Bank snafu Gmail missive never opened The confidential email at the heart of a roundabout US lawsuit against Google was never opened, according to the bank that accidentally sent the missive to the wrong Gmail account. This summer, according to court documents, an unnamed employee with the Wyoming-based Rocky Mountain Bank was asked by a customer to send some loan …
But Google will give out my identity! Everyone will know that my real name is "asasdsasdas jkjkjljkjk", and my home country is Azerbaijan. At least, that's what I wrote when I signed up.
Seriously, why be worried? Who uses a Gmail account for anything seriously important, and who the heck puts all their personal data into it? Yes yes tracing IPs and whatnot. But seriously.
"The case underlines what should be obvious to Google watchers: Though the company vows to protect your personal data, it can be compelled by court order..."
Look, you've ended every article on this subject with some similar piece of vague but dire warning and to me it seems a little like FUD.
Just tell us - do you think that it is wrong for Google to obey the rule of law? Because the law is that Google - and anyone else - can be compelled by court order. Banks, supermarkets, ISPs, doctors - shock horror, they'll give it up when the correct and due legal process is applied. It's an outrage! No of course it isn't.
Ok, now tell us - have Google ever claimed that this was not the case? Did anyone seriously at any time assume that Google had god-like, government-ignoring powers that distinguished it from every other corporate entity on earth? No, of course not.
Put up or shut up. Leave vague innuendo and threat to the likes of Microsoft Linux studies. Everything you've given as evidence suggests that Google did the right thing, i.e. nothing until they were compelled by law. You might disagree with the law, but you can't seriously complain because they obeyed it!
Seems Google had no choice in the matter but I hope the account owner sues the pants off the bank and that, somehow, the judge responsible gets HIS come-uppance. These people should at least take technical advice before they make what appears to be a knee-jerk reaction without the know-how to back it up.
that these companies are sending stuff like that through the tubes with no encryption anyway. One record is excusable if it's going to a customer, but still, even a zip file with a password on would be better than nothing.
it similarly amazes me when we sell our outsourced email DR platform too. Customers always ask about encryption and storage and whether we can see their emails. Fortunately we encrypt, but the tubes and routers that the messages pass through don't...
"The case underlines what should be obvious to Google watchers: Though the company vows to protect your personal data, it can be compelled by court order or subpoena or natural security letter to divulge such info."
Sod that, I want to know whether or not the idiot at Rocky Mountain Bank got fired for sending personal data over an unsecured connection.
of the ability to "play" the UK Court system. As you will know Judges decisions vary greatly. There is a way to go before 1 Judge and if he makes decision you dont like then you can go again, and again and again etc etc UNTIL you hopefully find one that gives you what you want. Seems his Bank hit it first time.
A bank sends confidential, and I'm assuming completely unencrypted financial information about their clients to an external email address hosted on a third party mail server? There are so many security issues here it's ridiculous.
If this were a UK organisation, they'd have been investigated for their terrible data practices. Understandably, the bank panicked and tried to get the information deleted, even if they went about it in the worst way possible.
However what really concerns me is this: They don't seem to show any sign of conscience here, and no acknowledgement that they have done anything wrong beyond accidentally sending it to the wrong email address. There's no mention of a review of their current security practices, or of the employee involved being reprimanded, or of a plan to better train their employees regarding the security of confidential information.
If my bank acted so nonchalantly after a major security incident, I sure as hell wouldn't hang around and let it happen again.
I am actually encouraged that Google told the bank to piss off unless they have a court order. The bank would have threatened Google to do immediately what they wanted or else, and Google did not back down. I wish ISP's had at least this amount of backbone instead of telling the RIAA, MPAA, SOCAN, BPI, IRMA and such organizations user information because of intimidation tactics.
"... in an email to The Reg, the company declined to say what information was revealed."
"... according to a report from CNET News, the bank has said that the confidential message was never opened and that it has now been permanently deleted."
Oh the BANK says it wasn't opened, yet Google appears silenced. Easily translated by the masses as it WAS comromised and we've silenced Google who are happy to screw people anyhow, in my opinion.
The employee made a simple mistake while following instructions that, at best, demonstrated an overwhelming lack of common sense and complete ignorance of how to protect electronic data on the part of the manager/supervisor that issued the instruction. There are far bigger fish to fry than the schlub who committed the sin of following wrongheaded orders.
1 - compliance. As any company, Google has to comply with local law, which raises interesting questions in itself about jurisdiction - Google Switzerland, for instance, has a problem as that is responsible for the whole EU but Swiss laws differ. So, for email security you'd like to hold it in a country that is fanatic about Data Protection and will require *evidence* or warrented suspicion before a warrant is issued (I would not call the UK RIPA 2000 a barrier to unauthorised snooping).
2 - custodial duties. Once a warrant has been issued, the question is what happens to the data released. You will find in most countries that there is are no real custodial duties imposed, so if you're a private banker or a GP you may find that your precious data is suddenly handled by a junior policeman. The joys of yelling "terrorist". There are, however, countries where data released under warrant is strictly controlled. In Switzerland, for instance, will you have an investigative judge, who is the only one to look at the released data. Only on evidence of crime can the exact data set that proves this be released for evidence.
I would not touch Gmail even if it was a Gstring, sorry. But I'm picky that way anyway, I intensely dislike people spying on me for dishonest reasons (I'm OK with proper due process, because I don't have anything to hide - I just hate abuse).
Oh, and I put my money where my mouth is - I just set up a new email system in Switzerland. Just have to write up the details..
This post has been deleted by its author
“So is it ok to blow up peoples post boxes if they get a misdirected postal packet?”
Wouldn't that inconvenience many others who also use the same post box (assuming no others nearby and, perhaps, no nearby post office)? Wouldn't it be better to destroy (well, seal up) their _letter_ boxes?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
