were my workplace privacy rights violated?

[compuwiz1]

Because they own the equipment, and have set policy in place, you give them implied access at all times. That's just the way it is. As soon as you use that computer for personal business, they have implied access.

 

[slikmunks]

didn't you just get a job not too long ago too?

i think the important thing is to find out who they forwarded the email to... and what's going on w/ ur old company right now? any counter offers? how are they using the email (to your knowledge)?

 

[JS80]

where was the email forwarded to?

 

[yowolabi]

Originally posted by: spidey07

Originally posted by: Phoenix86
Packet sniff=ok
Printing=ok
Screen prints=ok
Using a service you don't have auth to use=not OK.

By using the company owned computer you grant them access to said service by proxy.

Their computer, they can do whatever they want. They own it and all information transmitted across their network and contained on that machine and all others.

The company does not have the right to take over any account that he logs into from his work machine. You really think they could change the password on his yahoo account and start using it themselves if they so chose? The bank account was a perfect example. Ownership of the acccount isn't transferred by the simple act of logging in.

At what point did the email that they forwarded pass across their network if he simply logged into his yahoo account? It's not on his machine, it's on yahoo's machine. If he opened the email, they would have a legal right to keep a screenshot, but at no point did he ever grant them the right to impersonate him by sending email in his name.

 

[smack Down]

Just delete everything on your account and tell them where they can shove your two week notice.

 

[talyn00]

Originally posted by: JS80
where was the email forwarded to?

i still dunno whether it was forwarded to the company or it was just some nosy tech guy.

 

[hans007]

this is the job that i just got 'not too long ago'.

they have totally screwed me over here, the job was a total bait and switch as far as "what i was told i'd be doing" at the interview... and what i've ended up doing now that they decided to hire some psycho as my boss.


and to everyone that is asking, they forwarded the mail to a person inside the company who is the "computer security manager" ... some guy with a CISSP.

the ironic thing is i left the largest computer security company in the world and they did none of these things to mvoe to this company where i was promised a much more important job which after about 2 weeks "changed". the last company upon quitting did not do any of these crazy things. this one on the other hand has really opened my eyes as to just how rotten companies can be.



btw at these last 2 companies i worked in software qa engineering. i am moving into software development. i am SO happy.

 

[Yossarian451]

Here is my completely unofficial and uniformed view on this, there are two categories that this falls under.

Legal But Unethical :
1. They viewed your mail while on your workstation. (not problematic depending on your network use policies). They have the technical right to monitor your use

Not Ethical and Possibly illegal
2. By use your open account they gained unauthorized access to an account that was not theirs. They did it in a manner that was presumably to discredit or defame you within your company.
a. This is somewhat akin to them stealing your password from packet sniffing then broadcasting materials from your email account. It is borderline illegal and the particular person who did this could and should face the ramifications.
b. I would imagine that your companies policy would not allow for the use of one another accounts in the first place so having a member of the staff doing so may be against company policy that would be not in the interests of your higher ups.

SO what would I do. I would complain to a higher up and point out the glaring problems that it could cause the company should you pursue action against them and suggest that the offending person be fired. It is not illegal for you to seek employment from others but it is illegal/unethical to gain unauthorized access to accounts that do not belong to you.

 

[her209]

Originally posted by: chrisms

Originally posted by: her209

Originally posted by: chrisms

Originally posted by: her209

Originally posted by: k1pp3r
Where you face a hard time is that with a company asset. Anything you look at, create, revise, email, publish, etc. the company OWNES, now you. Therefore if it is something that you do not want your company to have any pull over, do it at home. Otherwise, they own it.

So if I log into my bank account on my work computer, does that mean they now can transfer money out of my account to theirs because "they own it"?

This isn't a transfer of real value (money) but of information. The company would be able to check the account information you viewed just as they can check the e-mails the OP viewed.

Somehow I don't think so because the only they could ascertain the information was to sneak onto the user's workstation otherwise this discussion would be a moot point.

It isn't the user's workstation. It is the company's workstation, and they can do whatever they want with it. If an account was open on their workstation I don't see why they wouldn't have the right to duplicate that information (by forwarding it).

No they don't. Think of the two following scenarios (may not be applicable to the OP but to the current discussion at hand):

Scenario 1:
You receive job offer e-mail from prospective company in your personal e-mail. You view the e-mail using your personal computer at home. You come to work and log into your account. You read new personal mail but never open job offer email. You leave your post for a few minutes. Company personell comes and makes a duplicate of job offer e-mail.

