Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bank Goofs, and Judge Orders Gmail Account Nuked

Posted by kdawson on from the oops-our-bad dept.

An anonymous reader writes "The Rocky Mountain Bank, based in Wyoming, accidentally sent confidential financial information to the wrong Gmail account. When Google refused to identify the innocent account owner's information, citing its privacy policy, the bank filed in Federal court to have the account deactivated and the user's information revealed. District Judge James Ware granted the bank's request, with the result that the user has had his email access cut off without any wrongdoing or knowledge of why." The Reg's earlier story says, "Rocky Mountain Bank had asked to court to keep its suit under seal, hoping to avoid panic among its customers and a 'surge of inquiry.' But obviously, this wasn't successful."

23 of 594 comments (clear)

  1. G-Mail? by SeaFox · · Score: 5, Insightful

    Why is the bank sending sensitive customer information to an email account hosted by a provider known for rifling though it's user's emails for information?

    1. Re:G-Mail? by wizardforce · · Score: 5, Insightful

      why is the bank sending customer information through email at all? why is the bank not encrypting all sensitive customer data? answer: because they haven't been forced to do so. Everyone whose information was leaked to this account should sue them right into the ground. It's been far too long that banks carry little responsibility for other peoples' data and it's time they start.

      --
      Sigs are too short to say anything truly profound so read the above post instead.
    2. Re:G-Mail? by FrozenGeek · · Score: 5, Informative

      Because the customer in question gave the bank a gmail account and said "send me information via this email address". Do you really think that your ISP-based email address is any better than gmail? If so, could I interest you in some waterfront property in Florida? Seriously. Unless the contents of the email is encrypted before it is sent, assume the whole fricken' world (with lasers,even) has access to it.

      --
      linquendum tondere
    3. Re:G-Mail? by Anonymous Coward · · Score: 5, Interesting

      I work as a supplier to the banking industry.

      I'll tell you why they do this, they are outright fucking dumb. That's basically it. If the IT guy knows about encryption, he has no power to make it happen, but most of the time he's barely able to type let alone do IT stuff.

      Banks just don't pay for shit unless you are a VP or own the place, so they get the crappiest IT help.

      "Due diligence" means "cover your ass", and has NO OTHER MEANING in the banking community. Everywhere else it means "make a good effort to do the best you can to the spirit of the task".

      Granted, this breech is considerably dumber than average, but of the banks I have worked with, every single one of them at one time or another had some sort of institutional problem understanding and implementing some of the most basic data safety measures.

      The Feds have been much more pushy about it recently, so it will improve. And a lot of the old guard is finally dying off, and you'll see bank leaders that have had more than "type this letter" (to the secretary) experience with computers.

    4. Re:G-Mail? by easyTree · · Score: 5, Insightful

      "Due diligence" means "cover your ass", and has NO OTHER MEANING in the banking community.

      Surely that doesn't need to be explicitly stated - after all this is the industry that has destroyed millions of family's lives whilst receiving payouts from governments and still paying their people massive bonuses. I guess they have the cream of the crop though, when it comes to staff skilled in screwing-over the ordinary person.

      --
      Requiem for the American Dream
    5. Re:G-Mail? by Beezlebub33 · · Score: 5, Insightful

      When the families are told by the bank that they will be able to repay the loan and are given very low initial rate, AND the bank knows they will not be able to pay it back, AND the bank knows they will bundle it up the mortgage and sell it off, AND regulators that actually promote this THEN you have banks that are evil, greedy bastards, and you have families that are stupid, and a government that is incompetent, greedy, and stupid.

      No, it's not his world view that's fucked up, it's the world.

      --
      The more people I meet, the better I like my dog.
    6. Re:G-Mail? by easyTree · · Score: 5, Funny

      You appear to have accidentally hit the nail on the head.

      Well done.

      --
      Requiem for the American Dream
    7. Re:G-Mail? by Achromatic1978 · · Score: 5, Interesting

      The families who took the money were on the edge of desperation - looking for any way out.

      No, they weren't. Most people who took out low rate ARM mortgages in the early mid 2000s fell into several categories: the ignorant, ill-informed (maliciously or otherwise), or my favorite, seduced by TV networks who made "flipping" a property seem a guaranteed way to make hundreds of thousands of dollars a year. The waves of people I've seen on those shows, even now, who seem to think that anything less than $100,000 profit on a purchase, some renovations, and a six month turn-around is unacceptable is staggering.

