Bank Goofs, and Judge Orders Gmail Account Nuked

An anonymous reader writes "The Rocky Mountain Bank, based in Wyoming, accidentally sent confidential financial information to the wrong Gmail account. When Google refused to identify the innocent account owner's information, citing its privacy policy, the bank filed in Federal court to have the account deactivated and the user's information revealed. District Judge James Ware granted the bank's request, with the result that the user has had his email access cut off without any wrongdoing or knowledge of why." The Reg's earlier story says, "Rocky Mountain Bank had asked to court to keep its suit under seal, hoping to avoid panic among its customers and a 'surge of inquiry.' But obviously, this wasn't successful."

Redirect the evil!

Quick! We need the normal lot of haters in here to spin this as Google being evil! Um... um... they... they host their services in a country that they very well know is subject to U.S. judges' decisions! Yeah! They should've known better! Obviously, Google is evil! TEH SIGNS ARE EVAREEWERE!

Re:Redirect the evil!

[houstonbofh]

Google should have fought back against this.

They did. They could have just shut off the account. This is a problem with a judge, and I will backfire badly.

Re:Redirect the evil!

[cheftw]

and I will backfire badly

:?

It's not like it coud have been a typo, you capitalised it.

Is this some new americanism?

Re:Redirect the evil!

[lysergic.acid]

I'm guessing he meant "and [one] I [think] will backfire badly."

Or at least I hope that's what he meant. I mean, I know what happens when a car backfires (i.e. an explosion takes place in the exhaust system). I don't even wanna imagine what happens if a person backfires...

Re:Redirect the evil!

[Dan541]

The owner of the gmail account should be able to sue the bank for damaging their business.

Re:Redirect the evil!

[Dan541]

Every one should email the bank banker@rmbank.com to ask them of their shady practices.

How can you trust a bank thats out to hurt people?

Re:Redirect the evil!

[jonfr]

I want to see that email on wikileaks! Now!!

Re:Redirect the evil!

[mpaulsen]

"Every one should email the bank banker@rmbank.com to ask them of their shady practices." No. Everyone should email some personal information to banker@rmbank.com, then insist that their domain be shut down.

Re:Redirect the evil!

[KreAture]

Oh no! You must not do anything that could cause your email to end up in those idiots contact-lists.
Next time they may send something to YOUR account! Then you can kiss your account goodbye.

Come to think of it, that is a great way to get rid of a person online. Just get him on that mailers list and the court will shut him out for ya.
The worst thing is, now there is precedence in such a case so the next one is just blind copy/paste. Thow won't be abused. Surely not. The world is not that evil.

Re:Redirect the evil!

[houstonbofh]

I would love to claim it as a Monty Pythonism (I fart in your general direction you silly English kaniggits.) but it was just a typo.

Re:Redirect the evil!

[BrokenHalo]

The owner of the gmail account should be able to sue the bank for damaging their business.

That might not be very easy to prove. Especially since it was the action of the judge that nuked his account. Good luck suing him. But you're right in that the judge was way out of line in capriciously disrupting someone's life when he has done nothing wrong.

This brings up another point: there is an increasing tendency for American companies to conflate US Law with World Law. If I, a gmail account holder living in Australia, had my account nuked by some craniorectal US judge, I would be mightily pissed off, since no US judge has jurisdiction over me. But no matter how pissed off I was, I would have no redress.

This just makes me glad I run my own mail server...

Re:Redirect the evil!

[Dan541]

While I don't run my own mail server I do retain control over my email in that I can change my MX record to any provider I want. Unfortunately most people don't use their own domains. But if they did, even using google apps they would at least have some protection from this sort of abuse by having the option of moving providers.

What would you do if you lost your email account? How many accounts and online services would you now be shut out of. It is basically identity theft, since the victim loses their online identity for it.

This Judge should be barred, no question.

Re:Redirect the evil!

[Idiomatick]

I think google could do more. After they lose. Have the front page logo for google search in the whole state be a link to this bank's incompetence... for a month. Perfectly legal, costs them nothing and would gain them some good customer rep.

Re:Redirect the evil!

[Quothz]

If I, a gmail account holder living in Australia, had my account nuked by some craniorectal US judge, I would be mightily pissed off, since no US judge has jurisdiction over me. But no matter how pissed off I was, I would have no redress.

A US judge has jurisdiction over any business you do or agreements you make in the US, and in general Australia recognizes it. Folks who use GMail explicitly agree to a California jurisdiction of the contract.

That's not a bad thing; it's reciprocal. You wouldn't want to allow US citizens to be allowed to ignore their obligations if they make a contract or do business in Australia, so Australian courts can exert jurisdiction on US folks over such matters. It isn't a matter of one country confusing their laws with world law, it's a matter of people needing to understand that, when they do business in a foreign country, they have to follow the local rules - and it works both ways.

(Naturally, it's not entirely clear-cut; when foreign courts exert jurisdiction, it's reviewed locally, and the local courts can deny it. But generally, if you do business with an entity in a foreign country, you're doing it under their laws.)

Re:Redirect the evil!

[Throtex]

The US judge doesn't need jurisdiction over you to nuke your e-mail account. They just need jurisdiction over your e-mail account, which they have in the case of Gmail. This isn't an "increasing tendency by American companies to conflate US Law with World Law," (whatever "World Law" may be??) it's just how the law works in current and former Commonwealth countries. Yes, yours included. If I, as a US citizen, had an account with BigPond, you damned well better believe it's subject to Australian jurisdiction.

Re:Redirect the evil!

[delvsional]

Have the front page logo for google search in the whole state be a link to this bank's incompetence... for a month.

That would be a fucking awesome display of power

Re:Redirect the evil!

[hvidstue]

The email to the VP: shoneyman@rmbank.com I will send him a mail, bullying him. If we all do the same, the man will feel the slashdot-effect IN HIS MAILBOX - muhahahah ...!

Re:Redirect the evil!

I want to see that email on wikileaks! Now!!

Try stomping your feet on the floor and throwing fragile things around. Then leave the table without finishing your vegetables. That'll make your mom really mad.

Re:Redirect the evil!

[techdavis]

Every one should email the bank

Yes, we all want the bank to have our email accounts, so they can do the same to us!

Re:Redirect the evil!

[internettoughguy]

They should, and probably would IF they knew the reason why their account was deleted.

TF summary: "without any wrongdoing or knowledge of why"

.

G-Mail?

[SeaFox]

Why is the bank sending sensitive customer information to an email account hosted by a provider known for rifling though it's user's emails for information?

Re:G-Mail?

[wizardforce]

why is the bank sending customer information through email at all? why is the bank not encrypting all sensitive customer data? answer: because they haven't been forced to do so. Everyone whose information was leaked to this account should sue them right into the ground. It's been far too long that banks carry little responsibility for other peoples' data and it's time they start.

Re:G-Mail?

[mwvdlee]

Why is the bank sending sensitive customer information to an email account?

e-mail is an insecure protocol and they shouldn't be sending such data over SMTP even if the recipient address were correct.

Re:G-Mail?

[FrozenGeek]

Because the customer in question gave the bank a gmail account and said "send me information via this email address". Do you really think that your ISP-based email address is any better than gmail? If so, could I interest you in some waterfront property in Florida? Seriously. Unless the contents of the email is encrypted before it is sent, assume the whole fricken' world (with lasers,even) has access to it.

Re:G-Mail?

[SeaFox]

Because the customer in question gave the bank a gmail account and said "send me information via this email address".

The bank is worried about a panic amongest it's customer base. So they obviously sent informtaion on a large number of their customers, that tells you the person requesting the info was not a bank customer but another financial institution or a company they contract with of some sort. These type of recipients are going to have their own domain names and mail servers running on them, so there's no reason the email should have been addressed to a gmail account to start with if it dealt with official business.

Re:G-Mail?

I work as a supplier to the banking industry.

I'll tell you why they do this, they are outright fucking dumb. That's basically it. If the IT guy knows about encryption, he has no power to make it happen, but most of the time he's barely able to type let alone do IT stuff.

Banks just don't pay for shit unless you are a VP or own the place, so they get the crappiest IT help.

"Due diligence" means "cover your ass", and has NO OTHER MEANING in the banking community. Everywhere else it means "make a good effort to do the best you can to the spirit of the task".

Granted, this breech is considerably dumber than average, but of the banks I have worked with, every single one of them at one time or another had some sort of institutional problem understanding and implementing some of the most basic data safety measures.

The Feds have been much more pushy about it recently, so it will improve. And a lot of the old guard is finally dying off, and you'll see bank leaders that have had more than "type this letter" (to the secretary) experience with computers.

Re:G-Mail?

[geekboy642]

Actually that's not what happened.

On Aug. 12, the bank mistakenly sent names, addresses, social security numbers and loan information of more than 1,300 customers to a Gmail address.

That's a lot of very confidential information. No bank customer has the need or right to see anybody else private information, let alone 1299 of them. And you are a moron for thinking this was about somebody's bank statement going to the wrong address.

Re:G-Mail?

TFA says "A bank employee attempted to do so. But a day later, he realized he had sent the documents to the wrong address - along with a file containing confidential information for 1,325 other customers."

So had the bank not fucked up, the user would have gotten someone else's loan documents. So far, so good. At worst, one account needs to be moved. But the bank employee sent 1300+ accounts to that email also, making it a breach of security.

Why should the email user get penalized for the bank's screw-up? What if the bank had left printouts with that info lying on their doorstep - would it be fair for the bank to close down all roads to prevent someone from getting that printout?

How far should the law allow a corporation to shut down a real person's life to correct the corporation's error?

Re:G-Mail?

[easyTree]

"Due diligence" means "cover your ass", and has NO OTHER MEANING in the banking community.

Surely that doesn't need to be explicitly stated - after all this is the industry that has destroyed millions of family's lives whilst receiving payouts from governments and still paying their people massive bonuses. I guess they have the cream of the crop though, when it comes to staff skilled in screwing-over the ordinary person.

Re:G-Mail?

[easyTree]

uhh, families' *

Re:G-Mail?

[DaveGod]

I don't see encryption becoming widely used by "the masses" until it comes with Outlook and it all happens automatically. User sends an email and outlook automatically includes a copy of the public key, which the other guy's client automatically applies to any email sent to that email address in future.

This would still be of no help in this situation because when the sender selected the wrong email address, the email client would apply that recipients' encryption.

Working as an accountant the ONLY time I have been sent anything encrypted is when it is from Scottish Widows (who actually email you a link to what is broadly an encrypted webmail, that you need your own login for. And the system works both ways, I can log into it and send them a file encrypted (though of course that could be intercepted en route). Either side can cancel the encrypted message/file if they realise a mistake before the other side accesses it. 10/10 to them for security, though yes it is substantially more time-consuming, and mildly annoying, especially if it's a one-time thing.

But it does make me wonder why a bank doesn't integrate something like the above into the online banking site for it's customers.

Re:G-Mail?

[Tony+Hoyle]

Encryption *does* come with outlook.

Unfortunately it's fucking useless. The other end gets a blank message with 'this message is encrypted' on the top.. apparently the user is supposed to click somewhere. I tried using it a while back, and without exception I got the reply 'your email came out blank - can you send it again?'

Re:G-Mail?

[HangingChad]

I'll tell you why they do this, they are outright fucking dumb.

I'll second that. Unless there's a big fine involved, one big enough to effect someone's bonus, they're not worried about it. The banking industry is living proof of the phrase "strain out a gnat and swallow a camel".

Re:G-Mail?

[Tony+Hoyle]

The idea that that kind of information can even be extracted from the system without a damned good reason and permission signed from the VP in triplicate scares me - are banks *really* that insecure that they let any dumb fuck with a gmail account extract the customer list and mail it to someone? Apparently they are..

Re:G-Mail?

[Omnifarious]

Mine is because it's hosted on my own personal server and the email lives on an encrypted hard drive. :-) Unfortunately, I very, very rarely receive encrypted email, so it could easily be viewed in transit. :-(

Re:G-Mail?

[Beezlebub33]

When the families are told by the bank that they will be able to repay the loan and are given very low initial rate, AND the bank knows they will not be able to pay it back, AND the bank knows they will bundle it up the mortgage and sell it off, AND regulators that actually promote this THEN you have banks that are evil, greedy bastards, and you have families that are stupid, and a government that is incompetent, greedy, and stupid.

No, it's not his world view that's fucked up, it's the world.

Re:G-Mail?

[easyTree]

The families who took the money were on the edge of desperation - looking for any way out.

The financial professionals at the banks were fully in control of their actions when they cynically loaned the money - motivated as they were to continue the wave of profits at all costs - they knew the chances of being repaid were minimal.

Why should the general population bail them out? Did we receive a share of their profits for rest of the gravy train journey?

Re:G-Mail?

[arminw]

...How far should the law allow a corporation to shut down a real person's life....

As far as their highly paid army lawyers can persuade a judge somewhere. In our society, someone with lots of money can almost always get their way against someone with no money.

Re:G-Mail?

[geekboy642]

Again, I repeat:
This is not about a single statement going to the wrong customer. Regardless of the fact that a customer initially requested their own information, it is inexcusable for any bank to then send them--or any other person--over 1300 instances of confidential information. Nobody asked the bank to mail that information.

Why are you attempting to apologize for the incompetence of the bank?

Re:G-Mail?

If so, could I interest you in some waterfront property in Florida?

Waterfront property in Florida is abundant. Florida is surrounded by water except on its northern state line, as well as being filled with lakes, marshes, and swampland. The saying is specifically "oceanfront property". The joke is, you say a landlocked state, such as... Arizona... and offer valuable "oceanfront property" there, because Arizona borders no ocean! Get it? It's a scam! You are supposed to know that Arizona has no ocean, just like you are supposed to know Florida is surround by water.

Hey! There's even a song about the subject!

Re:G-Mail?

[tftp]

The other end gets a blank message with 'this message is encrypted' on the top.. apparently the user is supposed to click somewhere.

I use encryption in Outlook at work, and it works 100% every time. What you were trying to recall is this: "This message is encrypted, double-click to open" and when you do that it asks for the password for your key and then the text appears. Can't be much simpler than that.

Of course to use this you need to have certificates generated and distributed within your organization, and the public keys of CA also set up, but that's not difficult. If you buy your certificates from an established CA then it's already done.

Re:G-Mail?

[michaelhood]

The families who took the money were on the edge of desperation - looking for any way out.

Say what?

I could have purchased a home in 2003 on an interest-only mortgage with all the other idiots, but I knew that I wouldn't be able to afford the payments once they included the principal.

Was I on the edge of desperation because I was *GASP* forced to keep renting?

Re:G-Mail?

[Rasperin]

"But a day later"

How many times have you "accidently" sent an email to the wrong person and waited a day to figure this out. On top of that it was one customer wanting one piece of information but it somehow "accidently" became 1300.

yeahhh

Re:G-Mail?

[easyTree]

By definition you were not. Who but the desperate would enter into an agreement where they suspect the chances of a positive outcome are low?

Re:G-Mail?

[Nethead]

The bank is worried about a panic amongest [sic] it's customer base.

Kind of late for that after this last year.

Re:G-Mail?

[Xylaan]

I suspect that more than a small bunch fell for the 'The real estate market has been doing nothing but going up. Worst case, you just refinance later!' shtick. And that's assuming they really understood the terms of their mortgage.

Re:G-Mail?

[easyTree]

You appear to have accidentally hit the nail on the head.

Well done.

Re:G-Mail?

[MicktheMech]

Securitizing the mortgages alone is not evil. The problem was that those bundles had been valued based on model built using historical data. When a lot of banks started buying up mortgages to put in these bundles the guys arranging the mortgages significantly changed their behaviour in order to get more. That change in behaviour (salesmen becoming writing much more shakey mortgages) invalidated the model used to value them, so the banks bought stuff for a lot more than it was worth, leading to the credit crisis.

You can call people evil, greedy and stupid all you want, but that's not going to get your money back and it won't prevent it happening again. The key problem here is that the banks broke the First Rule of Engineering, they trusted a computer model and thus failed to scrutinize their purchases properly. The government allowed them to make these purchases without proper due dilligence, the salesmen sold mortgages they knew would likely end up in default and the families took out mortgages without a plan to pay it off.

If you think those lapses are greedy, evil and stupid, then fine. However, the morale of this whole credit crisis and subsequent recession should be: If it's important, hire an engineer to do it.

Re:G-Mail?

[darkpixel2k]

By definition you were not. Who but the desperate would enter into an agreement where they suspect the chances of a positive outcome are low?

I'm gonna go with "Morons who were too stupid to know what they were signing".

Re:G-Mail?

[SashaMan]

If so, could I interest you in some waterfront property in Florida?

Why, actually, yes. But in truth, I could care less.

Re:G-Mail?

I worked for a payroll company doing programming work on their direct deposit system. It was my first "real" job as a professional. The banks that we'd interface with would routinely drop transactions, "misplace" client balances and just generally make our lives hell. The backwash from a bank mishandling a million dollar payroll is simply incredible. Since everyone uses direct deposit and automatic bill pay, a hiccup (sometime a week long) would cause a cascading chain of overdraft or late fees for many, many employees. All of these would need to be dealt with. How the hell do you misplace a million dollars?

When you're young you'll generally develop some bizarre idea that adults know what they're doing. If you're lucky you get this knocked out of you early on. If you ever run into an adult that disagrees with the "the older I get the less I know" quote, walk away fast.

Re:G-Mail?

[easyTree]

Maybe. What kind of organisation/industry does business with such people under the threat of repossessing their goods should they fail to meet the agreement?

How much longer must I wait before I see people care for their fellow human? Why is it that this world seems to be populated by predators? Feel free to achieve consciousness you fucking ghouls.

Re:G-Mail?

[Daimanta]

"In our society, someone with lots of money can almost always get their way against someone with no money."

In any society, .......

Re:G-Mail?

[darkpixel2k]

How much longer must I wait before I see people care for their fellow human?

Well easyTree, I'm currently renting and I'd like to buy a house. I have 6 credit cards (all maxed out) giving me $13,000 in debt, a car payment (which I'm two months behind on) of $315/mo and I still have a year left on the loan, and 6 companies dinging my credit report for roughly $1,000 in unpaid bills over the last 10 years. Why don't you loan me $250k so I can buy a house?

What? What do you mean I'm a credit risk? Where's your compassion for a fellow human?

(When you achieve consciousness you'll realize there's a difference between compassion and stupidity.)

Re:G-Mail?

[Dan541]

This would still be of no help in this situation because when the sender selected the wrong email address, the email client would apply that recipients' encryption.

However if those accounts had not previously exchanged key's then the recipient would not be able to decrypt it. The real issue here is the bank attacking an innocent person, seriously I would publicly disclose ALL their emails.

Re:G-Mail?

[mikiN]

I disagree, GP just got with the times. Currently, waterfront property in Florida is either under foreclosure, carries a mortgage of indeterminate origin or is owned by the Cuban mob. Take your pick.

Re:G-Mail?

[easyTree]

Look, what I'm saying is that they shouldn't have been given the loans in the first place.

The humane thing to do is to give your customers the benefit of your wisdom not use it against them to exploit them - as happened here.

Re:G-Mail?

[bsDaemon]

If its under foreclosure, I can probably pick it up for a good bargain at auction... I'll stay away from shady legal documents and shadier individuals and go with foreclosure please.

Re:G-Mail?

[palegray.net]

The stuff shouldn't have been sent to a Gmail account, but let's be realistic. Nobody at Google cares about rifling through this sort of stuff. That said, how about holding the bank responsible for sending all that sensitive financial information over an unencrypted connection, to be subsequently stored on unencrypted media? There are laws concerning such practices...

Re:G-Mail?

[erroneus]

Actually, if you believe Michael Moore, the number one reason for mortgage defaults was the high cost of health care. While the predatory lending with adjustable rate mortgages were a plenty and a significant factor, one of the dirty and quietly kept secrets is that the high cost of health care and health insurance is the number one cause leading to foreclosure.

Re:G-Mail?

[Fastolfe]

I think you have misunderstood the original poster's question:

G-Mail?
Why is the bank sending sensitive customer information to an email account hosted by a provider known for rifling though it's user's emails for information?

The poster is not asking why 1300 bits of sensitive account details were e-mailed. That would be a stupid question, because it's explicitly discussed in the article and the summary, and should be obvious to anyone with half a brain (and perhaps that's why you're so annoyed with the poster and are responding in the manner in which you are).

Instead, the poster is asking why "sensitive customer information" generally is going to an address at an insecure web mail service. This interpretation becomes clearer if you take in the poster's chosen title along with the content of the post. That is a more interesting question, with a more nuanced answer.

I realize that a lot of Slashdot posters are idiots, but it helps if you don't assume that all of them are.

Re:G-Mail?

[chrb]

Did we receive a share of their profits for rest of the gravy train journey?

If you live in a country with taxation of corporate profits, capital gains, and personal income, then the answer is yes - the country did receive a share of the profits.

Re:G-Mail?

[darkpixel2k]

Look, what I'm saying is that they shouldn't have been given the loans in the first place.

The humane thing to do is to give your customers the benefit of your wisdom not use it against them to exploit them - as happened here.

So over the last 3 years, I lost my job (which caused me to go into debt, etc...), cut my spending, got a new job and have been living in a crappy $400/mo rental, skipping meals, not heating during the winter, dropped my cell phone plan, etc...all so I could pay my bills back. I'm about 3 months away from having *everything* paid off--car, credit cards, etc...and I will be 1 month ahead on all my major bills.

But my credit report will still look bad until those 3 months are up. Are you saying hands-down that a bank should refuse to loan me money for a new car?

My current vehicle probably won't last another month. I *need* a car loan.

Most banks would look at me and still consider me a risk (all my 'bad' ratings go away in 3 months--but for the moment they are still there). So you're saying you morally feel that a bank should refuse to lend to me under any circumstances?

Thanks.

I'd rather banks take a look at me and say "You're a risk. We'd be willing to risk it if you pay x% interest. Then it would be worth it to us."

That way I can get my car, pay off all my other bills in 3 months, and then free up $1k/mo to go towards paying back a new car that I need right now. The faster I over-pay my car loan, the less interest I'll actually end up paying in the long run.

Re:G-Mail?

[chrb]

The repackaging of subprime mortgages into valued securities was one problem but it might not have caused a collapse had the banks not also willingly massively over leveraged - at 30 to 1 it only takes a 3% downturn in the market and your bank is insolvent...

Re:G-Mail?

[easyTree]

Are you saying hands-down that a bank should refuse to loan me money for a new car?

No, I'm saying that if you can only afford to pay back a $5000 loan then they shouldn't offer you a $50000 loan...

For what it's worth, I'm similarly screwed after winning the cutback-lottery at my previous employer's :D Although, on the up-side, I've never been so happy (in all but the financial aspect.)

Re:G-Mail?

[Beezlebub33]

I don't believe this. Why, in the middle of a huge financial crisis, followed by a huge debate about health care, is the party that is trying to pass health care reform (i.e. the Democrats), not discussing this at every turn?

That doesn't make any sense at all. I can't see a political downside for the president not talking about this at his recent speech.

Re:G-Mail?

[darkpixel2k]

No, I'm saying that if you can only afford to pay back a $5000 loan then they shouldn't offer you a $50000 loan...

But who determines how much is too much? The bank? According to your views, they've been screwing up and can't be trusted to assess loans. The government? They got the banks here in the first place with stupid regulations.

To be blunt, I'm a 'risk'. They could loan me $100,000 and I could pay back every cent. Hell--I could win the lottery tomorrow and pay the loan in full immediately. Of course I could also get fired or laid off from my job tomorrow too and then jump off a bridge. They'd never see a red cent. They'd have to sell the house and hope to get a return.

It all boils down to risk/reward. Are you going to dump tons of money on someone who might just screw you over? If the potential reward is big enough you will. That's what banks are doing.

They may be willing to give me $100,000 if they know that after 30 years they will have made an extra $20k on it. And if the risk is that I don't repay--they can take my house, sell it, and hopefully make some/all of the $100,000 back.

Only idiots buy $250,000 houses that are really worth $150,000 when all they can afford is $100,000.

But in the end, the banks that 'risked' it are getting screwed because they lent $250,000 for a $150,000 house, made $20,000 off the borrower, and then got stuck $80,000 in the hole.

...and now you, I, and everyone else that pays taxes are bailing out the banks that lost big-time.

When did the government get the power to take money from me for the bad decisions of banks and sub-prime borrowers?

Re:G-Mail?

[Billly+Gates]

The problem is repacking means mixed with 700 - 2000 page contracts for each instrument added to each package and no one knows whats in each package. This is what caused the recession and its fear based on a total lack of transparency. Banks don't really know and neither do investors who owns what.

The practice in my opinion needs to end. If you want a mixed portfolio you need to know what you are invested in and not have the banks make it secret.

Re:G-Mail?

[easyTree]

But who determines how much is too much? The bank? According to your views, they've been screwing up and can't be trusted to assess loans.

No; according to my views their ability to assess loans hasn't changed; what's changed is their willingness to give loans to those they know cannot repay.

It all boils down to risk/reward. Are you going to dump tons of money on someone who might just screw you over? If the potential reward is big enough you will. That's what banks are doing.

Isn't there feedback though? The more onerous the reward to the banks, the higher the risk of them getting screwed. Seems like Achilles and the tortoise... So what they're really doing is guaranteeing that they'll have to take their customer's house and sell it plus they get a tidy bonus on top for the few months they were paid.

Only idiots buy $250,000 houses that are really worth $150,000 when all they can afford is $100,000.

Idiots with willfully-negligent loan advisors.

When did the government get the power to take money from me for the bad decisions of banks and sub-prime borrowers?

