Information Technology Email Investigation Guidelines
This document describes the Information Technology policies and procedures related to handling of emails related to transgressions of law or of questionable content.
Pursuant to the Computing Access Agreement, Information Technology does not monitor email content or email accounts. Minimal, short-lived logging is done on the system for performance and operational use showing messages queued for delivery or system load. Email account contents may be accessed for technical reasons (assisting users or system troubleshooting) without the knowledge of the owner.
Information Technology does not officially investigate or trace emails unless directed or requested to do so from College authority offices like Campus Police, Human Resources, or Student Life. In general all issues with objectionable email of a harassing or illegal nature must be routed through one of these authorities, typically Campus Police.
Members of the College community who contact Information Technology about this issue are directed to retain the message in its original form within their account and contact Campus Police. Campus Police then typically makes an incident report and determines whether the incident warrants action by Information Technology.
The majority of information used for tracing email is extracted from the message header. The header format is a documented standard and is constructed as a product of message delivery by all involved delivery agents (from the initiating client through to the final accepting server). To some degree this information can be used to verify the legitimacy of a message. To a lesser degree this information can be used to trace the message origin. However, mail clients are easily reconfigured to obscure the identity of the sender, semi-anonymous email agents (like Yahoo! and Hotmail) are widely used, and determined individuals can certainly add enough invalid header information to make determinations very difficult.
Emails originating from The College of New Jersey systems are typically easier to trace than messages originating from off-campus sites (this includes Yahoo! and Hotmail as well as emails from other personal or commercial systems).
Information Technology NTS staff will review the message headers to determine origin, destination, or ownership of the message as required. College UNIX account contents may be reviewed to determine what roles investigation-specified users and potential suspects play in the investigation.
In the event that an email must be traced through an off-campus system, Information Technology must request the assistance of other agencies. For email originating from or destined to other sites, respective system administrators at those sites may be contacted for assistance. Information Technology staff often contact system administrators at these sites and may be able to acquire the necessary information. Certain commercial email systems require legal documents before they will release account information. For these services (like AOL, Yahoo! or Hotmail) a court order or subpoena may be required to obtain the user identity and/or message contents of the suspect account. Campus Police handles acquiring legally binding documents and may acquire those documents and possibly the related account information before contacting Information Technology.
Information Technology NTS staff maintain close contact with Campus Police (or the appropriate investigating agency) throughout the division’s action in the investigation. Information retrieved by Information Technology is provided to the investigators with explanation as required.
In most cases the action taken against an individual determined guilty of a violation of the Computing Access Agreement is determined by College authorities. The typical action is to lock the user account for a specified period of time.