Slashdot Mirror
Goldman Sachs Demands Google Unsend One of Its E-mails
rudy_wayne (414635) writes A Goldman Sachs contractor was testing internal changes made to Goldman Sachs system and prepared a report with sensitive client information, including details on brokerage accounts. The report was accidentally e-mailed to a 'gmail.com' address rather than the correct 'gs.com' address. Google told Goldman Sachs on June 26 that it couldn't just reach into Gmail and delete the e-mail without a court order. Goldman Sachs filed with the New York Supreme Court, requesting "emergency relief" to avoid a privacy violation and "avoid the risk of unnecessary reputational damage to Goldman Sachs."
Ha. Hahahaha. Ha.
why would this moron do that ffs. thats a problem on their end not with google.
Did you get that email? I will offer $1000 for it.
Already blocked
[FUCK BETA]
If this is interesting information, it has already been copied from the Google server to somebody's personal computer.
Barbara Striesand never returns my e-mails either.
Massive privacy breach....e-mailed a report...containing sensitive details...e-mailed...
The problem here isn't that it was sent to the wrong account. It's that it was e-mailed AT ALL.
"Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
"avoid the risk of unnecessary reputational damage to Goldman Sachs." I'd say it's too late for that now, mate.
At least every lawyer type e-mail I get has a giant disclaimer at the end if you are NOT the intended recipient. Perhaps GS should have considered using that? Over paid dopes.
...companies in the world.
This is a test case for them, it's all about control and it's all about the money.
Do you guys remember this: "Give me control of a nation's money and I care not who makes the laws."?
Well, you better remember it - and understand what it means, because your FREEDOM is at stake!
Cryptic to you?
READ BETWEEN THE LINES!
What this world is coming to - is for you and me to decide.
[x] testing internal changes with access to live systems and actual data
[x] unnecessary reputational damage to Goldman Sachs
[x] privacy violation
I don't see any boxes left for Google to tick.
You get what you pay for. Goldman used a cut-rate contractor, and the person the contractor hired used live sensitive data to a live e-mail address? Instead of using test data and a test address? Goldman tried to get something done on the cheap instead of hiring someone, and it burned them badly. Good!
The court ought to make Goldman reveal who the contractor is, and how much the person who screwed up was getting paid. Was it a fair market wage? How much did the contractor keep versus the person doing the work?
hate it when it renders my information sensitive :)
- I choked on the red pill and now I'm stuck in limbo
First of all they shouldn't be emailing that to anyone.
Second of all, why was it not encrypted???
There are more than a few email filtering products, some designed specifically to prevent sensitive data from being emailed at will via heuristics designed to detect sensitive information.
You would think as heavily regulated as Goldman is they would have these kinds of systems in place to prevent this kind of thing from happening.
"By contrast, Google faces little more than the minor inconvenience of intercepting a single email - an email that was indisputably sent in error," it added.
Losing a few thousand dollar is little more than a minor inconvenience for GS.
So how about it GS... send me a few thousand dollars.
Google is abso-fucking-lutely right to require a court order. If they don't, it'll just open the flood gates for other companies and people to "retract" damaging e-mails. The news here isn't that Google required proper legal procedures before violating it's users rights, it's that GS sends highly sensitive data by e-mail.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
This is so delusional. From a technological point of view it is exactly has pathetic as when a judge mandates that some data is to be deleted from a database. Meanwhile there are already a huge number of copies (including DB backups, personal backups, browser history / cache, could backups [say your DB was replicated among x computer in the cloud and one harddisk gave warnings about it's lifetime expectancy and got replaced while still having the data, etc.) and the data is "out there".
It reminds me of the DeCSS fiasco.
Sadly as long as the juridical system will be disconnected from reality, such non-sense is going to keep happening. It can be summed as this: "We order you to destroy the knowledge allowing man to make fire".
Not gonna happen. Poor delusional fools.
Just to make a "statement" someone should put DeCSS inside the Bitcoin blockchain.
When will these fools learn? You cannot control leaked data. This is impossible. So you have two choices: don't leak or deal with it.
That oughta larn 'em to check before they click send. But it probably won't.
Ooh, moderator points! Five more idjits go to Minus One Hell!
Delendae sunt RIAA, MPAA et Windoze
...and used Microsoft's legal team. They would have gotten the gmail.com and google.com domains and then it would just have been a matter to use Microsoft name servers to commit a DoS attack against gmail's hackers, erm, users.
