Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bank Goofs, and Judge Orders Gmail Account Nuked

Posted by kdawson on from the oops-our-bad dept.

An anonymous reader writes "The Rocky Mountain Bank, based in Wyoming, accidentally sent confidential financial information to the wrong Gmail account. When Google refused to identify the innocent account owner's information, citing its privacy policy, the bank filed in Federal court to have the account deactivated and the user's information revealed. District Judge James Ware granted the bank's request, with the result that the user has had his email access cut off without any wrongdoing or knowledge of why." The Reg's earlier story says, "Rocky Mountain Bank had asked to court to keep its suit under seal, hoping to avoid panic among its customers and a 'surge of inquiry.' But obviously, this wasn't successful."

15 of 594 comments (clear)

  1. G-Mail? by SeaFox · · Score: 5, Insightful

    Why is the bank sending sensitive customer information to an email account hosted by a provider known for rifling though it's user's emails for information?

    1. Re:G-Mail? by wizardforce · · Score: 5, Insightful

      why is the bank sending customer information through email at all? why is the bank not encrypting all sensitive customer data? answer: because they haven't been forced to do so. Everyone whose information was leaked to this account should sue them right into the ground. It's been far too long that banks carry little responsibility for other peoples' data and it's time they start.

      --
      Sigs are too short to say anything truly profound so read the above post instead.
    2. Re:G-Mail? by easyTree · · Score: 5, Insightful

      "Due diligence" means "cover your ass", and has NO OTHER MEANING in the banking community.

      Surely that doesn't need to be explicitly stated - after all this is the industry that has destroyed millions of family's lives whilst receiving payouts from governments and still paying their people massive bonuses. I guess they have the cream of the crop though, when it comes to staff skilled in screwing-over the ordinary person.

      --
      Requiem for the American Dream
    3. Re:G-Mail? by Beezlebub33 · · Score: 5, Insightful

      When the families are told by the bank that they will be able to repay the loan and are given very low initial rate, AND the bank knows they will not be able to pay it back, AND the bank knows they will bundle it up the mortgage and sell it off, AND regulators that actually promote this THEN you have banks that are evil, greedy bastards, and you have families that are stupid, and a government that is incompetent, greedy, and stupid.

      No, it's not his world view that's fucked up, it's the world.

      --
      The more people I meet, the better I like my dog.
  2. Sooo hang on... by Anonymous Coward · · Score: 5, Insightful

    ...if a judge in, say, Korea granted the same request to have a gmail account blocked, an innocent user in, say, Germany would loose his email...even if that email contained confidental and critical information to be used by its owner...this is quite pathetic and something should be put in place to stop these low level distric judges making decisions that could affect users across the globe.

  3. I hate analogies, but... by BitterOak · · Score: 5, Insightful

    Wouldn't this be like having a package wrongly delivered to your house (through no fault of your own: the sender had the wrong address), and since it contained highly confidential information, a judge ordered your house to be burned to the ground? (Okay, that's a bit extreme, but you get my point.)

    --
    If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
    1. Re:I hate analogies, but... by internic · · Score: 5, Insightful

      Trust me, if you were more familiar with the incident you'd probably agree with the "brain dead" description. Several points:

      1. Police apparently already suspected there was one of these mail drop operations (where packages were shipped to an innocent person only to be swiped off their porch), so they knew the package was likely not for him.
      2. Rather than having some officers come to the door, they had a SWAT team break down the door unannounced, shoot the dogs (at least one of whom was simply running away), and cuff the residents on the floor (where they remained for several hours). The quantity of drugs (30 lbs of marijuana, IIRC) was such that it could not quickly be destroyed, and they had no other reason to think they would encounter violent resistance. Which brings us to the next point...
      3. They did no preparatory research. They did not even know who lived there. The officers on scene did not believe he was the mayor (which they would have known if they'd done even a Google search). What this says is that they simply deployed maximum force (maximally endangering everyone in the house) rather than any reasoned approach based on the likely resistance.
      4. Police entered without first announcing themselves. This requires a "no-knock" warrant, which they did not have.
      5. The package actually sat on the front porch for the better part of the day. The guy even walked his dogs when he got home before taking the package in. That should have been a tip-off that he didn't realize it contained >$100k of drugs.

