Bank Goofs, and Judge Orders Gmail Account Nuked

An anonymous reader writes "The Rocky Mountain Bank, based in Wyoming, accidentally sent confidential financial information to the wrong Gmail account. When Google refused to identify the innocent account owner's information, citing its privacy policy, the bank filed in Federal court to have the account deactivated and the user's information revealed. District Judge James Ware granted the bank's request, with the result that the user has had his email access cut off without any wrongdoing or knowledge of why." The Reg's earlier story says, "Rocky Mountain Bank had asked to court to keep its suit under seal, hoping to avoid panic among its customers and a 'surge of inquiry.' But obviously, this wasn't successful."

Redirect the evil!

[Anonymous Coward]

Quick! We need the normal lot of haters in here to spin this as Google being evil! Um... um... they... they host their services in a country that they very well know is subject to U.S. judges' decisions! Yeah! They should've known better! Obviously, Google is evil! TEH SIGNS ARE EVAREEWERE!

Re:

[houstonbofh]

Google should have fought back against this.

They did. They could have just shut off the account. This is a problem with a judge, and I will backfire badly.

Re:Redirect the evil!

[cheftw]

and I will backfire badly

:?

It's not like it coud have been a typo, you capitalised it.

Is this some new americanism?

Re:

[houstonbofh]

I would love to claim it as a Monty Pythonism (I fart in your general direction you silly English kaniggits.) but it was just a typo.

Re:Redirect the evil!

[Dan541]

The owner of the gmail account should be able to sue the bank for damaging their business.

Re:Redirect the evil!

[Dan541]

While I don't run my own mail server I do retain control over my email in that I can change my MX record to any provider I want. Unfortunately most people don't use their own domains. But if they did, even using google apps they would at least have some protection from this sort of abuse by having the option of moving providers.

What would you do if you lost your email account? How many accounts and online services would you now be shut out of. It is basically identity theft, since the victim loses their online identity for it.

This Judge should be barred, no question.

Re:Redirect the evil!

[jonfr]

I want to see that email on wikileaks! Now!!

Re:

[Idiomatick]

I think google could do more. After they lose. Have the front page logo for google search in the whole state be a link to this bank's incompetence... for a month. Perfectly legal, costs them nothing and would gain them some good customer rep.

Re:Redirect the evil!

[mpaulsen]

"Every one should email the bank banker@rmbank.com to ask them of their shady practices." No. Everyone should email some personal information to banker@rmbank.com, then insist that their domain be shut down.

Re:Redirect the evil!

[KreAture]

Oh no! You must not do anything that could cause your email to end up in those idiots contact-lists.
Next time they may send something to YOUR account! Then you can kiss your account goodbye.

Come to think of it, that is a great way to get rid of a person online. Just get him on that mailers list and the court will shut him out for ya.
The worst thing is, now there is precedence in such a case so the next one is just blind copy/paste. Thow won't be abused. Surely not. The world is not that evil.

G-Mail?

[SeaFox]

Why is the bank sending sensitive customer information to an email account hosted by a provider known for rifling though it's user's emails for information?

Re:G-Mail?

[wizardforce]

why is the bank sending customer information through email at all? why is the bank not encrypting all sensitive customer data? answer: because they haven't been forced to do so. Everyone whose information was leaked to this account should sue them right into the ground. It's been far too long that banks carry little responsibility for other peoples' data and it's time they start.

Re:G-Mail?

[Anonymous Coward]

I work as a supplier to the banking industry.

I'll tell you why they do this, they are outright fucking dumb. That's basically it. If the IT guy knows about encryption, he has no power to make it happen, but most of the time he's barely able to type let alone do IT stuff.

Banks just don't pay for shit unless you are a VP or own the place, so they get the crappiest IT help.

"Due diligence" means "cover your ass", and has NO OTHER MEANING in the banking community. Everywhere else it means "make a good effort to do the best you can to the spirit of the task".

Granted, this breech is considerably dumber than average, but of the banks I have worked with, every single one of them at one time or another had some sort of institutional problem understanding and implementing some of the most basic data safety measures.

The Feds have been much more pushy about it recently, so it will improve. And a lot of the old guard is finally dying off, and you'll see bank leaders that have had more than "type this letter" (to the secretary) experience with computers.

Re:G-Mail?

[easyTree]

"Due diligence" means "cover your ass", and has NO OTHER MEANING in the banking community.

Surely that doesn't need to be explicitly stated - after all this is the industry that has destroyed millions of family's lives whilst receiving payouts from governments and still paying their people massive bonuses. I guess they have the cream of the crop though, when it comes to staff skilled in screwing-over the ordinary person.

Re:

[easyTree]

uhh, families' *

Re:G-Mail?

[Beezlebub33]

When the families are told by the bank that they will be able to repay the loan and are given very low initial rate, AND the bank knows they will not be able to pay it back, AND the bank knows they will bundle it up the mortgage and sell it off, AND regulators that actually promote this THEN you have banks that are evil, greedy bastards, and you have families that are stupid, and a government that is incompetent, greedy, and stupid.

No, it's not his world view that's fucked up, it's the world.

Re:G-Mail?

