Can employers read website based email?

I’m trying to correspond about a potential job via email.
I know if I send it through the company I work for’s email they could certainly read it. Consequently getting me in hot water, with or without another job to go to.
If I use my Yahoo! email account at work, can they read that too?
Speaking of which, can they read my posts to this board when I post on company time?

Just because I’m paranoid, doesn’t mean they’re not out to get me…

It depends on what security measures they have in place. If they so choose, they can set it up to intercept every byte that you ever transmit over the company network, SDMB and Yahoo mail included. However, most companies don’t do this, since it’s just not worth the bother (who gets to sift through all of the emails and web pages to decide what’s not work-related?). They’ll definitely have copies of your sent e-mail (through the work account) available somewhere on the servers, but even then, they’re likely to never look at it.

The short answer is that they can, but it’s difficult, and if they can read your Yahoo mail, then they can read your posts, too, including the one you just made, so if they’re out to get you, you’re already screwed, anyway. Might as well go for it, with the Yahoo mail.

Technically, it’s possible to monitor everything you send and receive over the network including mail, web forms (like message boards and web-based mail) and passwords. That’s why you want credit cards and passwords to be encrypted. The question is, would they find it worth their time to read everything you send? Keeping a log of all web sites you visited should be fairly easy. Scanning for specific keywords or patterns (say, 12-digit numbers) is not hard to imagine. Reading all e-mail? I’m not sure, I’d think your employer has better things to do (or better ways to spend money).

Once it’s on the remote mail server, I think it’s safe from everything short of a court order.

Don’t some employers monitor keystroke activity as a measure of productivity? Could they automatically monitor keystrokes for combinations like R-E-S-U-M-E?

Like others have said:

  1. Yes, they can monitor it.

  2. It’s extremely labor intensive and they would really have to have a reason to target you.

Actually, after yappin’ with my network administrator about this, monitoring is very easy (there are a number of snoop software packages on the market) where your employer could monitor key words, web sites, etc. Many of the large insurance firms, brokerage house, et al., have these in place to prevent(they say) fraud, but is really a way to avoid litigation. <u/>Anything</u> you send from the office server can be read by your employer. And always be pals with your network administrator, 'cuz they’re the ones that can check you out, with or without employer sanction.

Your best bet would be to use an email encryption package, such as PGP. Encrypt your mail on your local PC before it’s sent through the network, and they can’t read it. Of course, if the company policy says you can’t use the system for personal use, they can still come down on you, especially if they start wondering why your mail is encrypted.

In a worse-case scenario, you could end up in court, with a judge ordering you to provide the key to decode your sent mail that they have been capturing via the snooping software. This would be a VERY unlikely, but possible scenario.

Arjuna34

Resume working, you slack@$$.
:smiley: Sorry, couldn’t help myself.

As a network admin, I can say that everyone here so far is correct. Yes, it’s very easy to monitor network traffic. But it’s also incredible tedious to sift through all the data. To use your example:

Your boss tells me that he believes his people are using web resources improperly on company time and wants me to check it out. So I set up network monitoring software on the network to monitor all the web activity that goes to sites such as Hotmail and Yahoo. I can then set up the software to send me transcripts of activity to these sites.

I come back the next day and see hundreds of transcripts, and now I have to read through each and every one by hand. I sort through the first dozen and see 3 messages to significant others, 5 saying that the yahoo main page was visited but no other activity was performed there (default startup page), 1 message received by a user on the network asking him to pick up milk on his way home, 2 messages looking up Yahoo stock quotes, and 1 “You Know You’re a … if” joke email. No visits to porn sites, no mp3’s, nothing that could land the company or myself in serious trouble, so I write it all off and get on with more useful tasks.

The only way snooping would be effective is if someone came to me and said “I think so-and-so is performing such-and-such a task on company time; please verify this.” i.e., I’d need a specific target for which to search.

grep mp3 *
:slight_smile:

Why haven’t you installed Carnivore with your own set of key phrases already?

