(no title)
WBrad | 6 years ago
>In the abstract sense, it is wrong to invade privacy.
You have no real expectation of privacy when using company owned equipment. This was almost certainly spelled out to the employee in question in the acceptable use policy he agreed to upon being hired. Companies have to operate this way so they can investigate computers if compelled to by court or law, and so they can recover important information off computers when the user exits the company.
If he was using a BYOD computer I'd have a different opinion on the matter.
Quekid5|6 years ago
I don't know, but I imagine that such considerations could easily extend to your password.
Btw, how did the sysop know that what he recovered was the actual password? I mean, it's unlikely, but at least theoretically possible that it was a false positive. The password hashes in those days were pretty weak... Just a thought; I don't think it realistically was a false positive.
WBrad|6 years ago
As far as it being the actual password, a false positive AND the fact he had been creeping on a coworker at the same time seems extraordinarily unlikely to me.
yaseer|6 years ago
Acceptable use is cracking passwords in an investigation with just cause.
Acceptable use is a script to automate the checking of weak passwords, and notify users.
Unacceptable use is an admin browsing cracked passwords, without just cause.
I personally think acting on the information obtained afterwards is acceptable, but some would disagree.
Remember even in some courts, evidence obtained by police illegally cannot be submitted for trial.
I maintain these moral problems are hard ones.