Email auditing

charlie derr cderr at simons-rock.edu
Tue Dec 11 17:40:40 UTC 2007 

Derek Broughton wrote:
> charlie derr wrote:
> 
>> Karl-Heinz Schulz wrote:
>>> I want that all incoming and outgoing email for a particular user is cc:
>>> into another mail box.
>>>
>>> What is the best way to accomplish that?
>>>
>>> Which tools should I use?
>> I don't think you should be attempting to solve a social problem with
>> technical means.   Which is my way of saying that I can't imagine a
>> scenario where anyone could convince me that this is an ethical route to
>> take.
>  
> Do you honestly think you have enough information to know there's anything
> unethical going on here?  

There's certainly the potential (and of course there's no universally agreed set of "ethics" in the first place).

> I have _exactly_ that situation, where I want
> messages to support at pointerstop.ca to be sent to myself and my partner. 

My personal opinion is that as long as every user involved is aware of what's going on, then of course it's fine, and there's no 
issue ethical or otherwise.  My initial reading led me to believe that this might not be the case.  Whether or not that was true, 
I think it's possible that folks could come across this archived thread when seeking information on how to make it happen (for 
whatever reason), and I think it's useful to alert people to the fact that just because a particular course of action is 
technically possible, there may also be reasons why it would still not be best to proceed with implementing it.

> There are numerous other cases where it would be both ethical and proper.  
> What about a large business where you want a record of every email sent to
> particular addresses. 

If everyone in the company is aware of the policy I again see no problem.   If this is being done (but without the knowledge of 
some of the employees), then it's almost certainly still perfectly legal (here in the US), but it would really take some serious 
convincing to get me to participate in implementing something like that (at the very least I would raise the issue with my boss 
and only follow through after I'd been convinced of the specific necessity of not informing folks and even then I'd probably only 
proceed "under protest" if at all).

> Or a lawyer who needs to ensure he can not
> accidentally delete any email he receives.
> 
> In any case, if the intent is really for a company to copy a user's email -
> without that user's knowledge - the _legal_ issue is that it's probably the
> company's right in most jurisdictions, and the _ethical_ issue is that an
> employee shouldn't be using company email for things that the company
> shouldn't be entitled to copy.

I feel differently.  I don't necessarilly feel that I'm somehow "more ethical" than you though.  I just feel we have different 
views of ethics (which is fine).  I'm looking at things from the other side -- that is, the expectation that most non-technical 
users have of their own personal privacy.  Even inside a business, I'd argue that it pays for the IT folks (or whoever) to not be 
  overly intrusive in terms of monitoring communication (because I strongly believe that employees who have a belief that the 
company they're working for is watching every single thing they do are likely to be significantly less productive than people who 
work for an organization that they trust is not violating their privacy).

And lots of folks don't operate within those constraints anyhow, that is, there are many system administrators whose job is to 
provide service to non-employees (and therefore the legal expectation of privacy is completely different).  For those admins (who 
can't fall back on "it's legal to do it, so I choose not to evaluate whether it's ethical"), a whole different set of rules comes 
into play.  My intent was simply to emphasize that just because it's possible to monitor a user's email without informing the 
user, my personal opinion is that this almost never *should* be done.   But of course, everyone is free to ignore my advice too 
(and probably lots of folks are). :-]


While I don't think this is really off-topic at all (ethical issues should be important to technical people), if it's going to 
cramp your style to only post reactions that are on-topic (by your own personal definition) to ubuntu-users, feel free to move the 
thread to sounder.

	be well,
		~c

More information about the ubuntu-users mailing list