A $1 Billion Email Gaffe

← Back to Stories (view on slashdot.org)

Posted by kdawson on Tuesday February 5, 2008 @11:59AM from the oops-with-nine-zeros dept.

Jake writes in with the story behind an explosive NYTimes scoop last week. It seems that the Times's pharmaceutical industry reporter, Alex Berenson, scored a page-one blockbuster when he revealed that Eli Lilly was looking to reach a settlement with federal prosecutors over the company's alleged inappropriate marketing of anti-psychotic drug Zyprexa. A settlement figure of $1 billion was mentioned. This scoop dropped into Berenson's inbox when a lawyer for one of Lilly's retained firms mis-addressed an email to a colleague with the same last name as that of the Times reporter. Some online observers are speculating that auto-complete is to blame, but this has not been confirmed.
Update: 02/08 17:19 GMT by KD : Jake writes in with an update: it seems that while Berenson did receive a misdirected e-mail from Pepper Hamilton, that e-mail did not contain a detailed description of the status of the Eli Lilly settlement talks. Berenson got his story from other sources.

11 of 314 comments (clear)

Min score:

Reason:

Sort:

auto-complete is at fault? by ChrisMounce · 2008-02-05 12:01 · Score: 5, Insightful

I notice the software is being blamed rather than the user.
1. Re:auto-complete is at fault? by schwaang · 2008-02-05 12:35 · Score: 3, Insightful
  
  Because who hasn't been bit by auto-complete or other software features which are pitfalls for human nature waiting to happen?
  
  My current peeve in this area is my cellphone directory. Every entry is in the same huge list, which means I have to thumb carefully past people I definitely *don't* want to call by accident (but still need to have in my book). The lame workaround is to use an alphabetic prefix to move important people to the top of the list, take-out restaurants to the bottom, etc. Is this really the 21st century?
2. Re:auto-complete is at fault? by Buran · 2008-02-05 12:48 · Score: 4, Insightful
  
  And how are you going to prove that I agreed to it? As you pointed out in your own message, these are a joke. How exactly are you going to extort that $1,000 out of me? How are you going to force me to turn it over? You can't prove in court that I agreed to your license because you provided the goods before you had my signature or other agreement. Software licenses and real-world goods licenses don't give you the goodies until AFTER you agree.
  
  If someone emails me something and then whines about what I do with it, perhaps they should have come to me first and said "I'm sending you (x), but if I do, will you not do (y) with it?" and then only sent it after I agreed? THAT would be enforceable.
  
  The lawyer is SOL.
  
  --
  i am a soviet space shuttle
3. Re:auto-complete is at fault? by isomeme · 2008-02-05 13:13 · Score: 3, Insightful
  
  Sufficiently bad design can justify blaming the software.
  
  I routinely send emails to a member of my team named David. At some point a few months ago I emailed another person named David. Guess which one Outlook always autocompletes to, forcing me to arrow down to pick the correct one? I've sent a couple of (innocuous) emails to the other David when I forgot about this 'feature'.
  
  You'd think any sensible autocomplete feature would remember your last selection for the same string, or at least make the default choice the most recently emailed match.
  
  --
  When all you have is a hammer, everything looks like a skull.
I don't know what Eli Lilly's lawyers charge by agrippa_cash · 2008-02-05 12:06 · Score: 5, Insightful

but I'm sure they can afford PGP/gnupg AND a highschool kid to show them how to use it.
It's funny, you know ... by ScrewMaster · 2008-02-05 12:08 · Score: 5, Insightful

but if I were running a major law firm that regularly handled confidential matters for multi-billion dollar clients ... I'd certainly encrypt the Hell out of every communication that left my offices. I mean, all they had to do was install some free (free!) encryption software like PGP, and there'd have been no problem.

Huh. I'll bet they will now.

--
The higher the technology, the sharper that two-edged sword.
Um, no. by Minwee · 2008-02-05 12:18 · Score: 5, Insightful

Some online observers are speculating that auto-complete is to blame, but this has not been confirmed.

