Google, Rocky Mountain Bank Ask Judge To Restore Deactivated Gmail Account

from the bring-'er-back dept

Last week, we noted that a court had ordered Google to shut down a Gmail account of a user who had accidentally been emailed confidential information by Rocky Mountain Bank. The two companies have now both asked the judge to reinstate the Gmail account, saying that the original request is now “moot.” The article notes that the judge has adjourned the case until next week, so the account will remain deactivated until then. Still, it’s not at all clear why the issue is now “moot.” Did Google delete the email in question? Was it determined that the account itself was dormant? It would seem like these details are relevant, and not anything that would need to be hidden.

Filed Under: , , ,
Companies: google, rocky mountain bank

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Google, Rocky Mountain Bank Ask Judge To Restore Deactivated Gmail Account”

Subscribe: RSS Leave a comment
21 Comments
slackr (profile) says:

Moot Smoot

Regardless of how moot, obviously it is in the best interests (now) to try and make this terrible decision “go away”. I’m glad that the judge has adjourned it and I hope in the interveening time both parties are forced to disclose why suddenly they’ve had a change of heart.

If it was a technical issue and Google was able to act without this court drama then good, we’ll know for next time. However it is very disturbing how this case played out so easily without any involvement of the person who’s account was in question!

ChurchHatesTucker (profile) says:

Re: Moot Smoot

“If it was a technical issue and Google was able to act without this court drama then good, we’ll know for next time”

How is it a ‘technical issue?’ It was a data security issue. From the start. The court basically impounded a cab because some doofus might have left his wallet there.

Yes, good that the court is undoing the damage it wrought. But not exactly a shining moment in jurisprudence.

Anonymous Coward says:

Tricky Problem

At what point does a person’s individual rights run up against “the common good”? A lot of law is about this issue.

In this case, the judge has to measure the inconvenience of temporarily locking down a single, free, consumer-level, non-SLA’d email account against the possible substantial and widespread financial damage to a very large group of other people, resulting from an accident at the bank.

With electronic data, you have to act quickly or not at all. This buys Google enough time to run the logs to see if that data has spread (ie: has anyone/anything accessed the account, has the account forwarded the data). If the data has been SMTP’d, POP’d, or IMAP’d, locking the account is moot. If not and Google deletes the data, locking the account is also moot.

No offense to the account holder, but if *my* data was in that pile, I’d prefer that their account be temporarily locked, while the data is tracked and removed.

And the bank would be hearing from my lawyer.

ChurchHatesTucker (profile) says:

Re: Tricky Problem

“In this case, the judge has to measure the inconvenience of temporarily locking down a single, free, consumer-level, non-SLA’d email account against the possible substantial and widespread financial damage to a very large group of other people, resulting from an accident at the bank.”

Is the sky blue in your world?

Here on earth, once the data was compromised, it was (say it with me) COMPROMISED. You have to assume you sent it to Osama Bin Laden and act accordingly. The fact that Rocky Mountain Bank wasted time with this, and the fact that the judge did likewise, undermines the credibility of both. I sure as shit won’t be setting up an account with RMB any time soon.

Nick Coghlan says:

Bolted. Gate. Horse.

If the email was encrypted then there should never have been a problem.

If the email was not encrypted, then shutting down the Google account achieved nothing. Every SMTP relay that the email hit between the bank and Google would also have a copy of the data. If the user had already downloaded the email via POP or IMAP (or just saved the attachment), then they would have a local copy in addition to the copy on Google’s servers.

Purging records is remotely conceivable in the context of a corporate intranet. On the general internet? Pointless waste of time.

bd_ says:

Re: Bolted. Gate. Horse.

@Nick: Although in theory emails passing through SMTP are loggable as you mention, in practice intermediate SMTP servers delete queued mails more or less immediately after relaying. Sure, it’s even then _possible_ to retrieve it, but it’s the kind of thing that requires both lots of effort, and knowledge that it did pass through your particular server.

Moreover, the only SMTP servers likely to be involved in this are those of the bank, and those of google, so all parties that would need to be involved with scrubbing them are already involved.

John Duncan Yoyo (profile) says:

Re: Re: Bolted. Gate. Horse.

Yep once that genii is out of the bottle you can’t stuff it back in.

The bank needs to assume that the file has escaped and is in the wrong hands regardless of what they think they know. If the file has escaped they are doing what they need to do and if the file hasn’t escaped they have taken prudent action where they can’t be 100% certain.

Lisae Boucher (profile) says:

Maybe...

Maybe the owner of the account finally replied to his emails. It could be that he complained to Google about this misconduct by this Judge on behalf of some bank who failed to keep it’s secrets a secret. Just imagine what could happen if the owner starts to file for damages simply because this bank “forced” his account to be closed! He was never responsible for this error and should never suffer from the irresponsibilities of this bank!

Still, it amazes me that the recipient never published this data in any way, nor did he ever draw attention to himself. Or maybe he finally did, to Google and this bank, threatening some legal actions against these two for violating his privacy, first amendment rights and whatever more. Losing 1300 account records is bad, losing a lot more in damages for some civil case would really be worse. I think this bank already has more than enough damage to it’s reputation and therefor wants to stop it.

Lonzo5 (profile) says:

Moot

I’m not sure how deactivating the account was expected to help things. Either the email was read by the recipient, or it was not. Meanwhile, what if someone cracked the WPA key to the recipient’s Wifi? Bluejacked his smartphone? What if he simply wrote down his password somewhere in his office, and now a malicious coworker has access to his account? It doesn’t matter– the damage has been done; the people whose information has been leaked should be informed, their account information changed. The information sent to that gmail should -no longer be useful-.

another mike (profile) says:

violation of every information security policy known

Why was RMB able to send critical sensitive financial data out of their systems at all? And not only send it out, but e-mail it out as an attachment to an unsigned unencrypted free e-mail account. And to top it off, they typoed the address to send it to the wrong person!

Rocky Mountain Bank’s account holders need to seriously reconsider their choice of financial services partner. I’ve changed banks simply because I didn’t like their color scheme. But to so thoroughly screw up data security?! I’d be gone so fast the shockwave would pull the vault door off it’s hinges.

Kyote (profile) says:

Maybe because of the publicity?

Maybe they mean the points moot because knowledge of their screw up has gotten out to the ‘general population’. Meaning us…

Once they realized someone noticed, and that their clients might have heard about their screw up, they decided to contact them all, as they should have in the first place. Now their hoping to avoid further potential legal damages by getting the account reactivated.

I’m just throwing another idea out there everyone. I don’t know this is the reason. But it seems reasonable.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...