Main Menu

Email Access

Started by grunt82abn, November 29, 2017, 05:38:10 AM

0 Members and 1 Guest are viewing this topic.

grunt82abn

Can anyone point me in the right direction, and give me the regulation that states it is allowed for Commanders to hack/break-in/access your Wing or Group email? Or where they are allowed to print and/or store your email messages on their personal computer to be able to track who you are speaking to and what is said?

Hypethetical example: Lets say I email the NHQ legal office and ask if it is allowed for a member to be in CAP with a felony. My email account gets hacked by the commander, who then prints off the email, shows it to me, and tries to use it to say I broke chain of command, and that by emailing NHQ, I am harassing this fine Senior Member by bringing up his past. Then states he is allowed to hack my email by USAF and CAP regulation.

BTW, I am asking for my sister's boyfriend's cousin's friend who lives somewhere out east or possibly out west. Thanks! 
Sean Riley, TSGT
US Army 1987 to 1994, WIARNG 1994 to 2008
DoD Firefighter Paramedic 2000 to Present

Holding Pattern

#1
CAPR 120-1

4. Monitoring and Privacy.
4.1. CAP reserves the right to monitor and/or log all CAP Internet Operations with or without notice, including CAP.gov email and all website communications, and therefore, members will have no reasonable expectation of privacy in the use of these resources.

12.1. Proper Use of CAP Email Systems.
12.1.1. CAP reserves the right to review, audit, intercept, access and disclose all CAP.gov messages created, received or sent over the system for any purpose. The content of electronic mail properly obtained for legitimate business purposes may be disclosed within Civil Air Patrol without your permission. Users shall not assume electronic communications are totally private and confidential; you should transmit highly sensitive information in other ways, whenever possible using approaches such as encryption, fax machine to fax machine communications (not including electronic facsimile services), or manual means.

12.1.3. CAP Email Systems shall not be used for:
12.1.3.7. Access to another user's email account without A) the knowledge or permission of that user - which should only occur in extreme circumstances, B) the approval of General Counsel in the case of an investigation, or C) when such access constitutes a function of the member's normal job responsibilities.

Luis R. Ramos

#2
Something like this should have been handled via a telephone call, not via email.

By the way, I have sometimes called NHQ direct, and my Group commander called me with the comment "You violated the chain of command, something like this should have been called to my attention, since Region was notified who notified Wing, and they called me." Several times!

So in the end, if there is something that affects CAP and you contact NHQ without notifying your commander, probably he will get to know about it and he will be upset.
Squadron Safety Officer
Squadron Communication Officer
Squadron Emergency Services Officer

TheSkyHornet

I would say that it's inappropriate for a unit Commander to access a unit member's official Wing-/Group-provided email account without that user's permission. It is not in the Commander's duties to use that individual's email address nor access it for reasons of inquiry.

If you contacted NHQ and they reply back and BCC your Commander, or forward the email to him/her, then it's within his privilege to discuss at that point. But aside from that, no, a Commander should not be "tapping" into anyone's user account.

When "CAP reserves the right," I take that as NHQ or officially delegated persons through memorandum, letter, or regulation.

We have Wing emails. I would expect that Wing HQ or higher may have access to go through my emails. Other than that, I would expect nobody within my unit to have access unless they are assigned to Wing IT duties.

All the "remain professional and avoid inappropriate conduct" aside, because that's not what I'm getting from the OP---If your Commander directly accessed your email, I suggest you take it up with him/her and plan to get a higher echelon involved if not resolved at the unit level. It shouldn't happen.

kwe1009

So to answer the OP:

CAPR 120-1

12.1.3. CAP Email Systems shall not be used for:
12.1.3.7. Access to another user's email account without A) the knowledge or permission of that user - which should only occur in extreme circumstances, B) the approval of General Counsel in the case of an investigation, or C) when such access constitutes a function of the member's normal job responsibilities.

So a unit commander can only access another member's email if:

  • The member has prior knowledge or it is an extreme circumstance (emphasis mine)
  • he/she has the approval of General Counsel
  • access is a function of the member's normal job responsibilities (like a single email shared by people with the same duties)

Any other access to a member's email is a violation of not only this regulation but CAP's Core Values.