[MicktheMech]

Securitizing the mortgages alone is not evil. The problem was that those bundles had been valued based on model built using historical data. When a lot of banks started buying up mortgages to put in these bundles the guys arranging the mortgages significantly changed their behaviour in order to get more. That change in behaviour (salesmen becoming writing much more shakey mortgages) invalidated the model used to value them, so the banks bought stuff for a lot more than it was worth, leading to the credit crisis.

You can call people evil, greedy and stupid all you want, but that's not going to get your money back and it won't prevent it happening again. The key problem here is that the banks broke the First Rule of Engineering, they trusted a computer model and thus failed to scrutinize their purchases properly. The government allowed them to make these purchases without proper due dilligence, the salesmen sold mortgages they knew would likely end up in default and the families took out mortgages without a plan to pay it off.

If you think those lapses are greedy, evil and stupid, then fine. However, the morale of this whole credit crisis and subsequent recession should be: If it's important, hire an engineer to do it.

Re:G-Mail?

[chrb]

The repackaging of subprime mortgages into valued securities was one problem but it might not have caused a collapse had the banks not also willingly massively over leveraged [wikipedia.org] - at 30 to 1 it only takes a 3% downturn in the market and your bank is insolvent...

Re:

[rfunches]

The balance sheet will break out assets and liabilities on a specific basis and you can clearly see where the banks got burned - mortgages, mortgage-backed, and asset-backed securities, on both the assets and liabilities -- basically, assets which the banks clearly didn't know how to count. (See Merrill Lynch's 10-K [ml.com] as an example.) For ML, there were massive losses in securities financing transactions, mortgage/asset-backed securities, and considerable losses on derivatives in 2008. The summarized balance s

Re:

[sjames]

The banks knew damned well it would all come apart eventually, they just willfully ignored the warnings FROM THE PERSON WHO CREATED THE MODEL.

They willfully created bad loans that were nearly certain to blow up and then sold them off like hot potatoes so they wouldn't be holding them when the inevitable happened. These were not merely lapses.

Note that the people who did this have not suffered one little bit from the economic carnage. Their plan worked.

It's also notable that the families had the assurances o

Re:

[sorak]

(I know I'm being redundant, but)
To put it in plain English:

1. They started making loans with other people's money.
2. They got their profit upfront, regardless of whether the loan ever got paid off.
3. They started carelessly making loans everywhere they possibly could. They started coming up with wacky ARM schemes that encouraged their customers to bite off more than they could chew (and I don't hold the customers blameless), simply to get more loans and bigger loans into people's hands.
4. The system collapsed.

Inflation

[Billly Gates]

There is a debate between economists on whether inflation should just include the price of products excluding food and energy or should it include housing and health insurance. Both housing and insurance have trippled since the late 1990's. Sure on paper it looks like you make the same but a $175,000 home in 1999 costs $350,000 even during the recession. Suddenly $55,000 a year is not worth jack in most metropolitan areas even if prices do not necessarily show it.

If you health care costs were put in the inflation equation with housing we would see a totally different side of economics that economists should have prevented if they only knew.

Something does need to be done.

Re:

[dryeo]

What I don't understand is why food and fuel isn't included in inflation. I'm not rich, supporting a wife and son and most of my money goes to food and fuel. While my government (Canada) claims that inflation is actually negative, I go to the grocery store and everything seems to be up. A bag of potatoes is close to $10, a can of beans is close to a dollar, last week it was actually cheaper to buy (a cheap cut of) steak then hamburger.
Gas keeps going up in price and I need to drive to make money.
Housing has

Re:There is no such thing as health insurance

[erroneus]

Have you looked at the cost of "every little thing" on the list of charges from an average doctor's visit? Even the most trivial item or service is ridiculously expensive.

It would make plenty of sense to cover oil changes, tune-ups and brake jobs if the cost comparison were similar to what you see in medical costs. An oil change costs anywhere from $10 to $25 out where I live. Brake jobs can range anywhere from $50 to $150 for basic stuff. If a doctor visit cost that and included anything other than an examination, that would be terrific. And if the cost of prescriptions were somehow less than the price of 4 cans of motor oil, I'd be right there with you. But that is simply not the case. Drugs are ridiculously expensive. (When my youngest was an infant and was experiencing some severe allergies, the doctor prescribed a ridiculously expensive tube of something that cost over $100 at the pharmacy! I bought it but my out of pocket was like $50 versus $10-$15 because my insurer didn't want to cover that drug.)

If people don't need their medical stuff all the time, they wouldn't need to be so concerned about it. But when a medical problem arises, it often involves months if not years of continuous treatment all on the same scale as I have been describing... expensive drugs, expensive office visits, expensive procedures, expensive tests. And people who are well insured are still getting hit hard because the cost of the insurance is still prohibitively expensive.

I consider myself lucky. I don't have any medical problems. My wife and children don't either. That is really fortunate. But there are lots of people who aren't so fortunate... lots. And it does often cost people their homes because it often comes down to completing medical treatments or paying the mortgage. Insurers drop or deny coverage QUITE often which is yet another talking point in favor of healthcare reform.

I get the feeling you simply don't understand what healthcare costs really are because you haven't really paid any before.

Re:

[digitalunity]

I went to a major hospital in washington state some years ago. After a major laceration to my forehead, here's a rough breakdown of the cost.

