Goldman Sachs Asks Court To Have Google Delete An Email With Client Info; Google Blocks Access To The Email

from the this-again dept

Five years ago, we wrote a story about how Rockey Mountain Bank in Wyoming accidentally sent a bunch of confidential information to the wrong Gmail account, then took Google to court to try to find out who received the email. Google demanded a court order first, leading a judge to (ridiculously) order the company to shut down the entire email account. It appears that something somewhat similar may have just happened with a more recognizable bank name: Wall Street giant Goldman Sachs went to court recently to order Google to delete an errant email containing confidential client information. According to the filing (which most news sites haven't posted, for reasons unknown):
On June 23, 2014, an employee of the consulting firm was testing changes to Goldman Sachs’s internal reporting and validation process. The employee intended to send a copy of the internal report to the email address provided to her by Goldman Sachs, which is in the form “[first name].[last name]@gs.com,” but instead mistakenly sent a copy of the internal report to an address in the form “[first name].[last name]@gmail.com.” She is not the owner of the gmail address.

The mistakenly sent email contains certain account and client related information (the “Confidential Client Information”). Goldman Sachs’s clients have a right to maintain the confidentiality of the Confidential Client Information. Furthermore, Goldman Sachs has an obligation to protect the privacy of its customers’ confidential information.

Goldman Sachs has made efforts to retrieve, have deleted or otherwise protect the mistakenly sent Confidential Client Information. As part of those efforts, on June 26, 2014, Goldman Sachs sent an email to the gmail address to which the information was mistakenly sent requesting that it be promptly deleted and that the recipient confirm in writing that s/he had done so. There has been no response.
Goldman also contacted Google directly, and as in the Rocky Mountain case, Google told Goldman to go to court first. Late yesterday, Goldman Sachs noted that Google has told the company that it has blocked access to that particular email and that the email in question had not yet been accessed by anyone. It appears that Google did this despite the lack of a court order, which may seem a bit questionable. Given the nature of the situation, and the fact that Goldman has actually gone to court and requested this, it does seem a bit more reasonable that Google agreed to at least temporarily block access to that particular email until a court decides if it needs to continue blocking it permanently.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: confidential info, court order, email, gmail
Companies: goldman sachs, google


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    amoshias (profile), 3 Jul 2014 @ 9:10am

    Think about it for a minute...

    Let's assume that google peeked into the account to look at its last accessed date. It hadn't been accessed since June 23; that means it probably hadn't been accessed for far longer than that.

    If Google sees that this is a dead account, and GS has already gone to court, there's no real harm done here. Yes, we'd prefer that Google fought to the last ounce of blood; yes, this worries us about what google might do if it were a LIVE account. However, at its heart there's nothing wrong with Google looking at the situation and acting reasonably about it; it's what I'd recommend were I advising them.

    link to this | view in thread ]

  2. identicon
    Anonymous Coward, 3 Jul 2014 @ 9:13am

    Confidential Paragraph

    Could someone leave a link where it would show whether those "confidential" paragraphs at the bottom of an email are binding? I don't see how anyone can demand a 3rd party delete, remove, not forward, etc... an email they received incorrectly.

    Wouldn't it be along the lines of not having to pay for items delivered to you that you never requested? Its yours and you can do with it what you want.

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 3 Jul 2014 @ 9:13am

    So if I work for one of these banks and I want an E-Mail account taken down (for political or revenge or whatever reasons) all I have to do is send 'confidential' information to it and suddenly I can have a court shut down the E-Mail address of anyone I want. Sounds like a nice denial of service attack.

    link to this | view in thread ]

  4. icon
    sophisticatedjanedoe (profile), 3 Jul 2014 @ 9:15am

    Interestingly, I've been receiving mistargeted (Russian names are easy to confuse, right?) emails from a Dominican bank. First I thought it was a spam, but it turned out to be real. Transactions and stuff. I notified the bank a couple of times, but no one there seemed to care, so I simply setup a delete filter...

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 3 Jul 2014 @ 9:17am

    Re:

    (well, at least in this case it appears the entire E-Mail account wasn't shut down so that's an improvement).

    link to this | view in thread ]

  6. identicon
    Michael, 3 Jul 2014 @ 9:17am

    Re: Think about it for a minute...

    there's no real harm done here

    I'd prefer that Google not mess with my email regardless of how long it has been since I last accessed it.

