If you are 'god'-level admin on any enterprise mail server I've ever used you can read users email or even manipulate it in transit. This is intentional, all business correspondence is property of the organisation.
I can confirm as a GSUITE Enterprise admin and that this is correct and is done at multiple companies I've worked for, for a variety of business use-cases (things like detection of data-exfiltration, compliance, regulatory monitoring, lawsuit investigations, etc...)
Courts (at least in the US) have repeatedly ruled that employees have no reasonable expectation of privacy when using company email systems.
> all business correspondence is property of the organization
This depends on the country.
Absolutely not in France (and probably most of EU), if by business you mean "within a company" (which would be aligned with the idea of looking at correspondance")
HN commenters are responsible for delivering valid criticisms in ways that don't damage the container. A thoughtful explanation will be better received anyhow.
You may be the first person who's ever asked that, even though I've been using that term for years [0]. By 'container' or 'commons' [0.5] I mean the capacity of this place to host thoughtful discussion and rich community interaction. An internet forum like HN is fragile [1]. It can easily succumb to flamewars and other destructive dynamics. When one user posts that way, it evokes more of the same from others. Actually it evokes worse from others, because they'll feel justified in striking back, and people always underestimate how hard they're hitting.
If that happens enough, the best users—who don't want to read snark, aggression, petty spats, etc.—will leave, ceding the field to the commenters who do, eventually driving everyone else away and leaving a scorched-earth wasteland [2]. The classic death spiral of an internet forum.
HN started [3] with the idea of trying to avoid that outcome [4], or at least stave it off [5]. Think of it like a complex but fragile ecosystem that needs protecting. Since we all benefit from the ecosystem, we're all responsible for protecting it, much as you wouldn't leave a campfire burning in a dry forest, drive a 4x4 across a mountain meadow, litter in a city park, and so on.
The bonds that hold HN together are weak, because we only have access to tiny blobs of text that are open to misunderstanding. Users don't have relationships that can sustain disruption and still be repaired; the group is too large. Since the organism can't easily repair itself, it needs not to take too many hits in the first place.
Most of the damage is thoughtless rather than malicious. The solution is to become more conscious about the goal of the site and how to further it. This isn't really an ethical question. We're not telling people that they should be good (maybe they should, but who is an internet moderator to tell anyone that?) Rather, it's an optimization problem. We're trying to optimize the site for curiosity [6]. That requires overcoming the default tendencies of the internet, and for that we need to sustain a certain culture.
In the Netherlands there was a court case which ruled that an employer cannot just read an employees work email, as even work-related emails are considered private information.
There are some exceptions of course: if you notify the employee and have a justified reason you can check some emails. So it's not outright forbidden. It matters a lot on the case and what you did, exactly.
I'm not aware of the situation in other countries.
I like this personally. I can have a private conversation with a coworker in the break room, why not by email? If I wanted to include my boss I would have CC'd her.
This is not the current state of the law in the US however.
This is a large part of the justification in Europe - that the conventional expectations of (some degree of) privacy should extend into new mediums, because work makes up such a substantial part of our lives that employees need to accept that parts of employees private lives will happen at work, and they need to act accordingly.
Moreover, a lot of computer systems in the USA, for decades, have included a message telling employees that their access and use of the computer may be monitored, which seems similar to me to a sign in the break room letting you know if video/audio recording is in progress...
Ask the former secretary of state how well that went for her.
It's not always an option, even if they can't read your email casually, your company may still have perfectly legitimate reasons to keep it under their control for reasons of auditing etc.
In some of the regulated organisations I’ve worked in, every single piece of email, web, or IM traffic has been scanned. At a minimum for DLP and malicious content reasons, and usually by profanity/obscenity filters too. How could that possibly work with such a regulation? Every communication is read, at a minimum by a computer, and if you trigger an alert, it will usually be read by a human being as well. If such a regulation allowed for that to take place, then it would be a very weak privacy regulation. If it didn’t allow for that, then it would interfere with the basic compliance requirements of a lot of industries.
So it turns out you're wrong and the GP is right. Of course it's technically possible, but not legally. Many European countries do have these protections, even in the fairly privacy lax UK it is illegal to read employees emails unless you have a reasonable reason to be doing so.
Even if you do have a good reason, perhaps they're ill, you're not allowed to open them if it's obviously not from a business contact or it's obviously a private email. So reading an email from an employee's spouse or girlfriend would be illegal.
In my industry it would be explicitly illegal not to log and monitor all employee emails when they are using a corporate email or a personal email if that personal email was used for business purposes. This is by design and not contradicted by any privacy laws.
Security guy working in fintech: this is true of many industries that need to adhere to regulation or compliance, including:
1. Finance
2. Medicine
3. Aeronautics
There are likely more I'm personally unaware of. In finance, which I'm most familiar with, lenders (sometimes banks, but can be things like credit unions, marketplace lenders, or investors) have a laundry list of regulations they need to meet in order to business in the US. Many of these regulations explicitly require that the lender produce any and all communications between the lender and borrower on-demand--and for good reason.