$900 - Basic ER fee
$330 - Stitches, local anesthetic
$35 - 500mg Acetaminophen(2)

Yep, you read that right. Thirty five fucking dollars for 2 tylenol. If they told me in advance, I would have said "stuff it. I got tylenol at home assholes".

There is no accountability in health care for keeping costs down. Health insurance is a misnomer because everyone needs health care a

Re:G-Mail?

[michaelhood]

The families who took the money were on the edge of desperation - looking for any way out.

Say what?

I could have purchased a home in 2003 on an interest-only mortgage with all the other idiots, but I knew that I wouldn't be able to afford the payments once they included the principal.

Was I on the edge of desperation because I was *GASP* forced to keep renting?

Re:G-Mail?

[darkpixel2k]

How much longer must I wait before I see people care for their fellow human?

Well easyTree, I'm currently renting and I'd like to buy a house. I have 6 credit cards (all maxed out) giving me $13,000 in debt, a car payment (which I'm two months behind on) of $315/mo and I still have a year left on the loan, and 6 companies dinging my credit report for roughly $1,000 in unpaid bills over the last 10 years. Why don't you loan me $250k so I can buy a house?

What? What do you mean I'm a credit risk? Where's your compassion for a fellow human?

(When you achieve consciousness you'll realize there's a difference between compassion and stupidity.)

Re:

[easyTree]

Are you saying hands-down that a bank should refuse to loan me money for a new car?

No, I'm saying that if you can only afford to pay back a $5000 loan then they shouldn't offer you a $50000 loan...

For what it's worth, I'm similarly screwed after winning the cutback-lottery at my previous employer's :D Although, on the up-side, I've never been so happy (in all but the financial aspect.)

Re:

[darkpixel2k]

No, I'm saying that if you can only afford to pay back a $5000 loan then they shouldn't offer you a $50000 loan...

But who determines how much is too much? The bank? According to your views, they've been screwing up and can't be trusted to assess loans. The government? They got the banks here in the first place with stupid regulations.

To be blunt, I'm a 'risk'. They could loan me $100,000 and I could pay back every cent. Hell--I could win the lottery tomorrow and pay the loan in full immediately. Of course I could also get fired or laid off from my job tomorrow too and then jump off a bridge. They'd never see

Re:G-Mail?

[SuperQ]

I'm really glad you're out of the debt cycle. Serious props for digging yourself out of it.

There are places that will give you auto credit. Credit unions (easy to get with many jobs) are a good way. Dealerships are hurting like crazy and will give car loans in order to get inventory off their lot.

The other option is if you have a trustworthy friend, get a "loan" from them to get the cash down on a car.

You could also get a crappy, but serviceable for 6 months car until you get your credit score back in order.

Re:

[Hognoxious]

What kind of organisation/industry does business with such people under the threat of repossessing their goods should they fail to meet the agreement?

One that isn't a charity?

Re:

[Billly Gates]

The problem is the banks do not have to take risks. Thats what credit swaps and flipping are for.

If the bank can sell the $250k home worth $125 for $275 30 days later ... thats a $25,000 profit!

Until the banks have to keep their own darn assets then they will think like you and I with risks.

FDR (socialists as he was) did the right thing with the glass ceiling laws. It should be illegal to package assets together and flip properties to financial firms. What Greenspan and Clinton did needs to be undone. Probl

Re:

[ChameleonDave]

But who determines how much is too much? The bank?

Yes, because they know. If they act unethically, regulation will be necessary.

According to your views, they've been screwing up and can't be trusted to assess loans. The government? They got the banks here in the first place with stupid regulations.

Did a gun-carrying radio talkshow host tell you that? It's not an idea anyone could have spontaneously formed.

Re:G-Mail?

[Achromatic1978]

The families who took the money were on the edge of desperation - looking for any way out.

No, they weren't. Most people who took out low rate ARM mortgages in the early mid 2000s fell into several categories: the ignorant, ill-informed (maliciously or otherwise), or my favorite, seduced by TV networks who made "flipping" a property seem a guaranteed way to make hundreds of thousands of dollars a year. The waves of people I've seen on those shows, even now, who seem to think that anything less than $100,000 profit on a purchase, some renovations, and a six month turn-around is unacceptable is staggering.

Even now, watch the very vast majority of those shows, particularly the ones where people do renovations, and have before/after valuations. "You spent how much on your new kitchen?" "$15,000" "Great, you just added $30,000 value to the home. Now, how about the bathroom?" "We spent $8,000 in here." "Excellent, looking around, I'd say you added $20,000 to the value of the home", and so on, ad nauseaum. Add this up, and you have, in my view, a hidden culprit, along with the RE agents who were pretty much as a whole in lock-step with these mantras pushed by TV onto their clients, of the housing bust.

That $23,000 you invested in the home is only worth $50,000 if you can find the one born every minute to sell it to. Eventually, that got so outrageous, and so out of tune with reality, that people realized they were paying $50,000 for $23,000 of renovations on a home by a "flipper", and balked. And down came the house of cards.

Re:G-Mail?

[easyTree]

You appear to have accidentally hit the nail on the head.

Well done.

Re:G-Mail?

[mwvdlee]

Why is the bank sending sensitive customer information to an email account?

e-mail is an insecure protocol and they shouldn't be sending such data over SMTP even if the recipient address were correct.