      Even now, watch the very vast majority of those shows, particularly the ones where people do renovations, and have before/after valuations. "You spent how much on your new kitchen?" "$15,000" "Great, you just added $30,000 value to the home. Now, how about the bathroom?" "We spent $8,000 in here." "Excellent, looking around, I'd say you added $20,000 to the value of the home", and so on, ad nauseaum. Add this up, and you have, in my view, a hidden culprit, along with the RE agents who were pretty much as a whole in lock-step with these mantras pushed by TV onto their clients, of the housing bust.

      That $23,000 you invested in the home is only worth $50,000 if you can find the one born every minute to sell it to. Eventually, that got so outrageous, and so out of tune with reality, that people realized they were paying $50,000 for $23,000 of renovations on a home by a "flipper", and balked. And down came the house of cards.

  2. Sooo hang on... by Anonymous Coward · · Score: 5, Insightful

    ...if a judge in, say, Korea granted the same request to have a gmail account blocked, an innocent user in, say, Germany would loose his email...even if that email contained confidental and critical information to be used by its owner...this is quite pathetic and something should be put in place to stop these low level distric judges making decisions that could affect users across the globe.

  3. Re:Can the Poor SOB sue for damages? by grahamwest · · Score: 5, Funny

    Sewing for damages?

    Fear the giant quilt of redress!

    --
    Graham
  4. I hate analogies, but... by BitterOak · · Score: 5, Insightful

    Wouldn't this be like having a package wrongly delivered to your house (through no fault of your own: the sender had the wrong address), and since it contained highly confidential information, a judge ordered your house to be burned to the ground? (Okay, that's a bit extreme, but you get my point.)

    --
    If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
    1. Re:I hate analogies, but... by Anonymous Coward · · Score: 5, Interesting

      Actually, your scenario kinda-sorta happened to the Mayor of Berwyn Maryland. A scam where drugs are shipped to a random (innocent) person, to be taken later from the porch by an accomplice. In this case, brain-dead police investigators and a swat team charged into the innocent man's house, shot his dogs, and arrested him, his wife, and his elderly mother. He still awaits even an apology for the horrifying incident. There is very little actual 'justice' in the justice system.

      http://www.washingtonpost.com/wp-dyn/content/article/2008/07/30/AR2008073003299.html

    2. Re:I hate analogies, but... by internic · · Score: 5, Insightful

      Trust me, if you were more familiar with the incident you'd probably agree with the "brain dead" description. Several points:

      1. Police apparently already suspected there was one of these mail drop operations (where packages were shipped to an innocent person only to be swiped off their porch), so they knew the package was likely not for him.
      2. Rather than having some officers come to the door, they had a SWAT team break down the door unannounced, shoot the dogs (at least one of whom was simply running away), and cuff the residents on the floor (where they remained for several hours). The quantity of drugs (30 lbs of marijuana, IIRC) was such that it could not quickly be destroyed, and they had no other reason to think they would encounter violent resistance. Which brings us to the next point...
      3. They did no preparatory research. They did not even know who lived there. The officers on scene did not believe he was the mayor (which they would have known if they'd done even a Google search). What this says is that they simply deployed maximum force (maximally endangering everyone in the house) rather than any reasoned approach based on the likely resistance.
      4. Police entered without first announcing themselves. This requires a "no-knock" warrant, which they did not have.
      5. The package actually sat on the front porch for the better part of the day. The guy even walked his dogs when he got home before taking the package in. That should have been a tip-off that he didn't realize it contained >$100k of drugs.

      Basically, they did not take a reasoned approach but simply used maximal force, thereby terrorizing and endangering the innocent. Moreover, their sloppy police work quite possibly would have allowed him to get off even if he had been involved. They certainly should have investigated, but they way they did it was utterly irresponsible.

      Your analogy is flawed for a number of reasons: First, arresting someone in their car is considerably less dangerous (to everyone involved) than breaking into someone's house unannounced and firing shots. Second, murder is considerably more serious (and suggestive of suspect resistance) than drug trafficking. And third, it's unlikely that an individual would be victim of a body dumping scheme while it's trivial to mail someone a package with something illegal in it.

      --
      "You call it a new way of thinking; I call it regression to ignorance!" -- Operation Ivy
  5. So... by tnk1 · · Score: 5, Interesting

    ...wait. I mean, the account holder at this point has probably seen and done any damage that they are going to do with this information. How precisely is this going to help the bank's cause?