Scenario 2:
You receive job offer e-mail from prospective company in your personal e-mail. You view the e-mail using your personal computer at home. You come to work and log into your account. You read new personal mail but never open job offer email. You log off. Your user account and password information has been sniffed. Company personell logs onto your e-mail account using obtained account information. Duplicates job offer e-mail.

This is a scenario that is more likely to occur.

Scenario 3
You receive job offer e-mail from prospective company in your personal e-mail. You view the e-mail using your personal computer at home. You come to work and log into your account. You read new personal mail and open job offer email. All pages you visit have been recorded.

In scenario 3, its okay because the company did not themselves use your account to read into your personal e-mails. If the company does not record web pages you visited, they're still not allowed to go to your workstation and click on the email and duplicate it even though you may have clicked on it earlier.

 

[Zenmervolt]

They are allowed to monitor your usage habits, and if they had reason to, the would be allowed to go through your company E-mail address as well as anything that you sent over the network with something like Yahoo.

However, they are definitely not allowed to send E-mails using your account. If they actually sent the E-mail, that may be a legitimate complaint. The IT guy was stupid, he should have simply written down the information and passed it along that way.

ZV

 

[talyn00]

Originally posted by: her209

Originally posted by: chrisms

Originally posted by: her209

Originally posted by: chrisms

Originally posted by: her209

Originally posted by: k1pp3r
Where you face a hard time is that with a company asset. Anything you look at, create, revise, email, publish, etc. the company OWNES, now you. Therefore if it is something that you do not want your company to have any pull over, do it at home. Otherwise, they own it.

So if I log into my bank account on my work computer, does that mean they now can transfer money out of my account to theirs because "they own it"?

This isn't a transfer of real value (money) but of information. The company would be able to check the account information you viewed just as they can check the e-mails the OP viewed.

Somehow I don't think so because the only they could ascertain the information was to sneak onto the user's workstation otherwise this discussion would be a moot point.

It isn't the user's workstation. It is the company's workstation, and they can do whatever they want with it. If an account was open on their workstation I don't see why they wouldn't have the right to duplicate that information (by forwarding it).

No they don't. Think of the two following scenarios (may not be applicable to the OP but to the current discussion at hand):

Scenario 1:
You receive job offer e-mail from prospective company in your personal e-mail. You view the e-mail using your personal computer at home. You come to work and log into your account. You read new personal mail but never open job offer email. You leave your post for a few minutes. Company personell comes and makes a duplicate of job offer e-mail.

Scenario 2:
You receive job offer e-mail from prospective company in your personal e-mail. You view the e-mail using your personal computer at home. You come to work and log into your account. You read new personal mail but never open job offer email. You log off. Your user account and password information has been sniffed. Company personell logs onto your e-mail account using obtained account information. Duplicates job offer e-mail.

This is a scenario that is more likely to occur.

Scenario 3
You receive job offer e-mail from prospective company in your personal e-mail. You view the e-mail using your personal computer at home. You come to work and log into your account. You read new personal mail and open job offer email. All pages you visit have been recorded.

In scenario 3, its okay because the company did not themselves use your account to read into your personal e-mails. If the company does not record web pages you visited, they're still not allowed to go to your workstation and click on the email and duplicate it even though you may have clicked on it earlier.

isn't username/password passed with a SSL connection ?

 

[yowolabi]

Originally posted by: Zenmervolt
They are allowed to monitor your usage habits, and if they had reason to, the would be allowed to go through your company E-mail address as well as anything that you sent over the network with something like Yahoo.

However, they are definitely not allowed to send E-mails using your account. If they actually sent the E-mail, that may be a legitimate complaint. The IT guy was stupid, he should have simply written down the information and passed it along that way.

ZV

I'm sure the IT guy knew he was doing wrong and wanted to be gone before the OP got back.

 

[her209]

Originally posted by: talyn00

Originally posted by: her209

Originally posted by: chrisms

Originally posted by: her209

Originally posted by: chrisms

Originally posted by: her209

Originally posted by: k1pp3r
Where you face a hard time is that with a company asset. Anything you look at, create, revise, email, publish, etc. the company OWNES, now you. Therefore if it is something that you do not want your company to have any pull over, do it at home. Otherwise, they own it.

So if I log into my bank account on my work computer, does that mean they now can transfer money out of my account to theirs because "they own it"?

This isn't a transfer of real value (money) but of information. The company would be able to check the account information you viewed just as they can check the e-mails the OP viewed.

Somehow I don't think so because the only they could ascertain the information was to sneak onto the user's workstation otherwise this discussion would be a moot point.

It isn't the user's workstation. It is the company's workstation, and they can do whatever they want with it. If an account was open on their workstation I don't see why they wouldn't have the right to duplicate that information (by forwarding it).

