"View / Not view PMs" permission for admins

[cyndisa]

First of all, I don't want to get into a debate about whether admins should or should not read members' PMs.  That's not my point here.  What I want to suggest is that a new admin permission be included for viewing or not viewing a member's PMs when signed in as that member.

Our community recently upgraded from 3.3.4 directly to IPS 4.  This was, as you can imagine, quite a shock in a lot of ways - lots a changes to figure out and adapt to.  Only in the past couple of days has it come to our attention that admins can read PMs so very easily by logging into a member's account.  Such a thing was not possible in 3.3.4, and quite honestly, I was shocked when this became apparent in IPS 4!  Why should my members have to sacrifice their privacy in this way? In general, this is a bad idea. In particular, we have extenuating circumstances (not criminal or the like) on our forum that make it even more troubling.

There should, at the very least, be a way to exclude the ability to view PMs from an admin's permission set. And, yes, I know that for someone who knows how, PMs can still be viewed in the database. But that's not nearly as easy as it currently is by signing in as another user.  The ease with which an admin could, theoretically, spy on members using a simple, otherwise helpful, tool in the ACP is what disturbs me so greatly.

I'm not disputing the necessity of an admin needing the option to see a user's PMs. There are several scenarios (none of which have occurred in our forum, thankfully) where it might be necessary to either look at them oneself or to provide them to law enforcement. My contention is that there should be a setting to either restrict or allow admins to see those PMs, during the course of their regular duties.

[chilihead]

When one is reported, moderators can view them too, for obvious reasons. Just FYI.

[MADMAN32395]

So just turn off acp access or member access for admins or certain admins. It's not fault of software.

[cyndisa]

Thanks, chilihead.  Yes, I know about the report system.  That's needed, obviously.

Although your suggestion works in a black and white world, MADMAN, and I thank you for it, it doesn't compensate for the reaction of members to a privacy issue that, until our IPS 4 upgrade, they never had to deal with.  In that sense, yes, it is the fault of the software.  I believe that blocking a certain module of a member's account from admin view (based on a toggle-able permission) would go a long way towards calming the fears and questions (and probable loss of members).  In my opinion, there needs to be the option for the administration to set such a permission to "not view PMs," thereby allowing administration to reassure members that admins can access PMs and will, if required by law, but that under normal operating procedures they cannot access the members' PMs.  Call it mere semantics, if you will.  But it feels necessary to me and to our community.

[MADMAN32395]

This was part of 3.x as well. Settings changed between the two releases. I had to reconfigure a bunch of settings on my setup to prevent similar things.