech geeks generally speaking are a different breed and tend to get laid a bit more often steming from their rareity. If you are a female tech geek and do not feel you're getting your fair share, please speak up and 100s of
HR people have the power to wreak havoc with your staff, or how payroll officers can mess with peoples pays, or administration offiers can re-write the procedures manual... I mean, without the procedure to put pants on before shoes who knows *what* hilarity will ensue?
Sounds like the one of the training bofh
I have been a engineer/sysadmin/it manager for something on the order of 13 years and this question has never occurred to me. Why? I don't ever bite the hand that feeds me. A corrupt sysadmin is much like a corrupt police officer, you've been given this huge responsibility and for whatever reason (lack of sanity, common sense, immaturity) you've chosen to abuse it. In all this time, I have never read an execs email unless asked to by them or by at least two other members of the executive team together. It's simply none of my business until they make it so. Tracking the rogue admin is another matter unfortunately - if you've only got one to begin with, good luck with that. If not, then you just need one that is trustworthy, pretty old fashioned concept it seems but a valid one still. I feel very privileged to own the trust that my company has placed in me and I never intend on taking advantage of that.
-- kortex "Not everything that counts can be counted, and not everything that can be counted counts"
It's because they have to be trusted and you don't trust your company's information to someone on minimum wage. It is BTW, the same reason accountants and lawyers are well paid.
Deleted
Keep generation of encryption keys off-site and the email completely controlled and encrypted in the exec's inbox. There are services out there like the Voltage Security Network (http://vsn.voltage.com/) that can do just that.
I am a systems administrator for many years and have always read my bosses e-mail at companies where I had access to this information. I have been at too many companies where layoffs, reorganizations and that kind of crap came down the pike, I want to know what is going on. If I have the ability to know weeks ahead of time if I am going to be laid off or not, do you think I am not going to inform myself of that because of trust or whatever bullshit? Sorry, but I am a wage slave, and look at my bosses and company owners as parasites on my work, I have utter contempt for them and all this BS about trust is a joke. All of this talk about security and "trust" is just a sign of the conflict between the class of people like me who are workers, and the parasite bosses/owners who live off our work. I don't trust them, I don't like them, in fact I hate them, so they sure as hell should not trust me.
that every registered user has an encryption and signing key, the enterprise has a directory with everyone's public keys, and that by checking one preference, all emails are encrypted and can only be read by those to whom they are addressed -- not even sysadmins with bit-level access to the server hard drives can read them.
This is assuming that the enterprise manages their Notes ID files (which contain the keys) in a semi-reasonable fashion -- like setting the initial passwords to expire and forcing the user to choose a new one, so that a rogue admin can't keep a copy of users' ID files and access their mail.
All this is built-in and is done as a matter of course in Notes.
Computerworld: The Search For Relevance
insecurity asks the wrong question irritation gives the wrong answer
Can't figure out how to encrypt your files and mail? Make the admin show you and prove that it's secure. Second of all, admins are given the responsiblity of managing and maintaining complex, critical systems that keep the business running. That is not a trivial thing. Decision makers need to hire people they can trust to be honorable and trustworthy to take the responsiblity of being the admin. It's their own fault if they don't.
In short, if you don't have much respect for the admin, you're liable to get screwed by him. Not because he's likely evil, but because you're likely stupid.
"People who log in as root... have root access."
Film at 11.
Every couple of years we get some freak-out article - "Oh NOES! Admins have access to our data!"
Shut the FUCK UP!
Of course we have access to your data. We're SYSADMINS! God I'm tired of hearing this crap. Maybe I've just gotten old and bitter, but I'm tired of hearing the n00bs in the office/exec/admin circles all upset about this.
You sure don't mind if I access your mailbox when you have a problem, now do you Luser?
"The story so far: In the beginning the Universe was created. This has made a lot of people very angry and has been wide
Why is the bosses mail sent and received in clear text?
- to lock admins out of various parts of the system. The problem is that *someone* will need access to that data in the case of emergency, and when their bonuses are on the line, the execs don't want to hear "Sorry, you locked me out of that data last year - you're boned," or "Ah yes, now the procedure you set up for accessing that data in an emergency requires that we contact five lawyers, three external trust agencies, and the bosses' goldfish." They just want the admins to magically pull the data out of their ass.
I realize it's a business problem when the CxO doesn't have a clue about encryption, but who's going to demand he get some education?
I haven't yet found myself in that position, but I hope I could speak up and be heard...
And I'd hope he see that my interest was in benefiting the company -- NOT in making him look like an ass.
And I'd hope he should me some damn gratitude, financially speaking.