There's a long history of bad actors in finance lying or misrepresenting things in official communications (fraud, embezzlement, money laundering, etc). If you work for any finance company, you had better expect that everything you do on your corp accounts/devices will be logged, audited, and periodically reviewed.
That said, the only time I've heard of an employees' email being pulled out of an archive and read were due to concerns around IP theft or questionable behavior between said employee and business clients.
Many of these regulations explicitly require that the lender produce any and all communications between the lender and borrower on-demand--and for good reason.
This is why traders WFH during coronavirus lockdowns is so problematic; not only a lack of externally accessible recorded phone lines but the impossibility of policing OOB communications when the local compliance guy can’t physically see you talking on your mobile phone.
Then it should not surprise you to know that phishing attempts have spiked in recent months. The pandemic has sewn much chaos, and bad actors are taking advantage. :(
What really concerns me is that these phishing attempts are just the attacks we're observing. Many more will go unnoticed given how ad-hoc current work environments have become with so many organizations going full-time remote overnight without the IT/security systems and processes in place to safely support it.
Is that really a limitation of WFH? Even when someone is in the office, if the intent is to bypass monitoring someone can use their phone. I tether my laptop to my phone all the time on client sites (instead of fighting with yet another captive portal).
I’ve been privy to how a few of these highly regulated organisations are handling WFH, and the main challenges they seem to face are compute/network capacity on their virtual desktop/VPN/conferencing/instant messaging infrastructure. Which usually tend to be hosted on site. Of course people could bypass the systems completely, by say getting a private slack for their team. But doing so would (usually) be a policy violation, and from a compliance perspective, policy is often a valid control. Not all regulations require technical controls, and if they do, there’s often room to make exceptions to implement alternative controls when circumstances require it.
if the intent is to bypass monitoring someone can use their phone
Not if phones are checked in at the security desk when you arrive, there is a phone jammer operating in the building, and compliance staff are patrolling to make sure no one has smuggled a phone in. These measures are normal on most trading floors.
There's typically a retention period. I'm not clear on what that retention period would be for aeronautics, but 3 months to a year isn't unusual in fintech.
I know that in some parts of the world using a work phone or work email for personal use is protected (I think it is a little silly, but not a big deal), but that's not quite what you sound like you're describing.
I'm not at all sure that I've heard of many places where your employer explicitly ISN'T allowed to access employer provided resources.
If that were the case generally I'm not sure how anyone would even provide security or etc.
Where I work, anyone in the world can read my emails. You just have to make a request, and we have 15 days to provide the email. There are some cut-outs like attorney/client communication or health related, but pretty much any email I’ve ever sent or received is subject to inspection by any member of the public. (Most government entities have a similar law and it generally more open than the Fed’s FOIA.
Under what laws would it be illegal? I think it is completely reasonable for a company to have access to all data on company-provided accounts, so long as the employees aren't mislead into thinking it is private.
I don't know for the rest of the world, but in France you can indicate your mail being private by adding a prefix to the subject of your mail with "Privé". Then the "secrecy of correspondence"[1] apply. Some company restrict the usage of private messages using the company-provided mail, but it is not the default case.
The company cannot access those messages without your consent or without a suspicion of a crime (like a leak of data).
This is a big difference between Europe and US. I think different European countries require different levels of strictness -- it may be employer isn't allowed to even track who are the correspondents, let alone reading the email contents.
the reason for this power isn't just for abuse of power, it's literally to prevent fraud and reduce liability. You need to know if your dev is exfiltrating PII to his buddy who is a scammer, if your employees are participating in bullying or discriminatory behavior, etc. Work is work, it's not your personal life.
Some countries have limits on which emails can be monitored or how often it can happen. I haven't heard of any where it is forbidden.
I can't imagine how hard it would be to run a business in a jurisdiction where that would be the case. How would you handle audits, employee turnover, records retention, civil suits, etc?
Admin here. Of course you can. You should always assume you can.
Even if I couldn't read the email (which I can, but fortunately have never actually had the need to or done so), I can always reset a password and gain full and instant access.
You should always assume your employer can see your enterprise correspondence. G Suite or not.
> You should always assume your employer can see your enterprise correspondence.
Just to expand here. You should assume that your employer has access to _everything_ that you do with their assets. If you are trying to maintain privacy from your employer for whatever reason, do not use your work phone/laptop/email/etc.
You should also assume that your employer can take those things away instantly.
For example, one day your laptop forcibly restarts and afterwards you're locked out. Then a day later, you get the call that you were canned.
So always keep private communication separate and get private phone numbers / email addresses from coworkers that you get along well with. The company can delete your extension and email address, but with a bit of preparation that doesn't have to be the end of your personal relationships.
You should also assume that the email you "deleted", is still there.
Most email servers/services have a setting to keep deleted emails for a period of time. Most corporations also have a separate email server for execs that have different settings. This is above and beyond compliance settings that also email retention for different periods of time. Then there are also backups and archiving...you get the idea.
