Google, Rocky Mountain Bank Ask Judge To Restore Deactivated Gmail Account

from the bring-'er-back dept

Last week, we noted that a court had ordered Google to shut down a Gmail account of a user who had accidentally been emailed confidential information by Rocky Mountain Bank. The two companies have now both asked the judge to reinstate the Gmail account, saying that the original request is now "moot." The article notes that the judge has adjourned the case until next week, so the account will remain deactivated until then. Still, it's not at all clear why the issue is now "moot." Did Google delete the email in question? Was it determined that the account itself was dormant? It would seem like these details are relevant, and not anything that would need to be hidden.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    ChurchHatesTucker (profile), Sep 28th, 2009 @ 4:42pm

    What?

    "Still, it's not at all clear why the issue is now "moot." "

    Because it was *always* moot. Once the info was compromised, it was... what's the word? Let me think... Oh yeah... Compromised! You can't get the bits back.

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    slackr (profile), Sep 28th, 2009 @ 4:49pm

    Moot Smoot

    Regardless of how moot, obviously it is in the best interests (now) to try and make this terrible decision "go away". I'm glad that the judge has adjourned it and I hope in the interveening time both parties are forced to disclose why suddenly they've had a change of heart.

    If it was a technical issue and Google was able to act without this court drama then good, we'll know for next time. However it is very disturbing how this case played out so easily without any involvement of the person who's account was in question!

     

    reply to this | link to this | view in thread ]

  3.  
    icon
    Chris Charabaruk (profile), Sep 28th, 2009 @ 4:59pm

    If the account is dormant, why bother reactivating it?

     

    reply to this | link to this | view in thread ]

  4.  
    icon
    ChurchHatesTucker (profile), Sep 28th, 2009 @ 5:00pm

    Re: Moot Smoot

    "If it was a technical issue and Google was able to act without this court drama then good, we'll know for next time"

    How is it a 'technical issue?' It was a data security issue. From the start. The court basically impounded a cab because some doofus might have left his wallet there.

    Yes, good that the court is undoing the damage it wrought. But not exactly a shining moment in jurisprudence.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, Sep 28th, 2009 @ 6:01pm

    Tricky Problem

    At what point does a person's individual rights run up against "the common good"? A lot of law is about this issue.

    In this case, the judge has to measure the inconvenience of temporarily locking down a single, free, consumer-level, non-SLA'd email account against the possible substantial and widespread financial damage to a very large group of other people, resulting from an accident at the bank.

    With electronic data, you have to act quickly or not at all. This buys Google enough time to run the logs to see if that data has spread (ie: has anyone/anything accessed the account, has the account forwarded the data). If the data has been SMTP'd, POP'd, or IMAP'd, locking the account is moot. If not and Google deletes the data, locking the account is also moot.

    No offense to the account holder, but if *my* data was in that pile, I'd prefer that their account be temporarily locked, while the data is tracked and removed.

    And the bank would be hearing from my lawyer.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    cos, Sep 28th, 2009 @ 6:13pm

    Perhaps the confidential info is now outdated enough to be harmless.

     

    reply to this | link to this | view in thread ]

  7.  
    icon
    Pangolin (profile), Sep 28th, 2009 @ 6:16pm

    Perhaps it was more widely sent...

    Perhaps it was more widely sent than to just this single account or perhaps the recipient was the INTENDED one?

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    ChurchHatesTucker (profile), Sep 28th, 2009 @ 6:34pm

    Re: Tricky Problem

    "In this case, the judge has to measure the inconvenience of temporarily locking down a single, free, consumer-level, non-SLA'd email account against the possible substantial and widespread financial damage to a very large group of other people, resulting from an accident at the bank."

    Is the sky blue in your world?

    Here on earth, once the data was compromised, it was (say it with me) COMPROMISED. You have to assume you sent it to Osama Bin Laden and act accordingly. The fact that Rocky Mountain Bank wasted time with this, and the fact that the judge did likewise, undermines the credibility of both. I sure as shit won't be setting up an account with RMB any time soon.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Nick Coghlan, Sep 28th, 2009 @ 8:08pm

    Bolted. Gate. Horse.

    If the email was encrypted then there should never have been a problem.

    If the email was not encrypted, then shutting down the Google account achieved nothing. Every SMTP relay that the email hit between the bank and Google would also have a copy of the data. If the user had already downloaded the email via POP or IMAP (or just saved the attachment), then they would have a local copy in addition to the copy on Google's servers.

    Purging records is remotely conceivable in the context of a corporate intranet. On the general internet? Pointless waste of time.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    bd_, Sep 28th, 2009 @ 9:29pm

    Re: Bolted. Gate. Horse.

    @Nick: Although in theory emails passing through SMTP are loggable as you mention, in practice intermediate SMTP servers delete queued mails more or less immediately after relaying. Sure, it's even then _possible_ to retrieve it, but it's the kind of thing that requires both lots of effort, and knowledge that it did pass through your particular server.

