Goldman Sachs Asks Court To Have Google Delete An Email With Client Info; Google Blocks Access To The Email

from the this-again dept

Five years ago, we wrote a story about how Rockey Mountain Bank in Wyoming accidentally sent a bunch of confidential information to the wrong Gmail account, then took Google to court to try to find out who received the email. Google demanded a court order first, leading a judge to (ridiculously) order the company to shut down the entire email account. It appears that something somewhat similar may have just happened with a more recognizable bank name: Wall Street giant Goldman Sachs went to court recently to order Google to delete an errant email containing confidential client information. According to the filing (which most news sites haven't posted, for reasons unknown):
On June 23, 2014, an employee of the consulting firm was testing changes to Goldman Sachs’s internal reporting and validation process. The employee intended to send a copy of the internal report to the email address provided to her by Goldman Sachs, which is in the form “[first name].[last name]@gs.com,” but instead mistakenly sent a copy of the internal report to an address in the form “[first name].[last name]@gmail.com.” She is not the owner of the gmail address.

The mistakenly sent email contains certain account and client related information (the “Confidential Client Information”). Goldman Sachs’s clients have a right to maintain the confidentiality of the Confidential Client Information. Furthermore, Goldman Sachs has an obligation to protect the privacy of its customers’ confidential information.

Goldman Sachs has made efforts to retrieve, have deleted or otherwise protect the mistakenly sent Confidential Client Information. As part of those efforts, on June 26, 2014, Goldman Sachs sent an email to the gmail address to which the information was mistakenly sent requesting that it be promptly deleted and that the recipient confirm in writing that s/he had done so. There has been no response.
Goldman also contacted Google directly, and as in the Rocky Mountain case, Google told Goldman to go to court first. Late yesterday, Goldman Sachs noted that Google has told the company that it has blocked access to that particular email and that the email in question had not yet been accessed by anyone. It appears that Google did this despite the lack of a court order, which may seem a bit questionable. Given the nature of the situation, and the fact that Goldman has actually gone to court and requested this, it does seem a bit more reasonable that Google agreed to at least temporarily block access to that particular email until a court decides if it needs to continue blocking it permanently.

Reader Comments (rss)

(Flattened / Threaded)

  •  
    icon
    amoshias (profile), Jul 3rd, 2014 @ 9:10am

    Think about it for a minute...

    Let's assume that google peeked into the account to look at its last accessed date. It hadn't been accessed since June 23; that means it probably hadn't been accessed for far longer than that.

    If Google sees that this is a dead account, and GS has already gone to court, there's no real harm done here. Yes, we'd prefer that Google fought to the last ounce of blood; yes, this worries us about what google might do if it were a LIVE account. However, at its heart there's nothing wrong with Google looking at the situation and acting reasonably about it; it's what I'd recommend were I advising them.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Michael, Jul 3rd, 2014 @ 9:17am

      Re: Think about it for a minute...

      there's no real harm done here

      I'd prefer that Google not mess with my email regardless of how long it has been since I last accessed it.

      How specifically would you define a "live" account? Is there a cut-off date in the Gmail TOS that I have not noticed that makes my inactivity indicate that I don't care if they stop me from accessing email sent to me?

      Now, this is Google, and it is their service, and they have the right to do things like this (their TOS lets them prevent you from accessing anything they want), but it is bad form for a service provider.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Jul 3rd, 2014 @ 9:33am

        Re: Re: Think about it for a minute...

        Indeed, as soon as Google starts digging into an account holder's specific emails to locate and block - it opens the door to further abuses.

        It's just a matter of time before our government starts "accidentally" sending messages to people they don't like, and then requesting that Google freeze or otherwise go through their email boxes and block the emails that they "accidentally" sent for "reasons".

        How long before this becomes such a huge problem that the government simply seeks the power to do this on their own?

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Michael, Jul 3rd, 2014 @ 9:43am

          Re: Re: Re: Think about it for a minute...