As someone else insightfully pointed out, banks only take responsibility for their financial successes... It's only fair.. Oh wait.. Perhaps because the banks don't actually have anything backing the loans they offer? The whole system is a scam which depended upon an increasing number of new suckers to take credit every year; if the bubble hadn't burst, after sub-prime, dead people would have been taking credit they couldn't afford to repay.

Re:G-Mail?

[mick_S3]

I...... If you ever run into an adult that disagrees with the "the older I get the less I know" quote, walk away fast.

Truer words have never been spoken. (or typed)

Re:G-Mail?

[Achromatic1978]

The families who took the money were on the edge of desperation - looking for any way out.

No, they weren't. Most people who took out low rate ARM mortgages in the early mid 2000s fell into several categories: the ignorant, ill-informed (maliciously or otherwise), or my favorite, seduced by TV networks who made "flipping" a property seem a guaranteed way to make hundreds of thousands of dollars a year. The waves of people I've seen on those shows, even now, who seem to think that anything less than $100,000 profit on a purchase, some renovations, and a six month turn-around is unacceptable is staggering.

Even now, watch the very vast majority of those shows, particularly the ones where people do renovations, and have before/after valuations. "You spent how much on your new kitchen?" "$15,000" "Great, you just added $30,000 value to the home. Now, how about the bathroom?" "We spent $8,000 in here." "Excellent, looking around, I'd say you added $20,000 to the value of the home", and so on, ad nauseaum. Add this up, and you have, in my view, a hidden culprit, along with the RE agents who were pretty much as a whole in lock-step with these mantras pushed by TV onto their clients, of the housing bust.

That $23,000 you invested in the home is only worth $50,000 if you can find the one born every minute to sell it to. Eventually, that got so outrageous, and so out of tune with reality, that people realized they were paying $50,000 for $23,000 of renovations on a home by a "flipper", and balked. And down came the house of cards.

Re:G-Mail?

[BikeHelmet]

Most corporations are that stupid, too.

Security pretty much ends after a logon password. A password that changes every two weeks, must begin with a capital letter, may be 6-8 characters long, and must have 2 numbers within it.

After all, we wouldn't want to narrow the parameters down to make it easier to hack, would we?

Re:G-Mail?

[darkpixel2k]

No; according to my views their ability to assess loans hasn't changed; what's changed is their willingness to give loans to those they know cannot repay.

So you can see the future?
Do you know if I will repay my car loan or not?
Could you tell me, because I'm curious myself in these 'tough' economic times.

Tell me *exactly* how you determine if someone can repay a loan that doesn't come down to the unscientific method of saying "He seems like an honest guy".

So what they're really doing is guaranteeing that they'll have to take their customer's house and sell it plus they get a tidy bonus on top for the few months they were paid.

Or written another way: 'The customer is putting the house up as collateral against their loan, and the bank is taking taking the collateral when someone defaults on their loan'.

I'd like to see you open a bank without that stipulation in your loans. I'd be your first customer.

Idiots with willfully-negligent loan advisors.

First off--I would never trust an advisor that works for the company/bank that is trying to get money out of me. Secondly, people who do are idiots. Thirdly, people who do trust that advisor and then bitch, moan, and try to get a bailout from the feds after they get bad advice should immediately hand in their 'adult card' and go back to a nice little padded room where they aren't allowed to make 'grown up' decisions anymore.

Perhaps because the banks don't actually have anything backing the loans they offer? The whole system is a scam which depended upon an increasing number of new suckers to take credit every year

I whole-heartedly agree with you. I don't bank anymore. No credit cards, no checks. Now-a-days everyone seems to forget about good 'ol cash and the text 'For all debts public and private'.

The only company I had problems with after I dropped my bank was my landlord/rental company. They refused to accept cash because they didn't like having lots of money in their office, and they often couldn't make change.

I told them they could apply any overpayment to the rent due next month and that they can't refuse cash.

Re:G-Mail?

[SuperQ]

I'm really glad you're out of the debt cycle. Serious props for digging yourself out of it.

There are places that will give you auto credit. Credit unions (easy to get with many jobs) are a good way. Dealerships are hurting like crazy and will give car loans in order to get inventory off their lot.

The other option is if you have a trustworthy friend, get a "loan" from them to get the cash down on a car.

You could also get a crappy, but serviceable for 6 months car until you get your credit score back in order.

Re:G-Mail?

[russotto]

Even now, watch the very vast majority of those shows, particularly the ones where people do renovations, and have before/after valuations. "You spent how much on your new kitchen?" "$15,000" "Great, you just added $30,000 value to the home. Now, how about the bathroom?" "We spent $8,000 in here." "Excellent, looking around, I'd say you added $20,000 to the value of the home", and so on, ad nauseaum. Add this up, and you have, in my view, a hidden culprit, along with the RE agents who were pretty much as a whole in lock-step with these mantras pushed by TV onto their clients, of the housing bust

Now you're blaming TV? Anyway, the one of those shows I used to watch (simply called "Flip That House", with an annoying blonde real estate agent narrator) was a lot more realistic than you depict, because they disclosed the actual sale price at the end. Typically the flippers went over budget, over schedule, and (despite inflated valuations from the "experts" on the show) ended up making much less than they planned, particular after fees.

Re:G-Mail?

[babyrat]

Regardless of whether is can or can't be much simpler than that, the parents empirical experience (that he was getting replies that he had sent a blank email) indicates that it is not simple enough.

Re:G-Mail?

[dryeo]

Well if rents were increasing like they were around here ($1000 for a little basement suite, $2000 for the top floor) buying might look cheap.
I'm lucky where I live and have a good deal, if I had to move I'd be fucked as the vacancy rate is close to 0% and what there is is very picky and expensive. Meanwhile mortgages were almost being given away and with housing going up 10-20% a year you only had to make it for a year or two.

Re:G-Mail?

[GodfatherofSoul]

Securitizing the mortgages alone is not evil.

Yes it is. Why? Because it's a clever ruse to use the protections afforded to banks by our government (in exchange for their promise to follow conservative financial practices) to leverage risky investments. Banks lose? They get a bailout. Banks win? They pocket the profits. And, since we haven't restored the regulations that got us into this mess in the first place, you can bet your ass the same thing will happen again after enough of us have forgotten. It took about 50 years to forget last time, this time they won't have to worry about repealing laws to start rolling dice.

Re:G-Mail?

[GodfatherofSoul]

Big myth that the mortgage crisis was caused by or even largely contributed to by home loans to the poor.

Re:G-Mail?

[Billly+Gates]

The problem is lines of credit are lifelines for businesses. Especially small business which makes up the vast majority of jobs surprisingly. If no lines of credit are available because banks are failing from their own actions then your boss fires you to cover the loss as he can't use the bank to pay your salary.

Re:G-Mail?

[mabhatter654]

Exactly, banks weren't interested in "reasonable" terms... that's what fueled the boom. Realtors and Mortgage officers are paid on percent commission.. so they want more bucks. If the banks started denying the outrageous loans sooner, the big markups would have slowed a long time ago. When I bought my house, I had the banker and realtor trying to get me to "go bigger"' so the loan would be "easier" to get. It was supposedly a "sure thing" because housing prices were going up, so pick your neighborhood now while you can still afford to get in.

Re:G-Mail?

[sjames]

The banks knew damned well it would all come apart eventually, they just willfully ignored the warnings FROM THE PERSON WHO CREATED THE MODEL.

They willfully created bad loans that were nearly certain to blow up and then sold them off like hot potatoes so they wouldn't be holding them when the inevitable happened. These were not merely lapses.

Note that the people who did this have not suffered one little bit from the economic carnage. Their plan worked.

It's also notable that the families had the assurances of 'experts' that everything would be fine and that they would be able to repay the loan by refinancing. It was made to sound like the refinancing would be a mere formality.

It is an important distinction. The ignorant can learn or be OK with a little better supervision. Greedy and evil can not be trusted in any capacity at all.

They didn't hire an engineer to do it because they knew damned well he'd blow the whistle.

Re:G-Mail?

[Hognoxious]

What kind of organisation/industry does business with such people under the threat of repossessing their goods should they fail to meet the agreement?

One that isn't a charity?

Re:G-Mail?

[erroneus]

Did you actually listen to any of Obama's speeches? He specifically mentions that the healthcare system should not bankrupt the people who need it is many of his speeches and most recently during his appearance on the tonight show.

Re:G-Mail?

[Jeeeb]

The families who took the money were on the edge of desperation - looking for any way out.

No they were stupid and didn't understand economics. I remember a few years ago when prices rises were already slowing down, I was having beers with some friends and they were going on about self help books and how property investment was the way to make big bucks. They completely missed the fact that the market simply can't sustain indefinite rises above the rate of inflation. Such rises mean that loan payments take up an increasingly large proportion of income. As loan payments take up a higher proportion of income, affordability goes down. Eventually demand bottoms out and something has to give.

Once we recover though I'm sure we'll see another bubble. People are stupid and an entire industry was built around the fallacy that housing market could sustain indefinite growth above the income growth rate.

Re:G-Mail?

[ignavus]

Why is the bank sending sensitive customer information to an email account?

e-mail is an insecure protocol and they shouldn't be sending such data over SMTP even if the recipient address were correct.

Apparently email is faster than sending it by postcard.

Re:G-Mail?

[Billly+Gates]

Sounds like they were not dumb at all.

They got their bonuses, free tax money, and bought stocks in march which went up 300% in value and made a fortune. Insider selling of stocks from CEO's and financial firms this week was at an all time high. Hmmm ...I think they know something we do not and another bubble is upon us now.

The banks would do it all over again if they could which is why they oppose regulation. After all they could make more bonuses and get even more tax money and buy and sell stocks when the next recession/depression hits.

I was hoping and still hope that Bof A and Chase fail. They are scum (usually do not use such adjectives) and I would like to see smaller banks replace them for stability. Unfortunately lines of credit for big business depends on these banks which is why they were bailed out.

I knew better myself not to do an arm and saw this as unhealthy a few years ago and figured something would eventually give. However, I am adversely effected which is not right either.

Re:G-Mail?

[Billly+Gates]

I would not be surprised if the banks did this on purpose.

I learned in finance that not paying suppliers is a great idea (nice ethics) because a delay means you can invest an extra million or two, then pay and keep the interest. So if 1 million is taken a month to be repaid that means the bank has an extra million to invest in more worthless housing which they would flip and keep the interest after fixing the 1 million when its paid back.

Re:G-Mail?

[Billly+Gates]

The problem is the banks do not have to take risks. Thats what credit swaps and flipping are for.

If the bank can sell the $250k home worth $125 for $275 30 days later ... thats a $25,000 profit!

Until the banks have to keep their own darn assets then they will think like you and I with risks.

FDR (socialists as he was) did the right thing with the glass ceiling laws. It should be illegal to package assets together and flip properties to financial firms. What Greenspan and Clinton did needs to be undone. Problem is the banks are lobbying Obama to just do something dumb like have our great banks keep 5% of the home rather than 100% pre 1999.

Re:G-Mail?

[Billly+Gates]

How are the values of the assets counted? Did it become a 30-1 ratio after the value of homes crashed? The ratio would be lower during the height. Also the banks considered these assets very liquid as they could flip them quick and use a credit swap to avoid any risk. If a market was about to crash they could cash in quick. ... which in return the opposite happened at the very last second with it froze and banks shunned each other.

Its all one big accounting game as far as I can see. Still I am surprised that not one large bank played it safe. Seriously what were they thinking ... bet the CEO's didn't care and just wanted their bonuses before a crash happened.

Re:G-Mail?

[stephanruby]

Are you saying hands-down that a bank should refuse to loan me money for a new car? My current vehicle probably won't last another month. I *need* a car loan.

Do you really *need* a new car? Or do you need a used car? And do you really need to own that car? Or can you just get by with just leasing/borrowing/sharing one for now?

I won't mention public transportation, special ride sharing programs, moving closer to your workplace, switching jobs, or getting yourself a moped/bicycle. For all I know, you live in the snowy mountains some place, and you need a reliable car with 4 by 4 capabilities -- so you don't kill yourself the next time the road is icy.

And if that's the case, I apologize in advance, because I think you would be the exception -- not the rule. Most people do not *need* a new car. It's just that most people think they're entitled to a new (or an almost new) car just because they see their neighbors have one.

Re:G-Mail?

[thePowerOfGrayskull]

I work as a supplier to the banking industry.

And I work /in/ the banking industry.

Banks just don't pay for shit unless you are a VP or own the place, so they get the crappiest IT help. "Due diligence" means "cover your ass", and has NO OTHER MEANING in the banking community. Everywhere else it means "make a good effort to do the best you can to the spirit of the task".

There's some truth in this, but not in the way you think. Of course it's CYA -- since corporations do not think and act as people, that's the equivalent of their moral compass. The net result is no different, though.

Granted, this breech is considerably dumber than average, but of the banks I have worked with, every single one of them at one time or another had some sort of institutional problem understanding and implementing some of the most basic data safety measures.

That's like saying "all of the car manufacturers have made a lethally unsafe vehicle at some point, so they're all a bunch of morons with no clue about safety."

I cannot begin to express how seriously banks are taking this. Anecdotal example: the other day I sent my own personal income tax return, in zipped PDF, from my work account to my home account. It was immediately bounced back: "This email was detected to contain sensitive customer infomration (SSN). If you are required to send it, you must encrypt it using ..." etc etc.

This was also followed up by a call from infosec a few minutes later, wanting to know what the hell I was thinking. (And they were right. That was a stupid thing for me to do -- even if it was just my own data.)

Whether it's "CYA" or because they actually don't want to screw over their customers; the end result is the same. Banks are taking this much more seriously than you seem to believe. At my own bank, and at most of the other big US banks, there are strictly enforced rules about PII.

Where you'll find it breaking down is at smaller places like this one -- where they don't have the resources to prevent it from happening. This doesn't mean mistakes don't happen at the larger institutions; simply that to blithely claim that they're just too dumb to have a clue is more than a little disingenuous.

Re:G-Mail?

[stephanruby]

How far should the law allow a corporation to shut down a real person's life to correct the corporation's error?

It depends on the email address in question. If the email address "mistakenly entered" was Prince.Abdul@gmail.com, or President.Rasoolullah@gmail.com, or I.Love.U.Looong.time@gmail.com, then I'd shut down those email addresses temporarily just in case.

George W Bush could have learned a lesson or two from this bank. For a while, he was sending politically sensitive emails to Cheney using the whitehouse.org domain (to his displeasure, a domain name owned by a democrat).

Re:G-Mail?

[darkpixel2k]

Do you really *need* a new car? Or do you need a used car? And do you really need to own that car? Or can you just get by with just leasing/borrowing/sharing one for now?

I won't mention public transportation, special ride sharing programs, moving closer to your workplace, switching jobs, or getting yourself a moped/bicycle. For all I know, you live in the snowy mountains some place, and you need a reliable car with 4 by 4 capabilities -- so you don't kill yourself the next time the road is icy.

And if that's the case, I apologize in advance, because I think you would be the exception -- not the rule. Most people do not *need* a new car. It's just that most people think they're entitled to a new (or an almost new) car just because they see their neighbors have one.

I never said I needed a *new* car, just that I needed *a* car.

I work as an IT contractor for smaller businesses that don't need full-time IT staff. I travel roughly in a 100 mile radius from the company office, and I am on-call pretty much all the time.

This destroys any possibility of public transportation, ride sharing, car pooling, and makes renting or leasing very expensive.

I also live in the pacific northwest. It rains 11.5 months out of the year. I can't drive a moped or a motorcycle. Plus, I have to arrive at client sites in a dress shirt and dress pants--so I can't get all wrinkly by putting riding gear over top of my cloths.

A new car would be nice--but it's unnecessary like you said. The price of the car would drop significantly the moment I drove it off the lot.

A used car would be great, but that still costs money. I didn't see any 'decent' used cards un the paper for under a few thousand. Since I am currently in debt and all my money is going to pay that debt back, I don't have a few thou saved for a car yet.

So really, my option is to get a loan or pray that my current vehicle holds out for another few months so I can free up cash.

But that's all a bit off topic for the discussion that banks *should* be allowed to loan money to anyone they want under any terms they want--as long as the borrower is free to refuse the loan and terms.

Re:G-Mail?

[ChameleonDave]

But who determines how much is too much? The bank?

Yes, because they know. If they act unethically, regulation will be necessary.

According to your views, they've been screwing up and can't be trusted to assess loans. The government? They got the banks here in the first place with stupid regulations.

Did a gun-carrying radio talkshow host tell you that? It's not an idea anyone could have spontaneously formed.

Re:G-Mail?

[rohan972]

Securitizing the mortgages alone is not evil.

The practice of letting private banks inflate the currency supply through fractional reserve lending resulting in a consistently inflationary financial system is evil.

Deflation is a result of lending "money" that doesn't exist. Real money does not disappear if someone doesn't repay a loan. The borrower goes bankrupt, the lender suffers loss but it won't destroy the economy as a whole. Even a fiat currency could act like that provided it was released by the government as value rather than by banks as debt.

Re:G-Mail?

[rfunches]

The balance sheet will break out assets and liabilities on a specific basis and you can clearly see where the banks got burned - mortgages, mortgage-backed, and asset-backed securities, on both the assets and liabilities -- basically, assets which the banks clearly didn't know how to count. (See Merrill Lynch's 10-K as an example.) For ML, there were massive losses in securities financing transactions, mortgage/asset-backed securities, and considerable losses on derivatives in 2008. The summarized balance sheet clearly shows what happened -- high leverage levels means that it only takes a 3% drop to wipe out shareholder equity (for ML, it was barely 3% - $667.5b in assets against $20b in equity) and ML saw a 34.56% decline in assets FY08 ($1t in FY07 to $667.5b in FY08). They got the leverage to 13.18 in Q1 2009 (down to 13.18 on $569.8b assets, $529.6b liabilities, $40.2b equity) which gave them a 7% cushion, but with a 14.6% decline in assets during the quarter. Profits and share issuance can help raise the equity and counter a drop in assets, but you're pretty much screwed trying to make up a 34% decline.

The ratio for ML reached its peak at the end of 2008, as the subprime mortgage market cratered:

• 2004 - 20.02
• 2005 - 19.13
• 2006 - 20.57
• 2007 - 30.94
• 2008 - 32.37
• Q1 2009 - 13.18

There's always been a race between big financial firms to beat each other to the very last penny (the concept of "flash" trading, for instance, has a hint of desperation in it) so one by one they decided to out-leverage each other to bring in bigger profits faster. It's a risk management problem -- ML bet their future in FY06 on continued success in prime brokerage and securities financing, as well as commercial and residential mortgage loans and long-term debt, while ignoring a 18% drop in equity due to a net loss in continuing ops, stock repurchases, and dividend payments of $1.40/share.

Re:G-Mail?

[darkpixel2k]

Yes, because they know. If they act unethically, regulation will be necessary.

There are so many things wrong with that statement...

You feel it's necessary to legislate morality?

You feel it's necessary to make legislation to prevent idiots from being idiots?

According to your views, they've been screwing up and can't be trusted to assess loans. The government? They got the banks here in the first place with stupid regulations.

Did a gun-carrying radio talkshow host tell you that? It's not an idea anyone could have spontaneously formed.

Did the government education system teach you to refute arguments with irrelevant drivel? That's the only way anyone could have spontaneously come up with that reply.

Re:G-Mail?

[smoker2]

Except when the next hurricane blows through and takes your property with it. It's still a scam, get it ?

Re:G-Mail?

[ChameleonDave]

You feel it's necessary to legislate morality? You feel it's necessary to make legislation to prevent idiots from being idiots?

It's absolutely astonishing that anyone could ask such questions. Again, I can barely imagine someone actually coming up with such a thing, in the same way that I can barely imagine someone coming up with the story of Noah and believing it. It's the sort of idea people only receive as part of belonging to a cult. I'm suspecting the cult of Ayn Rand here.

Did a gun-carrying radio talkshow host tell you that? It's not an idea anyone could have spontaneously formed.

Did the government education system teach you to refute arguments with irrelevant drivel? That's the only way anyone could have spontaneously come up with that reply.

Well, no, obviously not. Which is understandable, given that you're just using the tactic of "I'll repeat back my opponent's disparaging remark, changing a couple of words".

The idea that the existence of regulation is the cause of the current crisis is like saying that AIDS is caused by the existence of doctors. It's just so crazy that you must have obtained it from some repository of craziness — the odds of any given individual coming up with it himself are just way too slim.

Re:G-Mail?

[yacc143]

So by this measure it would be okay to steal, as long the thief pays income tax on what he takes?

Re:G-Mail?

[nixman99]

FDR (socialists as he was) did the right thing with the glass ceiling laws. It should be illegal to package assets together and flip properties to financial firms.

I think you're referring to the Glass-Steagall act

But yes, I believe the repeal of this law was a major contributor to the current mess.

Re:G-Mail?

[Jaysyn]

What's wrong COWARD?  You don't have the courage to lose a few points of karma over your convictions?  What's that?  Don't really believe the crap you are spewing.?  Yeah, that's what I thought.

Re:G-Mail?

[Tenebrousedge]

You've given an example of a somewhat flawed password scheme. You've never tried to brute-force a password, have you?

Most people, left to themselves, will have a password that consists of all lower-case letters, and maybe a couple of numbers at the end. This gives you 36^8 possible choices for a password. Adding uppercase and numbers gives you 62^8 choices, making the password take approximately twice as long to crack.

Most people will choose very bad passwords, usually dictionary words. There are by most accounts less than a million words in the English language; you're reducing the keyspace by a factor of millions if you can use a dictionary attack.

Your password scheme is better than a simple 8-character lowercase password by many orders of magnitude even assuming that the lowercase password is randomly generated. In reality, that will rarely be the case. The upshot is basically that without a password scheme such as yours, any password will likely be broken in seconds or minutes, and with your password scheme, breaking the password within weeks may be infeasible.

Re:G-Mail?

[chrb]

Working in the banking and finance industries is not illegal. You may think it's immoral, but there are many people who work in those industries who are decent, hard working individuals. Your analogy may be more like it would be okay to sell sex, as long the prostitute pays income tax on what he/she takes? I actually know a prostitute who insists on paying income tax because she wants to be legal, even though all of her customers pay cash in hand and it would be trivial for her to avoid taxes (prostitution in itself is not illegal here).

Re:G-Mail?

[JAlexoi]

government that is incompetent, greedy, and stupid

Aha! You forgot evil, never forget the evil!

Re:G-Mail?

[Dragonslicer]

a car payment (which I'm two months behind on) of $315/mo and I still have a year left on the loan

My current vehicle probably won't last another month. I *need* a car loan.

These two lines set off my bullshit detector. A $315 monthly payment would have to be either a pretty short loan (36 or maybe 48 months), or a decent quality small car (in the $15-20k price range). If your car is about to die a full year before you've even finished paying off the loan on it, something not quite normal is going on.

Re:G-Mail?

[Dragonslicer]

Unless there's a big fine involved, one big enough to effect someone's bonus

Usually the affect/effect mistake isn't a big problem, but in this case it gives the complete opposite meaning.

Re:G-Mail?

[JAlexoi]

To my knowledge, American banks are that insecure. Normal countries force banks, by law, to protect their customer information under threat of heavy fines and termination of licenses. And that actually does the trick. I would probably "hang my bank consultant" if any of my information had been disclosed without my knowledge.

Re:G-Mail?

[DaveGod]

Last I read, PGP style encryption works by the sender using the recipient's public key to encrypt data that can then only be unencrypted using the recipient's private key. The sender does not use his own key to encrypt data intended for others, because then everybody needs to generate a unique key for every person they deal with - resulting in a travelling salesman problem.

Therefore in the automatic scenario, if a sender selects the wrong email from his list then he would apply the wrong encryption, and if he simply mistypes the email address he would apply no encryption. The only way he can send a file to the wrong person whom cannot then open it is if he first encrypts the file (correctly) and then sends it (incorrectly).

The same thing happens if there is some kind of global database of keys, which would solve the problem of the email client automatically finding public keys of people that it has previously never dealt with.

I'm not talking about this specific issue in the OP, I'm talking about why nobody besides geeks use encryption. They need it to be automatic, and by nature encryption cannot be both automatic and secure because of the damn PEBKAC.

Re:G-Mail?

[mhelander]

I will not dispute your assessment regarding the moral constitution of banking industry representatives. But when you say regulators actually promote the scheme in question, then I have to wonder if they are not vastly more to blame?

Re:G-Mail?

[mhelander]

Damn, I meant to reply to this comment:

http://yro.slashdot.org/comments.pl?sid=1383471&cid=29551455

(How I was able to mess up? I started commenting on the right one, noticed I wasn't logged in, did Ctrl-C on the stuff I had written, logged in, went back, clicked on the wrong comment, Ctrl-V and Preview + Submit. Now I will go have some morning coffee and all will be better...)

Re:G-Mail?

[nausicaa]

Because they thought they were sending it to G-man!

Re:G-Mail?

[mhelander]

I think easyTree is not arguing that we should "compassionately" make bad loans, but rather that we show compassion to people who have been tricked into taking them. Yes, if you must use such a word, because they may have been to "stupid" to know better.

To adjust your example: You are in the situation you describe, and not easyTree but some corporation shows up and offers you that loan since it has figured out how to make a buck, unlikely as it seems, by giving you a loan you could never possibly repay. Now, it is quite possible you are in the situation you are in to begin with because you are not exactly a financial wizard. For much the same reason, you accept the loan. Using your terminology, the long and short of it here is that you take this new loan because you continue to be "stupid".

