Unless you take steps, they sure can.
Leo, on the topic of “Can my boss see my mail and instant messages” you wrote, “If you are using your company’s machine, it’s safe to assume that your boss or IT department can see your emails and instant messages.”
Yes, but there may be an additional cautionary note, in my opinion. My son and daughter-in-law are both faculty members at a major university. They have their own privately owned computer at home. However, at home, they use their university faculty email addresses to send and receive email. So, isn’t it true that it’s not who owns the machine but the use of the university’s email system on campus or at home that opens the door to this kind of access vulnerability?
Actually, it’s both. Or either. And more.
And it applies to not only faculty but students at all levels of education.
Let’s look at what is possible when you use someone else’s hardware, internet connection, or online service — and if you need to worry.
Become a Patron of Ask Leo! and go ad-free!
Can my school see my email?
Using someone else’s hardware, internet connection, or online service can expose your activities to monitoring. Whether it’s your employer, school, or email provider, they can access your data. However, most individuals aren’t interesting enough to warrant this. For extra security, use encryption or a VPN to protect your privacy.
Someone else’s hardware
My original article discussed using company-provided or company-owned hardware like a PC. The issue here, of course, is that when the company provides hardware like this, it’s possible (and often legal) for them to install software or hardware that monitors how that computer is being used.
That could include monitoring everything from your keystrokes to what you see on the screen; and, of course, includes any email you send and receive as well as instant messages and more.
When you’re provided a computer by someone else, there’s no way to know they haven’t installed monitoring tools because some of those tools are virtually undetectable. And some companies do exactly that.
Someone else’s internet connection
In another article, I mentioned that your ISP can see anything you do.
The organization providing your internet connection can, if they have the inclination, monitor the traffic traveling across the connection they’ve provided to you. It’s much like an open Wi-Fi hotspot except that your ISP has the legitimate means to do it.
So even when you’re at work or school using your own computer or another computer you know is secure but using your work or school’s internet, they can monitor what’s going back and forth on the connection.
Someone else’s online service
The point that the questioner picked up on is that the provider of basically any online service you use can monitor how you use that service.
That means that yes, your email provider can read your email. If that email provider is your school (if you have an email address based on that school’s internet domain) then yes: the school’s IT department could look at what you send and receive.
That is true for every email service provider and every online service provider.
But are you interesting enough?
Now, one thing I’ve long said that few people seem to take to heart is that in general, you and I just aren’t that interesting. Your ISP, school, company, or email provider typically have much better things to do with their time and money than to spend it snooping on your correspondence.
Now, of course, if there is a reason for them to look, they can. But I’ll reiterate: most of us just aren’t that interesting.
Do this
So what can you do if you think you are that interesting?
When using someone else’s hardware, not much. Do nothing on your work computer that isn’t something you’d want your boss or others to know about.
As for the rest (ISPs, email, and service providers) it all comes down to encryption of some sort. If you use a VPN service, your internet provider can’t see what you’re up to other than the fact that you’re connected to a VPN. (But of course, the VPN service can then see everything you do.)
Encrypting email is difficult but possible, and that’s the only way to keep your email provider from being able to read your messages. Once encrypted, your email message cannot be read, but who you’re sending it to is visible.
For something that is definitely interesting, subscribe to Confident Computing: less frustration and more confidence, solutions, answers, and tips in your inbox every week.
Podcast audio
Related Video
There is a simple rule of thumb here. If an organization such as a school or business gives you an email address only use it for whatever you do for that organization and not for personal emails. Email address are easy to get.
“However, at home, they use their university faculty email addresses to send and receive email.”
I also do this so that I can “work” even when I’m not on my work computer, but I also have personal email addresses accessible on the same computer, for personal communication. Doesn’t make sense giving your friends and family your work email address because you may change your work someday.
No one who’s familiar with webmail should be falling into that trap. I know some people who’re stuck in the old ways of Outlook Express and Microsoft Outlook, who believe an email address is attached to a computer. When they configure an account, that’s the only way they know to do email from that machine, therefore the idea of using different email addresses for different things does not even enter into their reasoning.
If they are faculty members at a public institution, their email account and all its emails could possibly fall under an open records request. So, I would avoid putting anything too personal in an email to that account.
Can family members see everything i do on my cell phone if we have the same isp?
Typically no, but it really depends on how the account is set up and the technical expertise of the other family members.
So…using my school email to tell my crush I love her is a bad idea then?
Yes because they will be seeing your emails.
My school uses it’s own domain (@j***s.org) on outlook. They have disclosed that they filter all of the emails coming and going for key words (like drugs or suicide), however, is there a way for me to find out if and when they do look at my emails and to see what key words they may be looking for. I say this because when doing assignments on drugs, alcohol or anything like that the school often gives out punishments without looking at the emails
There’s no way to find out.
Can the school still monitor or access an email that I deleted?
There’s no way to know for sure. Depends on too many different things. It’s best to assume that they can.
Great article, thank you very much for writing it.
I have a question, my university gives us an email with a custom domain in G suite, something like “@***.com”, through that email we have access to storage in Drive, Photos, etc. In the same way we have access to office 365 (One drive) whenever we use the institutional mail.
Is it possible that my university can see the things that I save in Drive, Photos or One drive?
And if I log in to Windows or mac OS using my institutional email, is it possible that they can monitor my computer?.
Thank you very much.
They can, but there’s no way of knowing whether they do.
My belief, though I have no data to back this up, is that if they provide it, then they can access it.
If I send an email from my personal account to another person’s school account, will my school be able to see it?
You must assume yes. Whether they DO or not, there’s no way to tell.
Can they access things like my gmail when I use their computers on campus?
Because they can, I would assume they do. It’s the safest assumption. When I send an email using my university account, there is a notice that the communication is monitored. They don’t have time to do it all but they use monitoring software, so I write all my emails with that in mind.
Can they? Probably. They can at least see what you’re doing. Do they? No way to know.