The Federal judges in Nevada are suckers for a good story, I hear, even if it's blatantly false.
How the fuck did they reach anyone at Google to get that response?!
It isn't simpler to ask the destination address to delete it? As for security NSA already had a copy and so deleting it from google server is futile!!!
Aren't these legally binding? :-)
By about a decade.
There are two types of people in the world: Those who crave closure
make the same request when I accidentally reply-all to save myself 'reputational damage'? Or does this only work for large companies with lots of money?
I always write the body of the email before filling out the "to" line.
For some reason, it's easy to hit ctrl+enter while I type and I have found no way to turn off this "auto-send" feature.
At least now when I accidentally hit this key combination it complains about missing a recipient.
I have occasionally replied to mails with such disclaimers with my own non-disclaimer:
I can not be bound by one-sided disclaimers. I have the right to read, disclose, forward, publish, and act on any mail sent to me. If you wish to keep your confidential secrets, start by not sending them to me. Non-disclosure agreements can be arranged, at a cost.
Someone should tell Goldman Sachs that you cannot unsend an email. Usenet articles can be cancelled, even though most servers ignore cancels, but like snail mail, once email is posted it cannot be recalled.
What I'm wondering is whether or not the person whose email account was blocked because they received an email from Goldman Sachs has any form of legal recourse against Goldman Sachs.
"avoid the risk of unnecessary reputational damage to Goldman Sachs."
I think the reputational damage is quite well deserved in this case.
They asked google to do something, google said they can't without a court order, and now they seem to be getting one.
I always wondered what happened to Oscar Goldman after the Six Million Dollar Man wound down.
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
Everyone makes mistakes. I understand that. I make mistakes too.
But here's what I don't get. I am sending an email to dude@gs.com and accidentally type dude@gmail.com. But I also I just happen to have dude@gmail.com's PGP key and a sufficient trust path to know the key is correct, for the confidential information in question? That's the part I simply don't believe. All of Goldman Sachs' protestations that the sender just happened to also know dude@gmail.com and that they key was verified, ring hollow.
Of course, the silliness here, is that Goldman Sachs isn't really saying that happened. I'm totally making up the bullshit about their "protestations." And that is the problem, because if the information is confidential and if this is important enough to go to court over (and maybe it really is), then their routine security practices are a joke and they should have a reputation for having complete disregard for protecting confidential information. They are telling the public that they can't be trusted. So, everyone: listen to them.
After 2008, Greek crisis etc what damage will this do to their reputation?
Apparently it can. If you act fast enough, *and* get the necessary court order.
My question is, what law gives a court the right to do such thing? While there may well be laws that compel companies to keep their own data private, I find it hard to believe there is a law that gives a court the right to undelete stuff in a scenario like this. Courts don't tend to do stuff no matter how reasonable unless there is some law that says they should.
The disturbing thing about this is that the real owner of that mail box, whoever he may be, doesn't get to show up in court and put forward his viewpoint.
https://www.youtube.com/watch?...
It is like a twist on the movie Trading Places. They want some really bad data to fall into competitors hands to screw them over, "accidently" email it to gmail, then scream about it to make it look like they don't want it out there, validating the info in peoples minds so when it inevitably leaks, people will act on that data and be the sucker....
Data Loss Prevention, they sell them You could buy one, and implement it. Then you wouldnt be able to send out sensative crap you weak minded fools.
The ancient Roman Horace (65-8 bce) said: "Once a word has been allowed to escape, it cannot be recalled."
More recently, Omar, the Tentmaker (died ca 1123 ce) said:
"The moving finger writes; and, having writ,
Moves on: nor all your Piety or Wit
Shall lure it back to cancel half a Line,
Nor all your Tears wash out a Word of it."
America where you can force a company to erase your mistake if you have enough money for a crack legal team.
Fuck you Goldman Sachs. No, Really Fuck you.
Comment removed based on user account deletion
Kind of stuff having DLP software in place would prevent.
Personally I think Google should be able to charge them for wasting there time. How many people are they expected to employee to wipe up other peoples stupidity.
I hear Barbara Streisand wants her effect back.
Google has no fault in this scenario. GS has the problem, they want Google to help them out.