Re:G-Mail?

[FrozenGeek]

Because the customer in question gave the bank a gmail account and said "send me information via this email address". Do you really think that your ISP-based email address is any better than gmail? If so, could I interest you in some waterfront property in Florida? Seriously. Unless the contents of the email is encrypted before it is sent, assume the whole fricken' world (with lasers,even) has access to it.

Re:G-Mail?

[SeaFox]

Because the customer in question gave the bank a gmail account and said "send me information via this email address".

The bank is worried about a panic amongest it's customer base. So they obviously sent informtaion on a large number of their customers, that tells you the person requesting the info was not a bank customer but another financial institution or a company they contract with of some sort. These type of recipients are going to have their own domain names and mail servers running on them, so there's no reason the email should have been addressed to a gmail account to start with if it dealt with official business.

Re:

[Nethead]

The bank is worried about a panic amongest [sic] it's customer base.

Kind of late for that after this last year.

Re:

[Anonymous Coward]

If so, could I interest you in some waterfront property in Florida?

Waterfront property in Florida is abundant. Florida is surrounded by water except on its northern state line, as well as being filled with lakes, marshes, and swampland. The saying is specifically "oceanfront property". The joke is, you say a landlocked state, such as... Arizona... and offer valuable "oceanfront property" there, because Arizona borders no ocean! Get it? It's a scam! You are supposed to know that Arizona has no ocean, just like you are supposed to know Florida is surround by water.

Hey! There

Re:G-Mail?

[geekboy642]

Actually that's not what happened.

On Aug. 12, the bank mistakenly sent names, addresses, social security numbers and loan information of more than 1,300 customers to a Gmail address.

That's a lot of very confidential information. No bank customer has the need or right to see anybody else private information, let alone 1299 of them. And you are a moron for thinking this was about somebody's bank statement going to the wrong address.

Re:G-Mail?

[Tony Hoyle]

The idea that that kind of information can even be extracted from the system without a damned good reason and permission signed from the VP in triplicate scares me - are banks *really* that insecure that they let any dumb fuck with a gmail account extract the customer list and mail it to someone? Apparently they are..

Re:

[geekboy642]

Again, I repeat:
This is not about a single statement going to the wrong customer. Regardless of the fact that a customer initially requested their own information, it is inexcusable for any bank to then send them--or any other person--over 1300 instances of confidential information. Nobody asked the bank to mail that information.

Why are you attempting to apologize for the incompetence of the bank?

Re:

[Anonymous Coward]

TFA says "A bank employee attempted to do so. But a day later, he realized he had sent the documents to the wrong address - along with a file containing confidential information for 1,325 other customers."

So had the bank not fucked up, the user would have gotten someone else's loan documents. So far, so good. At worst, one account needs to be moved. But the bank employee sent 1300+ accounts to that email also, making it a breach of security.

Why should the email user get penalized for the bank's screw-u

Re:G-Mail?

[arminw]

...How far should the law allow a corporation to shut down a real person's life....

As far as their highly paid army lawyers can persuade a judge somewhere. In our society, someone with lots of money can almost always get their way against someone with no money.

Re:

[Daimanta]

"In our society, someone with lots of money can almost always get their way against someone with no money."

In any society, .......

Can the Poor SOB sue for damages?

[alex_guy_CA]

If a bank did this to me I'd be all up in their butts with lawyers sewing for damages.

Also having a moment of gratitude that I don't use gmail.

Also wondering if I can send someone I don't like sensitive email, and then have a judge erase their email account erased.

Re:Can the Poor SOB sue for damages?

[grahamwest]

Sewing for damages?

Fear the giant quilt of redress!

Re:Can the Poor SOB sue for damages?

[The Archon V2.0]

Sewing for damages?

Fear the giant quilt of redress!

Say what you want, I know a few people in the banking profession I'd like to stick a needle into over and over again until I've turned an unwanted hole into a nice compact knot of thread.

Re:

[Culture20]

If a bank did this to me I'd be all up in their butts with lawyers sewing for damages.

I'd normally say lawyers don't sew too well, but my SIL knits all the time.

Re:

[alex_guy_CA]

good one.

Re:Can the Poor SOB sue for damages?

[similar_name]

Also having a moment of gratitude that I don't use gmail.

What email do you use that would disobey a judge's order?

Re:Can the Poor SOB sue for damages?

[K. S. Kyosuke]

His own server, perhaps?

Re:Can the Poor SOB sue for damages?

[Anonymous Coward]

What email do you use that would disobey a judge's order?

His own server, perhaps?

What makes you think that you won't arrive home to find that all of your electronic equipment has been confiscated?

Re:

[K. S. Kyosuke]

Why should I have all of my electronic equipment at home?

Re:

[alex_guy_CA]

My email is on my own computer. My ISP could delete my account, but not erase my old emails.

Re:

[icebraining]

Neither can GMail, if you use IMAP or POP3.

Re:

[similar_name]

Don't know why someone modded you troll. Seems unfair. If the judge ordered you to delete your own email account it would certainly make for an interesting legal precedent.

Sooo hang on...