    How specifically would you define a "live" account? Is there a cut-off date in the Gmail TOS that I have not noticed that makes my inactivity indicate that I don't care if they stop me from accessing email sent to me?

    Now, this is Google, and it is their service, and they have the right to do things like this (their TOS lets them prevent you from accessing anything they want), but it is bad form for a service provider.

    link to this | view in thread ]

  7. icon
    sophisticatedjanedoe (profile), 3 Jul 2014 @ 9:18am

    Now I know that this email is valuable! Any tips how to blackmail a financial institution without being caught are appreciated.

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 3 Jul 2014 @ 9:20am

    Re:

    Contact the person the transactions are regarding (if you can?) and I guarantee you will find someone that cares.

    link to this | view in thread ]

  9. identicon
    Anonymous Coward, 3 Jul 2014 @ 9:33am

    Re: Re: Think about it for a minute...

    Indeed, as soon as Google starts digging into an account holder's specific emails to locate and block - it opens the door to further abuses.

    It's just a matter of time before our government starts "accidentally" sending messages to people they don't like, and then requesting that Google freeze or otherwise go through their email boxes and block the emails that they "accidentally" sent for "reasons".

    How long before this becomes such a huge problem that the government simply seeks the power to do this on their own?

    link to this | view in thread ]

  10. identicon
    Michael, 3 Jul 2014 @ 9:34am

    Re:

    Tip #1: Don't announce you are planning to do it in the comments on a blog.

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 3 Jul 2014 @ 9:35am

    Re:

    To not get caught -
    Step 1 - don't ask for advice on how to commit a crime on a public website.

    Step 2 - If you fail to perform step 1, by all means, do not mention that you have a Russian name, or that the institution you plan on blackmailing is a Dominican bank.

    Step 3 - do not mention that you already notified the bank multiple times regarding their error.

    Step 4 - If you've failed to perform steps 1, 2, and 3 - After sending your blackmail notice, please walk into your nearest law enforcement office and turn yourself in. You have no hope of getting away.

    link to this | view in thread ]

  12. icon
    orbitalinsertion (profile), 3 Jul 2014 @ 9:41am

    Re: Re:

    Hah, just tell the bank they owe their customer some monetary compensation for behaving carelessly with their confidential information, and that you require reporting and facilitating fees.

    link to this | view in thread ]

  13. identicon
    Michael, 3 Jul 2014 @ 9:43am

    Re: Re: Re: Think about it for a minute...

    That seems a little paranoid to me, Google seems to usually do a pretty good job of not letting blatant abuse happen like that, but I still think this is not a good idea for them.

    Now, if they wanted to implement an "email recall" that actually worked and give people the ability to cancel an email that has not yet been read - great. This would be a nice feature for email, but doing one-offs like this for a big company is sketchy.

    link to this | view in thread ]

  14. identicon
    Anonymous Coward, 3 Jul 2014 @ 9:45am

    Goldman Sucks

    1. they outsourced work to some computer illiterate who thinks Goldman Sachs uses gmail

    2. confidential information was sent via _un_ encrypted email to an unverified account

    3. they take the mail provider to court

    4. ?

    5. Profit

    link to this | view in thread ]

  15. identicon
    Anonymous Coward, 3 Jul 2014 @ 9:54am

    Re: Re: Re: Re: Think about it for a minute...

    Given what we've learned over the last year, is there any reason not to be paranoid?

    link to this | view in thread ]

  16. identicon
    Michael, 3 Jul 2014 @ 9:58am

    Re: Re: Re: Re: Re: Think about it for a minute...

    The tinfoil hat may increase your likelihood of being hit by lightning.

    link to this | view in thread ]

  17. identicon
    Michael, 3 Jul 2014 @ 10:00am

    Re:

    Don't leave your Facebook account logged in when you leave the drop off location.

    link to this | view in thread ]

  18. icon
    Berenerd (profile), 3 Jul 2014 @ 10:18am

    Re: Goldman Sucks

    #2 is what I am more appalled at. Really? Sending confidential email via a insecure method? Forget the fact that they are automating it?

    link to this | view in thread ]

  19. icon
    DannyB (profile), 3 Jul 2014 @ 10:41am

    Re: Re: Re: Re: Think about it for a minute...

