[Quekid5]

The definition of acceptable use (and expectations of privacy) differs a lot between different countries. For example, in the EU, I believe that any personal email received on a work account is actually considered "beyond reach" of your employer.

I don't know, but I imagine that such considerations could easily extend to your password.

Btw, how did the sysop know that what he recovered was the actual password? I mean, it's unlikely, but at least theoretically possible that it was a false positive. The password hashes in those days were pretty weak... Just a thought; I don't think it realistically was a false positive.

[WBrad]

That is true, there are stronger privacy protections in the EU in general. I don't consider the actions here morally justifiable, just legally.

As far as it being the actual password, a false positive AND the fact he had been creeping on a coworker at the same time seems extraordinarily unlikely to me.

[Quekid5]

Agreed about the false positive, btw. It was just a hypothetical, but court cases ("beyond reasonable doubt") have a very high standard of proof.