You inevitably enter even further into economic disaster due to accepting this new loan (but the corp that in effect managed to trick you into it makes its profit). It is at this point that easyTree suggests that we show some compassion towards you on human grounds - despite how it is perhaps clear to everyone but (the hypothetical) you (I guess you are not really in the debt you describe?) that less stupidity on your part could have prevented this particular downfall. What would being "compassionate" at this point entail, if it is not about giving you another bad loan (as you interpreted easyTree in your post)? Well, a starting point could be to not call people who make mistakes "stupid" and use that as an excuse not to care.

"(When you achieve consciousness you'll realize there's a difference between compassion and stupidity.)"

Right. The point is that one can actually show compassion for people one decides are more stupid than oneself, rather than just dismissing their poor fortunes as the predictable result of their stupidity.

Re:G-Mail?

[nitehawk214]

While I agree that Banks are dumb, all real banks have Sarbanes Oxley auditors that check for this kind of crap. Any real bank will not send any confidential information via email, but rather send a "to check your account info click this link", and require the user to log in. That way if email is misdirected or intercepted (and one must assume that this will eventually happen to someone), the intercepting user will not be able to log in and see the information.

A lot of tiny local banks outsource their entire IT operation, or at least their website development. Makers of marketable banking software should be damn sure they are aware of Sarbanes Oxley.

I was trying to come up with a car analogy in which someone loses their legally owned car after no wrongdoing... Where is BadAnalagoyGuy when we need him?

Re:G-Mail?

[digitalunity]

Healthcare debt is the #1 reason for personal bankruptcy. I don't think this has anything to do with the credit crisis, but it's a fact none the less. Healthcare costs might exacerbate a families income shortfalls but alone is not the source of the mortgage industry collapse.

That's due mostly to originating lenders like Countrywide and others who dramatically increased no-doc, low-doc, alt-A and de facto subprime loans at a pace never seen before. They then foisted that debt on the secondary mortgage market including foreign governments, private institutional investors and our own government. Countrywide was responsible for around $6 trillion USD alone in secondary mortgage market transactions. They knew when they issued them that the buyers couldn't repay, but they didn't care since they carried little burden after they are securitized and sold.

Re:G-Mail?

[digitalunity]

This was kind of why AIG floundered. The credit default swap market was basically AIG saying "Sure we will insure the entire mortgage market" and everyone participating in that delusion.

I guess all the greedy banks didn't stop to think that even the biggest insurance company in the country still can't insure the entire market.

Re:G-Mail?

[sorak]

(I know I'm being redundant, but)
To put it in plain English:

1. They started making loans with other people's money.
2. They got their profit upfront, regardless of whether the loan ever got paid off.
3. They started carelessly making loans everywhere they possibly could. They started coming up with wacky ARM schemes that encouraged their customers to bite off more than they could chew (and I don't hold the customers blameless), simply to get more loans and bigger loans into people's hands.
4. The system collapsed.

Re:G-Mail?

[canuck57]

When the families are told by the bank that they will be able to repay the loan and are given very low initial rate, AND the bank knows they will not be able to pay it back, AND the bank knows they will bundle it up the mortgage and sell it off, AND regulators that actually promote this THEN you have banks that are evil, greedy bastards, and you have families that are stupid, and a government that is incompetent, greedy, and stupid.

AND supported by a Democrat Congress and Senate.....for fast easy cheap money the government needs for its liberal debt-corruption spend ponzi scheme.

Hell, the government can't pay it's bills without more debt.

Good post.

Re:G-Mail?

[canuck57]

The repackaging of subprime mortgages into valued securities was one problem but it might not have caused a collapse had the banks not also willingly massively over leveraged - at 30 to 1 it only takes a 3% downturn in the market and your bank is insolvent...

You should be mod-up as insightful.

People conveniently forget that it is government sponsored leverage that started this whole mess for cheap easy debt. And government did it so interest rates could be artificially low, no checks and balances for run-away debt. Because government is the largest default debtor going, over $12T for the US government, many trillions more at the state, county and civic level.

The government does this as not GM, but the US government is in fact the largest defunct debtor out there.

Re:G-Mail?

[darkpixel2k]

Again, I can barely imagine someone actually coming up with such a thing, in the same way that I can barely imagine someone coming up with the story of Noah and believing it. It's the sort of idea people only receive as part of belonging to a cult. I'm suspecting the cult of Ayn Rand here.

To me, it sounded like you were saying morality needed to be legislated...so I asked you if that's what you meant. Then you went all crazy left-wing on me and started bible bashing and Ayn Rand bashing. WTF does *any* of that have to do with my question?

Well, no, obviously not. Which is understandable, given that you're just using the tactic of "I'll repeat back my opponent's disparaging remark, changing a couple of words"

That's ok--since you flat-out didn't refute my argument, but rather are trying to antagonize and pick a fight by bashing on various groups' personal beliefs.

The idea that the existence of regulation is the cause of the current crisis is like saying that AIDS is caused by the existence of doctors.

Nice analogy. But completely wrong. Try reading something on the topic.

It's just so crazy that you must have obtained it from some repository of craziness — the odds of any given individual coming up with it himself are just way too slim.

More crazy. Instead of providing examples or proof that my statement is wrong, you imply that I must have gotten the idea from a 'repository of craziness' and that a single individual couldn't come up with that idea. (I can understand how you'd feel that an individual can't think for themselves if you graduated from government schools). But in your previous post you say I must have received the idea fro 'talk radio'.

Aren't those shows one person broadcasting over the radio? I.E. an individual? You sir are an idiot.

Re:G-Mail?

[darkpixel2k]

These two lines set off my bullshit detector. A $315 monthly payment would have to be either a pretty short loan (36 or maybe 48 months), or a decent quality small car (in the $15-20k price range). If your car is about to die a full year before you've even finished paying off the loan on it, something not quite normal is going on.

The straight dope is that before my wife and I were married, the engine in her previous car blew up right in front of a dealership. She didn't know what she was getting herself into and they sold her a car that was probably only worth $8k for about $11k. They gave her 24.9% (ouch!) interest on the crappy thing and IIRC it's a 48 month loan. When I lost my job, I missed a few payments and they bumped the loan to 26% (seriously ouch!).

The other side to that conundrum is me being an IT tech for a bunch of small businesses in the 'area'. I regularly put 1,500 to 2,000 miles per month on the thing. It's already well over 120,000 and badly in need of maintenance and a tune-up--which it will get as soon as I pay it off and can free up some cash in order to perform said maintenance.

The positive side to all this is that it forced me to go from a teenager/early-twenties moron who spent every paycheck on whatever I wanted to being much more responsible with my money. The down-side being I had the $60k/year job when I was younger... ;)

Re:G-Mail?

[Locutus]

no, the question is why is ANY confidential information being sent via email because email is not a secure transfer medium. Everything in email is in the open unless there is an encryption mechanism used and we know that was not the case here. These idiots were sending confidential data via email and that is a total dumb-ass move.

They got a judge to harm an innocent bystander and the bank pays no penalty for sending confidential info in the clear. WTF? I have had my tax preparing firm repeatedly try to email me my tax data even after I told them repeatedly that email is not a secure way to send anything with confidential information.

I sure hope this bank gets slapped with a class action or something for being so stupid for what they did with the data and another law suit for how they tried to clean it up.

LoB

Re:G-Mail?

[IndustrialComplex]

moving closer to your workplace, switching jobs

Good luck doing that if your credit is suspect. I've had every rental place, or place of employment perform a credit check as a matter of course.

Re:G-Mail?

[AK+Marc]

Unless the recipient owns their own mail servers, someone can always go through them. And even then, there are transparent proxies used for things like virus and spam scanning. Plus, anyone in the middle could capture it. The reason the "why gmail" is ignored is because it doesn't matter. There is no functional difference between that and any other mail service. The email should have been encrypted or not sent, regardless of the receiving service.

Re:G-Mail?

[xenocide2]

You have to distinguish between hedge funds and investment banking, which primarily operate in Wall Street (and London), and Savings & Loans type banks with a physical branch and loan officers. The latter generally didn't lower their lending standards, and therefore didn't lead into the subprime mess. They are however, still on the hook for losses in places where market downturns have exceeded conforming loan downpayment percentages.

However, these S&L places are truly dumb. Partly because they're high profile targets, and partly because of reasons the GP stated. A friend of my brother's related a story to me of how he was offered a CIO position at the bank he worked at as a junior loan officer. He's attending some podunk college and earning a bachelor's in business. Offered pay: $35,000. For the CIO of a bank (he declined, stating mainly that he wasn't interested in the work at any compensation). If this guy has even fucking heard of 2 factor authentication, it's a miracle. And since banking IT is essentially figuring out how to not do anything, it's the most boring kind of job, that nobody wants. Sarbox hasn't helped this.

(If I were more cynical, I'd assume the person in charge of the bank wants poor IT security to aid in covering outright theft.)

Re:G-Mail?

[yacc143]

No, but argueing that doing illegal stuff is fine, as long we all get our cut (the taxes are paid).

Btw, I did work in the bank industry too, and while most the people in there are not criminals, it's not exactly my favorite industry to work in.

Actually, many of the people who caused the current mess, did things that are illegal or at least a grey area.

But because the banking industry claims to be to important for the economy (perhaps. perhaps not), they managed to avoid the normal legal procedure for people (be they natural or companies) that cannot pay their bills. It's called bankruptcy, and every country do call it slightly differently, and the rules slightly change. But the rules often include a mandatory review for criminal behaviour. Guess it's more important for our politicians that certain people can get their bonuses, at the communities cost?

So what exactly makes bankers so special that their bonuses have to be paid by the public? Does that mean that if my private grocery shop promises 10 million $ bonuses for next year for the management, and I cannot pay them, I'll ask capitol hill to pay them for me?

To bad, these banks that claim that these are past bonuses that need payment. Well you cannot pay them, then you fill chapter XX, and that's it.

Re:G-Mail?

[petermgreen]

I could have purchased a home in 2003 on an interest-only mortgage with all the other idiots, but I knew that I wouldn't be able to afford the payments once they included the principal.
What people assumed is they would either get a payrise or be able to refinance onto a better deal since the value of thier property would have gone up. They assumed the worst case would be they have to flip the house. The only risk is if property prices go down which all the buyers assumed wouldn't happen (and the salemen deliberately kept them ignorant of).

Don't forget renting has risks too at least in areas that don't have rent controls. If you see property prices and rents both climbing ever skyward then an interest only mortgage starts to look like a good deal.

Re:G-Mail?

[petermgreen]

Tell me *exactly* how you determine if someone can repay a loan that doesn't come down to the unscientific method of saying "He seems like an honest guy".
You can calculate what someone can afford under the assumption that their circumstances don't change. Take the persons income. Subtract an estimate of what they can afford to live on). Self employed people are trickier to deal with but you can estimate tolerably from their past records. Then subtract some safety margin in case your estimates of thier minimum living costs are off. What you've got left is the maximum payment you can be reasonablly sure they can afford to make on a loan.

Yes there is the risk someone will lose their job, defraud you with false details when taking out the loan or that your estimates will be off. In that regard the bank is basically acting as an insurer. That is they calculate that their losses from defaults will be less than their profit on the difference between the interest rate they charge the borrower and their cost of funds.

Collateral reduces risk for the lender by giving them a way to recover some or maybe all of their money if the borrower defaults. As such it is reasonable for the lender to offer better loan deals to borrowers prepared to put up collateral and particularly collateral that is likely to retain it's value through the term of the loan (which is why mortgages do and should have lower interest rates than almost any other type of loan).

But while collateral reduces the risk it is IMO both evil and stupid to use collateral that appears to be rising in value as a substitute for checking that the borrower can reasonably pay the loan. All that does is drive a bubble and when that bubble pops both the lender and the customers who can't afford thier loans are screwed big time. Even the customers who can afford thier loans are in negative equity which basically means they are stuck in thier current property and unable to move.

Re:G-Mail?

[ChameleonDave]

To me, it sounded like you were saying morality needed to be legislated...so I asked you if that's what you meant.

There's no need to reiterate your question. I know what you asked. If you'd asked, "does the earth orbit the sun?" I would have responded in the same way, discussing the bizarreness of the question, rather than pointlessly delivering a literal answer.

Then you went all crazy left-wing on me and started bible bashing and Ayn Rand bashing. WTF does *any* of that have to do with my question?

They have to do with the insane ideology that's behind your earth-and-sun question.

The idea that the existence of regulation is the cause of the current crisis is like saying that AIDS is caused by the existence of doctors.

Nice analogy. But completely wrong. Try reading something on the topic.

Thanks. I'm slowly managing to tease it out of you. I provoked you into giving a link to a right-wing think-tank. As I said, your views are so loopy that you must have picked them up wholesale from some such source.

The linked article is not even about regulation. It's about the too-big-to-fail doctrine.

(I can understand how you'd feel that an individual can't think for themselves if you graduated from government schools).

This is the second jibe against education. I ignored the first, but it's really starting to look like you're one of those freaks one hears about whose parents pulled them out of school in order to teach them that the world was made by Jehovah in six days. I've been reading a lot about them recently. Scarily ignorant people. It would be best to tone down your attacks on education, lest people think you are one of those.

I also previously mentioned talk radio, as I have heard it is another central source of gun-toting, gummint-hating, black-lynching wackiness. I don't actually know where you personally got it; perhaps you masturbate nightly over Ayn Rand and Ann Coulter. It's just that the odds of any given individual deciding that a crisis involving banks lending when they shouldn't was caused by the existence of recently-removed lending restrictions, are slim. It's more likely to be a lie that has been spread as truth from a central repository. In the same way, the story of Noah was a lie/tale that was put in a book and spread as truth.

If you can understand this concept in relation to Noah, you should be able to understand it in relation to what we are discussing (even if you think there is no lie). If you think that the Bible is true, however, then there is no hope at all.

Re:G-Mail?

[darkpixel2k]

You can calculate what someone can afford under the assumption that their circumstances don't change. Take the persons income. Subtract an estimate of what they can afford to live on). Self employed people are trickier to deal with but you can estimate tolerably from their past records. Then subtract some safety margin in case your estimates of thier minimum living costs are off. What you've got left is the maximum payment you can be reasonablly sure they can afford to make on a loan.

Great answer.

But while collateral reduces the risk it is IMO both evil and stupid to use collateral that appears to be rising in value as a substitute for checking that the borrower can reasonably pay the loan. All that does is drive a bubble and when that bubble pops both the lender and the customers who can't afford thier loans are screwed big time.

Very true. But realize what you're saying. Some people are idiots and make bad decisions. I have three friends that voluntarily entered into crappy loans because they wanted houses--and they are still paying them back despite being upside down. What you're advocating would have denied them loans for their homes even though they are responsible people--because there are idiots out there.

Re:G-Mail?

[weber]

why is the bank sending customer information through email at all? why is the bank not encrypting all sensitive customer data?

My bank sends me an e-mail that I have a new message, and I have to log on to my netbank to read it. That's a good way to do it, I think.

Re:G-Mail?

[Dragoness+Eclectic]

Exchange as used by the DOD has encryption, and use is transparent. You just click on the Options box that says "Encrypt e-mail" (and/or the one that says "Digitally sign"), hit 'send', and your private key is automagically pulled off your CAC and used to sign your e-mail, while the other guy's public key is pulled off the global directory and used to encrypt the e-mail before it goes. At the recepient's end, Exchange/Outlook automatically pulls my public key out of the global directory and uses it to check signature, and gets the recepient's private key off his CAC to decrypt the e-mail.

All each of us have to do is have our CAC stuck in the slot in the computer keyboard, which we had to do to log in in the first place, and check a box in 'Options'--which can be configured to be checked by default, so we don't even have to do that.

That's how you get encryption usable and used by everyone. That, and having senior authorities *require* that encryption/digital signing be used.

Re:G-Mail?

[Dragoness+Eclectic]

You people are young enough not to remember the origins of the phrase. Back in the mid-20th century, there was a flurry of scams by shady real estate operators selling near-worthless swampland sight-unseen as "waterfront property", using faked-up pretty brochures showing beautiful beaches, palm trees, etc. People thought they were buying beachfront property amazingly cheap, when they were actually getting something much less desireable, though technically, it was near water. "60 Minutes" did exposés on it, back in the day.

Since that time, "I have waterfront property in Florida to sell you" became the modern replacement for "I have a bridge (in Brooklyn) to sell you". It also carried the connotation/lesson of "Don't put down money for property you haven't seen".

Re:G-Mail?

[Fastolfe]

Indeed, but the problem we have here is that the bank is going to do whatever the customer asks. If the bank takes a hard line on insecurely e-mailing customers loan details, and the customer wants to deal over gmail, for instance, they're likely to walk away and go to another "e-mail friendly" bank. People think insecure e-mail is "good enough", so customer demand will drive the bank's behavior.

If a particularly saavy customer said, "I prefer that this be encrypted," then the bank should try to accommodate them. (That being said, I'd be interested to see what bank employees would do if you walked in and wanted to exchange PGP keys.)

Re:G-Mail?

[operagost]

Healthcare debt is the #1 reason for personal bankruptcy.

No, it's not. Maybe that's what the universal health care backers are saying, but it's unemployment. Sometimes unemployment is due to poor health, but that's not the same as saying it's due to the cost of health care, is it?

Re:G-Mail?

[operagost]

I'm guessing a very, very long term loan with a high interest rate. Some time back, I was frustrated with the problems my 9-year-old car was experiencing and bought a new one on a 6-year loan at a relatively high interest rate due to my credit rating. Due to the length of the loan, the car went out of warranty before it was paid off. It's possible to be stuck with some costly repairs and still have a lot of payments left. Fortunately, in my case that car is still running very well.

Re:G-Mail?

[LordLimecat]

People need to be responsible for their own actions at some point. Taking a loan you know you can never pay is irresponsible.

Re:G-Mail?

[easyTree]

People need to be responsible for their own actions at some point.

I guess bankers aren't people.

Can the Poor SOB sue for damages?

[alex_guy_CA]

If a bank did this to me I'd be all up in their butts with lawyers sewing for damages.

Also having a moment of gratitude that I don't use gmail.

Also wondering if I can send someone I don't like sensitive email, and then have a judge erase their email account erased.

Re:Can the Poor SOB sue for damages?

[grahamwest]

Sewing for damages?

Fear the giant quilt of redress!

Re:Can the Poor SOB sue for damages?

[The+Archon+V2.0]

Sewing for damages?

Fear the giant quilt of redress!

Say what you want, I know a few people in the banking profession I'd like to stick a needle into over and over again until I've turned an unwanted hole into a nice compact knot of thread.

Re:Can the Poor SOB sue for damages?

[Culture20]

If a bank did this to me I'd be all up in their butts with lawyers sewing for damages.

I'd normally say lawyers don't sew too well, but my SIL knits all the time.

Re:Can the Poor SOB sue for damages?

[edman007]

Yeah, sew their butts shut. That'll teach 'em!

If only that would help, lawyers are full of shit and it can only be explained by having a blocked arse.

Re:Can the Poor SOB sue for damages?

[alex_guy_CA]

good one.

Re:Can the Poor SOB sue for damages?

[similar_name]

Also having a moment of gratitude that I don't use gmail.

What email do you use that would disobey a judge's order?

Re:Can the Poor SOB sue for damages?

[K.+S.+Kyosuke]

His own server, perhaps?

Re:Can the Poor SOB sue for damages?

[alex_guy_CA]

My email is on my own computer. My ISP could delete my account, but not erase my old emails.

Re:Can the Poor SOB sue for damages?

[icebraining]

Neither can GMail, if you use IMAP or POP3.

Re:Can the Poor SOB sue for damages?

[similar_name]

Don't know why someone modded you troll. Seems unfair. If the judge ordered you to delete your own email account it would certainly make for an interesting legal precedent.

Re:Can the Poor SOB sue for damages?

[alex_guy_CA]

A lesson for all gmail users. Use IMAP or POP3 in case a bank emails you something by mistake and gets a judge to erase your ass.

Re:Can the Poor SOB sue for damages?

[Alsee]

@thepiratebay.org ?

-

Re:Can the Poor SOB sue for damages?

[houstonbofh]

Yeah, sew their butts shut. That'll teach 'em!

If only that would help, lawyers are full of shit and it can only be explained by having a blocked arse.

Or just being anal retentive. :)

Re:Can the Poor SOB sue for damages?

[Tony+Hoyle]

IMAP is server side (that being the point...) so it wouldn't help you in this case.

It looks like the exchange protocol gmail supports is client side (it attempts to download all the emails in your inbox, which is why I switched it off and went back to imap.. there's over 100,000 of them...)

Re:Can the Poor SOB sue for damages?

[alex_guy_CA]

You've gone over my head technically (not hard to do)

If I had gmail and wanted to protect myself what would be the best way to do it?

Re:Can the Poor SOB sue for damages?

[arminw]

..What email do you use that would disobey a judge's order?...

Since I administer the domain of e-mail is on and the e-mail server, my provider could delete my e-mail account along with the offending message. However upon discovering this, I could re-create the e-mail account. Of course if I had already read the offending message, it would no longer have been on my e-mail server at all but on my own computers, because my e-mail clients remove all messages from the server after downloading them. Then the bank and their lawyers would have been forced to sic the judge on me, the recipient of their ill-fated message. Since I have no interest in other people's private information, I would erase the message, but I would still have my e-mail account. Google and Hotmail accounts are free and you get what you pay for.

Re:Can the Poor SOB sue for damages?

[jonbryce]

Not all google and hotmail accounts are free. There are paid for versions available.

Re:Can the Poor SOB sue for damages?

[Temporal]

You aren't subject to court orders?

Re:Can the Poor SOB sue for damages?

[bsDaemon]

Assuming you still have copies of the messages you know you need to keep, you can just delete your account and re-create it right afterwords. No harm, ho foul essentially. However, with GMail or another such service, I don't think you can remove an address and immediately re-create exactly the same address with less than a minute of 'down time' during the procedure.

Re:Can the Poor SOB sue for damages?

What email do you use that would disobey a judge's order?

His own server, perhaps?

What makes you think that you won't arrive home to find that all of your electronic equipment has been confiscated?

Re:Can the Poor SOB sue for damages?

[alex_guy_CA]

Maybe I'm being overly optimistic, but I don't feel like in this case the judge would have issued an order that someone should erase their hard drive. I think it was much easier for the judge to be like, ok Goog, pull the plug than it would be for him or her to say "This person should have their computer erased."

In other cases, I think a judge might do just that. If I was really worried about it, I would have encrypted offsite off shore out of jurisdiction blah blah blah. But at this point, that seems like way too much effort for a very small risk.

I'm more worried about an earthquake leveling my house (I live in San Francisco) and I'm taking great pains to create an offsite backup for all of my photos.

Re:Can the Poor SOB sue for damages?

[supernova_hq]

...gets a judge to erase your ass.

That's one big eraser!

Re:Can the Poor SOB sue for damages?

[SnowZero]

A judge can order your house searched and all computers seized. There is no safety from the law/courts, except taking the issue up in court with them.

Re:Can the Poor SOB sue for damages?

[chx1975]

Uh oh. so you run your own server and NOT comply with a judge's order? I do not know USA laws but if that's not a federal offense I have no clue what is.

Re:Can the Poor SOB sue for damages?

[ignavus]

What email do you use that would disobey a judge's order?

A foreign one.

Re:Can the Poor SOB sue for damages?

[dissy]

His own server, perhaps?

So, your solution to the problem of "Not randomly having your email deactivated" is to have yourself thrown in prison?

Re:Can the Poor SOB sue for damages?

[Prof.Phreak]

setup POP to download but not delete email. Do that every so often, and you should be fine.

Re:Can the Poor SOB sue for damages?

[jimicus]

Most IMAP clients cache some or all of the email you receive. (Outlook's a particularly good example - though it doesn't download the email until you actually go to read it, once downloaded it keeps a copy in cache until you delete the email. And IIRC the 2 GB local pst file limit still applies to Outlook if you're using it with an IMAP server - it's only with Exchange server that the limit doesn't exist).

Re:Can the Poor SOB sue for damages?

[TheThiefMaster]

IMAP syncs with your online account, so if something is deleted there it is deleted at home too, and vice-versa. And that is if your client bothers to cache the emails at all, and doesn't just use IMAP to look at what's on the server.

POP3 just retrieves messages from the server, and deleting them on either the server or in the client has no effect unless you've set up the client to make it have an effect. In fact, the default behaviour is normally to delete the messages from the server when you open your client, so that the only copy is on your pc. I turn this off, so that I still have all my email on gmail for when I'm at work or elsewhere.

Re:Can the Poor SOB sue for damages?

[JAlexoi]

Have the server set-up in Panama? I bet that would help.

Re:Can the Poor SOB sue for damages?

[Antique+Geekmeister]

Well, now, that depends on how you use it. POP is just a bad idea in this day and age: its historican inability to handle folders consistently from multiple client locations makes it unusable, along with its tendency for every client to automatically delete _everything_ off of the upstream server when first connected. So if you'd like to flush all your email off of gmail anyway, go ahead, use a POP client. And oh, yes, the adventures to get your POP client to talk to your set of Gmail folders is messy indeed.

IMAP is reasonable, althought the Gmail IMAP access has historically had some odd behavior (like being unwilling to let you not subscribe to the 'Trash' folder). Have they fixed that yet?

Re:Can the Poor SOB sue for damages?

[termineite]

If the address was not a Gmail the company would probably have praised the banks requests and handle the bank all of your private information plus a good solid background on your persona and all of your emails so that the bank could backfire in court (in case it would turned to that) saying you were not as innocent as you seem.

That message to your girlfriend saying, "woooah you can't believe the email I just got" would probably put you 5 years behind the bars. Just to be safe. :)

Re:Can the Poor SOB sue for damages?

[similar_name]

What email do you use that would disobey a judge's order?

A foreign one.