Bwahahahahaha! It's not just email my friends... I know network engineers that could seriously cripple the entire WAN, locking everyone else out the system and be on a flight for a tropical foreign nation before anyone knows what happened! It would take months to clean up the mess.
There are countless stories of IT staff with access to the email servers finding out about an impending merger and layoff lists and seriously mucking things up.
Companies demand loyalty, confidentiality, and respect from their IT staff then they stab that same staff in the back. It is not surprising they are afraid. Admins are paranoid nowadays due to outsourcing and other cut backs.
Why don't the "bosses" encrypt their emails and be done with it?
At one place I worked it was pretty well known that certain bosses were reading their workers e-mail. (Including my own boss).
I also knew the Sys Admins & Server Admins were doing it too. Only, I got a bit shocked when some of the NON-Techies started telling me about stuff they'd read in other peoples e-mails. When I asked them how they'd done it, apparently some of the Server Admins had shown them how and set it up to allow them to do it.
So, I was rather upset about that sort of thing. Only, who do you go to? HR in that company basically (like all companies), works for management and NOT for the workers, (I know, because all my complaints to HR about other things had basically been like talking into a void), and management were basically breaking the rules, so I couldn't very well complain to them. Going to the police/law would have been useless, as they would have said it was all just heresay.
Needless to say, I just made sure I never said anything in an e-mail that I didn't want to be common knowledge to the entire company.
Sure enough, the cow costume was hanging up next to the superhero outfit and sailors uniform. (S,Spud)
I'm a sys-admin, I read emails of my boss, it actually keeps me updated about what's going on inside :)
"Rogue sysadmins" are humanity's moles inside of the Evil Corporate Empire.
If it's that important sign it and encrypt it. If you're a manager and you are sending out financial or personal information plain text you shouldn't have your job. You should work for the VA.
The larger the company the larger the IT department should be. Right?
Given that proportionality, the further step is the congruency of structure of IT to the structure of the company.
The CEOs internet activities are accessible only by CIO. The director's activity only accessible by the next level rank of IT department. Lower managers' internet activities are accessible to designated specialists in IT.
Of course, that requires CIO doing some hands on.
Another alternative is to have special channels for special people with separate access lists.
I do not believe in karma. "Funny"=-6. Do good and forbid evil. Yours, Oft-Offtopic Flamebaiting Troll.
I'll be waiting... Your job depends on it..;
They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock
I'm glad to know from whence you get your understanding of law.
My point was simple: talking about a doctor about your lab tests in his office comes with a reasonable expectation of privacy. Talking about possible treatments for a possible ailment with a doctor at a cocktail party does not.
Similarly, confessing to a priest within the confines of the Catholic rite of confession comes with a reasonable expectation of privacy that far exceeds consulting that same priest for advice in his office. The priest cannot be compelled to divulge the details of a confession in the former situation, but certain can in the second should the details be about a crime.
Also, if you bring a third party into an attourney-client discussion, the contents for which that third party is present does not unequivocally fall under priviledge. I highly doubt that a post card from a client to an attourney could not be subpeonaed by the other side at trial.
Sure, there are professional organizations but the right to privacy doesn't come from them or even from the occupation. It comes from the circumstances, location and method of the discussions. When you send a message via email over a network, there is no reason to believe that the contents are private unless you intentionally use encryption.
Oh no! Big, powerful, important people have discovered that their personal, PRIVATE information is possibly being read by people less important than they! Which is terrible, just terrible, and it's a shame they can't do something about it, but technology is really really necessary, but also really really hard, and doing what it takes to have encrypted mail and whatnot is too much work.
Wouldn't it be great if those 5-10 admins could be fired? Maybe our trusty secretaries, who already handle most of our day-to-day grunt work, including the personal, PRIVATE stuff, could pick up the slack? I mean, there's no chance whatsoever that a secretary would use their access to that information to wreak havoc, or for personal gain; certainly, they wouldn't swap information about us with other secretaries, no sir.
Hm. I have access to everyone's email, but have never even considered reading it. Even when I must look at an email when working on the server to resolve a problem, I try not to pay attention to preserve privacy. However, now I am suddenly tempted. If it is assumed we are all doing it anyway, then maybe I will. I'll never know what interesting tidbits I could find if I don't even look.
I thought that Sobane Oxley legislation solved all this. OR at least the part about knowing who had access to what.
A legal consensus on the issue of email has not yet arisen. Some courts have held that some emails in some contexts are protected. These rulings are not universally applied and, to my knowledge, the issue has not yet gone to the Supreme Court. The fact of the matter is that no person who understands how email works has a reasonable expectation of privacy for messages sent in the medium. Confidential communications should be either be encrypted or sent via some other medium.