Instead of stating no, Google should have asked :"whats it worth to you?"
Google is a business, this is a service that they do not offer. you want a custom one-time service offering? Sure thing. Let me run some numbers on that and check your credit score and I'll get back to you.
If GS gets a court order and Google has to do this and they get nothing for it, then the situation is even more screwed up.
Warning: Teh poster of this messaeg is lysdexic
If the mail has not yet been delivered, then Google can stop the deliver and bill Goldman for the cost of stopping the delivery. If it has already been delivered, it is the property of the recipient. You can't do anything about it. At best Goldman can go after the recipient and get a gag order from the court. But Google is out of the picture.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
I believe you have a letter for me
I can see one way that the court is authorized by law to do that. Under common law, we each have a duty to not be reckless about doing things that might cause harm to another. Had Google chosen to deliver the email after having been notified that it could bring harm to Goldman _and_its_customers, Goldman could then file a suit for negligence. The judge or jury would then decide if Google failed to exercise ordinary care in preventing the leak, or if they did all that a reasonable person would do to protect the customers.
If Goldman intended to file such a suit, the normal and proper legal procedure would be for them to request a temporary injunction ordering Google not to release the information until the suit was settled. That is well and good because if Goldman were to win, Google can't very well take back the information they've already released.
Since Google didn't object to the request, why make Goldman formally declare their intent to file a suit for negligence if Google doesn't comply? Everybody knew that was result in an injunction, and a perfectly proper one, so why not save time and just go straight to the injunction hearing? The court can issue an injunction in the end, and I don't know of any common law or statutory requirement for pointless rounds of paperwork when everybody agrees it'll end up as an injunction hearing.
Hmm...We screwed up (Goldman) and now you (Google) have to fix it so we don't look like bigger dumbasses than we already do. I don't really see how this is Google's problem.
I'm going to weep when they get this power. Because it's Goldman Sachs and you know they will.
Sometimes the truth is arrived at by adding all the little lies together and deducting them from all that is known.
Because now Google is censoring people's emails without a court order if the entity demanding the censorship is rich and powerful enough!
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
You're almost the only one addressing the legal-theory side.
Stepping aside from the technics, what becomes the theory for this?
"Material that is believed to be owned by the recipient but is in fact leased or rented may be removed by the lessor/provider if it causes reputational damage from the sender (and maybe to other parties?)"
Lawyers have a fun job. (Things to do with a 170 IQ). Take can take one word and use it to create billions of client dollars. There was that one other article in Rolling Stone about how Goldman Sachs borrowed one paragraph from their federal government bailout, jammed it into a 15 year old finance bill, and now they get to run oil pipelines while bidding on oil futures and stuff.
Or the one from earlier today where that review board authorized the NSA to keep spying by abusing the words "adequate" and "reasonable".
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
The mail is probably sitting in someone's pop3 inbox. Plus, when he received something obviously in mistake it probably got deleted. Either way, wouldn't it make more sense to contact the addressee and stress that the mail is proprietary and disclosing it would rain down a whole heap of trouble on the guy?
Wired had a story about what they thought you would need to send a message that could not be read if intercepted or I guess in this case misdirected. You would have to know a lot about encryption, use the deep web and more. The recipient would need to use the same methods.
If this was the post (at least in the UK) they'd be SOL. Once you've consigned something to the mail you have no right to get it back and it must be delivered to the addressee. I don't see why email should be any different. This is very much their problem, not google's or anyone else's. And now the Streisand effect will probably come into force and I bet all the juicy stuff has been copied anyway.
A better translation of Rubiat 51 is:
The Moving Finger writes; and, having writ,
Moves on: nor all thy Piety nor Wit
Shall lure it back to cancel half a Line,
Nor all thy Tears wash out a Word of it.
Notice "Piety nor Wit". See http://www.gutenberg.org/files...
I am very sure Google lawyers will be pointing out to Goldman lawyers the exact clause and paragraph where Goldman pledged the everlasting life and soul of all the board of directors to Google when they clicked on the "accept" button of the EULA agreement of the Gmail.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Google could comply all they want, but it's laughably pointless if the unintended recipient has already read the email, possibly even downloaded it to their device via POP access or IMAP caching.
Can't wait for the forthcoming lawsuit where they try to make this unwitting recipient sign an NDA.
"To err is human, to forgive, beyond the scope of the Operating System."