That might help in this particular case. It still won't do anything for you if a judge or government official in that country orders your account deleted.

Re:Can the Poor SOB sue for damages?

[K.+S.+Kyosuke]

No, I would probably deactivate my own email and activate another one after moving the data from one maildir to another. A silly thing to do, however.

Re:Can the Poor SOB sue for damages?

[K.+S.+Kyosuke]

Why should I have all of my electronic equipment at home?

Re:Can the Poor SOB sue for damages?

[K.+S.+Kyosuke]

We have no such thing as federal offenses in my country. The thing is that when I am running my own private mail box, either at home or anywhere else, I don't see a way for a court to force me, as a private person, to get rid of my mailbox, either electronic or the physical one.

I can imagine our courts requesting me to purge all the copies of said documents in my possession. That would be reasonable, and I might do that, but at the same time, there would be no way for anyone to know whether I actually complied with that or not, simply due to nature of information. (The one stupid thing that our courts might require me to do, though, would be to prove that I did it, simply because stupid judges seem to be everywhere.)

As for the mailbox thing, our medieval legislature has yet to pass all those advanced laws you have in the US to circumvent the privacy of a physical individual. God forbid, they haven't even managed to declare downloading music and movies from the Internet illegal here in all those years! And giving up passwords to encrypted files isn't required either! The Eastern Europe is still hopelessly behind.

Re:Can the Poor SOB sue for damages?

[Temporal]

If you were using gmail, you wouldn't have to go through all that effort -- Google would be doing it for you. :) And yeah, the chance of an earthquake leveling your house -- and thus destroying your current e-mail archives -- is much, much greater than the chance that a clueless judge will order your gmail account disabled. (And you can easily create a local backup of your gmail if you want, etc.)

Re:Can the Poor SOB sue for damages?

[rvw]

Use POP, not IMAP. As the others say, you can set your email client to delete mail from the server, right away or after a certain amount of days. Turn that off. You have to enable pop in your gmail settings. Otherwise it won't work. Then set gmail how to handle mail read via pop. I handle most mail in my client, and keep gmail as online backup, but it could be the other way around.

Re:Can the Poor SOB sue for damages?

[KlaymenDK]

First of all, IMAP allows you to keep mail on the server; a COPY operation instead of a READ-and-DELETE if you will. Most email clients worth their salt are able to make a local copy of IMAP accounts, which makes it feel very much like POP3.

Second, with GMail, use the "Offline" feature of the Lab. I haven't tried yanking out my cable yet, but in theory it, too, makes a local copy and syncs with the online account.

Sooo hang on...

...if a judge in, say, Korea granted the same request to have a gmail account blocked, an innocent user in, say, Germany would loose his email...even if that email contained confidental and critical information to be used by its owner...this is quite pathetic and something should be put in place to stop these low level distric judges making decisions that could affect users across the globe.

Re:Sooo hang on...

[martin-boundary]

The answer is to not rely on Google for email.

There's really no reason why a user in Germany should be relying on webmail from a company in the US, or some other place. The German user has a local ISP who can collect email on his behalf, and this ISP is only bound by German law. Moreover, there's no reason why the ISP should have control over the user's email archive, the user should download his messages and keep them on his own computer under lock and key.

Problem solved.

Re:Sooo hang on...

[shirotakaaki]

... an innocent user in, say, Germany would loose his email...

So it would be in the wild?

Re:Sooo hang on...

Because I don't want to have to change my e-mail address just because I changed an ISP.

Re:Sooo hang on...

[wgadmin]

You forgot to end with the phrase 'nuff said. On the bright side, at least you didn't start out by asking "Am I the only one who thinks that...?"

Thanks very much for completely missing the entire point.

Re:Sooo hang on...

The focus here needs to be on the judge. He needs to be taken off the bench for the ruling. It's a sophomoric solution from a technological Luddite. 86ing an email account is on par with deleting your phone number or taking your address off the postal service grid. Dumb dumb

Re:Sooo hang on...

[MartinSchou]

The answer is to not rely on Google for email.

I think you mean

The answer is to not rely on anyone else for email.

If the bank had asked your local ISP for the information identifying you, would they have waited for a court order before disclosing it, or would they have folded and just said 'here you go' to the bank? And if they waited for a court order, how the fuck would that be any different that what Google did? The judge would still be as stupid, the bank would be just as stupid, and the account would be just as closed, and the victim just as screwed.

Re:Sooo hang on...

[martin-boundary]

Why would a local German ISP do anything that is asked by a US bank (in this example)? The US bank would have to file a court case in a German court. A German judge is unlikely to care about potential damages to a US bank's operations in the US, only about contractual obligations between the ISP and his customer.

Re:Sooo hang on...

[martin-boundary]

Because I don't want to have to change my e-mail address just because I changed an ISP.

This is not a problem that goes away when you use a provider such as Google or Yahoo, etc. To spell it out: you get a different email address if you switch from Gmail to Yahoo to Hotmail and vice versa.

Perhaps you think you're happy with e.g. Hotmail and you'll never want to switch? Some people are happy with their local ISP and never want to switch. Then again, some people have been using email for longer than Google or Yahoo have existed, and have seen large free mail service providers come and go, forcing their customers to switch email addresses anyway.

The only long term protection against a changing email address is to register your own domain name.

Re:Sooo hang on...

[martin-boundary]

What point is that? The parent poster talked about the dangers of a local district judge in the US (say) having international powers of censorship, I just noted that this is only a problem when people use ISPs located in a different country. The judge cannot dictate what happens on foreign soil, at best he can respectfully ask a foreign counterpart for cooperation.

Re:Sooo hang on...

[MartinSchou]

And where did you get the idea that the victim was German? It's not in any of the linked articles. The original poster pulled Germany out of his ass as example.

But as for the German ISP ignoring a ruling in a US court, as the court has no jurisdiction in Germany, I think we've seen plenty of examples of what happens in those cases - namely the board members being put on watch lists for arrests when they enter the country. And with the way that the US has been behaving with regards to terror legislation, I wouldn't be surprised if you'd see extradition requests for those people for not complying with a US court order either.

The fact that this is about Gmail is completely irrelevant. The provider would be exactly as interesting if it was some small community run ISP in Hicksville, New York.

The interesting thing here, is that a completely innocent 3rd part has been raped by Rocky Mountain Bank and District Judge James Ware and has absolutely no recourse to undo this raping. Even if it would be possible to appeal a court order closing the account, the victim will be out a ton of money and time and probably won't have any way of getting any kind of compensation for this.

THAT is the interesting thing, not who the email provider happens to be. Now, if that isn't something you see as problematic, I feel sorry for your inner sense of right and wrong.

Re:Sooo hang on...

[martin-boundary]

the original poster pulled Germany out of his ass as example.

Yes, and that's why I replied to the OP, instead of making a top level comment. All the details you object to were introduced by the OP.

The interesting thing here, is that a completely innocent 3rd part has been raped by Rocky Mountain Bank and District Judge James Ware and has absolutely no recourse to undo this raping.

Well duh, if you let third parties handle your email for free, and they do whatever they like (whether required to by the law or otherwise), then you didn't do your due diligence. It's not like email is hard to set up in 2009 and you have to depend on free webmail. It sucks to be the innocent victim, but maybe he/she will learn a lesson about convenience and relying on others.

Re:Sooo hang on...

[MartinSchou]

Yes, because I'm sure that all of Gmails 150+ million users are able to set up their own email server, are customers at an ISP that allows them to run a public email server, and have the knowledge required to secure the email server in such a way, that they don't end up causing a ton of problems for everyone else.

Considering the amount of zombie computers on the net, why would you ever expect them to be able to run an email server that isn't instantly transformed into another spam-bot?

Now, what you're saying is that if someone is using a post box at the post office and a bank decides to send them confidential information, it is perfectly acceptable for a judge to not only get the box closed, but also burn everything that happens to be in the box - all because the person wasn't smart enough to have his own personal mail box by his house.

Do you really not see how this action is a BAD thing? Are you really that obtuse or are you just trolling?

Re:Sooo hang on...

[cerberusss]

... an innocent user in, say, Germany would loose his email...

So it would be in the wild?

Yes, zat is correct! Ve Germans do not send Email! Ha! Noes! Our Email escapes, leaving a bloody Trail of innocent Bystanders in its Wake!

Re:Sooo hang on...

[martin-boundary]

So according to you, the only alternative to using Gmail is setting up your own email server and playing admin? This is 2009, email has been turnkey for a long time: most users get their email handled by their ISP or by their company.

There's a whole range of email strategies available depending on what a person wants or needs, free webmail being ideal for casual users with low reliability requirements, through paying email services where one can sue the provider if they do something bad, up to setting up one's own MX domain and servers for those with serious needs. I can't believe you wouldn't be aware of that.

Now, what you're saying is that if someone is using a post box at the post office and a bank decides to send them confidential information, it is perfectly acceptable for a judge to not only get the box closed, but also burn everything that happens to be in the box - all because the person wasn't smart enough to have his own personal mail box by his house.

Post boxes have certain legal guarantees which a free webmail account doesn't have. The two are simply not equivalent before the law. I imagine that in this case, the judge would simply order the post office to divulge the identity of the person renting the box.

Do you really not see how this action is a BAD thing? Are you really that obtuse or are you just trolling?

I'm not trolling, I just don't think the issue is with the judge (who may or may not be an ass anyway), or with America lording it over other countries' email providers.

I'm saying, if email means that much to someone (it means a lot to me, for example), then they should not be so casual about who their email provider is. There's plenty of options for striking a balance between convenience, cost, and guarantees of service and privacy.

Re:Sooo hang on...

[dissy]

I'm saying, if email means that much to someone (it means a lot to me, for example), then they should not be so casual about who their email provider is. There's plenty of options for striking a balance between convenience, cost, and guarantees of service and privacy.

And that entire point is moot.

Replace 'gmail' with 'any ISP physically located in the USA'. They all have the exact same problem with the law that google did here.

And any ISP *NOT* in the USA is going to have a similar but different problem, one that was already pointed out.

You can be as un-casual as you want about whom you put your email with, but the same result will happen.

Thus, your solution will result in the same exact thing (account being locked by court order), the only difference is you just put a ton of effort and work into moving your email before the new account is locked down as well.
(IE: No solution what so ever)

Re:Sooo hang on...

[Niten]

OK, so buy a domain name for a few bucks a year, and point its MX records at an email provider of your choosing in your own country.

Re:Sooo hang on...

[LordLimecat]

Gmail is an american company, based in the US. It has a much harder time ignoring a US judge than it would ignoring the korean government.

IMAP

[pushing-robot]

At least Google offers free POP and IMAP access, so it's trivial to back up your email locally. I'd still be pissed if something like this happened to me, but Google isn't to blame.

Re:IMAP

[Naturalis+Philosopho]

You're right Google isn't to blame in this case. Not given the fact that the judge could have told the bank to suck it up, transfer the account to new numbers, and pay a fine to their customer for failing to live up to their security responsibilities. Instead he decided to punish the innocent people in this case. The bank screwed up, the bank should be held accountable. Anything less is yet another miscarriage of justice.

Re:IMAP

[140Mandak262Jamuna]

Most judges seem to be very uninformed about the ways of the web and emails. Most of them probably have secretaries who read their email, take print outs of non spams and put it up them in a regular bureaucratic binder tied with red tape. I wonder why Google did not use strong lawyers to explain to the judge, the bank screwed up. They should not be asking either Google or the account holder to suffer for the banks mistake.

Re:IMAP

[Carl.E.Pierre]

Because despite the fact that google may be nice(for major corporation), they are not about to waste money fixing other peoples' fuck-ups without gain.

Re:IMAP

[whoever57]

Most judges seem to be very uninformed about the ways of the web and emails.

It appears that this case was transferred from a judge who is fairly clued up (Ronald Whyte) to one who clearly is in need of the cluetrain (Ware)

Re:IMAP

[easyTree]

Perhaps you've not realised yet but banks aren't held responsible for their actions....

Re:IMAP

[LordNimon]

but if a bank suddenly sent me 1,300 account's financial information, and then sent me an email telling me not to open it,

How would you feel if both of these emails ended up in your spam folder? You would not have noticed anything at all, but then suddenly, your account would be gone.

Re:IMAP

[value_added]

The bank screwed up, the bank should be held accountable. Anything less is yet another miscarriage of justice.

Miscarriage of justice?

A reasonable enough opinion, but equally reasonable would be to expect a judge in Federal court to be concerned with matters of law, and not personal opinions of bystanders espousing vague notions of right and wrong.

Unless there's a lawyer in the house, or someone has a link to the actual order, I don't see any value in offering up any opinions or comments, other than adding to the collective WTF reaction to the outcome of the case.

Re:IMAP

[Pieroxy]

Yes, someone has the problem of their account being deactivated. This sucks. But, imagine, for one moment, had the opposite happened. Say, for instance, the judge ordered to bank to change the numbers of the 1,300 accounts, resulting in 1,300 people having to change their financial information on all documents relating to those accounts. I'm not sure if you've ever had to do this, but it can take months for the changes to finally take hold on everything from direct deposit accounts to credit cards and Paypal accounts. Assuming that everything worked out correctly, that is. Granted, if they were wise, the customers would be doing this now themselves.

Your point is to say that annoying one person is better than annoying 1300. It may be valid, but for the fact that the person in question didn't do anything wrong, he was just a bystander. Those 1300 people would have been annoyed to hell, and I hope they (some of them at least) would have gone to another bank. This would have been a (albeit small) step in the right direction though. Closing a gmail account is just hiding the horrible truth. Which may not change anything anyways since the gmail account owner may have downloaded the file in question for days.

As far as the person being innocent, if you read the article, the bank sent an email to this account asking the recipient to destroy the file without opening it. The email account holder did not respond at all.

Being on vacation equates having a suspicious behavior !!??? Noone has any obligation to read one's email every f***ing day !!!

I'll stop there. You clearly prefer the workaround instead of having the *stupid* bank assume their very own *stupidity*. As a result they won't be a bit more careful next time, and maybe 1000 gmail accounts are going to be deactivated. Or gmail itself...

Re:IMAP

It doesn't matter whether the email address is deactivated or not -- those people still need to have their information changed. The email was sent out, the data could already be downloaded onto someone's computer. Due diligence in this case requires that they change the accounts. Deleting the email address doesn't fix the problem, especially when you consider the fact that some of us have more than one email address set to just forward to a single inbox, sometimes on a different service.

The ruling doesn't even make any sense...

Re:IMAP

[funkatron]

The person who received the details WAS an innocent bystander (unless said details were used), they are not responsible for looking after the bank accounts and should not have been expected to take any action. It's perfectly possible that they thought the email was a variation of a Nigeria scam and decided to ignore it. The bank fucked up here and it is absolutely unacceptable that they made it into the email account holder's problem. If they bank wanted to spare their customers the inconvienience of moving account numbers they could have simply covered the cost of any fraud.

Re:IMAP

[Nethead]

Re:IMAP (Score:2, Funny)
by easyTree (1042254) Alter Relationship on 15:49 26 September 2009 (#29551263)

Perhaps you've not realised yet but banks aren't held responsible for their actions....

Please don't mod this as funny. It's not.

Re:IMAP

[Radio_active_cgb]

This all assumes that the emails in question were not automatically blocked by a spam filter.

If a spam filter acted to block/delete both the original and follow-up emails from the bank, the account owner may never have been aware of what happened, and the email message of concern would have been automatically blocked (held for review) or deleted.

If that were the case, it would make sense for the bank to have the account suspended (made inaccessible) until Google could contact the owner.

Now if the account owner was a business, you can bet that the owner would have contacted Google as soon as they were aware of the issue.

If the judge had been smart about this (sounds unlikely, but can't tell), he would have ordered the account frozen (made inaccessible) rather than deleted (it's not clear exactly what he did order).

Yes, the bank screwed up. And possibly so did the account holder (but maybe not). But Google and the court did the right thing. I'm not happy about the way things worked out, but it is perhaps the best possible outcome.

Re:IMAP

[Moridin42]

Ah yes.. the gmail user didn't respond.. because nobody anywhere has a gmail account and fails to check it every hour. It couldn't possibly be that the account just wasn't checked at all hence no response. If you are going to assume malign intent on the part of the gmail user, there still isn't much cause for deactivating the account.

If you assume the user is going to do something criminal, and hence the lack of response, the financial information is in the wild and needs to be changed immediately. If it is possible, credit deposits targeted at the old numbers to the new accounts, but withdrawals only from the new account numbers. Deactivation doesn't solve anything, because POP/IMAP copies, forwards/bounces, or just a simple copy/paste has already put the information outside the account.

Assuming that the gmail user wouldn't do anything untoward with the information is dangerous, of course, but going after the gmail account is .. odd. It is an action that can only hurt an innocent user. It won't hinder the user if he isn't innocent. None of the affected account holders gain security. If their information is out, its out and needs to change. If it isn't out, they can't know it isn't and need to change.

Re:IMAP

[dangitman]

Personally, I don't see this as being a problem. The account holder refused to respond to the bank, which, had they done so, something could have been done to avert their account being deactivated

Would you respond to an email from some bank you've never heard of talking about highly important account details, rather than just deleting the email immediately? Furthermore, what modern spam filter wouldn't automatically filter out an email claiming to be from "Rocky Mountain Bank" and talking about account details? This is exactly the kind of email that security-conscious users should be avoiding like the plague.

Re:IMAP

[dangitman]

Noone has any obligation to read one's email every f***ing day !!!

I agree with your general point, but this isn't strictly true. Many workplaces oblige their employees to check their email every day, it's part of the contract.

Re:IMAP

[rolfwind]

Say, for instance, the judge ordered to bank to change the numbers of the 1,300 accounts, resulting in 1,300 people having to change their financial information on all documents relating to those accounts.

This would be more honest - 1,300 customers being made aware of their bank's stupid mistake. Sounds about correct. Instead, for 99.9% of them, they never heard of this, they are led astray as to their bank's competence and keep patronizing it, and the problem gets sweeped under the rug with some random person to pay for it.

I'm not sure if you've ever had to do this, but it can take months for the changes to finally take hold on everything from direct deposit accounts to credit cards and Paypal accounts. Assuming that everything worked out correctly, that is.

So let random person X account be nuked instead, who may have absolutely no hope retrieving any of it?

As far as the person being innocent, if you read the article, the bank sent an email to this account asking the recipient to destroy the file without opening it. The email account holder did not respond at all.

a)person is going to use account details, maybe
or other explanations:
b)seldom-used account
c)on vacation
d)already dead
e)ignores it like I would have ignored a nigerian 419 letter.

I could pick e, although ignoring the google warnings may have been stupid if it's not a dead account. If some bank I'm not associated with emails me, I would assume scam and toss it. Just like 99.999999999% of banks who snail mail me just want to sign me up for a credit card. Unopened, in the shredder it goes.

But let's ignore the technology angle, what if this was snail mail and the same thing happened? Would you advocate the USPS removing this person's mailbox? Did you know it's pretty much law, if you are sent something in the real world without having ordered it, it's yours (they can't bill you for it?)

So it seem, all that is clouding this case is technology.

Re:IMAP

[psiclops]

except that : 1) even if the person did reply saying "ok i have now deleted it and didn't read it" it wouldn't mean anything as the bank has no way of verifying that anyway. and 2) deleting the person's email account isn't going to do anything. once information has been recieved it has been recieved. and also would it not be just as effective for the court order to force google to simply delete that one email and anything associated with it?

Re:IMAP

[Xylaan]

Yes, but if the average layperson consistently sees the legal system deliver what they consider to be unfair judgments, how long do you think the average person will continue to respect said legal system.

Re:IMAP

[mysidia]

Sure Google is responsible, they can refuse the order, and let the user appeal it based in the irreparable damage turning off their e-mail account would do to them.

Re:IMAP

[mysidia]

. Say, for instance, the judge ordered to bank to change the numbers of the 1,300 accounts, resulting in 1,300 people having to change their financial information on all documents relating to those accounts.

This is exactly what should happen. The information about all these accounts has been transmitted in cleartext across an untrusted network to a server that many entities may have access to.

The recipient may have even downloaded the message using POP3 or viewed it on the web, resulting in the message being transmitted in clear text even more times, and possibly stored in more places.

And who knows how many people have access to Gmails servers, or how many known and unknown temporary and permanent copies Google may have of the data in their servers' RAM, cache, and hard drives (even when you delete a file, parts of it are often still intact).

One thing that is certain is these 1300 people's information can no longer be considered secure, even after Google has deleted that e-mail account.

Honestly, Google and the user should appeal. The irreparable damage is completely unwarranted, the bank should instead be required to identify exactly which e-mail message that access should be blocked to, and only that message should be deleted from the account.

Re:IMAP

[mysidia]

But the person whose email the information was sent to is not an innocent bystander, either. They had a chance to possibly avoid this action, but they chose to ignore the bank's secondary email.

How dare you say such a thing! There's no reason to believe they're anything other than innocent.

For all you or I know, the person didn't get the message from the bank. They might not have even gotten the original message, either or both could have gone to the spam folder, or gotten deleted/filtered.

Some people don't log into their e-mail account and check for new mail all that often, so they might not have seen either message yet.

Some people receive so much mail, that they don't read every message, only mail from known contacts, other stuff gets filed in a 'to look at later, maybe' mailbox.

Also, even if they deleted the original message, or actually saw it, before receiving a message from the bank... it really doesn't obligate them to reply. They are in effect a victim of the bank.

They are more than innocent bystander yes, they are the primary wronged party. The only party we know that damage has really been done to.

Then there are the bank's customers... well, if the recipient deleted the message, they aren't in immediate danger, other than the fact that their bank seems to like transmitting their most confidential information over an insecure protocol, to random recipients on the internet, without protection.

They deserve to know about this, so they can switch banks. This is not about starting a panic or not, they need this information so they can make an educated decision about who they can trust with their information.

Frankly, I think the US needs a constitutional ammendment that declares that matters of this nature must never be sealed by any court.

Re:IMAP

[mysidia]

For work-related e-mail. This doesn't necessarily mean they read all their email every day, or read every message that appears in the inbox.

I generally ignore messages from banks, most of them are unexpected, and they are generally phishing attempts.

Gmail.com is often used for personal accounts too (unless their gmail account was actually a Google Apps or gmail for domains account), businesses will usually want to have their own domain name. I frequently go 2 to 3 days without checking my personal e-mail accounts, unless i'm expecting something specific, but that doesn't mean they aren't important.

Re:IMAP

[Todd+Knarr]

I don't know about you, but if a bank suddenly sent me 1,300 account's financial information, and then sent me an email telling me not to open it, I would be sending an email, calling, writing a letter, anything, because if something happens later to any of those accounts, I'm going to be one of the first people looked at.

If it were me, I wouldn't be doing any of those things. That's because I'd've deleted the initial e-mail without reading it. An e-mail purporting to be from a bank I've never done business with is either a) an advertisement I'm not interested in, b) a phishing attempt I don't want to even look at let alone respond to, or c) information I don't need and don't want. Regardless of which it is, I've no need and no reason to even look at it, so into the bit bucket it goes. And why not? I'm under no obligation to read random correspondence someone else wants to send me, just like I'm under no obligation to read that wad of advertising flyers that show up in my mailbox every day.

Re:IMAP

[mysidia]

Yeah... I think their reason for wanting the e-mail account deactivated rather than the message deleted, must be that they expect to accidentally send more messages to it.

Perhaps the address was typo'd out in a contact list or something, and 30 people at random locations have the accidentally entered address now, and some time in the future the address is likely to get more of the same types of messages....

Deactivating the e-mail account is more convenient than fixing the secretary's typo or revisiting their policy of keeping confidential account info in Excel spreadsheets and e-mailing them around periodically, to share the details across the company....

Re:IMAP

[Dan541]

The bank has money that the innocent civilian does not.

That's the true extent of corruption in Western Society.

Re:IMAP

[mindstrm]

I would
a) Talk to my lawyer and tell him what I want to do.
b) Want to inform the bank that the information was erased, and that I had no intention of forwarding it on. It was accidental. Shit happens. If they involved a lawyer, or a mention of one, I would request that they draft an agreement, at their cost, indemnifying me as long as the information was properly erased on my end.

Again - google didn't shut downthe account - they informed their customer. If the mail was in spam, the response might be "Oh really? Hmm, let me check spam. Oh yeah, there it is. Well shit, I don't want trouble - let's delete it, and how about you hae your google lawyers confirm it was deleted, and that's the end of it?

Re:IMAP

[Thaelon]

Correction, they're only responsible for their financial financial successes.

Re:IMAP

[dbIII]

That's what expert witnesses are for. Judges are not forensic DNA analysis experts either.
I don't really understand why it wasn't just resolved by deleting the email and giving instructions that after any restore from backups it should be deleted again.
On the other hand, while it is a pain to lose an email address it is not as big a deal as some idiot sending out this information in the first place. Not informing the person that lost the address is a bit much - there must be one person out there that is very upset with google and some support people at google very upset that they are not allowed to give the reason.

Re:IMAP

[mikael]

With Gmail, you have six options; keep E-mail on their server and access it through the web, forward it to another E-mail address, forward and delete it, download it, or download and delete it. The judge won't have achieved anything by freezing the account and it has one of the downloading or forwarding options set up.

Re:IMAP

[martin-boundary]

Privatise the profits, socialise the losses.

Re:IMAP

[MeNeXT]

You sir are priceless! Just being polite. If you think the bank does not need to change the accounts. The bank cannot ensure that the information was never retrieved. Even if google says so.
 

Who refused? Not receiving a response is not a refusal! By any standard. How did they not cooperate? Can you please show how? You hold someone more responsible for their inaction, without even being able to prove that they were aware or that they refused than the creators of the problem. You sympathize with the bank? Oh poor bank they didn't know....
 

