Helping people with computers... one answer at a time.

Whenever you do anything private on a work computer or network, you're exposing yourself to snooping by the company. Even when you delete private email.

If I access my private AOL e-mail from my company computer, read and delete it, where does it go? Specifically, is it stored/saved on the company's own server or on my computer's hard drive? Does it pass through the company's server and do they have access to it after it is deleted?

The short answer is that there's no way to know, really. It depends on your companies networking setup, their savvy, and how intrusive they want to be.

But it certainly can be, even though you might access your email via any of several different methods.

Let's look at how.

It's important to realize that at your company's site, they are providing both your internet connection and your hardware. They can, and in most cases have every right to, monitor anything and everything that you do using their equipment. If that's unacceptable to you, then you have exactly two options: don't do anything you wouldn't want them to see, or get a job somewhere else.

Yes, it's harsh, but it's also the practical reality.

Now I'm not saying that every company is out there tracking your every keystroke and taking the time to read every email you send. In fact, it's more likely that they are not.

"They can ... monitor anything and everything that you do using their equipment."

But they could. And you should be aware of that.

There are various approaches to accessing your private email at work. Each of them could be monitored by your company's IT department in various ways.

Webmail over an https connection.

We tend to think of https as a secure connection, and it is. Mostly. As it turns out it's possible, if the company controls the machine you use as well as the internet connection, to set up what's called a "man in the middle" that could decrypt the contents of an SSL connection and monitor it before sending it onto the remote mail server. It's complicated, and involves installing private, trusted root security certificates on each machine, so it's certainly not common at all. But possible.

Webmail over an http connection.

Anything traveling over an http connection can be monitored by your company's IT department without much effort at all. If you're reading your email via a web interface, and the URL begins with "http", not "https", then this is your situation, and all bets for privacy are off.

POP3/SMTP over a secure connection.

If you run a POP3 mail client such as Outlook, Outlook Express, Eudora, Thunderbird and the like to read your email, and your mail service supports it, most can be configured to use an encrypted SSL connection to prevent snooping. Unfortunately, just like web mail over https, these connections are also vulnerable to the "man in the middle" type of attack. Once again, extremely unlikely, but possible.

POP3/SMTP over a normal connection.

Unfortunately, the default configuration for most email programs is not to use a secure connection. The result is that just like http web mail connections, snooping on your email as it's being sent or downloaded is trivial for anyone who has access to the networking equipment that connects you to the internet. All privacy bets are, once again, off.

Instant Messaging Programs

These are worth mentioning because once again, IMs are typically not encrypted, and as a result extremely easy for network administrators to monitor and log.

All Types of Access

More likely is that whether or not the internet connection itself is encrypted and impervious to snooping, your company provided and managed PC is not. Some fairly simple spyware could easily be installed on your machine to track what it is your doing. Everything you're doing - whether it's emailing, instant messaging or even writing that whistle-blowing note on a USB thumbdrive you plan to take home before you email it.

I would guess that for companies actively looking to monitor their employees, a combination of clear-text network monitoring, plus spyware, would be the common way to go about it.

A Word About Deleting

The question was actually about what happens when you delete a message from your private email, having done so using company equipment and internet connection.

The answer is you don't know what happens.

It may still be stored in your browser's cache.

It may still be stored in a network monitor's log of your activity.

It may still be stored in some spyware's log of your activity.

Or it may not.

The bottom line is that I wouldn't count on the latter. If you have reason to be concerned at all, heck if you have reason to even think about this issue, then I would make sure never to do anything on your work computer and network that you wouldn't want your boss to see.

Save everything else for home.

Article C3624 - January 17, 2009 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

5 Comments
Ziggie
January 17, 2009 3:59 PM

one method that makes it extremely difficult for company IT departments is to connect to an SSH session on your home network, then tunnel through it using a Remote Terminal client (RDP, VNC, etc). Then, everything you do is on a remote computer (yours) using your home internet connection.

About the only way your company IT gurus will know what you're doing are regular screenshots of your workstation, which they are capable of doing, but tend not to due to storage requirements. however, this is becoming less and less of a deterrent..

--zig

Rahul Mehta
January 18, 2009 3:20 AM

A sure method would be to use your own laptop (or a portable email capable device) and your own wireless broadband connection. Since it doesn't use company's resources, IT can not tap it. However it still can be against companies policy unless you are doing it in your own time.

Steve Burgess
January 20, 2009 12:18 PM

Hi Leo,
I've made my living at computer forensics for a decade and a half now. Things always change, but for the moment, here's how I see it. In the US, mostly, anything you do on the company's computer, especially on the company's time, is likely to be something the company is allowed to look at and keep. It's not easy to completely remove email from a local computer (deleting doesn't do it), and data we've found on such computers has been essential in deciding the outcome of dozens of cases I've worked on. Webmail doesn't leave much on the local computer, but as you mentioned, a man in the middle might still be recording this. Outlook is encrypted, but backups may be stored on the company's servers, and Outlook files can be hacked to bring back deleted email. Most other email programs are text-based and leave lots of data laying around. I'd say a rule of thumb is that email at work is nonsecure, and your employer may even have a responsibility for filtering and keeping some of it. There's a video article discussing different types of email here. Hope it's helpful!

Richard Farrugia
January 20, 2009 12:22 PM

Very informative. Just what i have been going through when i was at work. Very good work pleeese keep it up.Honesty is always the best policy in respect to your Boss of course.
Richard

Sheldon
December 22, 2009 11:25 PM

Okay. Very informative all. Now, what if the internet connection is provided through an employers network, but you are using a personal computer to access your AOL or other email. I heard one IT guy say that the IT dept. could tell that an employee is on the internet, but they do not know where. Not sure if this is true. But what about the emails? Are they saved on the company network?

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.