    Moreover, the only SMTP servers likely to be involved in this are those of the bank, and those of google, so all parties that would need to be involved with scrubbing them are already involved.

     

    reply to this | link to this | view in thread ]

  11.  
    icon
    Lisae Boucher (profile), Sep 29th, 2009 @ 4:31am

    Maybe...

    Maybe the owner of the account finally replied to his emails. It could be that he complained to Google about this misconduct by this Judge on behalf of some bank who failed to keep it's secrets a secret. Just imagine what could happen if the owner starts to file for damages simply because this bank "forced" his account to be closed! He was never responsible for this error and should never suffer from the irresponsibilities of this bank!

    Still, it amazes me that the recipient never published this data in any way, nor did he ever draw attention to himself. Or maybe he finally did, to Google and this bank, threatening some legal actions against these two for violating his privacy, first amendment rights and whatever more. Losing 1300 account records is bad, losing a lot more in damages for some civil case would really be worse. I think this bank already has more than enough damage to it's reputation and therefor wants to stop it.

     

    reply to this | link to this | view in thread ]

  12.  
    icon
    John Duncan Yoyo (profile), Sep 29th, 2009 @ 6:15am

    Re: Re: Bolted. Gate. Horse.

    Yep once that genii is out of the bottle you can't stuff it back in.

    The bank needs to assume that the file has escaped and is in the wrong hands regardless of what they think they know. If the file has escaped they are doing what they need to do and if the file hasn't escaped they have taken prudent action where they can't be 100% certain.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Yakko Warner, Sep 29th, 2009 @ 7:35am

    Why it's moot

    As per the court order, Google turned over the personal information of the account holder to Rocky Mountain Bank, and RMB's hit squad, a.k.a. their "Leaked Information Containment Unit", has terminated the account holder.

     

    reply to this | link to this | view in thread ]

  14.  
    icon
    Misanthropist (profile), Sep 29th, 2009 @ 8:05am

    Re: Maybe...

    More likely the user flagged the email as spam when he recieved it without ever reading it, and after a couple days the spam folder was emptied.

    Of course.. we'll never know.. unless someone (google.. the court.. the bank...) tells us.

    But why would they want to do that?

     

    reply to this | link to this | view in thread ]

  15.  
    icon
    Lonzo5 (profile), Sep 29th, 2009 @ 9:46am

    Moot

    I'm not sure how deactivating the account was expected to help things. Either the email was read by the recipient, or it was not. Meanwhile, what if someone cracked the WPA key to the recipient's Wifi? Bluejacked his smartphone? What if he simply wrote down his password somewhere in his office, and now a malicious coworker has access to his account? It doesn't matter-- the damage has been done; the people whose information has been leaked should be informed, their account information changed. The information sent to that gmail should -no longer be useful-.

     

    reply to this | link to this | view in thread ]

  16.  
    icon
    another mike (profile), Sep 29th, 2009 @ 12:24pm

    violation of every information security policy known

    Why was RMB able to send critical sensitive financial data out of their systems at all? And not only send it out, but e-mail it out as an attachment to an unsigned unencrypted free e-mail account. And to top it off, they typoed the address to send it to the wrong person!

    Rocky Mountain Bank's account holders need to seriously reconsider their choice of financial services partner. I've changed banks simply because I didn't like their color scheme. But to so thoroughly screw up data security?! I'd be gone so fast the shockwave would pull the vault door off it's hinges.

     

    reply to this | link to this | view in thread ]

  17.  
    icon
    Kyote (profile), Sep 29th, 2009 @ 2:15pm

    Maybe because of the publicity?

    Maybe they mean the points moot because knowledge of their screw up has gotten out to the 'general population'. Meaning us...

    Once they realized someone noticed, and that their clients might have heard about their screw up, they decided to contact them all, as they should have in the first place. Now their hoping to avoid further potential legal damages by getting the account reactivated.

    I'm just throwing another idea out there everyone. I don't know this is the reason. But it seems reasonable.

     

    reply to this | link to this | view in thread ]

  18.  
    icon
    The Infamous Joe (profile), Sep 30th, 2009 @ 10:33am

    Re: Maybe because of the publicity?

    I find this most likely. They were hoping to pretend it never happened, and when it got out to the general population, they had to fix it the right way.

    In any event, the only thing I learned from this is that RMB is run by a bunch of douche canoes.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Ross Walker, Oct 7th, 2009 @ 12:08pm

    Seems this bank has a history of bad practice

    If this is the same bank as:

    http://www.fdic.gov/bank/individual/enforcement/2009-04-06.pdf

    Then God help 'em cause the Feds sure won't.

    -Ross

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Don, Oct 9th, 2009 @ 7:16pm

    You missed the point

    I think you all have missed the point. The question is - why did the bank use an inherently insecure protocol to transfer their customers' private information over? Do they not have to abide by SOX laws?

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    newest jordan shoes, Nov 9th, 2010 @ 12:53am

    newest jordan shoes

    Hey dear your blog is very much rocking and stunning. This blog has main attraction and high quality features.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This