If I access my private AOL e-mail from my company computer, read and delete it, where does it go? Specifically, is it stored/saved on the company’s own server or on my computer’s hard drive? Does it pass through the company’s server and do they have access to it after it is deleted?
The short answer is that there’s no way to know, really. It depends on your companies networking setup, their savvy, and how intrusive they want to be.
But it certainly can be, even though you might access your email via any of several different methods.
Let’s look at how.
Become a Patron of Ask Leo! and go ad-free!
It’s important to realize that at your company’s site, they are providing both your internet connection and your hardware. They can, and in most cases have every right to, monitor anything and everything that you do using their equipment. If that’s unacceptable to you, then you have exactly two options: don’t do anything you wouldn’t want them to see, or get a job somewhere else.
Yes, it’s harsh, but it’s also the practical reality.
Now I’m not saying that every company is out there tracking your every keystroke and taking the time to read every email you send. In fact, it’s more likely that they are not.
There are various approaches to accessing your private email at work. Each of them could be monitored by your company’s IT department in various ways.
Webmail over an https connection.
We tend to think of https as a secure connection, and it is. Mostly. As it turns out it’s possible, if the company controls the machine you use as well as the internet connection, to set up what’s called a “man in the middle” that could decrypt the contents of an SSL connection and monitor it before sending it onto the remote mail server. It’s complicated, and involves installing private, trusted root security certificates on each machine, so it’s certainly not common at all. But possible.
Webmail over an http connection.
Anything traveling over an http connection can be monitored by your company’s IT department without much effort at all. If you’re reading your email via a web interface, and the URL begins with “http”, not “https”, then this is your situation, and all bets for privacy are off.
If you run a POP3 mail client such as Outlook, Outlook Express, Eudora, Thunderbird and the like to read your email, and your mail service supports it, most can be configured to use an encrypted SSL connection to prevent snooping. Unfortunately, just like web mail over https, these connections are also vulnerable to the “man in the middle” type of attack. Once again, extremely unlikely, but possible.
POP3/SMTP over a normal connection.
Unfortunately, the default configuration for most email programs is not to use a secure connection. The result is that just like http web mail connections, snooping on your email as it’s being sent or downloaded is trivial for anyone who has access to the networking equipment that connects you to the internet. All privacy bets are, once again, off.
Instant Messaging Programs
These are worth mentioning because once again, IMs are typically not encrypted, and as a result extremely easy for network administrators to monitor and log.
All Types of Access
More likely is that whether or not the internet connection itself is encrypted and impervious to snooping, your company provided and managed PC is not. Some fairly simple spyware could easily be installed on your machine to track what it is your doing. Everything you’re doing – whether it’s emailing, instant messaging or even writing that whistle-blowing note on a USB thumb drive you plan to take home before you email it.
I would guess that for companies actively looking to monitor their employees, a combination of clear-text network monitoring, plus spyware, would be the common way to go about it.
A Word About Deleting
The question was actually about what happens when you delete a message from your private email, having done so using company equipment and internet connection.
The answer is you don’t know what happens.
It may still be stored in your browser’s cache.
It may still be stored in a network monitor’s log of your activity.
It may still be stored in some spyware’s log of your activity.
Or it may not.
The bottom line is that I wouldn’t count on the latter. If you have reason to be concerned at all, heck if you have reason to even think about this issue, then I would make sure never to do anything on your work computer and network that you wouldn’t want your boss to see.
Save everything else for home.