          That seems a little paranoid to me, Google seems to usually do a pretty good job of not letting blatant abuse happen like that, but I still think this is not a good idea for them.

          Now, if they wanted to implement an "email recall" that actually worked and give people the ability to cancel an email that has not yet been read - great. This would be a nice feature for email, but doing one-offs like this for a big company is sketchy.

           

          reply to this | link to this | view in chronology ]

          •  
            identicon
            Anonymous Coward, Jul 3rd, 2014 @ 9:54am

            Re: Re: Re: Re: Think about it for a minute...

            Given what we've learned over the last year, is there any reason not to be paranoid?

             

            reply to this | link to this | view in chronology ]

            •  
              identicon
              Michael, Jul 3rd, 2014 @ 9:58am

              Re: Re: Re: Re: Re: Think about it for a minute...

              The tinfoil hat may increase your likelihood of being hit by lightning.

               

              reply to this | link to this | view in chronology ]

              •  
                icon
                DannyB (profile), Jul 3rd, 2014 @ 10:44am

                Re: Re: Re: Re: Re: Re: Think about it for a minute...

                > The tinfoil hat may increase your likelihood of being hit by lightning.

                Not if you are also paranoid of getting hit by lightning.

                Paranoia of being hit by lightning is every bit as sound and reasonable as being paranoid of NSA (and foreign) spying, corporate spying, corporate power and government corruption.

                 

                reply to this | link to this | view in chronology ]

          •  
            icon
            DannyB (profile), Jul 3rd, 2014 @ 10:41am

            Re: Re: Re: Re: Think about it for a minute...

            > That seems a little paranoid to me

            It used to be that those who seemed a little paranoid were the ones to consider as crazy.

            The world has changed. Now the people who say "it seems a little paranoid" are the crazy ones in denial of reality.

            The ongoing revelations of reality far and vastly exceeded even the most wild paranoid ravings prior to about 14 months ago.

            No offense intended, just sayin'

             

            reply to this | link to this | view in chronology ]

          •  
            identicon
            Anonymous Coward, Jul 4th, 2014 @ 4:26am

            Re: Re: Re: Re: Think about it for a minute...

            It's not paranoia if they are out to get you!

             

            reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jul 3rd, 2014 @ 1:18pm

      Re: Think about it for a minute...

      no real harm done here.

      Google has been haled into court, and they must pay their attorneys. Those attorneys might have been occupied in other matters if they were not spending time on this Goldman Sachs affair.

      Google has been damaged.

      Perhaps they had to fly one of their attorneys across the country to appear. Should Google have to pay that airfare? Google did no wrong. Goldman Sachs should pay that money.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jul 3rd, 2014 @ 9:13am

    Confidential Paragraph

    Could someone leave a link where it would show whether those "confidential" paragraphs at the bottom of an email are binding? I don't see how anyone can demand a 3rd party delete, remove, not forward, etc... an email they received incorrectly.

    Wouldn't it be along the lines of not having to pay for items delivered to you that you never requested? Its yours and you can do with it what you want.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jul 3rd, 2014 @ 9:13am

    So if I work for one of these banks and I want an E-Mail account taken down (for political or revenge or whatever reasons) all I have to do is send 'confidential' information to it and suddenly I can have a court shut down the E-Mail address of anyone I want. Sounds like a nice denial of service attack.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jul 3rd, 2014 @ 9:17am

      Re:

      (well, at least in this case it appears the entire E-Mail account wasn't shut down so that's an improvement).

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    sophisticatedjanedoe (profile), Jul 3rd, 2014 @ 9:15am

    Interestingly, I've been receiving mistargeted (Russian names are easy to confuse, right?) emails from a Dominican bank. First I thought it was a spam, but it turned out to be real. Transactions and stuff. I notified the bank a couple of times, but no one there seemed to care, so I simply setup a delete filter...