[Anonymous Coward]

...if a judge in, say, Korea granted the same request to have a gmail account blocked, an innocent user in, say, Germany would loose his email...even if that email contained confidental and critical information to be used by its owner...this is quite pathetic and something should be put in place to stop these low level distric judges making decisions that could affect users across the globe.

Re:

[martin-boundary]

The answer is to not rely on Google for email.

There's really no reason why a user in Germany should be relying on webmail from a company in the US, or some other place. The German user has a local ISP who can collect email on his behalf, and this ISP is only bound by German law. Moreover, there's no reason why the ISP should have control over the user's email archive, the user should download his messages and keep them on his own computer under lock and key.

Problem solved.

Re:

[MartinSchou]

The answer is to not rely on Google for email.

I think you mean

The answer is to not rely on anyone else for email.

If the bank had asked your local ISP for the information identifying you, would they have waited for a court order before disclosing it, or would they have folded and just said 'here you go' to the bank? And if they waited for a court order, how the fuck would that be any different that what Google did? The judge would still be as stupid, the bank would be just as stupid, and the account would be

Re:

[martin-boundary]

Because I don't want to have to change my e-mail address just because I changed an ISP.

This is not a problem that goes away when you use a provider such as Google or Yahoo, etc. To spell it out: you get a different email address if you switch from Gmail to Yahoo to Hotmail and vice versa.

Perhaps you think you're happy with e.g. Hotmail and you'll never want to switch? Some people are happy with their local ISP and never want to switch. Then again, some people have been using email for longer than Go

Re:

[cerberusss]

... an innocent user in, say, Germany would loose his email...

So it would be in the wild?

Yes, zat is correct! Ve Germans do not send Email! Ha! Noes! Our Email escapes, leaving a bloody Trail of innocent Bystanders in its Wake!

IMAP

[pushing-robot]

At least Google offers free POP and IMAP access, so it's trivial to back up your email locally. I'd still be pissed if something like this happened to me, but Google isn't to blame.

Re:IMAP

[Naturalis Philosopho]

You're right Google isn't to blame in this case. Not given the fact that the judge could have told the bank to suck it up, transfer the account to new numbers, and pay a fine to their customer for failing to live up to their security responsibilities. Instead he decided to punish the innocent people in this case. The bank screwed up, the bank should be held accountable. Anything less is yet another miscarriage of justice.

Re:

[140Mandak262Jamuna]

Most judges seem to be very uninformed about the ways of the web and emails. Most of them probably have secretaries who read their email, take print outs of non spams and put it up them in a regular bureaucratic binder tied with red tape. I wonder why Google did not use strong lawyers to explain to the judge, the bank screwed up. They should not be asking either Google or the account holder to suffer for the banks mistake.

Re:IMAP

[easyTree]

Perhaps you've not realised yet but banks aren't held responsible for their actions....

Re:IMAP

[LordNimon]

but if a bank suddenly sent me 1,300 account's financial information, and then sent me an email telling me not to open it,

How would you feel if both of these emails ended up in your spam folder? You would not have noticed anything at all, but then suddenly, your account would be gone.

Re:IMAP

[Pieroxy]

Yes, someone has the problem of their account being deactivated. This sucks. But, imagine, for one moment, had the opposite happened. Say, for instance, the judge ordered to bank to change the numbers of the 1,300 accounts, resulting in 1,300 people having to change their financial information on all documents relating to those accounts. I'm not sure if you've ever had to do this, but it can take months for the changes to finally take hold on everything from direct deposit accounts to credit cards and Paypal accounts. Assuming that everything worked out correctly, that is. Granted, if they were wise, the customers would be doing this now themselves.

Your point is to say that annoying one person is better than annoying 1300. It may be valid, but for the fact that the person in question didn't do anything wrong, he was just a bystander. Those 1300 people would have been annoyed to hell, and I hope they (some of them at least) would have gone to another bank. This would have been a (albeit small) step in the right direction though. Closing a gmail account is just hiding the horrible truth. Which may not change anything anyways since the gmail account owner may have downloaded the file in question for days.

As far as the person being innocent, if you read the article, the bank sent an email to this account asking the recipient to destroy the file without opening it. The email account holder did not respond at all.

Being on vacation equates having a suspicious behavior !!??? Noone has any obligation to read one's email every f***ing day !!!

I'll stop there. You clearly prefer the workaround instead of having the *stupid* bank assume their very own *stupidity*. As a result they won't be a bit more careful next time, and maybe 1000 gmail accounts are going to be deactivated. Or gmail itself...

Re:IMAP

[dangitman]

Personally, I don't see this as being a problem. The account holder refused to respond to the bank, which, had they done so, something could have been done to avert their account being deactivated

Would you respond to an email from some bank you've never heard of talking about highly important account details, rather than just deleting the email immediately? Furthermore, what modern spam filter wouldn't automatically filter out an email claiming to be from "Rocky Mountain Bank" and talking about account details? This is exactly the kind of email that security-conscious users should be avoiding like the plague.

Re:IMAP

[Todd Knarr]

I don't know about you, but if a bank suddenly sent me 1,300 account's financial information, and then sent me an email telling me not to open it, I would be sending an email, calling, writing a letter, anything, because if something happens later to any of those accounts, I'm going to be one of the first people looked at.