    > That seems a little paranoid to me

    It used to be that those who seemed a little paranoid were the ones to consider as crazy.

    The world has changed. Now the people who say "it seems a little paranoid" are the crazy ones in denial of reality.

    The ongoing revelations of reality far and vastly exceeded even the most wild paranoid ravings prior to about 14 months ago.

    No offense intended, just sayin'

    link to this | view in thread ]

  20. icon
    DannyB (profile), 3 Jul 2014 @ 10:44am

    Re: Re: Re: Re: Re: Re: Think about it for a minute...

    > The tinfoil hat may increase your likelihood of being hit by lightning.

    Not if you are also paranoid of getting hit by lightning.

    Paranoia of being hit by lightning is every bit as sound and reasonable as being paranoid of NSA (and foreign) spying, corporate spying, corporate power and government corruption.

    link to this | view in thread ]

  21. identicon
    Anonymous Coward, 3 Jul 2014 @ 10:49am

    Recklessness

    It is reckless to send "highly confidential client information" in plaintext, without routine encryption.

    It's widely known that internet email transmission occurs hop-by-hop, over channels and through servers which are controlled by neither sender nor recipient. The vulnerability of email to eavesdropping has been well-discussed.

    PGP was initially released in 1991, and other products with similar capabilities have been available for years. Thus, failure to use those encryption products cannot be attributed to lack of availabile software.

    Sending highly confidential information over internet email without encryption is reckless.

    link to this | view in thread ]

  22. icon
    DannyB (profile), 3 Jul 2014 @ 10:55am

    What precedent does this set?

    Now other corporate parties will want Google to un-send emails? These requests will be for things of increasingly less importance.

    First corporations will demand a direct, automatated access to un-send emails sent by anyone whose email address they know of.

    Because of the controversy this will create, the EU will pass a law recognizing a basic human right to un-send emails.

    The French and/or maybe Germans will pass a law requiring Google by force of law to make people be able to un-read and un-remember emails they already read. Legislators and Judges will think this is all quite reasonable.

    After all, it's Google's email service, they will argue. (The french won't even bother with the pretense of an argument -- it will be to preserve french culture.)

    If you think this sounds crazy, you haven't been following along here for the last decade.

    link to this | view in thread ]

  23. icon
    ArkieGuy (profile), 3 Jul 2014 @ 11:02am

    An ID-10-T error if I've ever seen one....

    1 - you don't "test" with live client data!
    2 - Would GS expect to be able to call the USPS and say "ummm, we mailed a statement to the wrong user, will you make sure it isn't delivered for us?"
    3 - you don't "test" with live client data!!
    4 - email should NEVER be assumed to be secure during transit unless you fully encrypt it
    5 - you don't "test" with live client data!!!
    6 - Once you've sent it to the wrong address, YOU sent it to the wrong address.
    7 - see steps 1, 3 and 5!!!!

    link to this | view in thread ]

  24. identicon
    Anonymous Coward, 3 Jul 2014 @ 11:08am

    Re: What precedent does this set?

    Now other corporate parties will want Google to un-send emails?

    No. Don't be ridiculous. This special favor is only available to corporations with over a billion dollars. Maybe even ten billion dollars. A hundred billion? Somewhere in there. At any rate, it's an exclusive club.

    Not kidding. That's how the world works.

    link to this | view in thread ]

  25. identicon
    David, 3 Jul 2014 @ 11:10am

    I don't have much of a problem with this.

    Presumably the email contain legally sensitive data, and the Bank could have a fully legitimate legal requirement/duty to request this.

    The account wasn't shut down.

    Google required a court order

    Only a specific message FROM THE BANK was checked and deleted.

    The Bank did not get any information about the account holder, other emails, etc.

    Where I to receive a court order to do this on my mail server, I would take similar actions.

    And if you're wondering about Google looking at your e-mails, then maybe you better use something else. If you don't trust your email administrator (local or hosted), you get another one.

    link to this | view in thread ]

  26. icon
    DannyB (profile), 3 Jul 2014 @ 11:13am

    Re: Re: What precedent does this set?