    Of course, the account may be inactive and they may well have gotten to it before the person who owned it logged in again, but I do have to wonder why it is the recipient's problem that the bank sent this information. If the bank sent me that sort of information in the mail, does that mean that the county can order my house burned down to make sure I can't read that mail, even though I probably have already read it in full?

    These decisions make no sense to me sometimes and it scares me because for some things I use only one email account and if my contacts disappeared, I might not be able to find some of these people again easily. I guess it's time to start backing up all my account data to my home machine by default.

    This is yet another strike against "cloud computing" taking over. If they can order your account just plain zapped because a bank fucked up, I don't see how anyone's data is safe. At least if you had it stored at home or at work on your own machine, you'd at least know what the hell happened to it.

  6. Re:IMAP by Naturalis+Philosopho · · Score: 5, Insightful

    You're right Google isn't to blame in this case. Not given the fact that the judge could have told the bank to suck it up, transfer the account to new numbers, and pay a fine to their customer for failing to live up to their security responsibilities. Instead he decided to punish the innocent people in this case. The bank screwed up, the bank should be held accountable. Anything less is yet another miscarriage of justice.

  7. Why deactivated? by FrozenGeek · · Score: 5, Insightful

    The bank requested the user's identity. Google refused to provide it. So then the bank goes to court not only to get the user's identity but to deactivate the user's account. I'm missing the logic. Okay, maybe the bank fears that enough time has passed that the user has seen the errant email and wants to prevent the user from misusing the information. Now, that might work if the user does not have a local copy of the email. On the other hand, if the user has a local copy and is now angry at the bank for having had their gmail account shut down, the user, who might otherwise have done nothing, now has both the means and the motive to do something. Good move. Wouldn't it have been possible for Google to contact the gmail user and ask him to delete any local copies? And Google, presumably, could have deleted the email from its own servers. I like Google's policy of protecting user identities. But this whole mess sounds like two bureaucrats blindly following policy to the detriment of the end-users. Can't anyone think anymore?

    --
    linquendum tondere
    1. Re:Why deactivated? by Dhalka226 · · Score: 5, Insightful

      The better question is this:

      How the hell did the bank even have standing to sue anybody? What wrong was done by anybody but them? How do you file, much less win, a lawsuit seeking to punish somebody who did nothing but receive an email you should never have been sending in the first place? How is it this man's legal responsibility to help them clean up their own fuck up, and how is it Google's legal responsibility to help the bank do so? What statute gives this judge the authority to destroy a third-party-to-a-fuck-up's email account because he didn't see fit to respond to an email he may not have even thought was legitimate? That's exactly what this ruling is saying; that this man somehow did something wrong by not helping the bank and he deserves to have his email account and potentially years of historical contacts lost.

      If I were this guy, I'd sue this bank for damages (and unfortunately, since I'm not even a party to the fucking lawsuit that unfairly harmed me I'd have to sue Google for an injunction against complying with the previous order). Big time. It's this kind of thing that makes me wish we could directly sue a judge for the idiocy of his decisions. Their total lack of accountability is reprehensible.

  8. Re:Can the Poor SOB sue for damages? by K.+S.+Kyosuke · · Score: 5, Insightful

    His own server, perhaps?

    --
    Ezekiel 23:20
  9. Re:IMAP by easyTree · · Score: 5, Insightful

    Perhaps you've not realised yet but banks aren't held responsible for their actions....

    --
    Requiem for the American Dream
  10. Re:IMAP by LordNimon · · Score: 5, Insightful

    but if a bank suddenly sent me 1,300 account's financial information, and then sent me an email telling me not to open it,

    How would you feel if both of these emails ended up in your spam folder? You would not have noticed anything at all, but then suddenly, your account would be gone.

    --
    And the men who hold high places must be the ones who start
    To mold a new reality... closer to the heart
  11. Re:Redirect the evil! by cheftw · · Score: 5, Funny

    and I will backfire badly

    :?

    It's not like it coud have been a typo, you capitalised it.

    Is this some new americanism?

    --
    Always back up, never back down. ---- Think you're cool 'cos your uid is prime? Take mine, modulo the one digit integers
  12. Re:Can the Poor SOB sue for damages? by Anonymous Coward · · Score: 5, Insightful

    What email do you use that would disobey a judge's order?

    His own server, perhaps?

    What makes you think that you won't arrive home to find that all of your electronic equipment has been confiscated?

  13. Re:Redirect the evil! by mpaulsen · · Score: 5, Insightful

    "Every one should email the bank banker@rmbank.com to ask them of their shady practices." No. Everyone should email some personal information to banker@rmbank.com, then insist that their domain be shut down.