No they don't. Think of the two following scenarios (may not be applicable to the OP but to the current discussion at hand):

Scenario 1:
You receive job offer e-mail from prospective company in your personal e-mail. You view the e-mail using your personal computer at home. You come to work and log into your account. You read new personal mail but never open job offer email. You leave your post for a few minutes. Company personell comes and makes a duplicate of job offer e-mail.

Scenario 2:
You receive job offer e-mail from prospective company in your personal e-mail. You view the e-mail using your personal computer at home. You come to work and log into your account. You read new personal mail but never open job offer email. You log off. Your user account and password information has been sniffed. Company personell logs onto your e-mail account using obtained account information. Duplicates job offer e-mail.

This is a scenario that is more likely to occur.

Scenario 3
You receive job offer e-mail from prospective company in your personal e-mail. You view the e-mail using your personal computer at home. You come to work and log into your account. You read new personal mail and open job offer email. All pages you visit have been recorded.

In scenario 3, its okay because the company did not themselves use your account to read into your personal e-mails. If the company does not record web pages you visited, they're still not allowed to go to your workstation and click on the email and duplicate it even though you may have clicked on it earlier.

isn't username/password passed with a SSL connection ?

Sure. But even if it was, the company could still have keystroke loggers.

EDIT: The point is that they have the ability to obtain your account login information.

 

[doze]

Some of these arguements are funny. Nothing has been violated b/c it was their computer, electricity, and bandwidth and OP didn't follow procedure and lock his station when he left.

 

[IHateMyJob2004]

1) It's their asset, they can do what they want.
2) They should fire the IT worker for what he did.

 

[smack Down]

Originally posted by: doze
Some of these arguements are funny. Nothing has been violated b/c it was their computer, electricity, and bandwidth and OP didn't follow procedure and lock his station when he left.

Right but it wasn't the companies email account. If they had just watched the op open the job offer then it was clearly legal but they "hacked" his email acoount.

 

[Nutdotnet]

Originally posted by: doze
Some of these arguements are funny. Nothing has been violated b/c it was their computer, electricity, and bandwidth and OP didn't follow procedure and lock his station when he left.

Uh, actually, no, you're wrong.

While the computer is the company's property, the company DOES NOT have the right to USE employee's personal, non-business-related, accounts.

Would they have a right to READ what was on the computer? Absolutley! Do they have the right to manipulate and use a personal account not associated with work? Hell no.

We, as employers, do not have the right to forward an email address from a personal email account to someone. It is a violation of privacy standards. A personal email address is just that, personal. The employee may certainly be reprimanded for utilizing business time as personal time but that doesn't mean that the employer is entitled to use a personal account as their own.

 

[k1pp3r]

Originally posted by: smack Down

Originally posted by: doze
Some of these arguements are funny. Nothing has been violated b/c it was their computer, electricity, and bandwidth and OP didn't follow procedure and lock his station when he left.

Right but it wasn't the companies email account. If they had just watched the op open the job offer then it was clearly legal but they "hacked" his email acoount.

How do you "hack" something that was left on the screen for the world to see, all they had to do was click the check box, then forward, no hacking involved

 

[Nutdotnet]

Originally posted by: k1pp3r

Originally posted by: smack Down

Originally posted by: doze
Some of these arguements are funny. Nothing has been violated b/c it was their computer, electricity, and bandwidth and OP didn't follow procedure and lock his station when he left.

Right but it wasn't the companies email account. If they had just watched the op open the job offer then it was clearly legal but they "hacked" his email acoount.

How do you "hack" something that was left on the screen for the world to see, all they had to do was click the check box, then forward, no hacking involved

It's the same in principle, unauthorized access.

 

[Deleted member 4644]

You cannot expect privacy on your computer, but you might be able to sue them for "hacking" or attacking your yahoo mail account. I am not a lawyer and I am not giving you legal advice.

 

[MrDudeMan]

Originally posted by: k1pp3r

Originally posted by: smack Down

Originally posted by: doze
Some of these arguements are funny. Nothing has been violated b/c it was their computer, electricity, and bandwidth and OP didn't follow procedure and lock his station when he left.

Right but it wasn't the companies email account. If they had just watched the op open the job offer then it was clearly legal but they "hacked" his email acoount.