    > This special favor is only available to corporations with over a billion dollars
    > Not kidding. That's how the world works.

    Sorry to disagree, but you're wrong. Very wrong.

    This special favor is only available to ANYONE who can find a judge crazy enough to give them the force of law make Google un-send emails, or get Google to make other people un-read and un-remember the emails already read.

    Not kidding. That's how the world works.

    Yes, really. Conformity to reality not required. Just ask copyright holders. Look at the outrageous DMCA which now seems reasonable compared to SOPA.

    link to this | view in thread ]

  27. identicon
    Anonymous Coward, 3 Jul 2014 @ 11:14am

    Once delivered, the courts are impotent.

    Doesn't matter whether the mail was addressed wrong or not, once it is delivered, you are under no obligation to act in any particular way. Goldman Sachs could bluster and bellow all they like, they would have no standing. Same with spam that says "confidential information" at the bottom.

    However, if you want to assert that right you may need a mail client that downloads to your local system.

    And, of course, you would need to receive it in the first place. Which is why Google even enters the picture; the mail wasn't delivered (accessed) yet.

    And re the Dominican bank emails, talking to the bank more than once is obviously the wrong thing. Well, naming the bank publicly and then emailing them to point to said public naming might get a response. Also, notifying the "correct recipient" of the bank's error might get a response from the bank once said customer raises a stink. Of course, notifying the bank in google-translated spanish is also a possibility. Their CS people might just be monolingual to enhance account security!

    link to this | view in thread ]

  28. icon
    DannyB (profile), 3 Jul 2014 @ 11:14am

    Re: I don't have much of a problem with this.

    I don't have a problem with this instance.

    But I do have a problem with the precedent it sets.

    Where this will lead, and where it ends up is not a good place.

    link to this | view in thread ]

  29. identicon
    Anonymous Coward, 3 Jul 2014 @ 11:20am

    Re: I don't have much of a problem with this.

    the Bank could have a fully legitimate legal requirement

    If the bank is legally required to ensure that the information is only accessed by the intended recipient, then why isn't the bank routinely taking reasonable measures within their control? Why isn't the banking routinely encrypting email so that it can only be read by the intended recipient?

    Alternatively, if the bank doesn't have real duty sufficient to require encryption, then they don't have a real duty.

    The bank is capable of encrypting email so that only the recipient can read it. It's not a lack of capability. The bank is in control of whether they choose to take reasonable measures on a routine basis or not.

    link to this | view in thread ]

  30. icon
    sophisticatedjanedoe (profile), 3 Jul 2014 @ 11:21am

    Re:

    Oops: I see what I've done here. My bad: it was meant as a joke unrelated to the Dominican bank. Should have started "Yesterday I received a strange email from Goldman Sachs..."

    link to this | view in thread ]

  31. identicon
    Anonymous Coward, 3 Jul 2014 @ 11:49am

    Re: I don't have much of a problem with this.

    link to this | view in thread ]

  32. identicon
    Anonymous Coward, 3 Jul 2014 @ 11:52am

    Re: Re: I don't have much of a problem with this.

    WTF happened...

    Anyhow, I was going to ask: What if this was physical mail? Would you be OK with USPS coming back to your house, opening your mailbox, and removing mail that was addressed to you just because some corporation realized after-the-fact, that they didn't want to send it?

    What you're suggestion is insane - that corporations can decide AFTER THEY'VE SENT SOMETHING, that they made a mistake and can take it back by going crying to a judge and asking for some order forcing an unbiased 3rd party to interject and create distrust with their customers.

    It sounds like for you, a "court order" is good enough to not ask questions, and I guess that's your opinion, but this sets some seriously bad precedent.

    link to this | view in thread ]

  33. identicon
    David, 3 Jul 2014 @ 12:23pm

    Re: Re: I don't have much of a problem with this.

    Well, if the precedent is that only a single email can be deleted by the original sender under court order, that's not too bad as we agree. It's if someone thinks it sets more of an expansive precedent, then we all have a problem.

    link to this | view in thread ]

  34. identicon
    David, 3 Jul 2014 @ 12:25pm

    Re: Re: I don't have much of a problem with this.