If it were me, I wouldn't be doing any of those things. That's because I'd've deleted the initial e-mail without reading it. An e-mail purporting to be from a bank I've never done business with is either a) an advertisement I'm not interested in, b) a phishing attempt I don't want to even look at let alone respond to, or c) information I don't need and don't want. Regardless of which it is, I've no need and no reason to even look at it, so into the bit bucket it goes. And why not? I'm under no obligation to read random correspondence someone else wants to send me, just like I'm under no obligation to read that wad of advertising flyers that show up in my mailbox every day.

Spam

[mwvdlee]

If I get e-mails from banks that I have no relation with, it is usually spam and gets instantly deleted.

Perhaps that's why the recipient of the bank's private data didn't respond to any of their e-mails.

Also, why is a bank sending it's customers' private information over an unsecure connection (e-mail)? Wouldn't the bank be violating security rules even if the e-mail address was correct?

Re:Spam

[BitterOak]

If I get e-mails from banks that I have no relation with, it is usually spam and gets instantly deleted.

Perhaps that's why the recipient of the bank's private data didn't respond to any of their e-mails.

Or maybe the mailbox holder was simply on vacation? Is there a legal obligation to check your inbox on a regular basis? (There's a reason legal papers aren't sent by e-mail.)

Re:

[chrysrobyn]

Heck, it could be a gmailfs [wikipedia.org] user. They wouldn't even necessarily know they got the e-mail.

I hate analogies, but...

[BitterOak]

Wouldn't this be like having a package wrongly delivered to your house (through no fault of your own: the sender had the wrong address), and since it contained highly confidential information, a judge ordered your house to be burned to the ground? (Okay, that's a bit extreme, but you get my point.)

Re:I hate analogies, but...

[Anonymous Coward]

Actually, your scenario kinda-sorta happened to the Mayor of Berwyn Maryland. A scam where drugs are shipped to a random (innocent) person, to be taken later from the porch by an accomplice. In this case, brain-dead police investigators and a swat team charged into the innocent man's house, shot his dogs, and arrested him, his wife, and his elderly mother. He still awaits even an apology for the horrifying incident. There is very little actual 'justice' in the justice system.

http://www.washingtonpost.com/wp-dyn/content/article/2008/07/30/AR2008073003299.html

Re:I hate analogies, but...

[internic]

Trust me, if you were more familiar with the incident you'd probably agree with the "brain dead" description. Several points:

1. Police apparently already suspected there was one of these mail drop operations (where packages were shipped to an innocent person only to be swiped off their porch), so they knew the package was likely not for him.
2. Rather than having some officers come to the door, they had a SWAT team break down the door unannounced, shoot the dogs (at least one of whom was simply running away), and cuff the residents on the floor (where they remained for several hours). The quantity of drugs (30 lbs of marijuana, IIRC) was such that it could not quickly be destroyed, and they had no other reason to think they would encounter violent resistance. Which brings us to the next point...
3. They did no preparatory research. They did not even know who lived there. The officers on scene did not believe he was the mayor (which they would have known if they'd done even a Google search). What this says is that they simply deployed maximum force (maximally endangering everyone in the house) rather than any reasoned approach based on the likely resistance.
4. Police entered without first announcing themselves. This requires a "no-knock" warrant, which they did not have.
5. The package actually sat on the front porch for the better part of the day. The guy even walked his dogs when he got home before taking the package in. That should have been a tip-off that he didn't realize it contained >$100k of drugs.

Basically, they did not take a reasoned approach but simply used maximal force, thereby terrorizing and endangering the innocent. Moreover, their sloppy police work quite possibly would have allowed him to get off even if he had been involved. They certainly should have investigated, but they way they did it was utterly irresponsible.

Your analogy is flawed for a number of reasons: First, arresting someone in their car is considerably less dangerous (to everyone involved) than breaking into someone's house unannounced and firing shots. Second, murder is considerably more serious (and suggestive of suspect resistance) than drug trafficking. And third, it's unlikely that an individual would be victim of a body dumping scheme while it's trivial to mail someone a package with something illegal in it.

Re:I hate analogies, but...

[Blakey Rat]

"All the time?"

How many times has that happened? Once that I know of. In a country of 300+ million people, with police forces of questionable capability, I think that's pretty good myself.

Was it unjust? Of course. But "all the time" is simply being alarmist.

Re:

[db32]

Go do some research. There has been a great number of these types of events. No knock warrants, false 911 calls, SWAT raids on the wrong address. There have been tons of innocent people harassed and more than a few killed. This guy was actually lucky it was his dogs.

http://www.cato.org/pub_display.php?pub_id=6344 [cato.org]

So...

[tnk1]

...wait. I mean, the account holder at this point has probably seen and done any damage that they are going to do with this information. How precisely is this going to help the bank's cause?

Of course, the account may be inactive and they may well have gotten to it before the person who owned it logged in again, but I do have to wonder why it is the recipient's problem that the bank sent this information. If the bank sent me that sort of information in the mail, does that mean that the county can order my house burned down to make sure I can't read that mail, even though I probably have already read it in full?

These decisions make no sense to me sometimes and it scares me because for some things I use only one email account and if my contacts disappeared, I might not be able to find some of these people again easily. I guess it's time to start backing up all my account data to my home machine by default.