You sir are a true idiot

Re:IMAP

[MeNeXT]

There is no way that a Google lawyer can confirm that no copies exist.
 

I am glad you have a lawyer that is cheap enough that you can talk to when you receive unintentional email. In my case I receive misdirected mail daily. Some of it spam. Some of it is not. If I remove most that I believe are scams then I may say that I receive on the average of 5 a week that could be real. If I would discuses these with my lawyer that would be around 5 hours a week at $320.00 per hour and it would represent something like $83,200/year.
 

By the way, could you please show us how you properly erased it on your end?
 

Re:IMAP

[sjames]

Exactly. I routinely delete any email claiming to be from a bank unread. If MY bank actually needs to tell me something, they call or use snail mail. Email claiming to be from a bank is inevitably a phishing scam.

Re:IMAP

[sjames]

The gmail account holder probably deleted BOTH emails from the bank unopened along with dozens of others from "Egg Bank", "Your Bank", "this bank" and "that bank", all of which were assumed (mostly correctly) to be phishing scams.

I couldn't even tell you which "banks" I got email from in the last few weeks because I delete all email with the word bank in the from address with less than a second's worth of thought.

As others have pointed out, he could be on vacation or just doesn't check his mail often.

In any event, had he read the second email (mysteriously choosing to open the emails out of order) and emailed back that the first email was deleted unopened, the 1300 accounts needed their account info changed anyway since a scammer would happily send back the same reply just before finalizing the sale of the information.

If the bank was *ACTUALLY* going to just sweep it under the rug taking the gmail account holder's word for it, they should be shut down.

Perhaps they would insist that he send it back to them so they "know" he no longer has it!?!

Once again, a bank screws up massively and government officials decide that an innocent 3rd party should take it up the ass so they can evade the consequences.

Re:IMAP

[AnotherUsername]

You sir are a true idiot

I merely play the devil's advocate. Instead of simply always assuming that the government is wrong, or the corporation is part of an evil empire, I try to also see the other side of the coin. If this makes me an idiot in your eyes, I can live with it. I just don't like to always assume that the government is always wrong, and the individual is always right. Whether or not the government is wrong in this case, there can still be someone willing to try to see it from its point of view sometimes. Again, if trying to see both sides of the coin makes me an idiot, so be it. It seems that in this case, the devil's advocate was wrong. But in other cases, the devil's advocate(which I do so love to play) has made people rethink their initial views on topics.

Re:IMAP

[Dan541]

If that were the case, it would make sense for the bank to have the account suspended (made inaccessible) until Google could contact the owner.

Why should an innocent person have to suffer for the banks fuck up. By sending email to my account people agree that I have the absolute right to do what I want with it. Normally I just delete incorrectly addressed mail, or bounce it back. But I do this at my own discretion those legal signatures mean sod all and I am happy to tell people that in my response.

However if the person making the cock-up went to my service provider I would immediately disclose all email to the public including the "sensitive" attachments and let people know what a dodgy company they are. If they want to attack me I will bite them back.

Re:IMAP

[dissy]

Yes, someone has the problem of their account being deactivated. This sucks. But, imagine, for one moment, had the opposite happened. Say, for instance, the judge ordered to bank to change the numbers of the 1,300 accounts, resulting in 1,300 people having to change their financial information on all documents relating to those accounts.

I don't see how it is better to annoy 1301 people instead of just 1300.

All of what you said needs done anyway. All 1300 of those people have had their account info leaked to the entire internet.
After all, a bank capable of screwing up like this, there is no reason to believe they haven't emailed the account details out to more addresses than this one gmail account. In fact, by evidence of the fact they DID send out one email, that is proof they are capable of sending their customers account details to any random email address on the internet.
With no proof that this did not happen already, one must assume it has and just has not been reported, or has been reported and covered up, just like the bank stated they wanted to happen with this one case.

How many copies of the email were sent out, and the email host simply deleted the users email without waiting for a court order? Can you prove it is zero? I can quote the bank saying that if it did happen, they would want that fact hidden from public view.
So the fact it is not in the public view is no indication the bank hasn't emailed out customer information before, on top of the proof that the bank will NOT disclose any security issues, by their own admission.

So, either they change all 1300 accounts info to protect them, or those 1300 people will just be inconvenienced later when all of their account funds are stolen. The question isn't "if", only "when".

Brilliant solution! Instead of fixing their problem, just let those 1300 people have their money stolen AND shutdown some random persons email. That must be so much better...

Re:IMAP

[fireylord]

and i suspect that theres a good chance that some of the banks money may well end up in the hands of the innocent user in this sorry saga

Re:IMAP

[houghi]

Luckily we know that Google still has the information. So perhaps Google can be so nice to give the Gmail user a new account AND his old data back.

Re:IMAP

[ArsenneLupin]

And even if it hadn't ended up in the spam folder, every "normal" user would have assumed the mails were some kind of Nigerian 419 scam, and deleted the emails right away. Especially the second one.

Re:IMAP

[ArsenneLupin]

This really looks as if it had been a "long forgotten" account, whose owner had probably been forgotten about it. Or maybe he was on travelling.

So most likely, the person knew something was up, and could have begun backing up their email messages/contacts.

Including the bank's mail with the sensitive information. Which makes the whole action entirely pointless.

The thing which I don't understand is:

• Why didn't google selectively destroy the mis-sent message, while leaving all the others alone
• Why didn't google check their logs, and confirm to the bank that the message never had been read. Or that the user didn't even log in during the last 3 months or whatever.

Now we are in a situation where:

• In the (probably) hypothesis where the account holder was honest, his account is gone without no fault of his own (except for only checking his google mail every 3 months...)
• In the (improbable, but not impossible) hypothesis where the account holder was not honest, he would have "backed up" the infringing message along with all his other data, and nobody would be none the wiser

Re:IMAP

[Joe+Snipe]

How would you feel if both of these emails ended up in your spam folder? You would not have noticed anything at all, but then suddenly, your account would be gone.

You are absolutely right, we must start legislation to ban Spam filters immediately!

Re:IMAP

[Locutus]

So I wonder why the bank didn't try to get wiped, every server and router the email traveled though. I know, the answer is because they are morons or else they would have have allowed any confidential information sent via email unless it was encrypted.

LoB

Re:IMAP

[elygre]

You're obliged to read your private email every day? Many workplaces oblige their employees to keep private email addresses, so that they (the workplaces) don't have to meddle with private email at all.

Re:IMAP

[Naturalis+Philosopho]

There's a line between devil's advocate and troll. That line is clearly marked by by the answer to the question "does my argument make sense". If it does not make sense, then it's trolling. If you have valid points that even you may not agree with in the end, then it's playing devil's advocate. You don't make sense, so follow the syllogism.

Re:IMAP

[charlieo88]

You haven't really given this enough thought. Those 1,300 customers had their information transmitted in the clear. It didn't just go from the sending computer at the bank straight into the gmail account. There were hops along the way. Those 1,300 customers information has been exposed all over the place. Any one of those 1,300 customers that does not change their account information after that is a fool.

Disabling the gmail account of the innocent bystander was security theater. It did nothing to actually improve security, it's just showmanship.

Re:IMAP

[Dan541]

This is why the best possible outcome is still not really good enough.

But taking another victim is hardly the solution, in this case the bank maliciously sought out to do harm to someone.

Re:IMAP

[LordLimecat]

The issue youre running into is that youre saying "the user needed to do something to prevent his account from being closed." Heres the thing-- when something hits the inbox, you shouldnt (and legally, AFAIK, dont) have to follow any of its instructions, nor do you have any obligations. This user was uninvolved with the issue-- he neither sent the mail, nor did business with that bank (otherwise they would have had the email + his name on file).

The 1300 other folks DO do business with the bank. The way our society works is, when the bank screws up and causes issues for those 1300 users, the 1300 users have to suffer, and in turn stop doing business with that bank. The bank then has a huge incentive to never screw up like that again. If you take away this punishment and incentive from the bank, the bank no longer has to worry about what happens-- the 1300 users never know the difference, only one person with no way of getting at the bank gets harmed, and the bank loses no business.

do you not see the problem with this? By shutting down the account, 1300 people are saved a hassle, but there is now NO reason for banks not to screw up and silently have accounts deactivated-- youve just removed all consequences from the situation.

Spam

[mwvdlee]

If I get e-mails from banks that I have no relation with, it is usually spam and gets instantly deleted.

Perhaps that's why the recipient of the bank's private data didn't respond to any of their e-mails.

Also, why is a bank sending it's customers' private information over an unsecure connection (e-mail)? Wouldn't the bank be violating security rules even if the e-mail address was correct?

Re:Spam

[BitterOak]

If I get e-mails from banks that I have no relation with, it is usually spam and gets instantly deleted.

Perhaps that's why the recipient of the bank's private data didn't respond to any of their e-mails.

Or maybe the mailbox holder was simply on vacation? Is there a legal obligation to check your inbox on a regular basis? (There's a reason legal papers aren't sent by e-mail.)

Re:Spam

[masonc]

Completely agree - if I get information and attachments from anyone I am not expecting to hear from, I delete it, and if it claims to be from a bank I do not have an account with, I delete it without reading it. I am almost certain that is what happened here. It is impossible to claim you emailed someone and should have received a reply, if you want that to work, get rid of spam.

The entire email system is fundamentally broken, does not work and cannot be relied on at all. As long as two parties agree to exchange an email, it is probably fine, but to expect to send am email to anyone who does not know you and to expect a response is naive.

Google should have used their financial might to halt this, they had reason and precedent on their side and more money than the bank.

Re:Spam

[iYk6]

More likely than spam filter, and more likely than vacation, is that this Google account, like most web service accounts, was inactive.

Re:Spam

[chrysrobyn]

Heck, it could be a gmailfs user. They wouldn't even necessarily know they got the e-mail.

Re:Spam

[Jesus_666]

Also, the bank will probably not have sent the account details as plaintext but rather in something like an attached spreadsheet. Even my retired parents are tech-savvy enough to delete mails coming from banks they don't know, especially when they contain attachments.

Re:Spam

[shitdrummer]

I have a Gmail address that I don't use at the moment. I checked it for the first time in 6 months just it in case I had a couple of emails from a random bank.

Re:Spam

[martin-boundary]

You didn't need to check. If you couldn't log in, you would have already known that some bank was trying to email you :)

Re:Spam

[russotto]

Google should have used their financial might to halt this, they had reason and precedent on their side and more money than the bank.

Assuming Google even got to reply. It could have been an ex parte order.

Re:Spam

[Jeeeb]

If I get e-mails from banks that I have no relation with, it is usually spam and gets instantly deleted.

If I get an email from _ANY_ bank, relationship or not, then I _ALWAYS_ assume it's spam and delete it. I also pass this advise onto anyone who asks me about security.

Re:Spam

[jvkjvk]

Or maybe the mailbox holder was simply on vacation? Is there a legal obligation to check your inbox on a regular basis? (There's a reason legal papers aren't sent by e-mail.)

That really depends on the legal papers, and the intents of both parties.

Contracts are sent (even electronically signed), by email all the time.

I'm doing that myself.

Regards.

I hate analogies, but...

[BitterOak]

Wouldn't this be like having a package wrongly delivered to your house (through no fault of your own: the sender had the wrong address), and since it contained highly confidential information, a judge ordered your house to be burned to the ground? (Okay, that's a bit extreme, but you get my point.)

Re:I hate analogies, but...

[MortimerV]

They'd just send somebody with a baseball bat to your mailbox.

Re:I hate analogies, but...

[corbettw]

Close. It would be like having a package mailed to your home, without your knowledge, that's full of drugs, then the SWAT team kicks down your door, kills your dog, and arrests everyone in the house.

Oh, wait, that happens all the time. "Land of the free" my ass. I officially hate the land of my birth now.

Re:I hate analogies, but...

Actually, your scenario kinda-sorta happened to the Mayor of Berwyn Maryland. A scam where drugs are shipped to a random (innocent) person, to be taken later from the porch by an accomplice. In this case, brain-dead police investigators and a swat team charged into the innocent man's house, shot his dogs, and arrested him, his wife, and his elderly mother. He still awaits even an apology for the horrifying incident. There is very little actual 'justice' in the justice system.

http://www.washingtonpost.com/wp-dyn/content/article/2008/07/30/AR2008073003299.html

Re:I hate analogies, but...

[Idbar]

Your analogy is more like a flier wrongly delivered. As far as I know, it's a federal crime opening packages that are not directly addressed to you. But this wasn't the case. They sent the information open to the recipient.

I think I'll setup POP on GMail, in case I get one of those emails, I'll get to keep my own personal copy. :)

Re:I hate analogies, but...

[Blakey+Rat]

"All the time?"

How many times has that happened? Once that I know of. In a country of 300+ million people, with police forces of questionable capability, I think that's pretty good myself.

Was it unjust? Of course. But "all the time" is simply being alarmist.

Re:I hate analogies, but...

[houstonbofh]

They'd just send somebody with a baseball bat to your mailbox.

But I have a mail slot in my door...

Re:I hate analogies, but...

[S1ngularity]

Have you heard of Chaye Calvo? Something very similar to what you describe happened to him.

Re:I hate analogies, but...

[seaturnip]

Of course this particular scenario is unique, but botched SWAT raids are common. Take a look at http://www.cato.org/raidmap/

Re:I hate analogies, but...

[db32]

Go do some research. There has been a great number of these types of events. No knock warrants, false 911 calls, SWAT raids on the wrong address. There have been tons of innocent people harassed and more than a few killed. This guy was actually lucky it was his dogs.

http://www.cato.org/pub_display.php?pub_id=6344

Re:I hate analogies, but...

[avilliers]

If a sensitive package got delivered, by mistake, and it wasn't returned, and the resident of the house didn't respond to reasonable contact requests and showed no sign of being home, you might well see some analagous action. Not "burning down the house", but a court order to retrieve property that didn't belong to him. It certainly doesn't seem unreasonable to consider such action.

The "burning down the house" analogy, is vastly overstating things, as are most other posters. This is hardly a permanent deactivation--the account is down, you call Google, they explain the situation and you get it sorted out. If the gentleman did nothing wrong, it'd be a nuisance, but quickly resolved. If the account is one of the many abandoned or semi-abandoned ones floating around the internet, sealing it off is I think very prudent.

In both the analogy and the actual case, context matters a lot. I'd certainly hope the judge grilled the bank about other options and how they'd tried to contact the account owner, and asked Google to try and contact him on the court's behalf first. Ask Google if any of the messages have been read. Plus the actual legal standing, how harmful the information could be, and a dozen other factors not described in detail.

But the outrage level over this seems *way* too high. There's this attitude around the internet that it's a rank injustice to be inconvenienced by anything that wasn't your fault. (Not attributing this to you, but many posters certainly channel this feeling.) Meh. Try out another analogy, some days you wake up and find your driveway blocked by firetrucks helping out a neighbor, or your street blocked off because police are investigating a crime. We live in a world with other people, sometimes their crises are more important than our daily routine. It happens.

Re:I hate analogies, but...

[SnowZero]

Deactivated != Deleted

It's more like the police putting up police tape all around your house and locking you out while they sort out what happened. I have little doubt the user will get he rest of his email back eventually.

Re:I hate analogies, but...

[Mr.+Underbridge]

Let me put it this way, if criminals dumped a dead body in the back of someone's car without his knowledge, and the car is stopped by police for whatever reason who then find the body, would you not expect the police to arrest the man (and anyone else in the vehicle), guns drawn, treating him like a potential murderer?

Except disposing of bodies in other people's cars is rather rare (and stupid), whereas criminals using somebody else's address as a dead drop is absolutely common. Yes, I would expect the cops to do some initial research to figure out whether the homeowner in question was involved in the raid.

Re:I hate analogies, but...

It does happen all the time....
http://blogs.houstonpress.com/hairballs/2008/12/galveston_false_arrest.php
http://www.thepittsburghchannel.com/news/20840307/detail.html
http://www.nuttynewstoday.com/?p=6029
http://www.kfoxtv.com/news/14973203/detail.html
http://www.nuttynewstoday.com/?p=1880
http://www.newschannel5.com/Global/story.asp?S=9915358
http://www.theindychannel.com/news/19808869/detail.html
http://www.canada.com/theprovince/news/story.html?id=83414500-6fd4-4b7e-912a-d6f32ab218b2

SSDD.

Re:I hate analogies, but...

[lag10]

'Brain Dead'? The police knew the package contained drugs, they watched the guy take possession of them, then commenced with the raid. The only stupid people in this case were the drug dealers who came up with such an obviously flawed scam.

Let me put it this way, if criminals dumped a dead body in the back of someone's car without his knowledge, and the car is stopped by police for whatever reason who then find the body, would you not expect the police to arrest the man (and anyone else in the vehicle), guns drawn, treating him like a potential murderer?

No, I do not expect a person to be treated as a murder simply because there is a body in the back of his/her car. I would reasonably expect that an investigation take place to determine if the dead person had indeed been murdered and if so, by whom. Only with strong evidence would I expect the owner/driver of the car to be treated as a murderer.

There's a phrase, you know. I think it's something like "innocent until proven guilty." Ever hear of it?

Re:I hate analogies, but...

[indiechild]

It's his house, why wouldn't he take the package inside after he discovers it on his front porch?

Re:I hate analogies, but...

That's still no reason to take irreversible actions like killing pets. That appears to be SOP in swat busts. They shoot all dogs whether or not they are actually a threat. As long as they find something they can charge you with, nothing happens to them. It may be that an informant made something up about you being a drug dealer, but even if you really aren't, if they get something on you the local press won't cover it. The few cases you here about are the ones that they came up empty and even then they won't even try to compensate you for the loss of your pets or property damage.

Re:I hate analogies, but...

[internic]

Trust me, if you were more familiar with the incident you'd probably agree with the "brain dead" description. Several points:

1. Police apparently already suspected there was one of these mail drop operations (where packages were shipped to an innocent person only to be swiped off their porch), so they knew the package was likely not for him.
2. Rather than having some officers come to the door, they had a SWAT team break down the door unannounced, shoot the dogs (at least one of whom was simply running away), and cuff the residents on the floor (where they remained for several hours). The quantity of drugs (30 lbs of marijuana, IIRC) was such that it could not quickly be destroyed, and they had no other reason to think they would encounter violent resistance. Which brings us to the next point...
3. They did no preparatory research. They did not even know who lived there. The officers on scene did not believe he was the mayor (which they would have known if they'd done even a Google search). What this says is that they simply deployed maximum force (maximally endangering everyone in the house) rather than any reasoned approach based on the likely resistance.
4. Police entered without first announcing themselves. This requires a "no-knock" warrant, which they did not have.
5. The package actually sat on the front porch for the better part of the day. The guy even walked his dogs when he got home before taking the package in. That should have been a tip-off that he didn't realize it contained >$100k of drugs.

Basically, they did not take a reasoned approach but simply used maximal force, thereby terrorizing and endangering the innocent. Moreover, their sloppy police work quite possibly would have allowed him to get off even if he had been involved. They certainly should have investigated, but they way they did it was utterly irresponsible.

Your analogy is flawed for a number of reasons: First, arresting someone in their car is considerably less dangerous (to everyone involved) than breaking into someone's house unannounced and firing shots. Second, murder is considerably more serious (and suggestive of suspect resistance) than drug trafficking. And third, it's unlikely that an individual would be victim of a body dumping scheme while it's trivial to mail someone a package with something illegal in it.

Re:I hate analogies, but...

[Arthur+Grumbine]

It's like you run a used car lot and a junkyard on leased property. The cops drop off an impounded clunker at your junkyard but somehow accidentally left a file cabinet with copies of the confidential criminal records of 1300 people in it. Don't ask me how they forgot that file cabinet, let alone why they would put a file cabinet in an impound vehicle (although I do think that absurdity fits the analogy neatly). When they discovered their own idiocy they get a judge to give them permission to retrieve it. They come knocking on the gates of the junkyard, which is unfortunately not very profitable and so did not have someone there at the time to let them in to retrieve/destroy the records/vehicle. So instead they call the property owner (remember, you just lease) and have your junkyard and your used car lot, and your own personal vehicles nuked from orbit.

Re:I hate analogies, but...

[Clandestine_Blaze]

Wouldn't this be like having a package wrongly delivered to your house (through no fault of your own: the sender had the wrong address), and since it contained highly confidential information, a judge ordered your house to be burned to the ground? (Okay, that's a bit extreme, but you get my point.)

No, they shoot your dogs instead.

Well, the judge didn't order the SWAT team to kill the dogs in this case, but they did sign on the no-knock warrant on the wrong house. This story actually fits your analogy. A bunch of delivery guys had a scam going on where they would leave packages of drugs in front of innocent people's homes, and other guys would come over and pick it up. The police somewhat caught on, but didn't realize that the packages were being sent to people who had nothing to do with this. So they set up a sting operation where an officer delivered a 32 pound box of marijuana. The person who opened the door - the mayor's mother-in-law - initially refused to sign for the package, but eventually they took it in.

In this story, it was the Mayor of Berwynn Heights who was the victim, and the police didn't seem to realize this until after the raid. Even with as much political clout that this Mayor had, he still couldn't get the Sheriff's department to change their ways.

It's just an ugly story all around.

Re:I hate analogies, but...

[Clandestine_Blaze]

Bah, mod me redundant. Several other people posted this story before me.

Re:I hate analogies, but...

"We're not in the habit of going to homes and shooting peoples' dogs," Ellis said. "If we were, there would be a lot more dead dogs around the county."

Sounds like the sergeant would like to do this a bit more often ...

Re:I hate analogies, but...

[CrashandDie]

Don't stand too close behind the door.

Re:I hate analogies, but...

[CrashandDie]

Roughly speaking:

A key of weed goes for around £1000 to £2500 if it's skunk.

30 lbs = 14kg, thus anywhere between £14000 and £35000. Now, I know the value of both GBP and USD are highly volatile, but still, that's roughly $60k tops. And that's street value.

Re:I hate analogies, but...

[PAStheLoD]

Even if it's the post's fault?

So, they deliver something into your mailbox, you just take them inside, and without even looking at the addressing, tear them open?

I've only found USC Part I Title 83 Sec. 1702. ( http://www.law.cornell.edu/uscode/18/usc_sup_01_18_10_I_20_83.html ), but it doesn't mention anything like that. (Neither the other sections.)

Re:I hate analogies, but...

[internic]

I really can't speak from personal knowledge here. The street value that was quoted in the paper (based on some commonly used police figure) was something like $100k. Of course, it would not shock me if the numbers they use are inflated. Note also (assuming you're a brit) that the street value of pot could be considerably different in USA and the UK.

Re:I hate analogies, but...

[IdolizingStewie]

Just curious, but how exactly do you know what the dead pastor was thinking?

Re:I hate analogies, but...

I've worked with SWAT teams before (as part of the on call paramedic team). Most of the teams are regional in my area and the local police, almost to a man, hate working with them.

Their commanders don't share information with the local officers, they simply brief them with with "corridors" to establish and almost comically vague descriptions of their target. 9 times out of 10 patrol officers know who the guy is and could simple arrest him while he/she walk to their car without the fuss, but aren't asked for help other than maintaining a perimeter.

The team members are usually high strung to the point of nervousness. You see the training videos where the guys walk into the building in a tactical crouch with cover from the guy in front of them?? Where every movement is controlled and the guys are shouting commands to each other? That's not what you actually get. It's more like an episode of cops after a car or foot chase. The officers are twitchy and amped up BEFORE they even go in and once they door is opened (god help the target is they have to pop the door!) they are tripping over all the boxes and tables and cloths on the floor. It's seriously a 15-20 second madhouse that ends up with officers and residents on the floor and tonnes of broken shit everywhere. (and that why I love working for them!)

Hell, I could go on and on about the humorous stuff that I've seen, but it has to be measured with the fact that they do a tough job and are almost Pavlovian in their approach to any situation. The tactical guys aren't bad in any sense of the word...they are a product of their training and it's set up to keep them safe. It's the folks that call for the SWAT teams that are really nutjobs and ass covering tbags . Once a SWAT team is dispatched, it's assumed that they guy is a heavy and have to be treated as such, even when he's not home, or in the best call ever, was already in the village jail when they raided his home. No matter what happens...wrong place, guy not home, dog kicked and dead, grandmother popped in the face with a bloody nose, etc., you will almost never hear a SWAT commander or officer say a mistake was made.

Re:I hate analogies, but...

[R2.0]

"I'm only guessing, but could the mayor of Berwyn, Maryland possibly be black?"

Nope - white as driven snow. Well, he's Italian, so maybe that counted against him, but I doubt it - the first person whose face they shoved into the floor was his 70 year old mother.

Re:I hate analogies, but...

[corbettw]

Go to reason.com and check out the vast numbers of stories compiled by Radley Balko (or go straight to his blog, http://www.theagitator.com/). The Cato Institute also has an interactive map available that shows all of the botched raids that have happened (http://www.cato.org/raidmap/).

Or just do a simple Google search for "swat raids wrong house". It turns up 103,000 pages. Even if the same event is reported ten times, that means there have been over 10,000 of these events. So yeah, that qualifies as "all the time".

Re:I hate analogies, but...

[modemboy]

Umm, yeah it does happen all the time. How is this post insightful?
Sometimes they kill you: http://en.wikipedia.org/wiki/Kathryn_Johnston_shooting
And as far as dogs, it does happen all the time, here is an article about some: http://www.cato.org/pub_display.php?pub_id=6339
Or find your own: http://lmgtfy.com/?q=police+kill+dog
I seriously do not understand how you got modded insightful for being ignorant.

So...

[tnk1]

...wait. I mean, the account holder at this point has probably seen and done any damage that they are going to do with this information. How precisely is this going to help the bank's cause?