    Yes, the bank was stupid - and depending on the information, there could still be some liability there. I've worked with HIPAA places, and they don't send anything sensitive via email. They may send a notification of "log in our web site so you can see this important stuff!", but that's it.

    link to this | view in thread ]

  35. identicon
    Anonymous Coward, 3 Jul 2014 @ 12:29pm

    Re: Re: Re: I don't have much of a problem with this.

    only a single email can be deleted by the original sender under court order

    How much compensation should the court order Goldman Sachs to pay Google for the service?

    Bear in mind that Goldman Sachs did not take the measures which were within their control to encrypt the email. If Goldman Sachs had not been so reckless, the action by Google would have been unnecessary.

    How much should Goldman Sachs pay Google for salvaging their reckless course?

    link to this | view in thread ]

  36. identicon
    Anonymous Coward, 3 Jul 2014 @ 12:29pm

    "Given the nature of the situation, and the fact that Goldman has actually gone to court and requested this, it does seem a bit more reasonable that Google agreed to at least temporarily block access to that particular email until a court decides if it needs to continue blocking it permanently."

    Ahhh... as expected, toward the end, some weasel words from Mike. If this had been anyone else but the Googlez, they would have been crucified.

    link to this | view in thread ]

  37. identicon
    David, 3 Jul 2014 @ 12:32pm

    Re: Re: Re: I don't have much of a problem with this.

    USPS has a worse problem, in that they mis-route mail that's addressed correctly. It's pretty rare that an e-mail will fall into the wrong Inbox.

    You are also forgetting that the USPS effectively owns your mailbox. So there's nothing preventing them from doing something like that even without a court order (doubtful it would be effective, since you probably pick up your mail long before a court order would get through). And once you get your mail out of the mailbox, it's out of the USPS hands. So, basically, it's possible a court COULD order that, but it's more unlikely to be effective.

    link to this | view in thread ]

  38. icon
    afn29129 (profile), 3 Jul 2014 @ 12:38pm

    auto- forwarding

    So you have a Gmail email account and it's not set to automatically forward to some other email account, thence
    retrieved to a computer/etc under you direct control as soon as possible. So much for living 'in the cloud'. Had the Gmail account holder done such a configuration then sender would of been quite SOL!.

    link to this | view in thread ]

  39. identicon
    davep, 3 Jul 2014 @ 1:17pm

    Note: the article said that Google blocked access to this ONE particular email. Google did not block access to the account.

    link to this | view in thread ]

  40. identicon
    Anonymous Coward, 3 Jul 2014 @ 1:18pm

    Re: Think about it for a minute...

    no real harm done here.

    Google has been haled into court, and they must pay their attorneys. Those attorneys might have been occupied in other matters if they were not spending time on this Goldman Sachs affair.

    Google has been damaged.

    Perhaps they had to fly one of their attorneys across the country to appear. Should Google have to pay that airfare? Google did no wrong. Goldman Sachs should pay that money.

    link to this | view in thread ]

  41. identicon
    Anonymous Coward, 3 Jul 2014 @ 1:43pm

    Re: Re: Re: I don't have much of a problem with this.

    a "court order" is good enough to not ask questions, and I guess that's your opinion

    The document embedded at the top, though, is not a court order.

    It is a summons, demanding that a corporation headquartered in California appear in a court in New York.

    Do the airlines give away free airfare? If one of Google's attorneys, meaning to fly from California to New York, mistakenly buys a ticket to Miami, and gets on the plane, and then gets somewhere over flyover country before realizing his mistake... is the airline on the hook to turn the plane around, or divert it?

    Surely the airline is not kidnapping the confused passenger. The airline would not be at fault.

    Who pays?

    link to this | view in thread ]

  42. icon
    John Fenderson (profile), 3 Jul 2014 @ 1:59pm

    Beating the drum

    Yet another point of evidence that it is a mistake to trust third parties to handle important data such as email.

    link to this | view in thread ]

  43. identicon
    Anonymous Coward, 3 Jul 2014 @ 2:04pm

    Re: Re: I don't have much of a problem with this.

    The bank is capable of encrypting email so that only the recipient can read it. It's not a lack of capability.

    What happens when a bank demand that their clients set up to receive encrypted emails, and provide them with the necessary keys, and use the banks key to send emails to the bank. Note the more senior a person is in a company the more resistant they are to any inconveniences in their secretaries use of technology.

    link to this | view in thread ]

  44. identicon
    Anonymous Coward, 3 Jul 2014 @ 2:17pm

    Re: Re: Re: I don't have much of a problem with this.