This is yet another strike against "cloud computing" taking over. If they can order your account just plain zapped because a bank fucked up, I don't see how anyone's data is safe. At least if you had it stored at home or at work on your own machine, you'd at least know what the hell happened to it.

Re:

[cptdondo]

Well, the bank needs to launder some of the money it got from the feds. So it emails the "wrong" account, has the account nuked, owner of said account then sues bank for $500mil, bank settles for $499mil, and the lawyers, bankers and the "wronged" email account holder split the dough.

Capiche?

Re:

[SeaFox]

...wait. I mean, the account holder at this point has probably seen and done any damage that they are going to do with this information. How precisely is this going to help the bank's cause?

They aren't trying to prevent the unintended recipient from seeing the info at this point, their plan was probably to remove the evidence and then play dumb if anyone had identity theft problems afterwards.

judge not...

[Anonymous Coward]

So why not post the judge's personal info: email, snail mail, phone, etc.?

I'd imagine that a few months of being throttled to unusable status may make that judge rethink the decision.

Not a big surprise

[Anonymous Coward]

This decision was handed down by "Lying Judge" Ware. http://www.fa-ir.org/ai/judgeware.htm

Talk about lifetime appointment gone haywire.

Why deactivated?

[FrozenGeek]

The bank requested the user's identity. Google refused to provide it. So then the bank goes to court not only to get the user's identity but to deactivate the user's account. I'm missing the logic. Okay, maybe the bank fears that enough time has passed that the user has seen the errant email and wants to prevent the user from misusing the information. Now, that might work if the user does not have a local copy of the email. On the other hand, if the user has a local copy and is now angry at the bank for having had their gmail account shut down, the user, who might otherwise have done nothing, now has both the means and the motive to do something. Good move. Wouldn't it have been possible for Google to contact the gmail user and ask him to delete any local copies? And Google, presumably, could have deleted the email from its own servers. I like Google's policy of protecting user identities. But this whole mess sounds like two bureaucrats blindly following policy to the detriment of the end-users. Can't anyone think anymore?

Re:

[Kohath]

Yours is one of the only thoughtful comments in this thread so far.

I'm not sure what everyone here thinks should have happened in this case. Leaving the gmail account alone with 1300 bank records in it isn't the right answer. The bank had to go to court to get the email deleted. (Google can't just let anyone ask to delete an email from your email account, hence the need for the court action.)

Closing the email account seems like overkill. But other than that, everyone else seems to have acted correctly a

Re:Why deactivated?

[Baricom]

Here's what Rocky Mountain Bank should have done. (I refuse to allow them to be anonymous because that's clearly what they want, and they should be held responsible for their mistake.)

1. They should have e-mailed the 1,325 customers that had their data exposed.
2. They should not have sued Google in an effort to get the e-mail deleted.
3. They should not have tried to seal records in a lawsuit they filed to fix their mistake.
4. They should have trained their employees to understand that recalling e-mails doesn't work more often than it does.

Had they done this, this would not have been international news, and probably not even local news.

Re:

[dbIII]

It's been emailed in plain text so a lot of people have have had a chance to get it before it even makes it to the gmail account. The only responsible action is to assume that the horse has bolted, change the account numbers, and set policy in place to make it more difficult for the next horse to bolt. Instead we are seeing careful reputation damage control. Even if google deletes the email the file may have been downloaded, and possibly even torrented (best to imagine the extreme and just change to bank

Re:Why deactivated?

[Dhalka226]

The better question is this:

How the hell did the bank even have standing to sue anybody? What wrong was done by anybody but them? How do you file, much less win, a lawsuit seeking to punish somebody who did nothing but receive an email you should never have been sending in the first place? How is it this man's legal responsibility to help them clean up their own fuck up, and how is it Google's legal responsibility to help the bank do so? What statute gives this judge the authority to destroy a third-party-to-a-fuck-up's email account because he didn't see fit to respond to an email he may not have even thought was legitimate? That's exactly what this ruling is saying; that this man somehow did something wrong by not helping the bank and he deserves to have his email account and potentially years of historical contacts lost.

If I were this guy, I'd sue this bank for damages (and unfortunately, since I'm not even a party to the fucking lawsuit that unfairly harmed me I'd have to sue Google for an injunction against complying with the previous order). Big time. It's this kind of thing that makes me wish we could directly sue a judge for the idiocy of his decisions. Their total lack of accountability is reprehensible.

Great Logic at Work Here

[Nom du Keyboard]

Truly great logic at work here. We screwed up, so nuke the presumed innocent user. Hell, if I was that guy and had gotten the file off before they killed my e-mail access I think I'd offer it up to Wikileaks in return for their heavy-handed treatment of me.

Th bank should have prohibited unauthorized it.

[140Mandak262Jamuna]

You know, if only the bank has include some serious sounding lawyerly language like, "This electronic communication is intended for our customer only. Sever legal action will be taken against unauthorized persons who receive this message and do not delete it immediately." That would have been enough right? Now all these lawyers who inflicted 25 line long legal boilerplate on every mail from corporations are high fiving in glee, laughing at the futile attempt of Rocky Mountain Bank trying to close (other p

Step 1: Deactivate Account Step 2: Deactivate User

[jayveekay]

Presumably they need the user's identity because after step 1: Deactivate account, they need to proceed with step 2: Deactivate user (in case he read the email, he has confidential info in his brain.)