Of course, the account may be inactive and they may well have gotten to it before the person who owned it logged in again, but I do have to wonder why it is the recipient's problem that the bank sent this information. If the bank sent me that sort of information in the mail, does that mean that the county can order my house burned down to make sure I can't read that mail, even though I probably have already read it in full?

These decisions make no sense to me sometimes and it scares me because for some things I use only one email account and if my contacts disappeared, I might not be able to find some of these people again easily. I guess it's time to start backing up all my account data to my home machine by default.

This is yet another strike against "cloud computing" taking over. If they can order your account just plain zapped because a bank fucked up, I don't see how anyone's data is safe. At least if you had it stored at home or at work on your own machine, you'd at least know what the hell happened to it.

Re:So...

[cptdondo]

Well, the bank needs to launder some of the money it got from the feds. So it emails the "wrong" account, has the account nuked, owner of said account then sues bank for $500mil, bank settles for $499mil, and the lawyers, bankers and the "wronged" email account holder split the dough.

Capiche?

Re:So...

[SeaFox]

...wait. I mean, the account holder at this point has probably seen and done any damage that they are going to do with this information. How precisely is this going to help the bank's cause?

They aren't trying to prevent the unintended recipient from seeing the info at this point, their plan was probably to remove the evidence and then play dumb if anyone had identity theft problems afterwards.

Re:So...

[AnotherUsername]

I guess it's time to start backing up all my account data to my home machine by default.

This is yet another strike against "cloud computing" taking over. If they can order your account just plain zapped because a bank fucked up, I don't see how anyone's data is safe. At least if you had it stored at home or at work on your own machine, you'd at least know what the hell happened to it.

A bit of warning: Your data has never been safe when it is stored on a server other than your own. Especially when the server that it is being stored on is a free account. Years and years ago, I had an angelfire free website account(50 whole MB!). One day, I went to work on it, and it had been 'zapped'. I never got an answer as to why it had suddenly been deleted(although I had theories regarding the fact that my free account was now being charged for, but since I had been grandfathered in, I still had a free account). I was still in high school at the time, so I simply assumed I couldn't do anything(blame small-town young-person naivete). I didn't have a backup(though now, there is the Internet Archives, so I do, for the most part, have a backup). I learned my lesson. Now, everything I have is backed up(on my own dedicated backup computer).

Re:So...

[houstonbofh]

Yeah... Because it is all swept under the rug now.

Re:So...

[drcookie]

Putting my data on the cloud has always seemed a necessary evil to me. I could throw together an email server and use that, but with all the spam filtering that needs to occur these days, it just becomes a huge mess. On the other hand you put your data on the cloud and the second an interested party with money wants to seperate you from your data (or the ability to control it), they just find an ignorant judge (seems to be a lot of these lately), and presto! no more email account.

Re:So...

[fbwhrdpmtajg]

If you only keep one copy of your data anywhere, even "the cloud", it was never safe.

Re:So...

[Aceticon]

This is yet another strike against "cloud computing" taking over. If they can order your account just plain zapped because a bank fucked up, I don't see how anyone's data is safe. At least if you had it stored at home or at work on your own machine, you'd at least know what the hell happened to it.

Actually this should scare the shit out of any company considering putting their data in "the cloud".

Think about it this way: a judge from any jurisdicion where Google has significant assets, where Google doing significant business in or where the data happens to reside in whole or in part can order your access to be terminated without recourse and your data deleted even if you are a completly innocent and uninvolved 3rd part to a wrongful action commited by somebody else.

I can easilly see the scenario where a US based company "mistakenly" sends confidential information to an e-mail address of one of their non-US based competitors (the mailbox being hosted in a "cloud" managed by a US company) and then gets a summary rulling from a US judge to "nuke" their competitor's data.

judge not...

So why not post the judge's personal info: email, snail mail, phone, etc.?

I'd imagine that a few months of being throttled to unusable status may make that judge rethink the decision.

Not a big surprise

This decision was handed down by "Lying Judge" Ware. http://www.fa-ir.org/ai/judgeware.htm

Talk about lifetime appointment gone haywire.

Obvious, no?

[Jawju]

Couldn't Google simply have deleted the single email. They would also have been able to tell if the user had read it or not, although what they would've done if it had been read, who knows - but it's not the user's fault.

Re:Obvious, no?

[base3]

Would you want to be a server administrator getting a bunch of phone calls each day from people who wanted to "recall" emails they or their employees had sent to your users? For one thing, how would you (efficiently) determine whether these requests actually came on behalf of the sender?

Re:Obvious, no?

[Jawju]

Who said anything about ordinary requests to Google to recall emails? Not me! I'm talking about the bank approaching the court and making a ludicrous request (after a ludicrous mistake). A bit of common sense could've been applied at least. Ultimately, they were idiots for sending out the email, but they compounded their mistake with another when making a stupid request to cancel an innocent person's email account. If it were me, I'd be livid.

Re:Obvious, no?

[base3]

When you were talking about Google deleting the single email, I thought you meant at the request of the bank rather than at the request of the court. The right thing for the bank to do is to notify the affected account holders and pay for credit monitoring for a year or two. Of course, that would have caused bad PR :).

Why deactivated?

[FrozenGeek]

The bank requested the user's identity. Google refused to provide it. So then the bank goes to court not only to get the user's identity but to deactivate the user's account. I'm missing the logic. Okay, maybe the bank fears that enough time has passed that the user has seen the errant email and wants to prevent the user from misusing the information. Now, that might work if the user does not have a local copy of the email. On the other hand, if the user has a local copy and is now angry at the bank for having had their gmail account shut down, the user, who might otherwise have done nothing, now has both the means and the motive to do something. Good move. Wouldn't it have been possible for Google to contact the gmail user and ask him to delete any local copies? And Google, presumably, could have deleted the email from its own servers. I like Google's policy of protecting user identities. But this whole mess sounds like two bureaucrats blindly following policy to the detriment of the end-users. Can't anyone think anymore?

Re:Why deactivated?

[Kohath]

Yours is one of the only thoughtful comments in this thread so far.

I'm not sure what everyone here thinks should have happened in this case. Leaving the gmail account alone with 1300 bank records in it isn't the right answer. The bank had to go to court to get the email deleted. (Google can't just let anyone ask to delete an email from your email account, hence the need for the court action.)

Closing the email account seems like overkill. But other than that, everyone else seems to have acted correctly after the initial mistake.

Re:Why deactivated?

[easyTree]

How many acts of stupidity do these judges need to mandate before their power to coerce others into action is removed?

Re:Why deactivated?

[masonc]

Clearly neither the bank or the judge understand anything about the internet. The bank is completely clueless, has clueless idiot employees, and should be ordered to completely disconnect from the internet for the safety of their clients.
The judge has no clue how email works, knows nothing of POP, Spam, and should be banned form ruling on IT related cases ever again.
A stupid precedent that will be overturned.

Re:Why deactivated?

[Baricom]

Here's what Rocky Mountain Bank should have done. (I refuse to allow them to be anonymous because that's clearly what they want, and they should be held responsible for their mistake.)

1. They should have e-mailed the 1,325 customers that had their data exposed.
2. They should not have sued Google in an effort to get the e-mail deleted.
3. They should not have tried to seal records in a lawsuit they filed to fix their mistake.
4. They should have trained their employees to understand that recalling e-mails doesn't work more often than it does.

Had they done this, this would not have been international news, and probably not even local news.

Re:Why deactivated?

[corrideat]

Why "it isn't the right answer"?

It is the bank's fault for having sent sensitive information over an insecure protocol, in the first place. Then, for having sent it to a third party, and lastly, for having addressed it wrongly.

Shortly, it's the bank duty to indemnify all of the affected customers of the incident. But whay should this innocent account holder be affected, when he hadn't done anything?

Re:Why deactivated?

[causality]

Leaving the gmail account alone with 1300 bank records in it isn't the right answer.

It is the right answer if you're interested in prevention of future occurrences. I'll describe how this should have been handled, with "should" being determined by basic concepts like logic, justice, and equanimity. The bank should be obligated (by the judge or whomever) to close all customer accounts related to those records, reissue new accounts with different numbers, and to pay for any identity theft protection that the bank's customers may need with no questions asked. That would be justice, because that would honor the concept of the party at fault paying any and all damages and expenses related to the colossal mistake it has made. No one but the bank should suffer in any way due to the bank's mistake.

Furthermore, if it happened the way I have described, other banks will see the result and take note of the fact that they are entrusted with some extremely confidential data and WILL be held accountable if they are negligent and/or do not correctly safeguard it. That would be good for everyone. Why wouldn't you desire this result? In what way is it a bad thing if it's much more expensive for a bank to blatantly screw up than it is for that bank to handle sensitive data in a secure manner?

Besides, the way this was handled doesn't really hold water. So the bank got the g-mail account terminated. They still have zero assurance that the owner of that account hasn't already copied this data. That means they have gained nothing by doing so, and anyone who thinks otherwise is participating in security theater. So, the only proper thing to do is to cancel and reissue all of the accounts in question (like I described above) to assure that they will not be used fradulently. If the only proper thing to do is in fact done, then the information sent to that e-mail account will no longer be valid so it cannot be used fradulently and thus, there is still no good reason to shut down an innocent person's e-mail account.

Re:Why deactivated?

[Dhalka226]

The better question is this:

How the hell did the bank even have standing to sue anybody? What wrong was done by anybody but them? How do you file, much less win, a lawsuit seeking to punish somebody who did nothing but receive an email you should never have been sending in the first place? How is it this man's legal responsibility to help them clean up their own fuck up, and how is it Google's legal responsibility to help the bank do so? What statute gives this judge the authority to destroy a third-party-to-a-fuck-up's email account because he didn't see fit to respond to an email he may not have even thought was legitimate? That's exactly what this ruling is saying; that this man somehow did something wrong by not helping the bank and he deserves to have his email account and potentially years of historical contacts lost.

If I were this guy, I'd sue this bank for damages (and unfortunately, since I'm not even a party to the fucking lawsuit that unfairly harmed me I'd have to sue Google for an injunction against complying with the previous order). Big time. It's this kind of thing that makes me wish we could directly sue a judge for the idiocy of his decisions. Their total lack of accountability is reprehensible.

Re:Why deactivated?

[Baricom]

Please explain why you think the gmail user should get to keep the private bank account data.

The user did nothing wrong. They didn't solicit the data. Unless there's evidence to the contrary, they didn't use it for malicious activity. They may not even know they have it. They should not have to hire an attorney to protect their rights when they did nothing, let alone did nothing wrong.

The fact that the data was sent by electronic means shouldn't give the bank additional rights that they wouldn't otherwise have. If the bank had sent the data by fax machine or snail mail, should a court grant them a search warrant?

Please explain why it's more responsible for the bank to simply allow an anonymous person to have 1325 bank records than to file a court action to get the data erased.

The bank is already in the wrong for sending the data, unencrypted, to an unsecured e-mail address. They can't undo their wrong by bringing court actions against innocent third parties (Google and the Gmail user) for the bank's mistake.

And what's wrong with sealing records in a privacy-related court case?

Nothing, if you're suing to protect people. (In fact, the judge has ordered the e-mail address in question to be redacted from all court records.) Everything, if you're suing to protect your reputation. It's fine to redact the information of the people involved. It becomes a problem when you're trying to keep the entire action under seal.

If I were on that list of 1325 names, I'd want the data erased.

If you were on that list, I'd wager your actual reaction would be to remove your money and switch to a more trustworthy bank, and I'm certain that the other 1,324 accounts would feel the same way. Perhaps that's why Rocky Mountain Bank has gone to such great lengths to attempt, clumsily, to keep this a secret?

If the bank needed to go to court to accomplish this, I'd expect them to file suit.

You're not the only person whose rights are being violated in this case. Somebody should be looking out for the Gmail user's too. (Google isn't - they won't fight a court order regardless of how ludicrous it is.)

I'd want the court records sealed so I'm not publicly dragged into this.

Your information can be redacted without sealing the entire filing, and I have no objection to that happening.

And I'd also switch banks.

I'm glad.

Re:Why deactivated?

[chrylis]

The answer to "what should we do about it" is that we should require the bank, at its own expense, to fix the problem it created, by changing account numbers or doing whatever else would be done in the event this information were compromised some other way.

Re:Why deactivated?

[Cley+Faye]

Wouldn't it have been possible for Google to contact the gmail user

How? The bank already e-mailed the user. The only extra things Google has is a potentially fake first/last name, IP addresses used to access the mailbox, and the mailbox itself which could be invaded for clues.

Google could have sent a mail that would've gone through the spam filter, with more chance of being seen than a "from bank" mail talking about "private account information" in attachment.

Re:Why deactivated?

[supernova_hq]

Google should be able to tell which emails have been read and which have been downloaded via imap/pop3/etc. I would find it quite reasonable, since the bank SENT the email, for google to tell them the current status of that particular email.

If the email has been read/downloaded then deactivating the account is stupid because:
-The person is now PISSED
-They no longer have ANY form of communication with the individual.

If the email has NOT been read/downloaded it would be entirely reasonable for the bank to have google scrub that email from the system.

Either way, this sounds like it was handled VERY badly both all parties involved.

Re:Why deactivated?

[rcamans]

You just do not get it. Banks do not do what they should. They do not do what they have to, or are legally obliged to do. They do not do what is moral, ethical, or right. What they do is make money. That is the business they are in. Individuals are not on their radar at all. Not even as numbers, unless that person is a very big number (as in depositor). Otherwise they do anything they want. not just anything they think they can get away with.
An example of their misbehavior is a former girlfriend I had. She told me, in bed, that she had ripped off the bank she worked at as a drive-thru teller. she took a few thousand dollars of deposits, and went shopping. She told the bank she did not have the money, so the bank recovered nothing. The bank let her go without notifying the police. Her only job skill was bank teller, so she went to work at another bank. See, the bank did not want anyone to know that there was any criminal activity by their employees. That might cut into the bank's earnings. And, as I said above, the bank is ONLY in the business of making money. By the way, I immediately got out of bed and hid my wallet.
In case you had no9t noticed, no bank people got prosecuted in the big crash. Banks are part of the government, just not exactly explicitly part. And the government does not ever clean up their act. Even if they tell you they are. an occasional fall guy is all that ever happens.
Get over it.

Re:Why deactivated?

[DrJimbo]

If we're playing "what if" then what if the person who sent the information secretly had a grudge against the recipient?

This ruling was a travesty because it thwarts Darwin by shielding the numbskulls at the bank from taking responsibility for their bone-headed actions.

The Rocky Mountain Bank should go down in flames for their compounded reckless policies and actions that caused this fiasco. Otherwise all banks will believe they can get away with having zero respect for their customers' data. You've got to catch them in the act or they'll never learn.

Re:Why deactivated?

[dbIII]

It's been emailed in plain text so a lot of people have have had a chance to get it before it even makes it to the gmail account. The only responsible action is to assume that the horse has bolted, change the account numbers, and set policy in place to make it more difficult for the next horse to bolt. Instead we are seeing careful reputation damage control. Even if google deletes the email the file may have been downloaded, and possibly even torrented (best to imagine the extreme and just change to bank details to make the file worthless) which makes some heavy handed seizure of the users computer pointless in stopping it escaping.
A failure in bank policy has made it to the courtroom and it's best assumed that a single action on the innocent recipient of the email isn't going to solve the problem. Going to court in the first place is a major stuffup in that confidential details go onto the record so it's another bit of PR damage control to seal the records. It's probably a good call to seal the records because the bank appears to just want to play whack a mole going after external leaks instead of making it so the leaked information becomes worthless. Not sealing the records would just create another leak and the account holders shouldn't suffer due to the stupidity of those running their bank.
Once again the lawyers are just trying to do the best they can for a bunch of idiots that don't want to be responsible for their own actions.

Re:Why deactivated?

[Kohath]

You want to protect one person's (accidental, illegitimate) possession of data even though it victimizes 1325 other innocent people. That is unjust. I'm glad the court agreed with me, though the court should have ordered only the one email be deleted rather than all of them.

Courts are given the power to do these things. This case is a good example of why we need them. It's not really a question of "rights being violated" because the court action is "due process". The court has a duty to look out for the rights of everyone involved, including the Gmail user. That's why we have courts. The court decided to rule to help the 1325 people.

Re:Why deactivated?

[BlueStrat]

I'm not getting why you think the gmail user should get to keep the bank account data.

Umm, because the email account owner has done nothing wrong and has not had his day in court to defend himself? In olden times we used to call this "due process", something that government these days seems to consider too much of a burden to "progress" and "expediency".

The bank is ducking responsibility for their actions here and covering up their incompetence while not doing anything to actually protect the customers whose data was leaked, therefor cheating their customers of being able to assess this banks' competence as a business while shifting blame and penalty to some poor schmuck that was unlucky enough to be this email accounts' owner.

If it were me and my mail account and I had a copy of the list, I'd normally be disposed to delete the data. Upon discovering I'd had my email account erased while I was away/on vacation/otherwise hadn't checked that account, I'd use secure & anonymous means to make sure the data got spread as wide as possible, including Wikileaks.

Strat

Re:Why deactivated?

[Restil]

There's a difference between closed and deactivated. Close the account to prevent changes. Delete the email in question. Fire the account back up.. The process will take a few days, sure, but closing the account doesn't help matters anyway, as they'd also be destroying much of the evidence in the process.

-Restil

Re:Why deactivated?

[Tenebrousedge]

The court ruled to close the barn door after the horse had fled, and then burn down the barn for good measure.

There's no way to undo that email, court order or no. There's no guarantee that deleting the account did any good at all; it could have been replicated without limit by now, and propagated around the globe. That data should be assumed to be public at this point; any sensitive information should be changed.

It is not a crime to possess information; the email account holder is blameless in this matter, unless he used that information with malicious intent. The fault lies entirely with the bank, and the second thing that those 1325 people should do is to sue the bank for allowing this to happen. They are harmed by this action, not helped. Their rights and privacy have been violated, and the bank gets to sweep it under the rug. It's entirely likely that most of them will never know about it. This was a stupid decision done for the worst of intentions.

Re:Why deactivated?

[jimicus]

They should have trained their employees to understand that recalling e-mails doesn't work more often than it does.

This is the most important point. Recalling email is a function of some commercial systems which generally do a lot more than just email (eg. Exchange) and you can only expect it to work when the following hold true:

1. The recipient is using the same type of email system, preferably within the same organisation.

2. The recipient opens the request to recall the email and it isn't filed as spam.

3. The recipient opens the request before they've read the original email.

4. If prompted "do you want to allow this?", the recipient clicks "Yes".

Re:Why deactivated?

[aussie_a]

It's been discovered there are 7 people who need vital organs that you possess or they will die. They've sued to have those organs from you harvested and a judge has agreed. "The need of the many outweigh the need of the few" he was quoted as saying. Don't worry though, you're rights were upheld. The judge considered your rights, but simply chose to rule to help these 7 people instead.

-------
The idea a judge can destroy my property without me even being allowed to respond somehow being "just" and my rights being "upheld" is ludicrous.

Re:Why deactivated?

[causality]

Wrong. You prevent future occurrences by not doing it again.

When I read that, I have to wonder if you are deliberately disregarding the concept of a deterrent. A deterrent is so easy in this situation too, because a bank is a business and a business wants to make profit and avoid needless expense. The more expensive this mistake is for this particular bank, the more incentive this bank and other banks have to make sure such colossal screw-ups don't happen again. Good security practices often mean more expense. More expense is unappealing to a business, unless of course that security expense is less than what another screw-up like this would cost them. It's so simple really: if any organization can screw up in such an obvious and colossal manner, and is never held fully accountable for that screw-up, they have exactly zero incentive to take better care of their customers' data. For some reason you seem to dislike this idea, and I cannot concern myself with that, so instead I ask you what fault you would find with it.

I'm not getting why you think the gmail user should get to keep the bank account data.

You say that as though I were advocating that he have free use of that data. No, that's not what I am saying. Regarding that data, the only correct assumption is that any sensitive information which has been leaked has already been compromised and is never to be trusted again. So the only certain way to assure the security of the bank's customers is to render that compromised data useless/harmless. The way to do that is to cancel every affected account, and reissue each affected account with different account numbers. This will secure the banking data. You then need to worry about the personal data that thieves can use for identity theft, and for that there are numerous services dedicated to identifying, preventing, and dealing with the results of ID theft. The bank should pay for these services for all affected or potentially affected customers, because its customers would not need these services if not for its own error. In fact, it would be the least they could do.

Furthermore it's obvious that this mistake was entirely preventable, and the method of prevention is basic due diligence. That what I mention above would be expensive for the bank means that banks have an incentive to prevent such screw-ups in the future, which is desirable for everyone who has a bank account of any sort, with this institution or any other. In other words, it's amazing how much of a difference some accountability would make.

Re:Why deactivated?

[Kohath]

Deleting the account data harms no one.

Your comment is very silly.

Re:Why deactivated?

[Kohath]

This was a stupid decision done for the worst of intentions.

What were the judge's intentions? What motivated him? I'm sure you know.

Also, you apparently know that no one could have used that data in any way to harm anyone. How do you know this?

Re:Why deactivated?

[aussie_a]

Deleting the account data harms no one.

Says you. I'd be more than a little harmed if my account was deleted at the wrong time.

Re:Why deactivated?

[BBandCMKRNL]

You forgot the most important thing they should have done:

Follow the policy that says no PII goes off site without being encrypted.

I used to work for a financial institution that nightly sent data files over their internal network to another internal site. Policy required, and was followed, that the data be encrypted even though it was being sent from one internal site to another.

Great Logic at Work Here

[Nom+du+Keyboard]

Truly great logic at work here. We screwed up, so nuke the presumed innocent user. Hell, if I was that guy and had gotten the file off before they killed my e-mail access I think I'd offer it up to Wikileaks in return for their heavy-handed treatment of me.

Re:Great Logic at Work Here

[neonstz]

Well, the best thing is probably to upload any stuff people send to you by mistake to Wikileaks. Then there is no need to close your email-account.

Re:Great Logic at Work Here

[supernova_hq]

Why didn't google simply offer to scrub the single offending email from the system?!?

Th bank should have prohibited unauthorized it.

[140Mandak262Jamuna]

You know, if only the bank has include some serious sounding lawyerly language like, "This electronic communication is intended for our customer only. Sever legal action will be taken against unauthorized persons who receive this message and do not delete it immediately." That would have been enough right? Now all these lawyers who inflicted 25 line long legal boilerplate on every mail from corporations are high fiving in glee, laughing at the futile attempt of Rocky Mountain Bank trying to close (other people's) barn door, after their horse is stolen.

Re:Th bank should have prohibited unauthorized it.

[supernova_hq]

Sounds more like they chased it out...

Step 1: Deactivate Account Step 2: Deactivate User

[jayveekay]

Presumably they need the user's identity because after step 1: Deactivate account, they need to proceed with step 2: Deactivate user (in case he read the email, he has confidential info in his brain.)

Of course, if that user has communicated with anyone then they will need to be deactivated as well, and so on, and so on... All I know is in the future I'm autoforwarding all my emails from Rocky Mountain Bank to Rush Limbaugh! :)

First Amendment?

[srjh]

Not from the United States and not too familiar with the U.S. Constitution, but wouldn't this be a blatant violation of the first amendment?

There is a clearly innocent party here who has had a primary communication medium forcibly disconnected. Not only can they not talk about this confidential material (which there may be an argument for preventing), but they can't talk to anyone about anything. That sounds like a massive violation of freedom of expression...

Re:First Amendment?

[Mr2001]

Not from the United States and not too familiar with the U.S. Constitution, but wouldn't this be a blatant violation of the first amendment?

No. The First Amendment does not entitle you to use any particular medium. It only protects the content of your speech, and even then, there's a lot of content that's still regulated (fraud, libel, obscenity, copyright infringement, etc.).

Not only can they not talk about this confidential material (which there may be an argument for preventing), but they can't talk to anyone about anything.

Sure they can. They can sign up for another email account, say from Yahoo or Hotmail, or even another Gmail account. They can post on newsgroups and message boards. They can use the telephone, write a letter, or stand on the street corner with a sign and a megaphone. Just because they can't use one particular email account doesn't mean they're unable to speak.

This is a pretty lousy ruling, but let's not get carried away.

Re:First Amendment?

[maxume]

He hasn't lost email as a medium, he just lost 1 address. That the address was a primary communication medium for him is nothing other than your assertion.

So no, the First Amendment probably doesn't come into play. I do hope he eventually gets access to the account back though, the bank really shouldn't be able to bring legal pressure to Google for a mistake that the bank itself made.

Re:First Amendment?

[Blakey+Rat]

That would only apply to this persons *only* method of communicating with the outside world was that specific Gmail account. Which it isn't.

This is closer to the Fourth Amendment, about unlawful search and seizure. If it were a constitutional issue at all, which is probably isn't.

It's just a clueless judge.

Re:First Amendment?

[Mr2001]

Let's close phishing@irs.gov or any such e-mail addresses, no change? They still can "speak"?

Correct. That would not be a First Amendment violation and would not prevent anyone from communicating. What's your point?

Re:First Amendment?

[causality]

No. The First Amendment does not entitle you to use any particular medium. It only protects the content of your speech, and even then, there's a lot of content that's still regulated (fraud, libel, obscenity, copyright infringement, etc.).