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jul 3rd, 2014 @ 9:20am

      Re:

      Contact the person the transactions are regarding (if you can?) and I guarantee you will find someone that cares.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    sophisticatedjanedoe (profile), Jul 3rd, 2014 @ 9:18am

    Now I know that this email is valuable! Any tips how to blackmail a financial institution without being caught are appreciated.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Michael, Jul 3rd, 2014 @ 9:34am

      Re:

      Tip #1: Don't announce you are planning to do it in the comments on a blog.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        orbitalinsertion (profile), Jul 3rd, 2014 @ 9:41am

        Re: Re:

        Hah, just tell the bank they owe their customer some monetary compensation for behaving carelessly with their confidential information, and that you require reporting and facilitating fees.

         

        reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jul 3rd, 2014 @ 9:35am

      Re:

      To not get caught -
      Step 1 - don't ask for advice on how to commit a crime on a public website.

      Step 2 - If you fail to perform step 1, by all means, do not mention that you have a Russian name, or that the institution you plan on blackmailing is a Dominican bank.

      Step 3 - do not mention that you already notified the bank multiple times regarding their error.

      Step 4 - If you've failed to perform steps 1, 2, and 3 - After sending your blackmail notice, please walk into your nearest law enforcement office and turn yourself in. You have no hope of getting away.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Michael, Jul 3rd, 2014 @ 10:00am

      Re:

      Don't leave your Facebook account logged in when you leave the drop off location.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      sophisticatedjanedoe (profile), Jul 3rd, 2014 @ 11:21am

      Re:

      Oops: I see what I've done here. My bad: it was meant as a joke unrelated to the Dominican bank. Should have started "Yesterday I received a strange email from Goldman Sachs..."

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      CrushU, Jul 7th, 2014 @ 12:20pm

      Re:

      First step is to not request help on blackmailing a financial institution in a public forum...

      ;)

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jul 3rd, 2014 @ 9:45am

    Goldman Sucks

    1. they outsourced work to some computer illiterate who thinks Goldman Sachs uses gmail

    2. confidential information was sent via _un_ encrypted email to an unverified account

    3. they take the mail provider to court

    4. ?

    5. Profit

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Berenerd (profile), Jul 3rd, 2014 @ 10:18am

      Re: Goldman Sucks

      #2 is what I am more appalled at. Really? Sending confidential email via a insecure method? Forget the fact that they are automating it?

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jul 3rd, 2014 @ 10:49am

    Recklessness

    It is reckless to send "highly confidential client information" in plaintext, without routine encryption.

    It's widely known that internet email transmission occurs hop-by-hop, over channels and through servers which are controlled by neither sender nor recipient. The vulnerability of email to eavesdropping has been well-discussed.

    PGP was initially released in 1991, and other products with similar capabilities have been available for years. Thus, failure to use those encryption products cannot be attributed to lack of availabile software.

    Sending highly confidential information over internet email without encryption is reckless.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Eldakka (profile), Jul 3rd, 2014 @ 7:24pm

      Re: Recklessness

      1) It was an email that was SUPPOSED to be destined for another GS employee being sent from a GS employee.

      2) Most medium/large (and small) organisations have their own, internal, email servers, such that if an employee sends an email to another employee, that email never leaves the departmental network to go over 'the internet', therefore doesn't need encryption.

      3) In most large organisations that are multi-site (e.g. banks with many remote branches etc), or that closely deal with other organisations interchanging sensitive data (e.g. government departments communicating with other government departments), there are internal routing policies that send, say, emails destined for particular endpoints to hardware VPN routers, that have encrypted secure VPNs to the other organisation/office, therefore the data is fully encrypted before it leaves the organisation, sends it across the internet fully encrypted, till it hits the destination organisation/office, which routes it to its own internal hardware VPN encrypting service based on the source, then decrypts it before putting it into the receipients mailbox. All fully/highly encrypted, all transparent to the end-users.

      4) There is no protecting against a stupid f*ckup by an obviously incompetent moron who manages to bypass all that encryption by sending it to gmail which would not be in the "forward to encrypting VPN service to use secure tunnel to other office" routing rules.