Of course, if that user has communicated with anyone then they will need to be deactivated as well, and so on, and so on... All I know is in the future I'm autoforwarding all my emails from Rocky Mountain Bank to Rush Limbaugh! :)

First Amendment?

[srjh]

Not from the United States and not too familiar with the U.S. Constitution, but wouldn't this be a blatant violation of the first amendment?

There is a clearly innocent party here who has had a primary communication medium forcibly disconnected. Not only can they not talk about this confidential material (which there may be an argument for preventing), but they can't talk to anyone about anything. That sounds like a massive violation of freedom of expression...

Re:First Amendment?

[causality]

No. The First Amendment does not entitle you to use any particular medium. It only protects the content of your speech, and even then, there's a lot of content that's still regulated (fraud, libel, obscenity, copyright infringement, etc.).

Authoritarian types just love arguments like this. That obvious intended meaning is a pesky thing to them, so to deal with it they created the ingenius device of separating the text into two concepts: the "spirit of the law", which they have made into something they can disregard whenever convenient, and the "letter of the law" which they can carefully examine to find any needed loopholes (incidentally, the same tactic was used when "freedom," a holistic concept, was split into "economic freedom" and "personal freedom"). That argument you are making is like a path, and I will give you a perfect example of one of that path's many destinations: free speech zones. The "logic" behind them is that the 1st Amendment guarantees your right to free speech, but does not specify where you may exercise this right. So, the free speech zones are located where the impact of contrary opinions can be most effectively minimized. Result? "Get with our program, or be censored, except we won't call it that."

Of course, for the free speech zones, they COULD decide that because the Constitution does not specify the specific locations to which the INALIENABLE RIGHTS it enumerates should apply, then obviously any fool can recognize that it's intended to apply throughout every last crumb of American soil. But, that would mean you can't use clever tricks to censor people without having to call it censorship, which is why such a concept is frowned upon by authoritarian types and other would-be tyrants.

Sure they can. They can sign up for another email account, say from Yahoo or Hotmail, or even another Gmail account. They can post on newsgroups and message boards. They can use the telephone, write a letter, or stand on the street corner with a sign and a megaphone. Just because they can't use one particular email account doesn't mean they're unable to speak.

Don't kid yourself. Massive injustices usually start out very small. If it's now considered okay to make you suffer in any way, however minor or however great, for the actions of a third party over which you have zero control, then this system is already terminal, we just don't know it yet. The entire concept is diametrically opposed to all of our notions of due process, the right to confront your accuser, the presumption of innocence, you name it. To fully support this ruling without being a hypocrite you would first have to throw out centuries of American tradition and jurisprudence. I for one am not prepared to do that.

In summary, this is a step in the wrong direction and the fact that a bank might suffer a little inconvenience due to its own damned screw-up is emphatically NOT a worthy reason to support it.

Turnabout

[transiit]

Hopefully the email recipient gets notice before they lose all of their email.

And more hopefully, they find the offending message and forward it to the judge that made this ruling with a note akin to "Thank you for punishing me for having an email address. Here is the poison message, please order your accounts deactivated as well."

Who represented the user?

[MMC Monster]

Who represented the rights of the user to the court?

Was a public defendant even involved, or was no one assigned because there was no face to the account that was deleted?

I get someone else's bank emails...

[trawg]

...every few weeks. I have tried to contact the bank (Chase) to let them know that they're sending to the wrong account.

They make it fucking impossible to contact them - UNLESS I log on with the account to do so (or call them, which I don't feel like doing because I don't live in the USA).

Every couple weeks I reply to the email (even though it says "don't reply", it has a unique reply-to, so I hold out some hope that maybe someone keeps an eye on the occasional reply). This has been going on for months. Attempts to navigate the website to find a simple contact page appear to be futile - there /must/ be one (right?) but I can't find it at a glance, and how much time should I be investing in this, seriously?!

I haven't looked at the emails closely because I don't care what's in them, but I'm sure there's some personal/confidential information in them - and if not, as the owner of the email address, I'm sure I could request some more stuff to get sent to me.

I really want to fix this problem, rather than just hit 'spam' so gmail bins them all (which helps noone, I feel). But the bank has not taken this scenario into account adequately enough - and until they are forced to, they just won't bother.

(Why do banks send emails at all? They should /only/ ever send emails to people that have opted in with a public key so they can be securely signed. Yes, that cuts out a lot of people, but seriously, the people that it cuts out will be better off for it.)

Re:

[zippthorne]

It's not the bank's confidential information that leaked. So you'd be punishing the other victims for the actions of the bank.

Re:

[Rockoon]

Those "other victims" as you call them chose to do business with Shitty Bank And Trust.

This is America. If they don't like how that choice turned out, they can vote with their feet. This decision by this judge only serves to preserve as many customers as possible for the bank, and dare I say that the bank does not have the right to have its customer-base preserved via the judicial system.

What I'm saying is that I dont care if it was 1 account, 50 accounts, or 1 million accounts. Shitty Bank And Trust do

Re:

[retech]

Burn your house to the ground, rape your woman, eat your babies and salt the earth.

It would be the only proactive way to be sure their mistake was covered up and erased.