Authoritarian types just love arguments like this. That obvious intended meaning is a pesky thing to them, so to deal with it they created the ingenius device of separating the text into two concepts: the "spirit of the law", which they have made into something they can disregard whenever convenient, and the "letter of the law" which they can carefully examine to find any needed loopholes (incidentally, the same tactic was used when "freedom," a holistic concept, was split into "economic freedom" and "personal freedom"). That argument you are making is like a path, and I will give you a perfect example of one of that path's many destinations: free speech zones. The "logic" behind them is that the 1st Amendment guarantees your right to free speech, but does not specify where you may exercise this right. So, the free speech zones are located where the impact of contrary opinions can be most effectively minimized. Result? "Get with our program, or be censored, except we won't call it that."

Of course, for the free speech zones, they COULD decide that because the Constitution does not specify the specific locations to which the INALIENABLE RIGHTS it enumerates should apply, then obviously any fool can recognize that it's intended to apply throughout every last crumb of American soil. But, that would mean you can't use clever tricks to censor people without having to call it censorship, which is why such a concept is frowned upon by authoritarian types and other would-be tyrants.

Sure they can. They can sign up for another email account, say from Yahoo or Hotmail, or even another Gmail account. They can post on newsgroups and message boards. They can use the telephone, write a letter, or stand on the street corner with a sign and a megaphone. Just because they can't use one particular email account doesn't mean they're unable to speak.

Don't kid yourself. Massive injustices usually start out very small. If it's now considered okay to make you suffer in any way, however minor or however great, for the actions of a third party over which you have zero control, then this system is already terminal, we just don't know it yet. The entire concept is diametrically opposed to all of our notions of due process, the right to confront your accuser, the presumption of innocence, you name it. To fully support this ruling without being a hypocrite you would first have to throw out centuries of American tradition and jurisprudence. I for one am not prepared to do that.

In summary, this is a step in the wrong direction and the fact that a bank might suffer a little inconvenience due to its own damned screw-up is emphatically NOT a worthy reason to support it.

Re:First Amendment?

[srjh]

So you can say 'Fuck the government', as long as you write it on a note and put that note in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying 'Beware of the Leopard'?

Like I said... I'm not familiar with the constitution, but it seems strange that they can't regulate what you say but they can require you to meet their standards as to how to say it.

And while it's not the end of the world to lose an email account, it's not a problem as trivial to solve as just signing up for a new one. That won't catch emails from people trying to contact you, that may not help with the dozens of online accounts that could be tied to that address, that won't give you access to your contact list or old messages, it requires you to chase down everyone who used your old address to continue to communicate with them, etc...

Whether it's a constitutional issue or not, it certainly is one of freedom of expression.

Re:First Amendment?

[chrylis]

The First Amendment protection is a bit wider than some other commenters expect, but probably the Fifth Amendment (can't take property, which would include an e-mail account) would be even higher than the Fourth. All that said, I think there's likely a case for interference with a business relationship (between Google and the customer) and maybe even something under the federal Computer Fraud and Abuse Act.

Re:First Amendment?

[Anonymous+Cowpat]

Killing the account has probably annihilated the account owner's entire record of their communications from others, and is akin to entering someone's office and destroying all their correspondence. That seems like the other side of the free speech coin to me.

Re:First Amendment?

[mysidia]

It's more like a Fifth ammendment rights violation:

nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.

In this case, he is being deprived of his e-mail mailbox, without due process, which though virtual is still property.

Re:First Amendment?

[Mr2001]

Don't kid yourself. Massive injustices usually start out very small. If it's now considered okay to make you suffer in any way, however minor or however great, for the actions of a third party over which you have zero control, then this system is already terminal, we just don't know it yet. The entire concept is diametrically opposed to all of our notions of due process, the right to confront your accuser, the presumption of innocence, you name it.

Agreed: it violates many principles of justice. But one thing it doesn't violate is the First Amendment.

Re:First Amendment?

[Mr2001]

Like I said... I'm not familiar with the constitution, but it seems strange that they can't regulate what you say but they can require you to meet their standards as to how to say it.

Again, that happens all the time already: you can advertise your services, but you can't do it by sending spam. You can share your political views, but not by shouting with a megaphone at midnight in a residential area. You can't broadcast on a radio frequency that's been licensed to someone else; even if the frequency is licensed to you, you still can't broadcast profanity, false advertisements, libelous statements, copyrighted material (without paying royalties), etc.

If that all seems strange to you, I encourage you to read some court rulings. You're not the first person to feel that way, but the law is what it is, and the Supreme Court has never interpreted the First Amendment as meaning you can say whatever you want, wherever you want.

Whether it's a constitutional issue or not, it certainly is one of freedom of expression.

In a sense, sure, but not in a sense that courts have ever really shown concern for.

Suppose you buy a printing press on Craigslist, and it turns out to have been stolen, so the police seize it from you. Your freedom of expression is limited, through no fault of your own, right? But that's not a First Amendment issue either.

Re:First Amendment?

[MeNeXT]

made his point. Is that why you posted in AC?

Re:First Amendment?

[causality]

Don't kid yourself. Massive injustices usually start out very small. If it's now considered okay to make you suffer in any way, however minor or however great, for the actions of a third party over which you have zero control, then this system is already terminal, we just don't know it yet. The entire concept is diametrically opposed to all of our notions of due process, the right to confront your accuser, the presumption of innocence, you name it.

Agreed: it violates many principles of justice. But one thing it doesn't violate is the First Amendment.

It's a good thing, then, that I have not committed myself to talk about the First Amendment exclusively. I was in fact using his treatment of it as an example of a much more general pattern. If you can't see how that kind of thinking applied to weaken the First Amendment cannot also be applied to weaken those very principles of justice, then you have indeed missed my point.

Re:First Amendment?

[Mr2001]

If you can't see how that kind of thinking applied to weaken the First Amendment cannot also be applied to weaken those very principles of justice, then you have indeed missed my point.

Your point seems to boil down to a slippery slope argument, and those are never very convincing. Especially when the ship has already sailed.

For example, you wrote:

If it's now considered okay to make you suffer in any way, however minor or however great, for the actions of a third party over which you have zero control, then this system is already terminal, we just don't know it yet.

This already happens. To restate the example I used in another post, suppose you buy a product that turns out to be stolen, and the police seize it from you and give it back to its rightful owner. You're suffering for the actions of a third party, right? How do you propose that situation should be handled differently?

You also describe the standard interpretation of the First Amendment (which you somehow took to be an argument I was making) as something that "authoritarian types just love". So the Supreme Court has been packed with "authoritarian types" since the beginning? If so, what are you or anyone else going to do about it? Where are you going to find nine people who believe in absolute, unrestricted free speech and are qualified (not to mention politically palatable) to sit on the Supreme Court? The interpretation you seem to prefer -- that you're entitled to say whatever you want, whenever you want, in any medium you want -- has never been a mainstream view, and it's hard to see how it could've been intended by the founders, let alone how it could actually be implemented today.

Re:My Response

[zippthorne]

It's not the bank's confidential information that leaked. So you'd be punishing the other victims for the actions of the bank.

Turnabout

[transiit]

Hopefully the email recipient gets notice before they lose all of their email.

And more hopefully, they find the offending message and forward it to the judge that made this ruling with a note akin to "Thank you for punishing me for having an email address. Here is the poison message, please order your accounts deactivated as well."

Re:Turnabout

[tuomoks]

That's good! Mail poisoning is a huge issue today!

asdf qwerty is now without email

[shadylookin]

Do people actually put their real names in those forms? Even if they did is John Smith from the United States really going to help you track the guy down.

I wonder

[bolt_the_dhampir]

I run my email on my own email server... In my house. What would they have done if they accidentally sent the email to me?

Re:I wonder

[retech]

Burn your house to the ground, rape your woman, eat your babies and salt the earth.

It would be the only proactive way to be sure their mistake was covered up and erased.

Re:I wonder

[mysidia]

The police would've come by with a warrant to pick up all computing equipment in the house.

They'd take the server... and all your desktops, and your laptops...

They'd also make sure to take all the computer monitors, printers, mice, keyboards, bluetooth headsets, cameras, flash cards, MP3 players, iPods...

And just to make 100% sure you couldn't borrow a laptop from a friend and blog about it, they'd take any routers, switches, and definitely the cable modem.

You'd be lucky if they left you a TV and an analog telephone, because all the cell phones would definitely be confiscated as well (Some people use those for microblogging).

Re:I wonder

[mysidia]

(P.S. But if you had pulled a 3.5" SATA drive out of the server (a backup disk) and left it on the desk, they'd leave that alone, as it doesn't look very high tech.

Re:I wonder

[herojig]

You forgot the step where the court sends a notice to the poor slob's ISP saying he is in copyright violation and his ISP account is now closed. That will teach 'em.

Prank

[kurtis25]

So if I lie to my bank and give them an email address of someone I don't like, say the president of the company my business competes with, I can then get his email shut down. I'll remember this.

Very dangerous and the damage is already done

[tuomoks]

So, last time I sent a wrong paper to bank I should have asked the judge to close the mail delivery to that bank - have to remember! It should be easy, not even have to ask the post office for owner of the address!

Now, the damage is already done! I wonder who and how covers it to the innocent party (parties?) My e-mail connection is worth a couple of millions, at least, even a short cut would cause huge (future) losses and of course, the trauma - a jury probably would understand that and award me those millions except how to sue a judge / justice system? I might then get the government (tax payer!) relief help (money!) to continue my business - so what I wasn't ready for recession, sorry, I mean for justice(?) - doesn't sound right, didn't have a backup plan for it?

There is today a real need for justice system which would understand technology, at least on basic level. And I wonder how the bank was even able to send to a person who they assumably don't know - if they know who was the receiver, what's the point? Total screwup! No excuses, sorry, there are any amount professional IT people who can make this type of mistakes very difficult, only intentional e-mails (or whatever) can be delivered and then it's another issue totally. Maybe the bank could take the cost of 10 of them out of the CEO salary, he/she wouldn't even realize so small sum!

Google was absolutely right and maybe, just to show how nice they are, they could fight this on behalf of the e-mail owner? Maybe it would even be a good idea, otherwise they may start getting these court orders more in future? If a judge can just order this kind of e-mail (or any!) closing and giving the customer names it definitely will change how the Internet ( or post office or just speaking aloud) works today.

In related news

[gmuslera]

a spammer asked Google to remove thousands of gmail accounts because they received by mail a viagra offer with the wrong price.

I hope this user sues the bank.

[DragonTHC]

Google was right to defend its policy. I hope they appeal to the 9th circuit court.

The bank was clearly on the wrong side.

I can only wonder if this user suffered monetary damages due to his email being deactivated.

I hope this judge gets censured. This is clearly an abuse of power and an abuse of process.

Luckily, the user can sue the bank for abuse of process.

Re:I hope this user sues the bank.

[Anonymous+Cowpat]

Luckily, the user can sue the bank for abuse of process.

Why is that?
Yes, the bank asked the judge to approve an illegal order, but it's the judge's job to be the gatekeeper and he messed up. Persons wrongly harmed by illegal orders from judges should be able to sue the judge (in a professional capacity). It's not fair on the bank either to make them pay compensation for illegal orders approved by the judge.

Also, what do they do if the order gets overturned after Google has already complied with it and annihilated the account?

Re:I hope this user sues the bank.

[mysidia]

Can the user sue the court for abuse of process? Is it really the bank's fault that the Judge granted such an abusive order?

Re:I hope this user sues the bank.

[upuv]

The question is how?

All the user knows is that their email doesn't work.

The user is just plain and simple out of the equation. The user has to sue Google in order to find out why the account was terminated in the first place.

Re:I hope this user sues the bank.

[Restil]

I didn't see anything that said Google was forbidden from revealing the reason why the account was closed, should the customer inquire.

-Restil

Re:My Response

[AnotherUsername]

I'm the vindicative sort, so if they cut me off like this I would post their "confidential information" as far and as wide as I could.

Yes, and then screw over those 1,300 people whose information you wrongly received. Congrats, you would have just became a criminal. I can only hope you would enjoy your stay in prison.

Apply cluestick on Judge.

[miffo.swe]

Shouldn't the question the judge would be asking himself be, wtf are a bank doing sending highly classified and sensitive information unencrypted, over frigging e-mail? Google and the customer should really be last in line, long after the excecs at the bank have had their bottoms spanked.

No wonder the bank system collapses every now and then.

Re:Apply cluestick on Judge.

[tinkerghost]

Shouldn't the question the judge would be asking himself be, wtf are a bank doing sending highly classified and sensitive information unencrypted, over frigging e-mail?

Please, the judge probably doesn't even know that there is such a thing as encrypted Email. It's obvious he's got no clue how everything works because his remedy doesn't remedy anything. If the owner of the email account has downloaded the file, then it's downloaded already - closing the account does nothing except prevent the bank from sending another batch of information to that account.

Didn't Respond

[Derosian]

He marked the first E-mail as junk mail and the second one got sent to his spam box...

Or better yet he hasn't checked it in a while...

Re:Didn't Respond

[jonbryce]

I get emails apparently from banks I don't bank with all the time, which get deleted pretty quickly. I just see "Wells Fargo", or "Citibank" or whatever, automatically assume it is a phishing email, and press the spam button on my email client.

Re:My Response

[schon]

Yes, and then screw over those 1,300 people whose information you wrongly received. Congrats, you would have just became a criminal. I can only hope you would enjoy your stay in prison.

But isn't that just "Free Market" economics? By posting the information, he's doing *everyone* a favour by showing how insecure the bank is, thereby encouraging consumers to go elsewhere!

Is it cheap waterfront property in Florida

[DigitalReverend]

I think you mean:

"Could I interest you in ocean front property in Arizona ?"

or

"Would you like to donate money to save the rain forest in Antarctica?"

Basically it means, the person is gullible and you are going to try sell them something that doesn't exist, or you can't possibly sell. Since Florida has TONS of water, if you are selling waterfront property cheap enough. I would be interested.

Re:Is it cheap waterfront property in Florida

[darkpixel2k]

I think you mean: "Could I interest you in ocean front property in Arizona ?"

Lex? Is that you Mr. Luther?

dead account

[Nethead]

Has anyone thought that maybe this is on of a shitload of dead gmail accounts? I know that I've got a few (dozen.) I would be nice if this is the case and the bank paid a bunch of lawyers just to have it shut down.

Re:My Response

[Rockoon]

Those "other victims" as you call them chose to do business with Shitty Bank And Trust.

This is America. If they don't like how that choice turned out, they can vote with their feet. This decision by this judge only serves to preserve as many customers as possible for the bank, and dare I say that the bank does not have the right to have its customer-base preserved via the judicial system.

What I'm saying is that I dont care if it was 1 account, 50 accounts, or 1 million accounts. Shitty Bank And Trust does not deserve preservation here. They deserve to lose all the customers directly affected, plus other customers who go unaffected but or now severely concerned about their privacy.

um anyone wonder this?

[arbiter1]

Why is the bank using Gmail and not their own private email system? i mean this is a major security issue using the likes of gmail imo.

Re:Did they email him?

[Skapare]

Yes, they did. And they also demanded that person contact them and tell them what action they took. That could come across as a threat ... or a scam. Both were likely just deleted. If the account actually does get shutdown (don't know if Google is going to appeal now or not), the bank needs to be sued ... and sued BIG! I'm sure quite many landsh^h^h^h^hwyers would love to handle the case. And in the mean time, people having accounts there need to be getting their money out fast.

Re:my two cents

[jonbryce]

If I see an unsolicited spreadsheet in my email, I assume it is a virus of some sort and delete it without opening it.

If they made this error, how do we know ...

[Skapare]

... that they didn't make another error and put an entirely different email address in their court documents? Banks ARE generally run very stupidly with regard to security. Rocky Mountain Bank is showing that they are the worst.

More info from closer to home

[Skapare]

I found this article from very close to the bank's main office.

Who represented the user?

[MMC+Monster]

Who represented the rights of the user to the court?

Was a public defendant even involved, or was no one assigned because there was no face to the account that was deleted?

Re:Who represented the user?

[rwade]

Who represented the rights of the user to the court?

Presumably google had an attorney in the court room since google was fighting the disclosure of the user's information. This suggests that google represented the rights of the user to the court.

What to do in this case

[DeltaQH]

If POP/IMAP was enabled and local copy stored in user computer, give it as present to the mafia the moment the account is blocked.

Re:my two cents

[psiclops]

Often times, I have received email with a footer that cites the information as confidential and stating that the recipient is required by law to delete it if it was sent in error.

and often times i see emails telling me that if i reply with my account details and send $1000 dollars to cover the cost of paperwork, then i'll have millions deposited in my account...

James Ware

[__aazsst3756]

Judge James Ware needs reprimanded. Again.

James Ware

Mistake^10

[Flozzin]

The bank should have take the fall here. At this point if any of us get any information sent to any of our accounts they can close them down. Sure they may send an email requesting our cooperation but how can they trust us? From now on I sure won't trust them. I just hope that gmail user downloaded that file. If it was me and my account was closed like that I'd plaster those numbers all over the net. Some say that it would be a great inconvenience to the people whose information was sent to have to change their all the account numbers over, but how does destroying a gmail account ensure the data was destroyed and their accounts are safe? It doesn't. This is just a cover-up with the judge being to ignorant to realize how things really work.

Seems like an elegant solution

[mysidia]

To this problem. Although it might not go over too well with the customers, either...

I'm not sure where anyone ever got the idea it was OK to put confidential information into an e-mail message, because it's simply not.

I feel sorry for the victim

[MartinSchou]

If that was my gmail account I'd be thoroughly fucked.

Most of the places I've registered, if I want to change the registered email address, I need to acknowledge it through my gmail account.

Now, my ISP doesn't offer an email option, so I can't just get one there. And if I'm going to move out of this area, I'd be screwed as well, as I'd have to get a new ISP and thus a new email-address. In the end the Gmail option is easier.

My gmail account is thus the primary account I have for all personal and semi-professional communications.

Since the bank went to court to get my account closed, they haven't broken any laws, so I'd be barking up a tree if I tried to sue for damages.
Google did exactly what they've promised to do - they refused to close the account without a court order.
And I can't exactly sue the court or the judge either.

Now, I do have the contacts saved elsewhere, but how do I easily prove that I am in fact the person behind my gmail account and get those companies to change the address they've saved, when I cannot send them a mail from that account to prove it? Paper work is a bitch.

And when one of my contacts suggests to one of their contacts that they could use me, then they're likely to use the gmail account which is now closed, which makes me look like an arrogant asshole: "He didn't even bother to write back to say no, he just ignored me."

If Google were kind, they would at least make mail to that account bounce with a good explanation like

"Unfortunately this account has been shut down due to a court order on behalf of Rocky Mountain Bank, as Rocky Mountain Bank failed to live up to even the most basic of customer data security and sent sensitive information to this account by mistake.

We hope you will not let this screw up on behalf of Rocky Mountain Bank affect you view of the user of this email account.

Kind regards
GMail staff"

I get someone else's bank emails...

[trawg]

...every few weeks. I have tried to contact the bank (Chase) to let them know that they're sending to the wrong account.

They make it fucking impossible to contact them - UNLESS I log on with the account to do so (or call them, which I don't feel like doing because I don't live in the USA).

Every couple weeks I reply to the email (even though it says "don't reply", it has a unique reply-to, so I hold out some hope that maybe someone keeps an eye on the occasional reply). This has been going on for months. Attempts to navigate the website to find a simple contact page appear to be futile - there /must/ be one (right?) but I can't find it at a glance, and how much time should I be investing in this, seriously?!

I haven't looked at the emails closely because I don't care what's in them, but I'm sure there's some personal/confidential information in them - and if not, as the owner of the email address, I'm sure I could request some more stuff to get sent to me.

I really want to fix this problem, rather than just hit 'spam' so gmail bins them all (which helps noone, I feel). But the bank has not taken this scenario into account adequately enough - and until they are forced to, they just won't bother.

(Why do banks send emails at all? They should /only/ ever send emails to people that have opted in with a public key so they can be securely signed. Yes, that cuts out a lot of people, but seriously, the people that it cuts out will be better off for it.)

Re:I get someone else's bank emails...

[grahamsaa]

(Why do banks send emails at all? They should /only/ ever send emails to people that have opted in with a public key so they can be securely signed. Yes, that cuts out a lot of people, but seriously, the people that it cuts out will be better off for it.)

Damn fu*king straight! Why make it easy for people to opt into an insecure mode of communication when they don't understand the risks? It's bad business. Might as well tell customers "tune in to FM 104.5 every day at 1 PM to hear your bank balance -- it's conveinent!"

Re:I get someone else's bank emails...

[mysidia]

"Confidential e-mail" is an oxymoron.

Report it as spam. Since it's not solicited, and they don't provide you a means to stop the mails, it in fact is spam.

Go to spamcop.net and upload the messages, reporting spam from their domain name.

Report it to abuse@ their domain. Lookup their contact information, call the technical contacts for the domain.

Eventually, someone has got to notice..

Re:I get someone else's bank emails...

[Jager+Dave]

and oh my, do I SO know what you're talking about.... they put a "contact us" link on their website, and it SO goes unanswered, even though [whatever company] is taking 20% of our charges per month... Get over it, guys, if you WANT our money (more than you currently are), at LEAST get SOMEONE on the phone that we can talk to! (I've recently had a problem with CapitolOne charging me for some insane charges, and it took me nothing short of two HOURS to TALK to a person about it... at my last pay-scale, CapitolOne owes me a $150 credit... wtf!)

Re:I get someone else's bank emails...

[khchung]

I really want to fix this problem

Easy, you just forward those email to your local newspaper on a slow news day. After hitting the front page, those email will stop right away.

Re:I get someone else's bank emails...

[ArtemaOne]

Of course they'll stop, as his email has been shut down.

Re:I get someone else's bank emails...

[julie007]

Try the Better Business Bureau.

I kept getting emails from Geico, some insurance agency in the US. I contacted them several times to try to get them to stop, but it was the same scenario - you had to log in to update your contact details. After a few months, I filed a complaint with the BBB in Washington DC where Geico is located. A couple weeks later, BBB forwarded me an email from Geico saying they had removed my email address.

It would be nice if these places would try to verify email addresses or at least make it easy to contact them.

What about the flip side?

[gillbates]

Would federal officers shut down a bank's internet connection if someone accidentally sent them something illegal, say, terrorist training manuals, or (everyone's favorite...) child porn?

There's a small part of me hoping the GMail account belongs to an IRS auditor a few million short of his quota...

Inflation

[Billly+Gates]

There is a debate between economists on whether inflation should just include the price of products excluding food and energy or should it include housing and health insurance. Both housing and insurance have trippled since the late 1990's. Sure on paper it looks like you make the same but a $175,000 home in 1999 costs $350,000 even during the recession. Suddenly $55,000 a year is not worth jack in most metropolitan areas even if prices do not necessarily show it.

If you health care costs were put in the inflation equation with housing we would see a totally different side of economics that economists should have prevented if they only knew.

Something does need to be done.

Re:Inflation

[dryeo]

What I don't understand is why food and fuel isn't included in inflation. I'm not rich, supporting a wife and son and most of my money goes to food and fuel. While my government (Canada) claims that inflation is actually negative, I go to the grocery store and everything seems to be up. A bag of potatoes is close to $10, a can of beans is close to a dollar, last week it was actually cheaper to buy (a cheap cut of) steak then hamburger.
Gas keeps going up in price and I need to drive to make money.
Housing has gotten ridiculous. I was talking to someone and she was bitching that her house that she bought new a couple of years ago for $350,000 has dropped in value from $750,000 to $685,000. This is just an ordinary house on an ordinary lot 35 miles out of the big city.

Re:Inflation

[Billly+Gates]

Crop production subsidization and the nature of changing fuel costs are why its not counted in. In addition, if something like a late freeze or a hailstorm ruins a large percentage of crops you can bet economists will be going into a headspin on inflation when in reality it is no big deal as you much as it looks like on paper. But that too is a problem long term. Gas was $1.75 American in 1999 and its well over $3.00 today.

I agree its outrageous with these housing prices and it makes me quite angry ... as I do not own a home and now will have to sacrifice my kids college if I decide to join what everyone else got from the bubble ... free money. My aunt is moaning how she can only afford a $450,000 home because her husband makes a mere $60,000, but has free equity due to 2 other homes so there is no money down and she has rent money to subsidize 60% of her mortgage. Meanwhile we make the same and have to move in to her basement. I wish the prices would drop more and the latest housing data shows this. But if you and I owned homes bought pre-2004 I bet our opinions would be quite different. :-)

Still the recession is going to be here for some time as many who did not make the home list pre 2004 or had their insurance cut will be poor and not consuming anymore.

Re:Inflation

[JAlexoi]

a hailstorm ruins a large percentage of crops you can bet economists will be going into a headspin on inflation when in reality it is no big deal as you much as it looks like on paper.

Why isn't it a big deal? It should be accounted for in details. And it's part of inflation and deflation. And food is one of the only items, that what it looks on paper is actually what it looks like in real life. Do you think people buy TVs, houses and other stuff one once a year?(Maybe someone, but not most.) And yet,you have to buy food every day, no matter what!
Or maybe we should just look at electronics prices, and see that we are in a downward deflation over the last 20 years? Just because it's nice to look at... Having something nice to look at, is called delusions and should be outlawed for scientists.

There is no such thing as health insurance

[NotQuiteReal]

Insurance is good for one thing - mitigating financial risk.

You can not ensure "health". Everyone dies sooner or later. If you have money, it will be later, on average.

If you don't have employer subsidized health care, there are very reasonable, low cost, high deductible health insurance policies that will protect you from a disastrous medical bill. It is irresponsible not to have such a policy, if you have anything at all to lose (like a house).

How we got to the notion that "health insurance" should cover every little thing is ridiculous. Think about how much your car insurance would cost if it covered oil changes and brake jobs, or how about if your home owners insurance covered painting, fence repair and replacing your carpet for normal wear and tear?