      This f*ckup shows that no matter how you try to insulate the 'dumb average' user from the complexities of technology (in this case encryption) by putting in transparent encryption systems, in the end if you want a (relatively) secure system, you should't be insulating the user and relying on transparent VPN'ing, you should be teaching them how to encrypt their emails 'manually', thus teaching them to always manually encrypt any email they think is sensitive (but then you've gotta train them on identifying what is sensitive too!), or any email they aren't sure whether it's sensitive or not, before sending. Thus if it's sent to the right place it get's a 2nd level of encryption via the VPN, or if it's sent to the wrong place then at least the receipient can't open it due to the manual encryption.

      But as we all know, the average user is either too f*king stupid (abot 30% of the users out there) or too f*king lazy (about 68% of the users out there) to learn and do this.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Jul 3rd, 2014 @ 7:47pm

        Re: Re: Recklessness

        It was an email that was SUPPOSED to be destined for another GS employee being sent from a GS employee.

        Not so.

        Note paragraphs 1 and 7 of the complaint embedded above.

        From para 1:
        ... an outside consultant for Goldman Sachs...
        From para 7:
        On June 23, 2014, an employee of the consulting firm...

        There's a significant difference between a regular Goldman Sachs employee compared with an employee of a consulting firm employed by Goldman Sachs. The complaint does not allege that an internal employee was following internal procedures for internal mail. Rather, an outside consultant would normally be expected to use external procedures.

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Jul 5th, 2014 @ 8:19am

          Re: Re: Re: Recklessness

          It is quite likely that the contractor was given VPN access and an account on the local domain or was even working on site at GS on their internal network. Furthermore, this mistake was likely caused by an autocomplete failure that was not caught until after the message was sent. That said, although there are specific situations where email CAN be secure, such as mail that never leaves the network, mistakes like this make it way too easy to compromise that security, and for that reason alone sensitive information should never be sent through email anyway as a matter of best practices.

           

          reply to this | link to this | view in chronology ]

  •  
    icon
    DannyB (profile), Jul 3rd, 2014 @ 10:55am

    What precedent does this set?

    Now other corporate parties will want Google to un-send emails? These requests will be for things of increasingly less importance.

    First corporations will demand a direct, automatated access to un-send emails sent by anyone whose email address they know of.

    Because of the controversy this will create, the EU will pass a law recognizing a basic human right to un-send emails.

    The French and/or maybe Germans will pass a law requiring Google by force of law to make people be able to un-read and un-remember emails they already read. Legislators and Judges will think this is all quite reasonable.

    After all, it's Google's email service, they will argue. (The french won't even bother with the pretense of an argument -- it will be to preserve french culture.)

    If you think this sounds crazy, you haven't been following along here for the last decade.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jul 3rd, 2014 @ 11:08am

      Re: What precedent does this set?

      Now other corporate parties will want Google to un-send emails?

      No. Don't be ridiculous. This special favor is only available to corporations with over a billion dollars. Maybe even ten billion dollars. A hundred billion? Somewhere in there. At any rate, it's an exclusive club.

      Not kidding. That's how the world works.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        DannyB (profile), Jul 3rd, 2014 @ 11:13am

        Re: Re: What precedent does this set?

        > This special favor is only available to corporations with over a billion dollars
        > Not kidding. That's how the world works.

        Sorry to disagree, but you're wrong. Very wrong.

        This special favor is only available to ANYONE who can find a judge crazy enough to give them the force of law make Google un-send emails, or get Google to make other people un-read and un-remember the emails already read.

        Not kidding. That's how the world works.

        Yes, really. Conformity to reality not required. Just ask copyright holders. Look at the outrageous DMCA which now seems reasonable compared to SOPA.

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Jul 6th, 2014 @ 7:50am

          Re: Re: Re: What precedent does this set?

          I think his point is it is much easier to find a corrupt or crazy judge that will bend the law to do your bidding when you are a corporation with billions of dollars.

