Google, Rocky Mountain Bank Ask Judge To Restore Deactivated Gmail Account

from the bring-'er-back dept

Last week, we noted that a court had ordered Google to shut down a Gmail account of a user who had accidentally been emailed confidential information by Rocky Mountain Bank. The two companies have now both asked the judge to reinstate the Gmail account, saying that the original request is now "moot." The article notes that the judge has adjourned the case until next week, so the account will remain deactivated until then. Still, it's not at all clear why the issue is now "moot." Did Google delete the email in question? Was it determined that the account itself was dormant? It would seem like these details are relevant, and not anything that would need to be hidden.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: confidential information, court order, deactivated, email
Companies: google, rocky mountain bank


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    ChurchHatesTucker (profile), 28 Sep 2009 @ 4:42pm

    What?

    "Still, it's not at all clear why the issue is now "moot." "

    Because it was *always* moot. Once the info was compromised, it was... what's the word? Let me think... Oh yeah... Compromised! You can't get the bits back.

    link to this | view in chronology ]

  • icon
    slackr (profile), 28 Sep 2009 @ 4:49pm

    Moot Smoot

    Regardless of how moot, obviously it is in the best interests (now) to try and make this terrible decision "go away". I'm glad that the judge has adjourned it and I hope in the interveening time both parties are forced to disclose why suddenly they've had a change of heart.

    If it was a technical issue and Google was able to act without this court drama then good, we'll know for next time. However it is very disturbing how this case played out so easily without any involvement of the person who's account was in question!

    link to this | view in chronology ]

    • icon
      ChurchHatesTucker (profile), 28 Sep 2009 @ 5:00pm

      Re: Moot Smoot

      "If it was a technical issue and Google was able to act without this court drama then good, we'll know for next time"

      How is it a 'technical issue?' It was a data security issue. From the start. The court basically impounded a cab because some doofus might have left his wallet there.

      Yes, good that the court is undoing the damage it wrought. But not exactly a shining moment in jurisprudence.

      link to this | view in chronology ]

  • icon
    Chris Charabaruk (profile), 28 Sep 2009 @ 4:59pm

    If the account is dormant, why bother reactivating it?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Sep 2009 @ 6:01pm

    Tricky Problem

    At what point does a person's individual rights run up against "the common good"? A lot of law is about this issue.

    In this case, the judge has to measure the inconvenience of temporarily locking down a single, free, consumer-level, non-SLA'd email account against the possible substantial and widespread financial damage to a very large group of other people, resulting from an accident at the bank.

    With electronic data, you have to act quickly or not at all. This buys Google enough time to run the logs to see if that data has spread (ie: has anyone/anything accessed the account, has the account forwarded the data). If the data has been SMTP'd, POP'd, or IMAP'd, locking the account is moot. If not and Google deletes the data, locking the account is also moot.

    No offense to the account holder, but if *my* data was in that pile, I'd prefer that their account be temporarily locked, while the data is tracked and removed.

    And the bank would be hearing from my lawyer.

    link to this | view in chronology ]

    • icon
      ChurchHatesTucker (profile), 28 Sep 2009 @ 6:34pm

      Re: Tricky Problem

      "In this case, the judge has to measure the inconvenience of temporarily locking down a single, free, consumer-level, non-SLA'd email account against the possible substantial and widespread financial damage to a very large group of other people, resulting from an accident at the bank."

      Is the sky blue in your world?

      Here on earth, once the data was compromised, it was (say it with me) COMPROMISED. You have to assume you sent it to Osama Bin Laden and act accordingly. The fact that Rocky Mountain Bank wasted time with this, and the fact that the judge did likewise, undermines the credibility of both. I sure as shit won't be setting up an account with RMB any time soon.

      link to this | view in chronology ]

  • identicon
    cos, 28 Sep 2009 @ 6:13pm

    Perhaps the confidential info is now outdated enough to be harmless.

    link to this | view in chronology ]

  • icon
    Pangolin (profile), 28 Sep 2009 @ 6:16pm

    Perhaps it was more widely sent...

    Perhaps it was more widely sent than to just this single account or perhaps the recipient was the INTENDED one?

    link to this | view in chronology ]

  • identicon
    Nick Coghlan, 28 Sep 2009 @ 8:08pm

    Bolted. Gate. Horse.

    If the email was encrypted then there should never have been a problem.

    If the email was not encrypted, then shutting down the Google account achieved nothing. Every SMTP relay that the email hit between the bank and Google would also have a copy of the data. If the user had already downloaded the email via POP or IMAP (or just saved the attachment), then they would have a local copy in addition to the copy on Google's servers.

    Purging records is remotely conceivable in the context of a corporate intranet. On the general internet? Pointless waste of time.

    link to this | view in chronology ]

    • identicon
      bd_, 28 Sep 2009 @ 9:29pm

      Re: Bolted. Gate. Horse.

      @Nick: Although in theory emails passing through SMTP are loggable as you mention, in practice intermediate SMTP servers delete queued mails more or less immediately after relaying. Sure, it's even then _possible_ to retrieve it, but it's the kind of thing that requires both lots of effort, and knowledge that it did pass through your particular server.

