Leo, on the topic of “Can my boss see my mail and instant messages” you wrote, “if using your company’s machine, it’s safe to assume that your boss or IT department could see your emails and instant messages.”
Yes, but there may be an additional cautionary note in my opinion. My son and daughter-in-law are both faculty members at a major university. They have their own privately owned computer at home. However, at home, they use their university faculty email addresses to send and receive email. So, isn’t it true that it’s not who owns the machine but the use of the university’s email system on campus or at home, that opens the door to this kind of access vulnerability?
Actually, it’s both. Or rather, it’s either. And more.
Let me explain what I mean.
Become a Patron of Ask Leo! and go ad-free!
Someone else’s hardware
My original article discussed using company provided, or company owned, hardware like a PC. The issue here, of course, is that when the company provides hardware like this, it’s possible, and often quite legal, for them install software or even hardware that enables them to monitor how that computer is being used.
That most certainly could include software to monitor everything from your keystrokes to what you see on the screen; and of course that means any email you send and receive, as well as instant messages or more.
Basically, when you are provided a computer by someone else, there’s really no way to know that they haven’t installed monitoring tools, because some of those tools are virtually undetectable. And companies have been known to do exactly that.
Someone else’s internet connection
In another article, I mentioned that your ISP can see anything you do.
The company that provides your internet connection can, if they have an inclination, monitor the traffic that travels up and down the connection that they’ve provided to you. It’s much like an open Wi-Fi hotspot in that regard, except that your ISP has the legitimate means to do it.
So even when you’re at work or school using your own computer or another computer that you know is secure, if you’re using your work or your school’s internet, then they can absolutely monitor what’s going back and forth on that connection. I’ll talk a little bit about how to mitigate at least some of that below.
Someone else’s online service
The point, which you picked up on, is that the provider of basically any online service that you use can monitor how you use that service.
That means that yes, your email provider can read your email. If that email provider is your school, by virtue of having an email address based on that school’s internet domain, then yes; the school’s IT department could be looking at what you send and then receive.
It’s true for each and every email service provider, and every other online service provider.
But are you interesting enough?
Now, one of the things that I’ve long said that to be honest few people seem to take to heart, is that in general you and I just aren’t that interesting. Your ISP, your school, your company, and your email provider typically have much better things to do with their time than to spend it snooping on your correspondence.
Now, of course, if there is a reason for them to look, they can. But I’ll reiterate: most of us just aren’t that interesting.
What to do?
So, what can you do if you think you are interesting?
When it comes to using someone else’s hardware, not much. When you’re at work, don’t do anything on your work computer that isn’t something you’d want your boss or other’s to know about.
As for the rest (ISPs, email and service providers) it really all comes down to encryption of some sort. If you use a VPN service, then your internet provider can’t see what you’re up to, other than the fact that you’re connected to a VPN. And of course, remember that the VPN service can then see everything you do.
Encrypting email, on the other hand, is difficult but possible. And that’s really the only way to keep your email provider from being be able to read your messages. Your email message cannot be read, but remember that who you’re sending it to, of course, can be.