    What happens when a bank ...[?]
    I'm sorry, I don't understand whether you're asking a question or making some kind of statement. If you are indeed asking a question, would you please rephrase it?

    link to this | view in thread ]

  45. icon
    Eldakka (profile), 3 Jul 2014 @ 7:24pm

    Re: Recklessness

    1) It was an email that was SUPPOSED to be destined for another GS employee being sent from a GS employee.

    2) Most medium/large (and small) organisations have their own, internal, email servers, such that if an employee sends an email to another employee, that email never leaves the departmental network to go over 'the internet', therefore doesn't need encryption.

    3) In most large organisations that are multi-site (e.g. banks with many remote branches etc), or that closely deal with other organisations interchanging sensitive data (e.g. government departments communicating with other government departments), there are internal routing policies that send, say, emails destined for particular endpoints to hardware VPN routers, that have encrypted secure VPNs to the other organisation/office, therefore the data is fully encrypted before it leaves the organisation, sends it across the internet fully encrypted, till it hits the destination organisation/office, which routes it to its own internal hardware VPN encrypting service based on the source, then decrypts it before putting it into the receipients mailbox. All fully/highly encrypted, all transparent to the end-users.

    4) There is no protecting against a stupid f*ckup by an obviously incompetent moron who manages to bypass all that encryption by sending it to gmail which would not be in the "forward to encrypting VPN service to use secure tunnel to other office" routing rules.

    This f*ckup shows that no matter how you try to insulate the 'dumb average' user from the complexities of technology (in this case encryption) by putting in transparent encryption systems, in the end if you want a (relatively) secure system, you should't be insulating the user and relying on transparent VPN'ing, you should be teaching them how to encrypt their emails 'manually', thus teaching them to always manually encrypt any email they think is sensitive (but then you've gotta train them on identifying what is sensitive too!), or any email they aren't sure whether it's sensitive or not, before sending. Thus if it's sent to the right place it get's a 2nd level of encryption via the VPN, or if it's sent to the wrong place then at least the receipient can't open it due to the manual encryption.

    But as we all know, the average user is either too f*king stupid (abot 30% of the users out there) or too f*king lazy (about 68% of the users out there) to learn and do this.

    link to this | view in thread ]

  46. identicon
    Anonymous Coward, 3 Jul 2014 @ 7:47pm

    Re: Re: Recklessness

    It was an email that was SUPPOSED to be destined for another GS employee being sent from a GS employee.

    Not so.

    Note paragraphs 1 and 7 of the complaint embedded above.

    From para 1:
    ... an outside consultant for Goldman Sachs...
    From para 7:
    On June 23, 2014, an employee of the consulting firm...

    There's a significant difference between a regular Goldman Sachs employee compared with an employee of a consulting firm employed by Goldman Sachs. The complaint does not allege that an internal employee was following internal procedures for internal mail. Rather, an outside consultant would normally be expected to use external procedures.

    link to this | view in thread ]

  47. identicon
    Anonymous Coward, 3 Jul 2014 @ 10:09pm

    Stored Communications Act

    The Stored Communications Act is notoriously tricky. See Orin S. Kerr's 2004 article, "A User's Guide to the Stored Communications Act, and a Legislator's Guide to Amending It".
    ... courts, legislators, and even legal scholars have had a very hard time understanding the method behind the madness of the SCA. The statute is dense and confusing...


    But, in the situation at hand, it's necessary to remember that Google does not have complete freedom to just "return" to some third party an email sent between two other parties.

    18 U.S.C. 2702 -- Voluntary disclosure of customer communications or records
    (a) Prohibitions.-- Except as provided in subsection (b) or (c)--
    (1) a person or entity providing an electronic communication service to the public shall not knowingly divulge to any person or entity the contents of a communication while in electronic storage by that service; and
    . . . .

    (b) Exceptions for disclosure of communications.-- A provider described in subsection (a) may divulge the contents of a communication--
    (1) to an addressee or intended recipient of such communication or an agent of such addressee or intended recipient;
    (2) . . . .
    (3) with the lawful consent of the originator or an addressee or intended recipient of such communication, or the subscriber in the case of remote computing service;
    . . . .