Certainly, but my point is that unless you’re looking for something specific, snooping isn’t practical. If you didn’t already suspect that one of your users was using web mail for activities that violated usage policy (or downloading mp3s), how would you know to set up something to snoop for it? Sit there and think of every possible way a user could violate policy by abusing resources, then set up traps to detect each of these situations? That would take a lifetime, and for every abuse I can think of, I could be assured that there’s someone out there more clever than I who could find ways to abuse network resources. No, you set up traps for common practices that would violate policy and move on. That’s not being lazy, it’s merely being practical.

Ok, so we’ve established that yes, it is certainly possible for them to read whatever you send from your computer. (I don’t think we’ve even gotten into Van Eck phreaking) :slight_smile:
Another question would be can they, from a LEGAL standpoint read what you send over Yahoo mail or whatever? My gut reaction would be yes, since you’re using their corporate equipment to send your mail. Has this ever come up in a court case at all? I know instances of reading e-mail sent over the company mail server has come up, but I don’t know about web based mail.

I don’t have any specific cites, but, yes, there have been court cases where the rulings were in favor of the employer. The justification seems to be that no matter what you send, if it originates from the office, on company time, on a company machine, then it is implied that you have no right to privacy, because everything you used to produce that correspondence belongs to your employer.

Well, speaking as a former Network Admin, I can tell you that it’s a simple matter to read your Yahoo mail if someone has a packet sniffer/decoder. But they have to be watching your internet transmissions and that is extremely time-intensive even if they buffer everything for review.

Just out of curiousity, I once grabbed my own hotmail password with a packet sniffer with no problems whatsoever and I don’t imagine Yahoo mail is much more secure, as it’s HTML-based and that’s essentially a text transmission. Even a secure server transaction can usually be sniffed out as more or less plain text if you know where and when to look.

Conclusion: Don’t sweat it. If they want to read your internet email, they’re already doing it. If not, they won’t catch this one.

Chances are that your net admin is not monitoring every keystroke you input into that machine unless you are working for a classified defense contractor and the like. Yes, they do, in fact a friend of mine works for a high level security defense contractor and they don’t have internet access on some machines.

as for Chronos stating:

Um, my client has all email copied to a folder on our network for the bosses to read and for me to sift through. The main reason this is done is the bosses like to see what communications are going through their company (they do the same thing with faxes and it’s company policy).

My job is to go through and sift through the personal emails, which believe me, it’s easy to learn email addresses and the like of business versus personal. Mainly we are trying to keep out any illegal activity, possible sexual oriented material that might land them in a lawsuit etc… Since I have never been one to be a wuss when it comes to sexual material a lot gets by me in that regard, and yes they do cross our servers. Racist and illegal activity would certainly be something to attack immediately.

http://www.idg.net/ic_240805_1794_9-10000.html

I handle systems for a large Chicago hotel and anytime anyone sends anything encrypted I get a flag from Corporate. I then have to confront the person and if they don’t have a good reason they can be terminated.

Our policy which everyone signs says they can terminate you immediately for using Email or Internet for ANY non-hotel related business, without any further disiplinary action.

I’m not sure on the exact way it works but we have a lot of snooping going on. Of course whenever I sign people up the first thing I tell them is "You have NO expectation of privacy and the hotel corporation does read your emails and internet transmissions.

The only time I’ve been flagged for encryption has been for people ordering like prescription refills over the internet or somebody buying something off of eBay (which is an approved Site as our hotel auctions off rooms there).

The only danger I see, is sometimes if I’m bored at lunch I’ll just audit it for fun. Then you might get caught. And truthfully if I was friendly with the guy I wouldn’t say a thing.

I think they are really only looking for like racist things or porn as one lady accidently sent her resume on the corporate list (it went everywhere including Europe, Asia, Australia…To anyone who was on email…) and no one said anything to her.

The real sad part is they probably spent millions on this software and our phone log has been down for 9 months (since our Y2K upgrade) So the hotel has no list of phone calls from which extensions. That I bet is far more abused.

The courts seem to give more privacy to telephone so what if you have your own personal laptop at your office and dial out using the telephone line to connect to the internet. Do it right and they would have a hard time even realizing you are not connecting through the LAN.