           

          reply to this | link to this | view in chronology ]

  •  
    icon
    ArkieGuy (profile), Jul 3rd, 2014 @ 11:02am

    An ID-10-T error if I've ever seen one....

    1 - you don't "test" with live client data!
    2 - Would GS expect to be able to call the USPS and say "ummm, we mailed a statement to the wrong user, will you make sure it isn't delivered for us?"
    3 - you don't "test" with live client data!!
    4 - email should NEVER be assumed to be secure during transit unless you fully encrypt it
    5 - you don't "test" with live client data!!!
    6 - Once you've sent it to the wrong address, YOU sent it to the wrong address.
    7 - see steps 1, 3 and 5!!!!

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    David, Jul 3rd, 2014 @ 11:10am

    I don't have much of a problem with this.

    Presumably the email contain legally sensitive data, and the Bank could have a fully legitimate legal requirement/duty to request this.

    The account wasn't shut down.

    Google required a court order

    Only a specific message FROM THE BANK was checked and deleted.

    The Bank did not get any information about the account holder, other emails, etc.

    Where I to receive a court order to do this on my mail server, I would take similar actions.

    And if you're wondering about Google looking at your e-mails, then maybe you better use something else. If you don't trust your email administrator (local or hosted), you get another one.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      DannyB (profile), Jul 3rd, 2014 @ 11:14am

      Re: I don't have much of a problem with this.

      I don't have a problem with this instance.

      But I do have a problem with the precedent it sets.

      Where this will lead, and where it ends up is not a good place.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        David, Jul 3rd, 2014 @ 12:23pm

        Re: Re: I don't have much of a problem with this.

        Well, if the precedent is that only a single email can be deleted by the original sender under court order, that's not too bad as we agree. It's if someone thinks it sets more of an expansive precedent, then we all have a problem.

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Jul 3rd, 2014 @ 12:29pm

          Re: Re: Re: I don't have much of a problem with this.

          only a single email can be deleted by the original sender under court order

          How much compensation should the court order Goldman Sachs to pay Google for the service?

          Bear in mind that Goldman Sachs did not take the measures which were within their control to encrypt the email. If Goldman Sachs had not been so reckless, the action by Google would have been unnecessary.

          How much should Goldman Sachs pay Google for salvaging their reckless course?

           

          reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Jul 6th, 2014 @ 7:37am

        Re: Re: I don't have much of a problem with this.

        I have a problem with this because sometimes stupidity needs to hurt in order for the stupid to learn. This is one of those times. Sensitive information should never be sent via email, even internally. Period. A secure internal system needs to be implemented for this type of information that prevents this sort of mistake from occurring. Allowing them to get away with un sending a message means they likely won't learn a damned thing from the mistake and continue the same bad practices in the future.

         

        reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jul 3rd, 2014 @ 11:20am

      Re: I don't have much of a problem with this.

      the Bank could have a fully legitimate legal requirement

      If the bank is legally required to ensure that the information is only accessed by the intended recipient, then why isn't the bank routinely taking reasonable measures within their control? Why isn't the banking routinely encrypting email so that it can only be read by the intended recipient?

      Alternatively, if the bank doesn't have real duty sufficient to require encryption, then they don't have a real duty.

      The bank is capable of encrypting email so that only the recipient can read it. It's not a lack of capability. The bank is in control of whether they choose to take reasonable measures on a routine basis or not.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        David, Jul 3rd, 2014 @ 12:25pm

        Re: Re: I don't have much of a problem with this.

        Yes, the bank was stupid - and depending on the information, there could still be some liability there. I've worked with HIPAA places, and they don't send anything sensitive via email. They may send a notification of "log in our web site so you can see this important stuff!", but that's it.

         

        reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Jul 3rd, 2014 @ 2:04pm

        Re: Re: I don't have much of a problem with this.

        The bank is capable of encrypting email so that only the recipient can read it. It's not a lack of capability.