How do you "hack" something that was left on the screen for the world to see, all they had to do was click the check box, then forward, no hacking involved

moron :roll: he put hacked in quotes meaning they didnt literally hack his account, but they took control of it without his permission and used it to do something suspicious. not everything is always literal :thumbsdown:

 

[Deleted member 4644]

Originally posted by: her209

Originally posted by: talyn00

Originally posted by: her209

Originally posted by: chrisms

Originally posted by: her209

Originally posted by: chrisms

Originally posted by: her209

Originally posted by: k1pp3r
Where you face a hard time is that with a company asset. Anything you look at, create, revise, email, publish, etc. the company OWNES, now you. Therefore if it is something that you do not want your company to have any pull over, do it at home. Otherwise, they own it.

So if I log into my bank account on my work computer, does that mean they now can transfer money out of my account to theirs because "they own it"?

This isn't a transfer of real value (money) but of information. The company would be able to check the account information you viewed just as they can check the e-mails the OP viewed.

Somehow I don't think so because the only they could ascertain the information was to sneak onto the user's workstation otherwise this discussion would be a moot point.

It isn't the user's workstation. It is the company's workstation, and they can do whatever they want with it. If an account was open on their workstation I don't see why they wouldn't have the right to duplicate that information (by forwarding it).

No they don't. Think of the two following scenarios (may not be applicable to the OP but to the current discussion at hand):

Scenario 1:
You receive job offer e-mail from prospective company in your personal e-mail. You view the e-mail using your personal computer at home. You come to work and log into your account. You read new personal mail but never open job offer email. You leave your post for a few minutes. Company personell comes and makes a duplicate of job offer e-mail.

Scenario 2:
You receive job offer e-mail from prospective company in your personal e-mail. You view the e-mail using your personal computer at home. You come to work and log into your account. You read new personal mail but never open job offer email. You log off. Your user account and password information has been sniffed. Company personell logs onto your e-mail account using obtained account information. Duplicates job offer e-mail.

This is a scenario that is more likely to occur.

Scenario 3
You receive job offer e-mail from prospective company in your personal e-mail. You view the e-mail using your personal computer at home. You come to work and log into your account. You read new personal mail and open job offer email. All pages you visit have been recorded.

In scenario 3, its okay because the company did not themselves use your account to read into your personal e-mails. If the company does not record web pages you visited, they're still not allowed to go to your workstation and click on the email and duplicate it even though you may have clicked on it earlier.

isn't username/password passed with a SSL connection ?

Sure. But even if it was, the company could still have keystroke loggers.

EDIT: The point is that they have the ability to obtain your account login information.

The ability to gain you account login does not grant them the legal right to use it. They might also have the ability to gain your ATM pin, but that does not grant them the right to look up your account balance.

 

[k1pp3r]

Originally posted by: MrDudeMan

Originally posted by: k1pp3r

Originally posted by: smack Down

Originally posted by: doze
Some of these arguements are funny. Nothing has been violated b/c it was their computer, electricity, and bandwidth and OP didn't follow procedure and lock his station when he left.

Right but it wasn't the companies email account. If they had just watched the op open the job offer then it was clearly legal but they "hacked" his email acoount.

How do you "hack" something that was left on the screen for the world to see, all they had to do was click the check box, then forward, no hacking involved

moron :roll: he put hacked in quotes meaning they didnt literally hack his account, but they took control of it without his permission and used it to do something suspicious. not everything is always literal :thumbsdown:

Thank you for insulting me, and just what did i do to you, nothin so ****** you.

 

[Nutdotnet]

Originally posted by: k1pp3r

Originally posted by: MrDudeMan

Originally posted by: k1pp3r

Originally posted by: smack Down

Originally posted by: doze
Some of these arguements are funny. Nothing has been violated b/c it was their computer, electricity, and bandwidth and OP didn't follow procedure and lock his station when he left.

Right but it wasn't the companies email account. If they had just watched the op open the job offer then it was clearly legal but they "hacked" his email acoount.

How do you "hack" something that was left on the screen for the world to see, all they had to do was click the check box, then forward, no hacking involved

moron :roll: he put hacked in quotes meaning they didnt literally hack his account, but they took control of it without his permission and used it to do something suspicious. not everything is always literal :thumbsdown:

Thank you for insulting me, and just what did i do to you, nothin so ****** you.

Dude, chill out. It's not nice to call someone multiple astericks.

 

[BoomerD]

wonder if the IT guy sent a nice "NO Thank you" to the folks offering the job? OR, plans on trying to get it himself?

I think that what they did sux, and is underhanded, and possibly borders on illegal, (accessing your external e-mail account and forwarding an e-mail in it, BUT, as others have noted, you have no real expectation to privacy when on a company network. THEY own it, and everything on it...NO, that doesn't give them the right to USE information, like PIN#'s, account numbers NOT related to work, etc, but they do have the right to access any information on their network.