Martin Gregorie; AC 20:39 -- Google is acting legally, but that is far from being "right"
@ AC 20:39 #
By Martin Gregorie Posted Wednesday 23rd September 2009 21:26 GMT
Anonymous @20:39 posts, "Quarantining the identified email for a temporary period of time (i.e. 30 days), upon the request of the sender, until the court order is received, is a much better solution - to protect thousands of people for the rest of their lives from identify theft."
Martin Gregorie @21:26 posts, "How does that work then? For a mail to be quarantined... This must apply to *all* mail since the MTA can't know who is likely to screw up. You do realize that you can't quarantine mail after its been delivered, don't you? So, who do you expect to hold the delayed mail and for how long? Are you seriously suggesting that all e-mail should be delayed for 30 days? Kindly get a clue."
If Google's search engine is worth it's weight in spit, they could find that email (source and destination email addresses), find out if it has not been read/picked up, and isolate a single email (move it) until they receive the court order, or just move it back after a period of time of not receiving a court order. The article mentions a single email - not all emails traveling through the MTA.
Reading the article, it seems the gmail recipient did not respond to the bank's first or second email. These emails may have never have been picked up. The longer the Google delays investigation, as the article suggests, the shorter the opportunity to protect every day people becomes. This lends credence to the idea of being able to find/move the single email in question.
Many people who use Google use it as a web GUI, which means the email is sitting on the server. Many other people who use Google use an IMAP client, where the email is stored primarily on the server. Sure, if the recipient already received the email and was using Google through an ancient POP3 protocol - there might be nothing able to be done.
Waiting until a court order before starting any cursory investigation is criminal since the effects could be so long lasting and devastating to the lives of so many people.
Should the bank be held responsible? Sure... but no amount of punishment could compensate for over 1000 people having their identities stolen, filing court papers declaring their identities stolen, carrying a copy of the court order around with them EVERYWHERE, and always being afraid that some day they may be improperly arrested because someone else with their identity may have committed a crime.
Anyone who has gone through the process of identity theft clearly understands what is at risk - this risk lasts the REST OF THEIR LIVES... no amount of compensation or punishment would ever fix a problem which would last the rest of their lives.
If someone is to "kindly get a clue" - it should be Google. Immediately find the email, try to move it (until a court order comes in), move it back if no order comes in. GMail is not guaranteed to be timely, it is store-and-forward, the rest of the email would be available, just the one email (which the person was not supposed to receive) would be affected.