        What happens when a bank demand that their clients set up to receive encrypted emails, and provide them with the necessary keys, and use the banks key to send emails to the bank. Note the more senior a person is in a company the more resistant they are to any inconveniences in their secretaries use of technology.

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Jul 3rd, 2014 @ 2:17pm

          Re: Re: Re: I don't have much of a problem with this.

          What happens when a bank ...[?]
          I'm sorry, I don't understand whether you're asking a question or making some kind of statement. If you are indeed asking a question, would you please rephrase it?

           

          reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jul 3rd, 2014 @ 11:49am

      Re: I don't have much of a problem with this.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Jul 3rd, 2014 @ 11:52am

        Re: Re: I don't have much of a problem with this.

        WTF happened...

        Anyhow, I was going to ask: What if this was physical mail? Would you be OK with USPS coming back to your house, opening your mailbox, and removing mail that was addressed to you just because some corporation realized after-the-fact, that they didn't want to send it?

        What you're suggestion is insane - that corporations can decide AFTER THEY'VE SENT SOMETHING, that they made a mistake and can take it back by going crying to a judge and asking for some order forcing an unbiased 3rd party to interject and create distrust with their customers.

        It sounds like for you, a "court order" is good enough to not ask questions, and I guess that's your opinion, but this sets some seriously bad precedent.

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          David, Jul 3rd, 2014 @ 12:32pm

          Re: Re: Re: I don't have much of a problem with this.

          USPS has a worse problem, in that they mis-route mail that's addressed correctly. It's pretty rare that an e-mail will fall into the wrong Inbox.

          You are also forgetting that the USPS effectively owns your mailbox. So there's nothing preventing them from doing something like that even without a court order (doubtful it would be effective, since you probably pick up your mail long before a court order would get through). And once you get your mail out of the mailbox, it's out of the USPS hands. So, basically, it's possible a court COULD order that, but it's more unlikely to be effective.

           

          reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Jul 3rd, 2014 @ 1:43pm

          Re: Re: Re: I don't have much of a problem with this.

          a "court order" is good enough to not ask questions, and I guess that's your opinion

          The document embedded at the top, though, is not a court order.

          It is a summons, demanding that a corporation headquartered in California appear in a court in New York.

          Do the airlines give away free airfare? If one of Google's attorneys, meaning to fly from California to New York, mistakenly buys a ticket to Miami, and gets on the plane, and then gets somewhere over flyover country before realizing his mistake... is the airline on the hook to turn the plane around, or divert it?

          Surely the airline is not kidnapping the confused passenger. The airline would not be at fault.

          Who pays?

           

          reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Jul 4th, 2014 @ 12:42am

          Re: Re: Re: I don't have much of a problem with this.

          What if this was physical mail?

          There's no question that a physical letter is tangible, movable property. If someone wrongfully has possession of that chattel, then that specific item may be recovered.

          But Goldman Sachs presumably does not want to recover the actual electrons or photons that were sent. Even if they did, those electrons or photons are not physically distinguishable.

          Goldman Sachs has no rightful claim to the physical disks or other tangible media which stores the intangible information.

           

          reply to this | link to this | view in chronology ]

    •  
      icon
      Craig Welch (profile), Jul 4th, 2014 @ 5:02am

      Re: I don't have much of a problem with this.

      What are 'legally sensitive data', as opposed to 'sensitive data'?

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Jul 4th, 2014 @ 10:16am

        Re: Re: I don't have much of a problem with this.

        What are 'legally sensitive data', as opposed to 'sensitive data'?

        Not answering your question (I didn't make the assertion), but on a related note...

        I understand that New York has NOT enacted the Uniform Trade Secret Act (UTSA).

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jul 3rd, 2014 @ 11:14am

    Once delivered, the courts are impotent.

    Doesn't matter whether the mail was addressed wrong or not, once it is delivered, you are under no obligation to act in any particular way. Goldman Sachs could bluster and bellow all they like, they would have no standing. Same with spam that says "confidential information" at the bottom.