To address the specific example in the OP, I do not see any issue with the unit's personnel/admin officer contacting NHQ to see if a person with a felony can join CAP.  It is a job function and doesn't need to go through the chain of command necessarily.  As a commander, I want my personnel officer to get me the correct answer, not go through me to get it or even copy me on everything.  If I have to be part of every inquiry, I might as well do it myself.  In this example maybe the CC should have been copied on the email to NHQ but I don't see it as being a requirement. 

I would have preferred that my personnel/admin officer contact the next person up (Group or Wing Legal/Personnel) with this question instead of going straight to NHQ.  Group and Wing staffs are there for a reason and too often they are skipped for various reasons (takes too long, they are clueless, etc.) but that just creates more work for those at the next higher level. 

dwb

Language is important here. If you're using a *cap.gov email address, you don't own that email. It's not your personal email.

"Hacking" your email is illegal, even if CAP does it. That said, using the tools available to email administrators to read the contents of email mailboxes is not hacking.

Email messages are stored in the sender and recipient mailboxes, and you don't control how your recipients use that email. It's a common practice for direct-to-NHQ correspondence to get sent back down the chain of command to deal with at a more appropriate echelon.

Lastly, you don't need to contact NHQ legal to get an answer to that inquiry. You just need to read the membership regulation CAPR 39-2. Specifically, para 3.2.1.4. Felony convictions may be the basis for rejection of membership. Note that "may" is not the same as "shall".

abdsp51

Another exanple of airing dirty laundry and sticking noses in where they don't belong.

Luis R. Ramos

Maybe I am wrong, but I took it the OP wanted a "second opinion" after being told what the regulations said by the unit staff.

Squadron Safety Officer
Squadron Communication Officer
Squadron Emergency Services Officer

Live2Learn

#8
Quote from: Luis R. Ramos on November 29, 2017, 03:39:16 PM
Maybe I am wrong, but I took it the OP wanted a "second opinion" after being told what the regulations said by the unit staff.

So, what are the "best" alternative avenues available to the OP to find an answer to the question?  I'd have to wonder why the individual chose to call whatever happened "hacking", why going to social media (captalk is quasi-soc med... even though participants are on occasion 'un'-sociable) would be expected to result in the OP's mind a "good" opinion, and why the OP chose to not remain in the CoC and ask Group, etc.  Or, since the OP evidently feels wronged, why discussing the issue with Wing IG, a Chaplain, or asking oblique questions of friends in another venue were evidently disgarded as options?   FWIW, asking this type of question here about a specific and current concern does not give (me, anyhow) confidence in the OP's judgment.

foo

I assume this involves a CAP-owned e-mail account, otherwise you wouldn't need to ask.

When I'm using my employer's resources, I operate under the assumption that all of my electronic interactions (i.e., e-mail, IM, web browsing, even telephone conversations) are subject to monitoring by my boss on behalf of the company's interests. Whether that's a good use of her time or a good idea in general are other questions.

Having said that, I don't think the regulations cited here make it clear a unit CC has the right to access a subordinate's e-mail account, unless a case can be made that doing so is "a function of the [CC's] normal job responsibilities." I rather doubt that.


MSG Mac

I think this might be a case of NHQ including the Chain of Command in the response, so they are informed about the issue. The example cited is whether a prospective member with a felony conviction can become a member. Since this requires a recommendation from the Wing Commander, it would be referred back to him. For that matter it should have gone to his LO in the first place along with documentation for a waiver of the membership standards. 
Michael P. McEleney
Lt Col CAP
MSG USA (Retired)
50 Year Member

Luis R. Ramos

#11
Another point is that we are hearing this from the OP side. He presented this as the squadron commander hacking into his email.

Maybe he misunderstood his commander coming back at him after said commander received the message from NHQ through the chain of command. However the OP not knowing that NHQ could / would send his info down, just assumed the said commander hacked his account.
Squadron Safety Officer
Squadron Communication Officer
Squadron Emergency Services Officer

Luis R. Ramos

Quote
Having said that, I don't think the regulations cited here make it clear a unit CC has the right to access a subordinate's e-mail account, unless a case can be made that doing so is "a function of the [CC's] normal job responsibilities." I rather doubt that.