> assume that your employer has access to _everything_
I hear this a lot and it seems like sound advice, but always leaves me with questions.
Sure, my employer can see what URL's I am hitting, what applications are installed, their usage, and if they want they could even decrypt https traffic, take screenshots without my knowledge, key-log, turn on microphone and camera too.
I mean, I won't hesitate to open my personal gmail, read news, make comments on social media sometimes (like this), perform online "errands". At the back of mind, however, I wonder if someone is seeing what I am doing.
It makes me wonder, what is typical? Under what kinds circumstances would the most draconian measures (like screenshots) be taken? How much latitude are IT folks given? Are there ways to detect when really ugly things like keyloggers/cameras/mics being controlled by whatever "enterprise IT" software suite?
It seems IT folks don't talk about this much. The dominant advice is always don't use work computer for _anything_ but work. The reality is that almost everyone in every profession takes that advice with a grain of salt.
I don't think you need worry that your employer is watching everything you do. But they can and there are some common cases:
1 - some program is scanning ingoing/outgoing data looking for compliance violations (typically finance, some classified work; should be for medical privacy/PII but I don't see much of that happening). Also scans for liability issues such as porn at work etc. Easier to screen that stuff out up front rather than later, frankly.
2 - you have a highly restrictive job (e..g call center) and are being spot monitored from time to time; statistics are likely kept continuously. Distopian but yes, happens.
3 - Sysadmin ends up looking at some of your mail while debugging a problem or doing some investigation not necessarily related to you e.g. some employee is terminated for fraud: let's look at their correspondence, some of which -- innocently -- is from you. Or there was a disk crash and some data is being reconstructed, which includes your call logs or email or whatever.
The third case is the most common and is why there is often a blanket "we can read and get all your data" statement in the employee handbook. There are others, and you can guess them.
I think the truth is it really depends on your employer. I worked for one place that actively monitored and even recorded people's screens fairly frequently, and others where they honestly don't care in the slightest.
I see, but what did they do with that information? Did they just randomly browse employee's screens? What triggered that level of monitoring? Are there ways to detect when a screenshot is captured?
It seems like a lot of effort to monitor screens, it makes me think there has to be a compelling reason, and not just browsing around looking for "problems".
I was in the position of having to review people's browsing history, and occasionally their emails, at a large company. We were in charge of all internal investigations: phishing, malware, suspicion of IP theft or misconduct, and even micromanagers who wanted to see if their employees were slacking off or working at the times they claimed.
We never looked at anyone's activity without a clear reason, but that reason wasn't always very justifiable by my personal standards. However, I'd say most of it was necessary (like when tracing root cause of an alert or infection). My naive guess is this is probably pretty close to how it is in most big US companies.
For the times that were unnecessary (assessing "productivity"), our team, including our managers, always tried to provide as much evidence and guidance as possible that would work in the employee's favor, because we all knew it was complete bullshit and a big overreach. It's also very difficult to tell exactly what someone was or wasn't doing at specific times just by their browsing history. (We didn't have screen recording spyware or anything like that.) I'd say 98% of investigations were necessary and 2% were bullshit like those.
Reading emails or IMs was extremely rare and reserved for people replying to scammers/phishers, or accusations of serious misconduct or crimes.
> It seems like a lot of effort to monitor screens, it makes me think there has to be a compelling reason, and not just browsing around looking for "problems".
depends. it can often be chalked up to management having too much time on their hands, or busy work delegated to use up part of the day.
I worked for an ecommerce site that keylogged everyone's computer and was tasked with going through the recorded input for someone that quit on bad terms to find out "if she'd done anything". it was a colossal waste of time, and we only learned that she was into furry websites
Exactly, and even if your employer doesn't have logging software, they can get physical access to your laptop and look for logs and data manually. Importantly, you can't predict when and if this could happen.
> I can always reset a password and gain full and instant access.
AFAIK, resetting an individual GSuite account's password is the only way GSuite Admin can access individual account's emails. Is there any other way to get access?
In this article you will see how being a G Suite Administrator you can get a copy of your users sent and received emails without knowing their passwords or putting forwarding in their mailboxes
Got it now. Getting a copy of incoming + outgoing via BCC for an individual account's emails is not quite the same as accessing individual account's emails though.
For GSuite basic subscriptions, there is a 30GB quota per inbox, having BCCs for every account's emails will like exceed the plan allowance. I doubt it would work if you exceed the account quota allowed for the subscription plan.
With the Vault I can pretty much see and do anything. I can set up hidden forwards and even look at private Hangouts chats between people. I've had to use the Vault before to go into a 1 on 1 Hangouts Chat and delete a message from one of the parties.
Imaging Bob from accounting pasted a customer's SSN into a chat thread, group or 1:1... there countless things that shouldn't be posted in chat messages to live for eternity.
Some companies build it into their systems to automatically catch and mask that data, sometimes someone has to rollup their sleeves and do it manually.
I'd wager that 95%+ of orgs have tons of sensitive customer data scattered into chat messages in Slack, Teams, Hangouts, etc that would horrify most of us here.