    If Goldman Sachs were simply asking for the destruction of their outside consultant's misdirected email, it wouldn't implicate the SCA's "knowingly divulge". But Goldman Sachs is asking for the email's "return". Presumably, they believe that they're the "intended recipient" of the email which their outside consultant wrote.

    link to this | view in thread ]

  48. identicon
    Anonymous Coward, 4 Jul 2014 @ 12:42am

    Re: Re: Re: I don't have much of a problem with this.

    What if this was physical mail?

    There's no question that a physical letter is tangible, movable property. If someone wrongfully has possession of that chattel, then that specific item may be recovered.

    But Goldman Sachs presumably does not want to recover the actual electrons or photons that were sent. Even if they did, those electrons or photons are not physically distinguishable.

    Goldman Sachs has no rightful claim to the physical disks or other tangible media which stores the intangible information.

    link to this | view in thread ]

  49. identicon
    Anonymous Coward, 4 Jul 2014 @ 4:26am

    Re: Re: Re: Re: Think about it for a minute...

    It's not paranoia if they are out to get you!

    link to this | view in thread ]

  50. identicon
    Anonymous Coward, 4 Jul 2014 @ 4:46am

    Wrong target

    What should happen is that GS files a suit against the recipient to not disclose the information. Not against Google!
    Google could - maybe, at most - be asked to help GS in identifying the recipient, but I'm not sure they would be much help (depends on the info in the account).

    And the fact that GS has that obligation to keep confidential information out of the wrong hands? Yeah, right, they screwed up! Their mistake, their problem, their lawsuit for negligence... not Google's.

    link to this | view in thread ]

  51. icon
    Craig Welch (profile), 4 Jul 2014 @ 5:02am

    Re: I don't have much of a problem with this.

    What are 'legally sensitive data', as opposed to 'sensitive data'?

    link to this | view in thread ]

  52. identicon
    Anonymous Coward, 4 Jul 2014 @ 10:16am

    Re: Re: I don't have much of a problem with this.

    What are 'legally sensitive data', as opposed to 'sensitive data'?

    Not answering your question (I didn't make the assertion), but on a related note...

    I understand that New York has NOT enacted the Uniform Trade Secret Act (UTSA).

    link to this | view in thread ]

  53. identicon
    Anonymous Coward, 4 Jul 2014 @ 1:00pm

    Google is dead.

    link to this | view in thread ]

  54. identicon
    Anonymous Coward, 5 Jul 2014 @ 8:19am

    Re: Re: Re: Recklessness

    It is quite likely that the contractor was given VPN access and an account on the local domain or was even working on site at GS on their internal network. Furthermore, this mistake was likely caused by an autocomplete failure that was not caught until after the message was sent. That said, although there are specific situations where email CAN be secure, such as mail that never leaves the network, mistakes like this make it way too easy to compromise that security, and for that reason alone sensitive information should never be sent through email anyway as a matter of best practices.

    link to this | view in thread ]

  55. identicon
    Anonymous Coward, 6 Jul 2014 @ 7:37am

    Re: Re: I don't have much of a problem with this.

    I have a problem with this because sometimes stupidity needs to hurt in order for the stupid to learn. This is one of those times. Sensitive information should never be sent via email, even internally. Period. A secure internal system needs to be implemented for this type of information that prevents this sort of mistake from occurring. Allowing them to get away with un sending a message means they likely won't learn a damned thing from the mistake and continue the same bad practices in the future.

    link to this | view in thread ]

  56. identicon
    Anonymous Coward, 6 Jul 2014 @ 7:40am

    Re: Re: Re: I don't have much of a problem with this.

    Exactly.

    link to this | view in thread ]

  57. identicon
    Anonymous Coward, 6 Jul 2014 @ 7:50am

    Re: Re: Re: What precedent does this set?

    I think his point is it is much easier to find a corrupt or crazy judge that will bend the law to do your bidding when you are a corporation with billions of dollars.

    link to this | view in thread ]

  58. identicon
    CrushU, 7 Jul 2014 @ 12:20pm

    Re:

    First step is to not request help on blackmailing a financial institution in a public forum...

    ;)

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.