But NHQ could have sent his unit CC a response down. This issue should have been handled at the unit first if it was not, and if the OP did not like the answer, then go up the chain. It appears the OP thought it was best to ignore the COC altogether, or did not like the answer he was given. So, NHQ involved the commander instead of the commander hacking the OP's email.
Squadron Safety Officer
Squadron Communication Officer
Squadron Emergency Services Officer

grunt82abn

I appreciate the info! Truly insightful and I will pass it along in hopes it will help my buddy's situation. Nice to have a resource to fall back on and get answers!!!


Sent from my iPhone using Tapatalk
Sean Riley, TSGT
US Army 1987 to 1994, WIARNG 1994 to 2008
DoD Firefighter Paramedic 2000 to Present

Eclipse

We can only address the the high level / general issue since
we have no way of knowing the particulars, and for those of us who
do user support, the things people think are "hacking" are both hilarious and troubling.

(For example, if you leave your email logged in, or are silly enough to use Outlook and
have your messages cached locally, on a shared PC, that's not "hacking" that's "reading".)

Assuming this is a CAP-owned domain, then thee is no assumption of privacy, at the corporate level,
meaning someone with the authority and the need could request that they be granted access to an individual
member's email.

I would expect that to be a Wing CC or Wing IT person, and access the messages through a means which
potentially reveals that access to the member, (i.e. password reset) not some random Unit CC, or
anyone else for that matter, just digging through messages "because".
(This can get muddier if the domain is handled at a lower echelon, which is why, even though I
am responsible for a large Group-level GSuite implementation that has been running in excess of
10 years, I think everyone should be on @wing.cap.gov, and get that email on joining.)

I can think of any number of scenarios in which legitimate CAP business is conducted via CAP
email accounts, but which a local Unit CC would have no right or authority to access, not
the least of which could be complaints or other personnel actions taken at a higher echelon,
outside activity, or similar.  Members are cross-posted all over the place, and an Enc CC,
for example, dealing with a personnel issue, parental complaint, or simple logistics, would be
none of the concern of his Unit CC, since in that case he reports direct to Wing.  Same
goes for an ADY Wing ESO, or IG Augmentee, etc., etc.

At a minimum, this is a a clear breech of trust and highly unethical, not to mention
possibly illegal (lots of variables).

Sounds like a whole bunch of direct conversations need to be had, starting with this Unit CC.

"That Others May Zoom"

grunt82abn

Quote from: TheSkyHornet on November 29, 2017, 02:38:59 PM
I would say that it's inappropriate for a unit Commander to access a unit member's official Wing-/Group-provided email account without that user's permission. It is not in the Commander's duties to use that individual's email address nor access it for reasons of inquiry.

If you contacted NHQ and they reply back and BCC your Commander, or forward the email to him/her, then it's within his privilege to discuss at that point. But aside from that, no, a Commander should not be "tapping" into anyone's user account.

When "CAP reserves the right," I take that as NHQ or officially delegated persons through memorandum, letter, or regulation.

We have Wing emails. I would expect that Wing HQ or higher may have access to go through my emails. Other than that, I would expect nobody within my unit to have access unless they are assigned to Wing IT duties.

All the "remain professional and avoid inappropriate conduct" aside, because that's not what I'm getting from the OP---If your Commander directly accessed your email, I suggest you take it up with him/her and plan to get a higher echelon involved if not resolved at the unit level. It shouldn't happen.
Apparently it happened to a friend of mine in another wing, we were talking over thanksgiving and he mentioned something and asked what I thought about it.


Sent from my iPhone using Tapatalk
Sean Riley, TSGT
US Army 1987 to 1994, WIARNG 1994 to 2008
DoD Firefighter Paramedic 2000 to Present

grunt82abn

Quote from: Eclipse on November 29, 2017, 06:21:33 PM
We can only address the the high level / general issue since
we have no way of knowing the particulars, and for those of us who
do user support, the things people think are "hacking" are both hilarious and troubling.

(For example, if you leave your email logged in, or are silly enough to use Outlook and
have your messages cached locally, on a shared PC, that's not "hacking" that's "reading".)

Assuming this is a CAP-owned domain, then thee is no assumption of privacy, at the corporate level,
meaning someone with the authority and the need could request that they be granted access to an individual
member's email.