You pretty much nailed it. My CEO revealed something he wasn't supposed to. Asked my help in removing his own message at his own request. I'm the only one comfortable with this kind of manipulation (I'm CTO here) and I'm happy that there's an audit trail of it as well to keep my position honest too.
This. One of my less enjoyable jobs, as an admin, would be going into the GSuite jungle to track down and delete emails and messages containing data that clients had sent to us, or one colleague had shared with another, which included personal information that we were not supposed to be storing or processing because GDPR. Or tracking down a former colleague's 1-2-1 email exchanges with a client which included a work spec, or agreement for a change request, which the client later denied ever agreeing to because they didn't want to pay the bill.
My least enjoyable job would be going into the admin to recover emails "deleted" by disgruntled employees who got wind that they were about to be let go. Why they tried to delete their emails - I'll never know. They should've realised that Google hates deleting anything from their clouds.
One of my happiest days at that job was the day I got told I didn't have to be a GSuite admin anymore and could go do some proper coding work instead.
Not OP but if party A is harassing party B (read: "sending unsolicited dick pics"), I could imagine circumstances under which the sysadmin deletes messages that party B has received. (After HR and lawyers all around have been looped in by all parties, and copies of the messages have been forwards to the lawyers.
Also consider that the first amendment isn't absolute and there is certain material that is highly unsavory, eg child pornography, that party B doesn't even want the potential of possessing.
There are certainly nefarious usages for that level of access as well, but I can imagine legitimate usage exists as well.
In addition to Vault, an administrator can easily set up an SMTP route through the admin interface to copy-and-forward all inbound or outbound mail (delivering copies wherever they please). Of course, this would only catch messages sent or received after setting up the route.
Edit: an administrator can also create an API token with org-wide credentials, allowing her to read, write, and delete messages from any user's inbox.
I'm pretty sure you can't do it via the UI but if you use the API you can delegate access to any account in your organisation without confirmation. Once you've delegated access to that account you can then login as that user via the standard user switcher that appears if you have multiple accounts.
My team has written an integration with Google's API[0] to explicitly pull back the full bodies of emails for all users across a whole organisation, to run some analysis on all emails.
Once our service account has been granted access, we can assume the role of any user and access anything we have permission for. So, you should assume your IT administrator can also access all your emails, since they're likely to be the person that grants permission to the service account.
I had an employer who insisted that after I leave, every email I receive to my corporate address be forwarded to him. I remember asking a lawyer how legal this is and not receiving a conclusive answer. (Still interested in an answer for CA+NY if someone knows)
Just so I understand what you're complaining about:
1) you worked for a company
2) the company provided you with an email address via their corporate email system
3) you left the company
4) the company wants to read email sent to your work email address in their corporate email system
Yes, it is totally legal for them to do that, there is no question, and it wouldn't make sense for it to be any other way.
Consider this: your former employer receive a closed envelope addressed to you, c/o workplace, from a medical clinic. Would you assume the employer could open and read this mail?
I'm sure jurisdictions vary, but in Norway, excepting any written concent, your employer may not read mail addressed to you by name.
Personally addressed work email likely (but not certainly) fall in a similar category.
I get the analogy, but I'm really not sure it applies in practice.
Like, who would use their work mailing address with a medical clinic? The only physical mail I've ever had sent to my workplace is maybe the occasional December parcel that I need to conceal from its ultimate recipient. We're long past the days where anyone's work email address is their only (or even primary) email address.
Someone working somewhere "temporarily" (however long that may be) and living in company-provided accommodation, or where that is more secure than private accommodation.
- A politician with a state-provided residence in the capital city.
- A soldier living in a barracks
- A teacher living at a boarding school during the term, or someone very senior at a university with an on-campus house/apartment. Or a PhD student.
Those are good examples, though in most of them it's still clearly a residence, not a workplace. So I would expect there to be protocols in place for securely forwarding items which are personal in nature— particularly since this is not a tech problem, it's something people in these kinds of roles would have been dealing with decades ago.
Certainly for myself many years ago as a university student, I acknowledged that my lodgings were temporary and had anything of any importance at all sent to my parents' address.
> We're long past the days where anyone's work email address is their only (or even primary) email address.
You'd be surprised. For those of us here on HN, your statement has been true for decades (for some of us).
But for the average 'worker', there are still way too many who's only computer is the 'work laptop' and who's only email address is 'the work email address'. This tends to be the tech-unsavy and/or tech-fearful crowd that falls into this bucket (who also don't browse HN, so we never interact with them here), but they are still present, and there are far more in this bucket than most tech-savy folks realize.
But for the average 'worker', there are still way too many who's only computer is the 'work laptop' and who's only email address is 'the work email address'
As recently as 10 years ago I would have agreed but now smartphones and tablets are so common I think more people have an email-capable personal device, and probably a “free” email address.
