Rule of Law

"The case underlines what should be obvious to Google watchers: Though the company vows to protect your personal data, it can be compelled by court order..."

Look, you've ended every article on this subject with some similar piece of vague but dire warning and to me it seems a little like FUD.

Just tell us - do you think that it is wrong for Google to obey the rule of law? Because the law is that Google - and anyone else - can be compelled by court order. Banks, supermarkets, ISPs, doctors - shock horror, they'll give it up when the correct and due legal process is applied. It's an outrage! No of course it isn't.

Ok, now tell us - have Google ever claimed that this was not the case? Did anyone seriously at any time assume that Google had god-like, government-ignoring powers that distinguished it from every other corporate entity on earth? No, of course not.

Put up or shut up. Leave vague innuendo and threat to the likes of Microsoft Linux studies. Everything you've given as evidence suggests that Google did the right thing, i.e. nothing until they were compelled by law. You might disagree with the law, but you can't seriously complain because they obeyed it!

I smell a lawsuit

Seems Google had no choice in the matter but I hope the account owner sues the pants off the bank and that, somehow, the judge responsible gets HIS come-uppance. These people should at least take technical advice before they make what appears to be a knee-jerk reaction without the know-how to back it up.

"the wrong Gmail account"

Does that imply there was a "right Gmail account" to send highly sensitive data to?

Yikes!

Err...

Was the decision to temporarily suspend the user's account because the mail hadn't been opened? In which case, it would seem quite sensible.

Also, you describe the person sending the mail as a bank employee, would it be safe to assume they are a former bank employee?

Repeat after me, "email is not secure"

"The case underlines what should be obvious to Google watchers: Though the company vows to protect your personal data, it can be compelled by court order or subpoena or natural security letter to divulge such info."

Sod that, I want to know whether or not the idiot at Rocky Mountain Bank got fired for sending personal data over an unsecured connection.

Reminds me.....

of the ability to "play" the UK Court system. As you will know Judges decisions vary greatly. There is a way to go before 1 Judge and if he makes decision you dont like then you can go again, and again and again etc etc UNTIL you hopefully find one that gives you what you want. Seems his Bank hit it first time.

Google A-OK With Me

I am actually encouraged that Google told the bank to piss off unless they have a court order. The bank would have threatened Google to do immediately what they wanted or else, and Google did not back down. I wish ISP's had at least this amount of backbone instead of telling the RIAA, MPAA, SOCAN, BPI, IRMA and such organizations user information because of intimidation tactics.

Quit blaming the employee

The employee made a simple mistake while following instructions that, at best, demonstrated an overwhelming lack of common sense and complete ignorance of how to protect electronic data on the part of the manager/supervisor that issued the instruction. There are far bigger fish to fry than the schlub who committed the sin of following wrongheaded orders.

maybe...

...the person who was the unintended recipient selected the 'mark as unread' option after they viewed it? Though I guess it doesn't matter, the bank would rather let people believe that it's unread and the information is safe. Maybe I'll go take a look at Wikileaks...

Careful - don't mix up two separate issues

1 - compliance. As any company, Google has to comply with local law, which raises interesting questions in itself about jurisdiction - Google Switzerland, for instance, has a problem as that is responsible for the whole EU but Swiss laws differ. So, for email security you'd like to hold it in a country that is fanatic about Data Protection and will require *evidence* or warrented suspicion before a warrant is issued (I would not call the UK RIPA 2000 a barrier to unauthorised snooping).

2 - custodial duties. Once a warrant has been issued, the question is what happens to the data released. You will find in most countries that there is are no real custodial duties imposed, so if you're a private banker or a GP you may find that your precious data is suddenly handled by a junior policeman. The joys of yelling "terrorist". There are, however, countries where data released under warrant is strictly controlled. In Switzerland, for instance, will you have an investigative judge, who is the only one to look at the released data. Only on evidence of crime can the exact data set that proves this be released for evidence.

I would not touch Gmail even if it was a Gstring, sorry. But I'm picky that way anyway, I intensely dislike people spying on me for dishonest reasons (I'm OK with proper due process, because I don't have anything to hide - I just hate abuse).

Oh, and I put my money where my mouth is - I just set up a new email system in Switzerland. Just have to write up the details..