I would expect that to be a Wing CC or Wing IT person, and access the messages through a means which
potentially reveals that access to the member, (i.e. password reset) not some random Unit CC, or
anyone else for that matter, just digging through messages "because".
(This can get muddier if the domain is handled at a lower echelon, which is why, even though I
am responsible for a large Group-level GSuite implementation that has been running in excess of
10 years, I think everyone should be on @wing.cap.gov, and get that email on joining.)

I can think of any number of scenarios in which legitimate CAP business is conducted via CAP
email accounts, but which a local Unit CC would have no right or authority to access, not
the least of which could be complaints or other personnel actions taken at a higher echelon,
outside activity, or similar.  Members are cross-posted all over the place, and an Enc CC,
for example, dealing with a personnel issue, parental complaint, or simple logistics, would be
none of the concern of his Unit CC, since in that case he reports direct to Wing.  Same
goes for an ADY Wing ESO, or IG Augmentee, etc., etc.

At a minimum, this is a a clear breech of trust and highly unethical, not to mention
possibly illegal (lots of variables).

Sounds like a whole bunch of direct conversations need to be had, starting with this Unit CC.
Thank you!!!


Sent from my iPhone using Tapatalk
Sean Riley, TSGT
US Army 1987 to 1994, WIARNG 1994 to 2008
DoD Firefighter Paramedic 2000 to Present

Geber

Quote from: kwe1009 on November 29, 2017, 02:55:35 PM
.
.
.

CAPR 120-1

12.1.3. CAP Email Systems shall not be used for:
12.1.3.7. Access to another user's email account without A) the knowledge or permission of that user - which should only occur in extreme circumstances, B) the approval of General Counsel in the case of an investigation, or C) when such access constitutes a function of the member's normal job responsibilities.

So a unit commander can only access another member's email if:

  • The member has prior knowledge or it is an extreme circumstance (emphasis mine)
  • he/she has the approval of General Counsel
  • access is a function of the member's normal job responsibilities (like a single email shared by people with the same duties)
.
.
.

I would interpret the regulation language to mean, if one is accessing by authority of 12.1.3.7.A that BOTH of two circumstances should apply:

First, " the knowledge or permission of that user" AND second, "extreme circumstances".

A scenario that, in my opinion, would satisfy this: during a "no play" mission, a certain CAP member is the liaison with local authorities and is expecting important mission-related email to her CAP Gmail account. The member unexpectedly must leave the command post, and gives her email userid and password to a trusted member who relieves her as the liaison. (Circumstances make it impossible to inform the local agency of the email address of the relief liaison.)

etodd

Quote from: grunt82abn on November 29, 2017, 05:38:10 AM

... tries to use it to say I broke chain of command, ...

Not being military, I've never fully understood when the chain applies and when it doesn't in CAP.  Maybe I've missed the outline of it in one of the docs somewhere.

Being a business owner who deals with other business owners and execs, I've always been one to start at the top (or as close to it as possible) for both speed and efficiency. Start at the bottom and you have too many folks who can shelve it because they don't understand it like the CEO does, or who will delay it because they have too many irons in the fire, or just don't want to be bothered with an issue that might be negative. And this can happen at every step up the chain. Delaying something that could have been handled in a quick phone call or email the same day, into a weeks or even months long nightmare.  Its a huge problem in the Public Administration sector, where 9-5'ers have little incentive to move quickly.
"Don't try to explain it, just bow your head
Breathe in, breathe out, move on ..."

foo

Quote from: Luis R. Ramos on November 29, 2017, 05:55:12 PM
Quote
Having said that, I don't think the regulations cited here make it clear a unit CC has the right to access a subordinate's e-mail account, unless a case can be made that doing so is "a function of the [CC's] normal job responsibilities." I rather doubt that.


But NHQ could have sent his unit CC a response down. This issue should have been handled at the unit first if it was not, and if the OP did not like the answer, then go up the chain. It appears the OP thought it was best to ignore the COC altogether, or did not like the answer he was given. So, NHQ involved the commander instead of the commander hacking the OP's email.

That could be, but it isn't what the OP described:

Quote from: grunt82abn on November 29, 2017, 05:38:10 AM
Then states he is allowed to hack my email by USAF and CAP regulation.