Just about a month or so ago the union at $job emailed around to again warn members that, yes, management does monitor your work machines, and indicated that just recently several employees were targeted for using their work laptop at home, after hours, for personal purposes, and one of the personal purposes was one of the specific 'uses' (porn) that management keeps a close watch out for and goes after users for accessing on their work machines.
If there is no question, why is this dehumanizing practice completely illegal in many European countries?
The productive part of the population is treated like children in the US. Daddy gives you health insurance and reads you diary. If daddy no longer likes you, daddy cancels you health insurance but still reads your mail.
I think the UN Convention on the Rights of the Child, which includes a right to privacy, should restrict "daddy" from reading his child's diary, although it's not clear to me if there are limitations to this.
I've had experiences where I've emailed people who left and received nothing in response, only to find out days/weeks later via other means that person left the company.
I've also experienced where I've emailed people who left and received immediate automated replies informing me of the change and providing me with a new contact person.
I've never, ever experienced a time where I've emailed person@company[dot]com and received a casual reply like "Hey man, I quit that place. Hit me up and we can grab beers!"
And I think anybody would be shocked if that were the case. Especially if you kept getting those emails as a former employee and no other current employees were getting them also. Nevermind mailboxes cost money or physical resources most of the time. To expend those resources to all former employees indefinitely is not practical. And I don't want to keep my mailboxes at former employers anyway. I have enough notifications on my phone to be batting away vendors and suppliers from previous employers.
To be clear, this was the employer refusing to close the email account / set up an out of office, they just wanted all email redirected to them. Nobody said anything about being able to continue using the email.
... this is totally reasonable for an employer to do. For example, sales person at a company. Probably sent/received many emails that are relevant to sales at the company, rather than using a mailing list (I see this a lot). After the sales person leaves the company, the company needs to maintain relationship with the people who worked with the sales person. Keeping the old email open rather than dropping them on the floor makes sense (otherwise your customers will hate you).
Ownership of the email address/account is important. If you're using a corporate account, communicating on behalf of your employer, and have been informed ahead of time that all emails from said account are monitored, I don't believe many people could reasonably argue an expectation of privacy for personal correspondence in such a setting.
Additionally, if you work for a company or industry where such correspondence must be preserved and tendered on request due to applicable laws or regulations, such organizations are legally required to have access to all employee emails.
That is standard practice for literally every corporate email account I've ever encountered in 15 years of IT work. You do not own your company email address anymore than you own the extension on the phone on your desk at work.
It's the company's email address, they can forward it whereever they want. Forwarding an employee's email to their supervisor upon departure is standard practice is many companies.
This is one of the reasons using your corporate email address for anything outside of work is a poor idea. I know some who chafe at using a corporate email address even while doing work for the company, not because they think it's inconvenient or an invasion of privacy, but because they lose access to it and people may contact them at the old address and not be able to find them afterwards.
This is standard practice, it's not your email address, you are just using it for work, and your employer needs access for a variety of very obvious reasons. This should not be news to any technology professional and it's mind-blowing seeing these comments on HN.
The question is fair. Capability does not guarantee legality, and there are plenty of cases where an individual who can access an email is not legally entitled to:
1. My ISP provides me internet access, but they are not entitled to collect my bank information when I access my bank account.
2. Depending on the nature of the corporation, it may not be legal for an individual to forward emails in the manner described. Consider: what if the email account belonged to a lawyer or doctor? Client confidentiality probably trumps many other legal concerns here.
3. Is said manager part of the IT/InfoSec department within this organization? If not, they may be circumventing organizational controls, which in itself may not be legal.
Then consider that it's mindblowing to you because you're not used to any of the many jurisdictions where there is a legal expectation of (some) privacy at work.
Under European data protection laws, for example, many countries have considered the privacy restrictions to extend to employee e-mail addresses.
This includes Norway, for example, where employees have extensive rights to prevent employers from accessing their corporate e-mail accounts without substantial safeguards to prevent them from accessing personal information, and including rights to be notified where possible, be present, be able to respond and challenge the access etc.
You can find a lengthy (in Norwegian, though Google translate ought to do a decent job) walkthrough of the rules here [1].
The confusing thing for me here is why you would assume you would be able to receive any mail addressed to your old corporate address, in order to forward it. Or did I just misunderstand what you meant?
The corporation owns the email server, so their choice when you leave for whatever reason, is either to disable the account entirely (or give a bounce message) or keep it active.
Is your question really on the legality of the latter case, i.e. once you've left a company can they keep your email address live and perhaps even respond from it?
I never assumed that. To be clear, this was the employer refusing to close the email account / set up an out of office, the CEO just wanted all email redirected to them personally. Nobody said anything about me being able to continue using the email.
Gotcha - it wasn't actually clear from the way you wrote it originally.
So in that case it is really jurisdictional. The US falls down pretty heavily on the corporate-owns-everything, but not everywhere does.
In my experience It's pretty common for companies to retain emails of people who have had outside contacts at least for a while, so nothing gets dropped on the floor, usually redirected to a supervisor or whomever took over the projects.
As a sidenote: If you have an Android phone and your work uses Gsuite, you may want to double check privileges you're giving your company by being signed into your Android phone.