      Moreover, the only SMTP servers likely to be involved in this are those of the bank, and those of google, so all parties that would need to be involved with scrubbing them are already involved.

      link to this | view in chronology ]

      • icon
        John Duncan Yoyo (profile), 29 Sep 2009 @ 6:15am

        Re: Re: Bolted. Gate. Horse.

        Yep once that genii is out of the bottle you can't stuff it back in.

        The bank needs to assume that the file has escaped and is in the wrong hands regardless of what they think they know. If the file has escaped they are doing what they need to do and if the file hasn't escaped they have taken prudent action where they can't be 100% certain.

        link to this | view in chronology ]

  • icon
    Lisae Boucher (profile), 29 Sep 2009 @ 4:31am

    Maybe...

    Maybe the owner of the account finally replied to his emails. It could be that he complained to Google about this misconduct by this Judge on behalf of some bank who failed to keep it's secrets a secret. Just imagine what could happen if the owner starts to file for damages simply because this bank "forced" his account to be closed! He was never responsible for this error and should never suffer from the irresponsibilities of this bank!

    Still, it amazes me that the recipient never published this data in any way, nor did he ever draw attention to himself. Or maybe he finally did, to Google and this bank, threatening some legal actions against these two for violating his privacy, first amendment rights and whatever more. Losing 1300 account records is bad, losing a lot more in damages for some civil case would really be worse. I think this bank already has more than enough damage to it's reputation and therefor wants to stop it.

    link to this | view in chronology ]

    • icon
      Misanthropist (profile), 29 Sep 2009 @ 8:05am

      Re: Maybe...

      More likely the user flagged the email as spam when he recieved it without ever reading it, and after a couple days the spam folder was emptied.

      Of course.. we'll never know.. unless someone (google.. the court.. the bank...) tells us.

      But why would they want to do that?

      link to this | view in chronology ]

  • identicon
    Yakko Warner, 29 Sep 2009 @ 7:35am

    Why it's moot

    As per the court order, Google turned over the personal information of the account holder to Rocky Mountain Bank, and RMB's hit squad, a.k.a. their "Leaked Information Containment Unit", has terminated the account holder.

    link to this | view in chronology ]

  • identicon
    Lonzo5, 29 Sep 2009 @ 9:46am

    Moot

    I'm not sure how deactivating the account was expected to help things. Either the email was read by the recipient, or it was not. Meanwhile, what if someone cracked the WPA key to the recipient's Wifi? Bluejacked his smartphone? What if he simply wrote down his password somewhere in his office, and now a malicious coworker has access to his account? It doesn't matter-- the damage has been done; the people whose information has been leaked should be informed, their account information changed. The information sent to that gmail should -no longer be useful-.

    link to this | view in chronology ]

  • icon
    another mike (profile), 29 Sep 2009 @ 12:24pm

    violation of every information security policy known

    Why was RMB able to send critical sensitive financial data out of their systems at all? And not only send it out, but e-mail it out as an attachment to an unsigned unencrypted free e-mail account. And to top it off, they typoed the address to send it to the wrong person!

    Rocky Mountain Bank's account holders need to seriously reconsider their choice of financial services partner. I've changed banks simply because I didn't like their color scheme. But to so thoroughly screw up data security?! I'd be gone so fast the shockwave would pull the vault door off it's hinges.

    link to this | view in chronology ]

  • icon
    Kyote (profile), 29 Sep 2009 @ 2:15pm

    Maybe because of the publicity?

    Maybe they mean the points moot because knowledge of their screw up has gotten out to the 'general population'. Meaning us...

    Once they realized someone noticed, and that their clients might have heard about their screw up, they decided to contact them all, as they should have in the first place. Now their hoping to avoid further potential legal damages by getting the account reactivated.

    I'm just throwing another idea out there everyone. I don't know this is the reason. But it seems reasonable.

    link to this | view in chronology ]

    • icon
      The Infamous Joe (profile), 30 Sep 2009 @ 10:33am

      Re: Maybe because of the publicity?

      I find this most likely. They were hoping to pretend it never happened, and when it got out to the general population, they had to fix it the right way.

      In any event, the only thing I learned from this is that RMB is run by a bunch of douche canoes.

      link to this | view in chronology ]

  • identicon
    Ross Walker, 7 Oct 2009 @ 12:08pm

    Seems this bank has a history of bad practice

    If this is the same bank as:

    http://www.fdic.gov/bank/individual/enforcement/2009-04-06.pdf

    Then God help 'em cause the Feds sure won't.

    -Ross

    link to this | view in chronology ]

  • identicon
    Don, 9 Oct 2009 @ 7:16pm

    You missed the point

    I think you all have missed the point. The question is - why did the bank use an inherently insecure protocol to transfer their customers' private information over? Do they not have to abide by SOX laws?

    link to this | view in chronology ]

  • identicon
    newest jordan shoes, 9 Nov 2010 @ 12:53am

    newest jordan shoes

    Hey dear your blog is very much rocking and stunning. This blog has main attraction and high quality features.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.