      Basically, they did not take a reasoned approach but simply used maximal force, thereby terrorizing and endangering the innocent. Moreover, their sloppy police work quite possibly would have allowed him to get off even if he had been involved. They certainly should have investigated, but they way they did it was utterly irresponsible.

      Your analogy is flawed for a number of reasons: First, arresting someone in their car is considerably less dangerous (to everyone involved) than breaking into someone's house unannounced and firing shots. Second, murder is considerably more serious (and suggestive of suspect resistance) than drug trafficking. And third, it's unlikely that an individual would be victim of a body dumping scheme while it's trivial to mail someone a package with something illegal in it.

      --
      "You call it a new way of thinking; I call it regression to ignorance!" -- Operation Ivy
  4. Re:IMAP by Naturalis+Philosopho · · Score: 5, Insightful

    You're right Google isn't to blame in this case. Not given the fact that the judge could have told the bank to suck it up, transfer the account to new numbers, and pay a fine to their customer for failing to live up to their security responsibilities. Instead he decided to punish the innocent people in this case. The bank screwed up, the bank should be held accountable. Anything less is yet another miscarriage of justice.

  5. Why deactivated? by FrozenGeek · · Score: 5, Insightful

    The bank requested the user's identity. Google refused to provide it. So then the bank goes to court not only to get the user's identity but to deactivate the user's account. I'm missing the logic. Okay, maybe the bank fears that enough time has passed that the user has seen the errant email and wants to prevent the user from misusing the information. Now, that might work if the user does not have a local copy of the email. On the other hand, if the user has a local copy and is now angry at the bank for having had their gmail account shut down, the user, who might otherwise have done nothing, now has both the means and the motive to do something. Good move. Wouldn't it have been possible for Google to contact the gmail user and ask him to delete any local copies? And Google, presumably, could have deleted the email from its own servers. I like Google's policy of protecting user identities. But this whole mess sounds like two bureaucrats blindly following policy to the detriment of the end-users. Can't anyone think anymore?

    --
    linquendum tondere
    1. Re:Why deactivated? by Dhalka226 · · Score: 5, Insightful

      The better question is this:

      How the hell did the bank even have standing to sue anybody? What wrong was done by anybody but them? How do you file, much less win, a lawsuit seeking to punish somebody who did nothing but receive an email you should never have been sending in the first place? How is it this man's legal responsibility to help them clean up their own fuck up, and how is it Google's legal responsibility to help the bank do so? What statute gives this judge the authority to destroy a third-party-to-a-fuck-up's email account because he didn't see fit to respond to an email he may not have even thought was legitimate? That's exactly what this ruling is saying; that this man somehow did something wrong by not helping the bank and he deserves to have his email account and potentially years of historical contacts lost.

      If I were this guy, I'd sue this bank for damages (and unfortunately, since I'm not even a party to the fucking lawsuit that unfairly harmed me I'd have to sue Google for an injunction against complying with the previous order). Big time. It's this kind of thing that makes me wish we could directly sue a judge for the idiocy of his decisions. Their total lack of accountability is reprehensible.

  6. Re:Can the Poor SOB sue for damages? by K.+S.+Kyosuke · · Score: 5, Insightful

    His own server, perhaps?

    --
    Ezekiel 23:20
  7. Re:IMAP by easyTree · · Score: 5, Insightful

    Perhaps you've not realised yet but banks aren't held responsible for their actions....

    --
    Requiem for the American Dream
  8. Re:IMAP by LordNimon · · Score: 5, Insightful

    but if a bank suddenly sent me 1,300 account's financial information, and then sent me an email telling me not to open it,

    How would you feel if both of these emails ended up in your spam folder? You would not have noticed anything at all, but then suddenly, your account would be gone.

    --
    And the men who hold high places must be the ones who start
    To mold a new reality... closer to the heart
  9. Re:Can the Poor SOB sue for damages? by Anonymous Coward · · Score: 5, Insightful

    What email do you use that would disobey a judge's order?

    His own server, perhaps?

    What makes you think that you won't arrive home to find that all of your electronic equipment has been confiscated?

  10. Re:Redirect the evil! by mpaulsen · · Score: 5, Insightful

    "Every one should email the bank banker@rmbank.com to ask them of their shady practices." No. Everyone should email some personal information to banker@rmbank.com, then insist that their domain be shut down.