    However, if you want to assert that right you may need a mail client that downloads to your local system.

    And, of course, you would need to receive it in the first place. Which is why Google even enters the picture; the mail wasn't delivered (accessed) yet.

    And re the Dominican bank emails, talking to the bank more than once is obviously the wrong thing. Well, naming the bank publicly and then emailing them to point to said public naming might get a response. Also, notifying the "correct recipient" of the bank's error might get a response from the bank once said customer raises a stink. Of course, notifying the bank in google-translated spanish is also a possibility. Their CS people might just be monolingual to enhance account security!

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jul 3rd, 2014 @ 12:29pm

    "Given the nature of the situation, and the fact that Goldman has actually gone to court and requested this, it does seem a bit more reasonable that Google agreed to at least temporarily block access to that particular email until a court decides if it needs to continue blocking it permanently."

    Ahhh... as expected, toward the end, some weasel words from Mike. If this had been anyone else but the Googlez, they would have been crucified.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    afn29129 (profile), Jul 3rd, 2014 @ 12:38pm

    auto- forwarding

    So you have a Gmail email account and it's not set to automatically forward to some other email account, thence
    retrieved to a computer/etc under you direct control as soon as possible. So much for living 'in the cloud'. Had the Gmail account holder done such a configuration then sender would of been quite SOL!.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    davep, Jul 3rd, 2014 @ 1:17pm

    Note: the article said that Google blocked access to this ONE particular email. Google did not block access to the account.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    John Fenderson (profile), Jul 3rd, 2014 @ 1:59pm

    Beating the drum

    Yet another point of evidence that it is a mistake to trust third parties to handle important data such as email.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jul 3rd, 2014 @ 10:09pm

    Stored Communications Act

    The Stored Communications Act is notoriously tricky. See Orin S. Kerr's 2004 article, "A User's Guide to the Stored Communications Act, and a Legislator's Guide to Amending It".
    ... courts, legislators, and even legal scholars have had a very hard time understanding the method behind the madness of the SCA. The statute is dense and confusing...


    But, in the situation at hand, it's necessary to remember that Google does not have complete freedom to just "return" to some third party an email sent between two other parties.

    18 U.S.C. 2702 -- Voluntary disclosure of customer communications or records
    (a) Prohibitions.-- Except as provided in subsection (b) or (c)--
    (1) a person or entity providing an electronic communication service to the public shall not knowingly divulge to any person or entity the contents of a communication while in electronic storage by that service; and
    . . . .

    (b) Exceptions for disclosure of communications.-- A provider described in subsection (a) may divulge the contents of a communication--
    (1) to an addressee or intended recipient of such communication or an agent of such addressee or intended recipient;
    (2) . . . .
    (3) with the lawful consent of the originator or an addressee or intended recipient of such communication, or the subscriber in the case of remote computing service;
    . . . .

    If Goldman Sachs were simply asking for the destruction of their outside consultant's misdirected email, it wouldn't implicate the SCA's "knowingly divulge". But Goldman Sachs is asking for the email's "return". Presumably, they believe that they're the "intended recipient" of the email which their outside consultant wrote.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jul 4th, 2014 @ 4:46am

    Wrong target

    What should happen is that GS files a suit against the recipient to not disclose the information. Not against Google!
    Google could - maybe, at most - be asked to help GS in identifying the recipient, but I'm not sure they would be much help (depends on the info in the account).

    And the fact that GS has that obligation to keep confidential information out of the wrong hands? Yeah, right, they screwed up! Their mistake, their problem, their lawsuit for negligence... not Google's.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jul 4th, 2014 @ 1:00pm

    Google is dead.

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
Advertisement
Essential Reading
Techdirt Deals
Techdirt Insider Chat
Techdirt Reading List
Advertisement
Recent Stories
Advertisement
Support Techdirt - Get Great Stuff!

Close

Email This

This feature is only available to registered users. Register or sign in to use it.