ItsGeekToMe.co

Q: My nephew has proudly begun work in the corporate world.  He recently sent me a lengthy email from his office describing his expected career path.  He delivered it via a well-known and commonly used webmail service.

I responded via his home telephone, cautioning him that use of email from the office is never a good idea.  I added that, in principle, his corporate employer “owns” any messages received or sent to him via its servers, and not only that but the IT security department has the tools to break open and read any message that crosses its servers. 

His response to an apparently out-of-touch and overly-concerned uncle is that “since he was using his own webmail address, corporate security would not dare, and in any case, could not access and read his private emails…”  He added thoughtfully that he certainly hoped that was the case, since he was also exchanging “somewhat sensitive emails” with his girlfriend several times a week!

Doubtless my nephew is more technically savvy than I, and perhaps he is right, but just to settle the issue:  Is there a reasonable expectation of privacy when communicating via a corporate computer, even though using a non-corporate email address?  How difficult is it technically, for corporate security to access and deliver to supervisors the content of a supposedly “private” email?

– David K.
Niceville, FL

A: Normally I won’t use questions that are so long, because they severely limit the room I have to answer.  However, yours contains so much good info that I just couldn’t bring myself to pare it down.  Your nephew may be more technically savvy than you David, but your wisdom is shining brightly through all his incorrect rationalizations.  Not only does he not have any reasonable expectation of privacy when using his employer-owned network resources, the IT Security people don’t even have to “break open” his messages.  Since he’s using webmail, his messages arrive on his company’s LAN as plain, unencrypted HTML.  It is a cinch for anyone with administrator rights on a network to snag and log the packets bound for a given computer.  In fact, there is network security software available that can track every move a user makes online, including what sites they visited, how long they were there, and what they did.  It’s even possible for software to remotely capture the entire contents of a computer’s screen without the person using the system ever knowing he’s bring monitored.  You may want to ask your nephew how he would feel about his supervisor sitting in his or her own office reading the “somewhat sensitive e-mails” that he has been exchanging with his girlfriend!

It’s hard to believe it, but this is already issue number 46 of It’s Geek to Me!  Yes, the column turns 1-year old on July 26^th!  If you have any ideas for how we should celebrate one full year of this endeavor, I’d love to hear from you!