Your employer may be able to wipe your phone, track it, etc. Instead, I installed a different browser dedicated to logging into work email.
If your employer enrolled "your" phone in MDN/Device Management, then they can do whatever (inc. remote wipes). But more than likely it is their phone if they did that. Simply logging into GSuite doesn't allow that.
Individual apps can wipe their own data, but apps don't have the arbitrary ability to wipe the entire phone. Even Google's apps.
To quote the docs:
> [0] Before you can wipe a user’s mobile device, you need to turn on mobile management. For details, see Set up mobile device management[1].
PS - I'm responding because this myth that simply retrieving GSuie/Office 365 email allows device wipes just won't die. That isn't how any of this works. Enterprise device management requires special device enrollment, simply signing into a random email app isn't it.
On Android, in the old days, an app could be registered as a "Device Administrator". When you set up an Exchange account on the device, the email client requested the user to activate device admin before it would sync email.
If the user clicked the activate button, the email client would have permission to reset password/wipe device, etc. [0]
This didn't require enrolling into any MDM software.
It's quite common in my experience to require enrollment to be able to get access. And it's not always the company's device, employees can choose to enroll their own devices if they want mobile access.
Having added a few work accounts to my phone over the years, the verbiage that the phone gives you is at least very specific (at least on Android) as to what power the employer has with your phone. At one point, a prior employer tried to require device management to sign into their GSuite email, and I got a prompt saying that it was required and that they could wipe my phone at will. I then removed that account from my phone and told my employer why. They backed off of that policy and later set up one less broad (i.e. they could wipe the account, but not the entire phone).
Nowadays most setups allow employers to wipe the work profile but not the whole phone (and again, this is explicitly stated to the user upon adding the profile).
Also, Google Chat doesn't have a mobile web version. If your company uses it you'll probably have to choose between allowing the company access your phone, or limiting your Chat usage to computers. For me the latter was an easy decision, also helps to draw the line between working and time off.
Most of my peers have gotten around to gettng a second phone to not have to keep up on what the current rules are regarding what is and is not private on a device used for work.
I recently had to wipe my phone and changed from full-access to work profiles and it's nice to have that clean division between my work account and personal.
I think that people dont realize that they shouldnt use work email for personal correspondence. Its even less private than a free email service like Gmail. In the late 90s/early 2000s I was an admin at a fortune 500 company and people would move to different geographic BUs often. When that happened, we had to migrate their email accounts. The practice at the time was to robocopy their home drive and export/import their exchange mailbox. We would then reset their password and validate things were in order. I would never outright read someones mail, but you would be surprised what was at the top of someones inbox in their work email.
Additionally, when robocopying their profile data you would see their internet history(each visited/cached site, cookies, etc). I couldnt believe the number of VP/C level employees that would have vast quantities of porn and shady history on their work machine. no judgement here, but if worker bees had the same content they would be fired without question.
Do what you want on your own time or computer, but dont expect a work PC to be private or not monitored.
I came here to comment that "of course" it was both perfectly possible and in at least some companies/roles/industries likely routine for them to do so.
I am very surprised by the number of people claiming it is illegal or not possible.
You should always assume your email (and the contents of your hard\network drive, your browser based activity, and everything you do, down to the key strokes) is being recorded and may well be being actively monitored by your employer (or anyone else with privileges on the systems you use). Similarly, anything you delete is unlikely to be actually deleted.
Your friendly local IT guy might be stealing your bank details or checking for people trying to unionize or just spying for a competing department. It's not "Nice", but no one owes you nice.
Why is this even a question? You're on a company asset, using company services, doing company business, handling company IP. You should have no expectation of privacy.
Also legal action can require the admin to have access to obtain this stuff. Also thanks to FOIA, there are government orgs that are required to comply with public requests for copies of emails.
G Suite has implemented recently an option that lets you email sensitive content with a timer.
The user receives the email and no content is in the email, instead a link is shown, and the content will be deleted after some kind of triggers (e.g. after X minutes, or after having been read once)
Now I would be interested in whether Google Vault retains those. Because it's a conundrum either way.
If google vault does retain it, you have sensitive content that people think are private but is not.
If google vault does not retain it, then accountability, auditing, liability, etc... goes out the window and google vault isn't a vault anymore.
If your organization enables Gmail confidential mode, Vault can hold, retain, search, and export all confidential mode messages sent by users in your organization.
Confidential messages sent after November 30, 2018 are visible to Vault in the mailboxes of all internal senders and recipients. Messages are always available to Vault, even when the sender sets an expiration date or revokes recipients' access to confidential mode messages.
Confidential mode messages and Vault
Vault can hold, retain, search, and export all confidential mode messages sent by users in your domain. Vault has no visibility into the content of confidential mode messages sent to your organization from external parties. If your domain uses Vault, carefully review how Vault handles confidential mode messages
To support Vault's requirement to access confidential mode messages, Gmail attaches a copy of the confidential mode content to the recipient's message.