Re:There is no such thing as health insurance

[erroneus]

Have you looked at the cost of "every little thing" on the list of charges from an average doctor's visit? Even the most trivial item or service is ridiculously expensive.

It would make plenty of sense to cover oil changes, tune-ups and brake jobs if the cost comparison were similar to what you see in medical costs. An oil change costs anywhere from $10 to $25 out where I live. Brake jobs can range anywhere from $50 to $150 for basic stuff. If a doctor visit cost that and included anything other than an examination, that would be terrific. And if the cost of prescriptions were somehow less than the price of 4 cans of motor oil, I'd be right there with you. But that is simply not the case. Drugs are ridiculously expensive. (When my youngest was an infant and was experiencing some severe allergies, the doctor prescribed a ridiculously expensive tube of something that cost over $100 at the pharmacy! I bought it but my out of pocket was like $50 versus $10-$15 because my insurer didn't want to cover that drug.)

If people don't need their medical stuff all the time, they wouldn't need to be so concerned about it. But when a medical problem arises, it often involves months if not years of continuous treatment all on the same scale as I have been describing... expensive drugs, expensive office visits, expensive procedures, expensive tests. And people who are well insured are still getting hit hard because the cost of the insurance is still prohibitively expensive.

I consider myself lucky. I don't have any medical problems. My wife and children don't either. That is really fortunate. But there are lots of people who aren't so fortunate... lots. And it does often cost people their homes because it often comes down to completing medical treatments or paying the mortgage. Insurers drop or deny coverage QUITE often which is yet another talking point in favor of healthcare reform.

I get the feeling you simply don't understand what healthcare costs really are because you haven't really paid any before.

Re:There is no such thing as health insurance

[Billly+Gates]

THe state of California is investigating claims that health insurers are denying 40% of claims!

Just because you have insurance does not mean you still do not have to sell your house. Americans in general oppose government run ... well anything ... including health care but this is changing due to the greedy and abusive insurer practices.

The parent is also quite correct in stating that the reason health care costs are high is because people/insurers have been willing to pay for it. Why would I want to sell a pill for $10 if I could sell it for $100 and someone would die without it? How much is your life worth?

I think universal health coverage mixed with a trust bust for the greedy drug companies and free college loans for medical students might be the answer.

Something has to give as the cost of living with this and housing keep going up whether they are counted in inflation or not and most people are becoming quite poorer.

Re:There is no such thing as health insurance

There is no such thing as health insurance ...because my insurer didn't want to cover that drug

Poor Americans...

There is such thing as health insurance in other parts of the world. I think its time that governments finally steps up the plate and stops privatized profit making health care...

Re:There is no such thing as health insurance

[digitalunity]

I went to a major hospital in washington state some years ago. After a major laceration to my forehead, here's a rough breakdown of the cost.

$900 - Basic ER fee
$330 - Stitches, local anesthetic
$35 - 500mg Acetaminophen(2)

Yep, you read that right. Thirty five fucking dollars for 2 tylenol. If they told me in advance, I would have said "stuff it. I got tylenol at home assholes".

There is no accountability in health care for keeping costs down. Health insurance is a misnomer because everyone needs health care at some point. It's gone from insuring yourself against catastrophic financial repercussions due to personal injury and illness, to a giant socialistic slush fund where we all dump in hundreds of dollars per month which we then spend when we go to the doctor and pay a small co-pay and somehow think we saved money.

Here in Minnesota, we have a lot of clinics that offer basic health services at a fraction of what you would pay at a normal doctor or hospital. We need a lot more clinics nationwide that offer these types of health services without breaking the bank. Insurance won't go down as long as the health care system is structured as it is.

Re:There is no such thing as health insurance

[sorak]

The problem is that health insurance is trying to cover only the little things. If you get a serious illness, then the odds are that your insurance company will try to find a way to weasel out of paying for it. (I'm sure they classify it under Waste and Fraud prevention)

So, to use your analogy, it would be like if the Car Insurance Companies paid only for the little things and told you that, if your car gets totaled, you're on your own.

Re:There is no such thing as health insurance

[Grishnakh]

The problem I have with this whole health insurance reform the government's trying to push on us, is that it doesn't seem to address the root of the problem at all. It seems all they want to do is give everyone "insurance", which basically amounts to spreading the cost of all this overly-expensive healthcare over all taxpayers, and that includes giving illegals free healthcare too (by letting them use ERs as free general practitioners, since ERs aren't allowed to turn them away, and the hospitals simply inflate the cost of everything else to make up for it).

People have already talked about what's wrong with the healthcare system: it costs way too much for every little thing: doctors' visits, medications, etc. Someone else said healthcare costs have tripled since the 1990s. So the question is: WHY? No one seems to address that, ever. I think the politicians pushing healthcare reform don't WANT to address that, because fixing that would probably mean hurting some rich industry (like pharmaceuticals) that's wining and dining them with lobbyists.

I have some ideas on why healthcare has gotten so expensive; I don't work in healthcare so I don't know if they're right, or not significant, or whatever, but here they are:

1) Illegal immigrants using ERs as their doctors, and not paying for it. Hospitals eat cost, pass it on to other paying (with insurance) customers.

2) Malpractice insurance. People sue every time something goes wrong, even if it wasn't preventable. Medicine isn't an exact science; peoples' bodies are all different, and doctors aren't perfect. People sue when their babies are stillborn, even though the doctor delivering had nothing to do with it, etc. OBGYNs have been driven out of business in some states because they can't afford the malpractice insurance premiums.

2a) Malpractice suits and settlements, and all the greedy lawyers involved.

2b) Bad doctors who screw up and get sued, causing insurance costs to rise for all. This, along with absolutely no system to get rid of bad doctors; they have some governing board, but just like cops and the lawyers' Bars, they just protect their own no matter how bad.

3) The pharmaceutical industry and its overpriced drugs, which it pushes on doctors to prescribe for everything.

3a) Doctors who are trained to simply think that every symptom can be matched up with some (expensive) drug to be prescribed for it, rather than trying to understand the whole body as a system and determine what's really wrong instead of just throwing drugs at the problem as a crapshoot.

Insurance companies that don't want to cover anything are bad too, of course, but they're trying to keep costs as low as possible. I don't see how nationalizing the insurance part is going to help when the reason healthcare costs so much goes much deeper than just the insurance, and I have zero faith these government initiatives are going to help the problem unless they address these and other underlying problems, whatever they may be.

Re:There is no such thing as health insurance

[haruchai]

It's not like they haven't tried before. The healthcare battle in the US is a long-running one.
The Clintons took a shot at it - and lost. The problem is that too many of the politicians
are greedy and there are too many lobbyists.

Re:There is no such thing as health insurance

[Kalriath]

Wow. At our hospital, we'd charge you $1.12 for 20 of those pills (about 70 US cents).

You Americans ARE being ripped off!

Re:There is no such thing as health insurance

[hoggoth]

MOD THIS UP!

If anyone in congress or in the whitehouse understood this we'd all be talking about a very different health care plan.

I am self employed and I went from a $1,500/month "traditional" medical insurance plan to a $600/mo high deductible plan.
I was paying $1,500 x 12 plus a $100 deductible = $18,100 a year for medical insurance.

Now I am paying $600 x 12 plus a whopping $6,000 deductible = between $7,200 and $13,200 a year depending on how much medical care my family needs. I CAN'T LOSE and I will probably come out way ahead.

I also have taken a much closer look at how I spend my health care money because it is all coming out of my pocket. I always ask if a generic drug is equivalent. I NEVER take antibiotics for a virus (why the hell do doctors prescribe this anyway?! it doesn't help and it creates drug resistant bugs). I don't run to the doctor every time I get the sniffles.

THIS IS THE PROBLEM AND THIS IS THE ANSWER! Medical insurance should be INSURANCE, protection from disaster. It shouldn't be used as a way to get FREE medical care because there ain't no such thing as a free lunch!

Re:There is no such thing as health insurance

[chaotixx]

There's plenty of legal American citizens who can't pay for their ER bills.

Re:There is no such thing as health insurance

[Grishnakh]

Yes, but at least they're citizens, so they're our problem. We can't afford to pay for the problems of the other 6.7 billion people in the world.

Re:There is no such thing as health insurance

[operagost]

That's part of the problem, but there are also people who don't think the government should have the right to pry into their lives and decide what they will eat and what drugs they will take. Once you make the government responsible for your health, it's in their interest to force you to live the way they believe will cost the least. This is assuming that the government actually remained benevolent and didn't start denying care to the elderly or the gravely ill-- which is possible in the worst case.

Re:There is no such thing as health insurance

[operagost]

Antibiotics are not "regular maintenance" items. Drugs aren't like oil changes and brake pads for cars, which are items that are expected to wear out and a wise car owner budgets for. Health insurance should not cover regular office visits and other basic services, but they should cover things like emergency treatments and drugs (which really ARE expensive). This could be handled by an HDHP with a health savings account, which is the way the industry wants this to go and as long as the employer pitches in by partially funding the HSA, it works well and helps people budget for their health care.

Re:There is no such thing as health insurance

[GargamelSpaceman]

Yeah, well at least you got Acetaminophen. In Britain where the Government runs health care you'd have to settle for Paracetamol.

Re:There is no such thing as health insurance

[LordLimecat]

Is it possible that the high costs are the results of living in a litigious society? And if you have really serious, high cost medical problems, from what I hear its easier to just fly to Thailand or India and get whatever you need done in one of their high end hospitals for cheap (heart surgery by GOOD doctors for like 10k, if I remember correctly). A coworker of mine used to visit Thailand and apparently a day at the doctors can run as much as $17, doing all sorts of tests for parasites.

Ill admit im neither married, nor do I have any serious medical problems, but if prices are too high in the US, and demand is high, and there is a competitor with far lower prices, the solution in a capitalist society is to go to the cheaper competitor.

Re:There is no such thing as health insurance

[haruchai]

You're still living in a democracy / constitutional republic, right? Doesn't that give you the ability to change the government?
And, aren't the insurance companies already deciding
what drugs and procedures you can obtain?
At the very worst, you'll be taking the same power that the insurers have and pass it along to the government.
At the end of the day your fate is in someone else's hands - based on the experiences of the other western nations, is the government really such a bad choice, compared to the current situation?

Bad Judgment

[Art3x]

If the bank sent me such a document, and it was by paper mail instead of email, would the judge order my house burned down?

How can you sue based on your own actions?

[mysidia]

"Rocky Mountain Bank had asked to court to keep its suit under seal ...

What cause of action exactly allows you to sue someone else and seek relief (in a manner that injures the other party) for damages that you caused to yourself?

My bank is pretty secure

[NotQuiteReal]

Even when I *ask* for them to email me confirmations, I get stuff like:

Dear Customer
Account Number XXXXXXXXXXXX1

We just did something at your direction.
If you didn't do it, figure out who we are can contact us immediately.

Read about our industry-leading Privacy Policy and our Security Guarantee online at our website.
Replies to this email end up in a black hole. If you need to reach us, use some other means.

Come on, you know who we are, you send us lots of your money, and we hope you keep on doing so, because we sure as hell don't pay you very much interest.

Re:Step 1: Deactivate Account Step 2: Deactivate U

[mysidia]

They need the contact info so they can name him in the lawsuit in order to get their pet judge to sign the gag order, and fine him for the pain and suffering caused to their customers, by his e-mail address actually being a valid one.

Gag orders are tough when you don't know who you are trying to get silenced, and since you can't exactly gag people whose identity you don't know (no way to deliver service to them, when they ignore email).

Re:My Response

[supernova_hq]

That doesn't sidestep the fact that you would be causing a LOT more damage to the innocent people, who probably had NO idea their bank was capable of such idiocy, than the bank that actually screwed up. There are many ways of embarassing and humiliating them without destroying the financial futures of the innocent people who's privacy and security was blatantly disregarded.

How would you feel if your name was on that list of sensitive information and somebody posted it?

Re:I hope a lawsuit is filed

[mysidia]

Since the bank couldn't seal the matter, is it possible another e-mail user could look up the e-mail address in question, sue Google over mails to "their friend" bouncing, and seek injunctive relief in the form of re-activating the recipient's account?

Re:My Experience with Wells Fargo Bank

[hax4bux]

I (used to) routinely contract for WFB.

I can personally assure you on a first hand basis that WFB does not hire computer people based on sex appeal. If anything, there is a inverse correlation because most of those people are ugly enough to be R. Crumb drawings.

I didn't say they were any more competent (although there used to be some quite reasonable people at WFB).

Apologies to any of my former coworkers, but I defy you to provide a counter example.

Unread Messages

[BlueToast]

Why doesn't Google just check to see if the read status of that sensitive e-mail letter is still "Unread" in that GMail account? And if it is, check to see if POP3/SMTP/IMAP is disabled. If it is enabled, then check to see if this message was downloaded by that GMail account owner. Wait, if the GMail account owner already downloaded the message through POP3/SMTP/IMAP, then why bother shutting down that person's GMail account? That's like the most childish thing I could imagine. Point being, if the e-mail was never downloaded or opened by the owner of that GMail account, then Google ought to outright delete that sensitive letter from that account and duke it out with the bank. (Google is invincible after all, right?)

Re:Unread Messages

[Skreems]

Having worked on systems like this, I have to say, you're probably overestimating the complexity of the data that Google keeps. Since you have a "Mark As Unread" option, the ability to tell if a mail has NEVER been read would require a second, hidden flag on every message that serves no purpose whatsoever in the context of an email system. I'd bet a large sum of money that they don't have the ability to tell you whether this message has ever been read with 100% certainty.

Good excuse to block rmbank.com

[jasonditz]

It's pretty trivial to set up a filter in gmail to autodelete all email from rmbank.com, and it might be a good preventative measure in case they send any more "oops" emails.

Judge should be removed from the bench

[TRRosen]

Apparently the Judge was in his dorm room stoned when they discussed the fifth amendment.

Wow...

[Jager+Dave]

I'm sorry, I'm a geek/nerd, been involved with computers for MORE than half my life (and computers, when I got started, dealt with eight-bits-or-less [another good tag for slashdot, btw]... ) but if I'd received financial information erroneously from some fiscal establishment, be it credit card or bank or whatever, I would immediately turn around sent an email to root/postmaster/webmaster of said website...

I am "hurting" as much as everyone else in this current fiscal crisis, but I'm not going to take advantage of someone elses accidently-revealed information, as such..... What HAS our world come to?

Re:Step 1: Deactivate Account Step 2: Deactivate U

[Culture20]

you can't exactly gag people whose identity you don't know (no way to deliver service to them, when they ignore email).

Or when you've gotten their email account disabled.

What if it were the US Mail?

[Nkwe]

What if the bank by mistake send this information via US Mail? Would the bank been able to go to the Postmaster General and ask that the person's physical mailbox be opened and any envelopes inside it be removed? How about forcing the person's mailing address be revoked or changed? Somehow I don't think a bank could make me change the numbers painted on the front of my house. (I hope not anyway.)

Why should email be any different then postal mail in this case?

Re:What if it were the US Mail?

[Restil]

Of course they could have mail intercepted. This happens all the time, and it's a LOT easier. US mail follows a process and takes days to reach its intended (or in this case unintended) destination. A letter or package can be intercepted at any number of points in the process, right up to the carrier who delivers it. Nobody needs to revoke or change your home mailing address to accomplish this.

-Restil

This is why we have judges.

[Restil]

As annoying and unfair it might seem to be to the email account holder, there ARE times when things like this are necessary. Note all the things that went right here though. Google wouldn't just up and hand it over without a court order. The judge wouldn't honor the request to keep the order sealed. And as unlikely as it seems, it's important to the customers of the bank to know to what extent their data has been compromised. If they can remove the document and determine that it had never been opened, the breech can be considered contained. If it WAS opened, although the account owner would hardly be considered responsible, the bank's customers need to know that there's a highly unlikely, but possible chance that their data is out in the wild and they need to perform whatever damage control is necessary. The account holder will also have opportunities to collect damages of his own due to the bank's actions. Had Google just complied without the court order, it would have been difficult to determine which party is responsible for the disconnection of the account. Now there's no question.

So, while the bank was able to temporarily have someone's email account disconnected, they did so at the cost of opening themselves up to a great deal of legal liability. Like it or not, this IS the way the system is supposed to work.

deactivate the bank

[jjohn_h]

Can anyone understand what the bank is hoping for just deactivating that gmail account?

Is the bank really going to leave the leaked data unchanged rather than asking the customers to change details as far as possible?

Gmail down?

[superswede]

Anyone else having problem with Gmail? I cannot log in...

Land of the ?

[tengeta]

Confidential information going over email is just plain retarded to begin with... its no wonder a company that stupid would do something this stupid, and then ask to government to also act stupid in correcting their stupidity. They can get sued for this, and then they can get sued for the info leak. If I invested at that bank I'd be getting my money out while its still there.

Lesson is: spread confidential info asap

[misnohmer]

The lesson I got from this is as follows: If one ever receives information which appears to be sensitive, the only way to make sure one won't get their account shut down by the incompetent to send it is to post this information somewhere public, therefore negating any need to shut down your account (the information is already leaked out).

Now, if the poor owner of the account in this case did in fact retrieve this information, he could still spread it around as widely as he can, so he can go to court and say "You honor, I understand my account was shut down in order to prevent this information leak. I really want access to my personal email so I the only way to get it back I could see was to eliminate the reason to keep my account shut down. It is now no longer necessary to keep my account suspended since the information is already all over the internet."

Why not delete the message?

[Eirenarch]

OK some bank is stupid and some judge screw up. But why did they shut down the account instead of deleting the message?

but why?

[TrueRecord]

I don't understand on what grounds the disclosure?

this exercise in the (non-electronic) real world..

[mhs1973]

so, if you get sent, let say a bank balacne statement from somone else and some bank you don't do business with, to your (snail) mail box and you just disregard it as spam and further more you disregard anything else from this bank as spam as well (remember you do not do business with them), then a judge can rule that the mailbox is removed and that the postman can not deliver ANY mail to your mailbox anymore... ever again?

sounds interesting, tell me more about this.
this would mean no bills, no unwanted solicitations, no subpoena for that matter, NOTHING could be sent to you by mail, as you would not a an address that mail can be delivered to

Regarding the banks request to google

[Matz0r]

How is the bank assuming google has the power to figure out the accidental recipient's real name and address, without going to court themselves?

Re:My Experience with Wells Fargo Bank

[Philip_the_physicist]

A bank teller is just there to act as a nice UI tot he bank's computer system. A good appearance is a key part of UI design, and it is no worse than hiring a pretty newsreader or receptionist: skill is pretty much irrelevant, looks aren't. It is the back-office staff and the loan officers and so on who need to have some skill.

Re:My Response

[Rockoon]

That doesn't sidestep the fact that you would be causing a LOT more damage to the innocent people, who probably had NO idea their bank was capable of such idiocy, than the bank that actually screwed up.

You call them "innocent", but what they actually are are victims.

They are victims with or without this ruling. Their privacy has already been compromised by this bank. They are already on the hook to close out those accounts. This judge's ruling to close down a gmail account doesnt change this fact one bit. All it does is add one more name to the casualty list.

Re:My Response

[supernova_hq]

I was not defending the banks actions, in fact I believe they handled it VERY badly, but the suggestion you gave was even worse.

epic fail for the judge

[someone1234]

There are two likely scenarios:

1. the innocent user threw away the email with the data considering it spam. (the judge's decision was unneeded)
2. the not so innocent user downloaded and stored the data on his own machine. (the judge's decision was futile)

The least likely scenario (0.1%) is that he still kept the sensitive data on the google account.

If they can order the removal of an account, why can't they order the removal of a single message???

Thirt Party Intermediaries?

[GrantRobertson]

Why can't the courts in these cases set up third-party intermediaries to receive the information that the plaintiffs are asking for (such as someone's personally-identifying information) and then have all communications go through that intermediary? This is just the same as e-mails from Craig's List users going through Craig's List instead of directly between the users. It could even be a system where no human ever sees the information. Instead it could be encrypted such that no one would ever be able to dig it out. Then the plaintiff could contact the individual and they could carry on a conversation and straighten things out, without the individual's individual dentifying information ever being disclosed.

Perhaps what we need is a government sponsored but publicly run (and open-source developed) central system to provide this service. It would have to be open ource so that anyone could check to make sure that the system didn't have any back doors.

Without a system like this, then the technique used by this bank technique could become a powerful tool to do an end-run around privacy laws. If I want to find out the personal information about someone, or even shut down their e-mail accounts or all of their internet access, all I have to do is claim to have accidentally sent them private information about someone else. Heck, I could just make up bogus info and send it to the individual. Who would know, because that info would be kept sealed "for the privacy of the people in the list."

Re:My Response

[zippthorne]

The information leaked included social security numbers. If those get out, they're screwed whether they change them or not. And it's not exactly easy to change them.

Why we're using SSNs as if they're a unique identifier AND a password is a separate, far more important issue that won't get discussed for reasons no one who posts on slashdot has yet been able to fathom.

Fifth?

[Blink+Tag]

Apparently the Judge was in his dorm room stoned when they discussed the fifth amendment.

The fifth... And the fourth. And fourteenth. And ninth ...

Yet another good reason...

[SCHecklerX]

... to use the internet as intended. I run my own mail server, thanks :-) If someone were demanding me to shut down my own accounts, well, at least I'd know about it and wouldn't just shut myself off without my day in court.

Re:My Experience with Wells Fargo Bank

[grahammm]

When did this start? When I started work, about 30 years ago, some of my friends started working in banks. The rule then was that they had to attend many courses and work 'behind the scenes' in the branch for at least 6 months before being allowed into a customer facing role as a teller.

Mistake?

[kidphoton]

So was this a mistake or deliberate on the part of the bank employee? What possible email address could be the right one to send this data to? bob123@hmail.com ? And are we to understand that none of this is automated, when loan information on thousands of accounts is transferred from A to B the addresses are typed in by hand? And this information was being sent, why? What did these accounts have in common? How many of these transfers happen daily? The gmail account address came from somewhere; someone's address book, a mailto on a web page, something like that. Surely they already knew the identity of the account's owner. So, would it better for a bank to appear incompetent to its customers, or for it to be known that one of your employees was trying to commit identity fraud? Which one is more actionable on the part of the bank's customers? Of course you send a second email, to yourself, asking that you don't open the first email. That's just basic deniability in case you ever get discovered.

auto forward.

[bronney]

time to auto forward your gmails to hotmail, and auto forward that to ymail, and finally to your work mail, and your domain mail!!

Re:My Experience with Wells Fargo Bank

[Oloryn]

Sounds like another effect of the seemingly ubiquitous principle of "prioritize PR before effectiveness". Priority is put on looking effective or good rather than on being effective. Being foolish (as well as potentially corrupting), it is self-defeating in the long run, as people eventually spot that you're more concerned about looking good than being good, and that has far worse PR effects than you'll manage to accrue through your efforts to look good - in addition to probably negating those efforts.

Public Prosecution needed

[unity100]

the affected innocent account holder may not have the means to sue the shit out of that incompetent bank. public prosecution laws are needed to make sure that no party pulls out that kind of stunt on anyone, just because they have the money pull out shitty stunts on any 'small people' they think they may chew down.

its bank's INCOMPETENCE. TWICE. not only once. first, they were incompetent enough to have such lacking information security practices that someone was able to send critical data to a random email account on the web.

second, they were incompetent enough to actually file a suit to the end of hampering an innocent person's life, to whatever extent it may be. and it might be a serious extent, if that person was using his/her gmail account for serious correspondence. and this is despite the ethical concerns of doing something as such.

therefore, i call that bank INCOMPETENT, for that's what they are. anyone who is an account holder of that bank should withdraw their deposits from that bank, for, if their level of incompetence is that high, then it is sure that they are screwing up in many other respects.

public prosecution. we need public prosecution of people and organizations and corporations, in case they try to have their way with the law by filing suits that violate human rights and individual freedoms. they should get their ass fined out of their mouth, so that noone will attempt such shit.

Re:legal papers *are* sent ("served") by email

[Spazholio]

I seriously, seriously hope my sarcasm meter's broken, because you can't possibly be serious when saying something as reprehensibly stupid as "So, yes, there is a legal obligation to check your inbox on a regular basis". That's the reason you posted as an AC, right? Because you didn't want this coming back to your actual /. account?

Same in store for me in future?

[Azuvector]

This makes me worry a bit... For a while now, I've been receiving the email of some guy who happens to have the same name I've got. Investment shit. At first, I'd notify the idiot who sent me it of the problem, and suggest they contact the guy directly to get a proper email address... But it just goes on and on. I've got no clue what the guy's email is; as the idiots sending the badly-addressed email won't say, and they're obviously not notifying the guy of the problem. So I've started just ignoring the damn things. Let him figure it out.... And now some douchebag american judge might get pissy with my email account because these idiots can't get it right? Makes me want to quit gmail and at least get back onto a canadian mail provider.

Why didn't they just....

[John+Pfeiffer]

I don't get why they didn't just tell google to go in and delete the mis-sent email(s) from the system? I mean, if they person didn't do anything wrong, why request that their email account be deleted entirely? If they're worried the user might have SEEN or copied them, the damage is done either way, the best you can do is remove access...so why have someone's account closed because you fucked up?

In fact, why didn't google suggest that, you know? "How about this, instead of you court-ordering us to delete someone's email account because you're a bunch of idiots, we'll just expunge the offending emails from the system, everyone happy?"

Lindsay & Megan, Sittin' in a tree...

[Impy+the+Impiuos+Imp]

> The Reg's earlier story says, "Rocky Mountain Bank had asked to court to keep its suit
> under seal, hoping to avoid panic among its customers and a 'surge of inquiry'

"Yeah," said the bank's press agent, "No need to make a federal case out of...ahhh...nevermind."