As I tried to explain to one of the Three Letter Acronyms of our company this morning, "Auto-Complete" is not to blame. "Not Paying Attention" is to blame. If you can't be bothered to look at who you are sending stuff like this to, then please step back from the computer and have someone else handle complicated things like email for you.
Surely if you are doing billion dollar deals then you can afford to hire someone capable of working a keyboard without embarrassing him or herself.
1. Re:Um, no. by vux984 · 2008-02-05 12:53 · Score: 3, Insightful
  
  As I tried to explain to one of the Three Letter Acronyms of our company this morning, "Auto-Complete" is not to blame.
  
  Agreed.
  
  "Not Paying Attention" is to blame.
  
  Yes, but mistakes happen. You can't just tell people 'pay more attention' and expect that to solve all problems.
  
  If you can't be bothered to look at who you are sending stuff like this to, then please step back from the computer and have someone else handle complicated things like email for you.
  
  Surely if you are doing billion dollar deals then you can afford to hire someone capable of working a keyboard without embarrassing him or herself.
  
  The sarcasm was unwarranted, but the idea is right. If you are dealing with really sensitive material, it should be vetted by a 2nd set of eyes before its released.
  
  And in any case it holds it in the outbox for 5 minutes before actually sending, so if you have one of those... "push send... oh shit"... moments you can still stop it from being sent.
  
  And maybe something can be done at the software level, like a custom email client that requires you enter a passphrase that encrypts the email . The software won't send without a passphrase, and the recipient must know the passphrase to open the email. Each case file would have its own passphrase, and the case file is included in the message. So if the email reached the wrong recipient they wouldn't know the passphrase and couldn't read the message.
  
  You could speed the process up by maintaining a dictionary of cases and passphrases, and let the recipients automatically open any email in the passphrase dictionary, and rather then enter a passphrase have them enter a case number. So, anyone involved with the case would have to add the passphrase-case number pair to their dictionary just once.
  
  Its not bullet proof... I'm sure better solutions exist. but it would be more effective at dealing with this sort of mistake than either 'typing in the address each time', or 'yelling pay more attention' at people.
  
  You'd use a separate email program entirely for casual non-sensitive communication with your family, friends, reporters, your chauffer, dog groomer, and staples representative...
Re:I advised my attorney to encrypt by Anonymous+Brave+Guy · 2008-02-05 13:20 · Score: 3, Insightful

In the opinion of several lawyer friends I've asked about this one, that's wrong, too. Oh, and I mean factually, not ethically. It sounds like there is at least some credibility in some jurisdictions if you have a notice *before* the rest of the content, but all these corporate types appending legalese essays to the end of every outgoing message are just jumping on a bandwagon with no wheels.

No, I'm not going to tell you who my lawyer friends are or the jurisdictions in which they practise. Yes, if you take anything you read on Slashdot as legal advice, you're a fool. No, I am not a lawyer myself.

--
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Re:The best part is, by rjstanford · 2008-02-05 14:02 · Score: 5, Insightful

If these guys would use PGP or some other form of encryption, then even if you did send something critical like that to the wrong address, it wouldn't be so devastating. The technology to protect email has been around for nearly twenty years.

That pretty much assumes that the encryption is done out of band. Personally, most usable variants of email encryption are handled by the client itself (at least as an initiant). At some point, when you select "Jim Smith" as the intended recipient, you have to expect that it will be delivered to "Jim Smith" in a format that he can open, regardless of any interim encryption. This might involve encoding it with his public key, but that wouldn't help the fact that you meant to send it to "Jan Smythe" now would it?

Any more intrusive method just wouldn't be used in the real world, since the hugely vast majority of all emails are actually intended to be read by the person that the author listed in the "To:" field. Any kind of catch-all solution smacks of vistaNag.

--
You're special forces then? That's great! I just love your olympics!
Re:WARNING: GNAA by OrangeTide · 2008-02-05 15:46 · Score: 3, Insightful

then filter -1. that's the beauty of the /. system, you don't have to hack in a bunch of protection you let a minority do the enforcing and the majority can benefit.

--
“Common sense is not so common.” — Voltaire