Here's what you should know about this copy:
It's attached only when the message sender and recipient are in the same organization.
It's only available to Vault.
Senders and recipients cannot access the copy from Gmail.
Third-party mail archiving tools cannot access the copy.
To delete all copies of a confidential mode message, you must delete it from the sender account and all recipients' accounts.
>G Suite has implemented recently an option that lets you email sensitive content with a timer. The user receives the email and no content is in the email, instead a link is shown, and the content will be deleted after some kind of triggers (e.g. after X minutes, or after having been read once)
I knew that capability existed, and it sounds like a great avenue for phishing. People who routinely receive highly sensitive messages like that are going to be more apt to open a link than my mom, who is aware of phishing and whose spidey senses would be tingling.
The Office 365 one (at least, for a long time) looked just about like a phishing message because it was an email from Microsoft asking you to click on a link. Especially if Outlook blocked the images (as it does by default).
If history is off, messages are deleted after 24 hours.
Vault can't hold, retain, or search direct messages that are sent with history turned off. Check with a Vault admin to confirm that these history settings comply with your organization's data retention obligations.
Semi-relevant, and a discussion I've had in the past in regards to Slack DM's. My company was a guest in our client's Slack workspace so this was an internal anxiety. Short answer, admins have the ability to view private messages after jumping a couple of hoops:
Slack Plus/Corporate: "This type of export includes content from public and private channels and direct messages."
As a Slack admin, I changed the default retention period from "forever" to "1 year". Old Slack messages are more likely be a liability as a benefit, for the company as well as individuals.
If you want to store something important for the long term, Slack is not the place to do that.
I am aware it's common, and perhaps unavoidable so long as administrators can reset users' passwords, but it's always struck me as strange.
In many organisations the guy who operates the mail server does not have the same seniority as the CEO, and neither would they be read into every commercially sensitive project, every HR, disciplinary, or employee medical discussion.
So it seems odd to me that IT administrators, who are often such sticklers for security and opponents of the idea of trustingly granting overly-broad permissions, would even want the ability to do an end-run around information isolation.
>So it seems odd to me that IT administrators, who are often such sticklers for security and opponents of the idea of trustingly granting overly-broad permissions, would even want the ability to do an end-run around information isolation.
You're not wrong but:
* It's necessary for someone (or some group) to have these powers in order for anything to work.
* Usually everything you do as an Admin is logged just like for the users and you cannot purge those logs or not without drawing a lot of attention or making it obvious you did so. So you too will eventually be caught and punished if you abuse these powers. You have more power but not infinite power as there will be other admins watching you and if a log file suddenly disappears at the same time you make some strange stock purchases you may be asked difficult questions...
It's also worth noting that humans are surprisingly honest. Millions of workers have access to your medical records, your bank accounts, information useful for insider trading or state\company secrets. And it's pretty rare that anyone steals any of it. If anything, humans are too willing to keep company\state secrets and we'd be better off if people leaked MORE (e.g. Sherron Watkins or Edward Snowden)...
It's a power trip, especially given most employees cross-pollinate their email accounts with personal email either accidentally or because they don't understand the repercussions of doing so.
Searching LastPass I (an engineering manager who knew from day 1 this very problem set) signed up to HBO Now and Task Rabbit with my work email - entirely by accident.
It's worse in email-obsessive non-technical roles like sales. They can spend 3+ hours per day in Gmail alone and anecdotally sign up for all manner of personal deliveries and dating profiles through that same work email!
Ultimately email providers like Gmail should do a better job separating professional and personal accounts and informing their users how little privacy they actually have. I heavily blame GMail's multi-account selection interface and how non-technical users can struggle to change the default account they are logged in under. I think the odds of Google warning users to worry more about their own privacy is slim to none. /rant
Oh, the IT admins are definitely not reading the emails or flagging them unless the CEO tells them to. Example use case I've seen is, who leaked this sensitive internal memo and let's just check if someone was dumb enough to forward it directly from their work email.
on a more serious note, this is only the case for small businesses. in anything larger, security practices like separation of duties and minimum required permissions strongly mitigate this problem. you cannot eliminate it by definiton; there is always a ring 0.
Because every time I log in to Google with a web browser, no matter what device I'm using, it pesters me to install the GMail app on my phone because it's "better" and "safer" and "more secure."
Funny how "I don't want the GMail app" is the only piece of my existence that Google seems unable to keep track of.
"More secure" is different than "more private." I absolute trust that Google can prevent unauthorized parties from reading my email. The issue is what parties are authorized.
Funny story: I was creating a script that would download attachments from an arbitrary (enterprise) gmail account, then do some processing on it. This was basically a hack we devised because there wasn't an API to fetch the file we needed programmatically, but we could schedule an email to be sent with the file as an attachment.
I decided that I didn't want to deal with maintaining a gmail oauth token, so I went down the rabbit hole of getting my service auth set up as a gsuite admin. It turned out to work fine, no more oauth token necessary. But then I thought for a second, and changed the email address from the the junk one I setup specifically for this task to mine, and it worked. So I tried my colleagues (with their knowledge) and it worked as well. Turns out giving your service account admin rights means giving them full access to the entire company's accounts.
So with a sigh and a dammit, I went back to using the oauth token. I couldn't find any way to be a "limited" gsuite admin over just some set of email addresses; it was all-or-nothing. This seems like a strange oversight on Google's part, but I also could have missed some documentation.
I knew about the audit route, and I should add that at least for this method, the fact that you accessed the e-mails is permanently saved in the audit records.
While this means that yes, "the company" can read your e-mails, it also means that they can't deny doing it if it actually happened. Neither can a rogue employee do it without there being a record, assuming you have accounts properly setup and don't share account passwords.
Off topic: Wow, the layout of that webpage makes me sad. I have a 27" Full HD display, and holding a piece of A4 paper against the screen, each step takes up about the area of said A4 paper.
I've always thought it was crazy that we are so eager to use free third party centralized services for secure communications.
There has to be some degree of corporate espionage occurring when every startup and many mature corps are using everything from Gmail to teams to slack to discord. It would be really difficult to sniff out if the offending admin kept quiet. All you need is one person with access...and if you're a less than ethical executive it isn't hard to find a dev to do your bidding quietly.
I think it's safe to say you shouldn't expect any privacy when it comes to your work computer.
If you look in Chrome's privacy settings, you may notice: "Your administrator can change your browser setup remotely. Activity on this device may also be managed outside of Chrome". Considering I've granted Google Hangouts screen/webcam/microphone access, I'm assuming they can access my screen/webcam/microphone whenever.
It's probably best to assume that Google is reading your corporate email, analyzing it automatically, and using that information for something that benefits Google.
Is it insider trading if Google uses that to decide in what stocks to park their excess cash?
A little more nuanced: Google as a whole is almost certainly not doing this, however a subset of bad actors within Google almost certainly are doing this.
This seems like various security "holes" in unix where once you're root that you can do bad things. Or to quote Raymond Chen: "Well, yeah. It’s compromised because you compromised it."
I've always assumed that my chancellor/boss/attending will read every single email that I write. It changes the paradigm for how I write and I think for the better.
I think the admin always has the power to see things in all tools unless it's true E2E encryption which I think is very rare in corporate environments, or even non existent?
Company-provided end-to-end email encryption is potentially non-compliant with sector-specific laws. I'm thinking specifically finance, where companies have a positive requirement to monitor company-provided communication for insider trading or something like that.
More broadly, end-to-end encryption may put the employer at risk in some situations. In harassment claims, employers can become liable for harassment using company-provided channels because they're argued to 'enable' it. Providing a communication channel that doesn't allow them to verify claims during an investigation or stop ongoing harassment can expose them to greater risk.
To my knowledge, in Europe (or some European countries) it's illegal to monitor employee communications except in the context of a specific claim. In the US broad-based communication monitoring is generally legal unless someone can somehow prove that it's specifically used to prevent employees from organizing a union.
IANAL, take these as broad-stroke general impressions and not precise or accurate statements of fact.
What? If there's a company IRC server, and I'm using to encrypt messages locally, send them through the server, and then my friend decrypts them locally, where does the admin get access?
It really depends on the details, but one obvious answer is if the admin in question has root access to both of your workstations, which would be completely unsurprising in an enterprise environment.
For corporate communication where there is e2e encryption, the e2e protects the communication from viewing by the telecoms or similair, but the business is final party and the admin is the agent of the business and can use the final message as the business sees fit.
This of course depends on the structure of the communication, but for many industries, it is required by law to be able to produce communication upon request, and not doing so would be a crime.
Probably in your boss's office, around the time you're pulled into a meeting with the admin, your boss, and HR, and your boss says "So that message you sent over the company IRC on such-and-such day: what was in it?"
... with all necessary and legal steps taken regarding your continued employment at that organization should you refuse to voluntarily divulge the contents of the message or a way to decrypt it.
In some industries it looks more like this. You aren't allowed the IRC access, and where E2E is required for business function it is routinely MITM and logged. This is a legal requirement, as I understand it (think financial fraud).
I wonder if this applies to ad-hoc Hangouts calls made using corporate accounts as well (and specifically, ones which aren't explicitly set to record by the participants).
I couldn’t find a way that an admin could see any past Hangouts video meeting, but they do have access to all metadata. They can also enforce a setting to record Hangouts to Google Drive, which means those recordings would be accessible by an admin. It is unclear if recording can be enforced, but presumably, if so, Hangouts would give an indication that the meeting is being recorded. There’s also a setting to have chat logs on, which would then make them accessible by admins.
On the specific axis of email privacy: seems unnecessary in this modern era, where the practical solution to keeping your private correspondence private is to log in from a second browser session to an email account other than the one provided by your place of employment (ideally, running on a computer other than the one provided by your place of employment, talking to a network other than the one provided by your place of employment.
That's a lot of words to say "Use your smartphone email client and don't connect to the wifi", but there you go ;) ).