Apparently not
It probably states in which shell account their CEO is storing his non-taxed gains or something like that.
If GS and anyone else for that matter who was going to send data that could result in ""needless and massive" breach of privacy." start insisting on encryption? I know my wife's company basically sends an email with a link, and you have to go log in to see the data.
They are sending this stuff over the internet where anyone along the line can read it
MAYBE, just maybe, if the financial companies started insisting on say a public key encryption method to send confidential data, ALL of us would be much better off (GPG anyone?)
-- 73 de KG2V For the Children - RKBA! "You are what you do when it counts" - the Masso
Fuck 'em. No sympathy for the devil.
When my Karma level reaches 0 I feel in piece with the Universe
Through a combination of carelessness and cluelessness, this employee managed to put hundreds of millions if not billions of dollars of customer funds at risk.
Sending information like this via email is where the mistake happened, not mistyping the address. Email is not secure even if it is sent to the right address you have no control over how it gets there and it could be easily intercepted and read enroute. Their reputation loss has already occurred by admitting that they use email for highly sensitive information like this.
'Undo reputational damage' ? Exactly how is it undo? It would seem to me that this is EXACTLY the kind of repetitional damage they deserve.
Why the fuck do companies think that when they fuck up they don't have to take the associated hit that goes with it?
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
(no text)
It's about the company being able to say, "But we've got this nice boilerplate asking the unintended recipient to deal with it. *shrug* We can't do anything more than that, right?"
Goldman-Sachs doesn't have "control of a nation's money"; the federal reserve does. Whatever negative consequences control of the money supply has, the control derives ultimately from Congress and the president and the voters who put them there. Congress and the president are clearly influenced by companies like that, but ultimately, the power to decide, and the responsibility lies without our politicians and the voters who keep putting them there.
In particular, given how much money Obama shoved into the hands of G-S, anybody who voted for Obama is ultimately responsible for this.
Yeah but... if it could be considered negligence of Google not to do a certain thing because it is their responsibility to do such a thing, then they wouldn't wait for the court to tell them to do it. They'd just do it. The very fact that they refuse point blank to do it without a court compelling them to do it, seems to indicate they don't think fiddling with people's mail boxes in any circumstances is "exercising ordinary care". And rightly so, I think.
Nothing in the story I saw said that Google disabled the email account until the court could rule on it. Maybe they did, but I didn't see it. The story said GS tried to contact the owner but they didn't reply. Presumably if they'd been listening they could have read the offending email, and then you'd be at their mercy of good will.
> if it could be considered negligence of Google not to do a certain thing because it is their responsibility to do such a thing, then they wouldn't wait for the court to tell them to do it. They'd just do it.
Nobody knows what a jury will decide. A judge or jury could nail them either way. If the information caused millions of dollars inlosses tfor thousands of Goldman customers, a jury could certainly decide that Google should have taken five minutes to prevent that from happening. Google is safe either way if they do as ordered by a court. Lacking a court order or knowledge of the future, they decided it was better to leave the email alone. That doesn't mean they were certain that they'd not be sued - just that doing nothing was not as bad as doing what Goldman asked.
Makes sense you try to put hosts down then after I saw your bullshit resume here http://www.linkedin.com/in/ray... (you do nothing but work for advertisers) and apk tearing you a new asshole confronting you to disprove points he states about hosts files value to users in more speed, security, reliability, and anonymity which you ran from it after your technical blunders shown here as well http://it.slashdot.org/comment... so I doubt your buzzwords filled resume is real or that you really know how to program.
They're advertisers you work for (or did): It's why you ran from disproving apk's points on hosts http://it.slashdot.org/comment... and you also made large technical blunders so your resume is pure bullshit obviously and you know nothing. Hosts files are a huge threat to scumbags like you is why you attempt to put them down. Cat's outta the bag on you, scumbag.
They're advertisers you work for: It's why you ran from disproving apk's points on hosts http://it.slashdot.org/comment... and you also made large technical blunders so your resume is pure bullshit obviously and you know nothing. Hosts files are a huge threat to scumbags like you is why you attempt to put them down and fail (running like a scared weasel you are since you can't validly do so). Cat's outta the bag on you, scumbag.
(1) The guy who received it probably said,"Wtf is this?" and promptly deleted it
(2)The account might not even be active, be better to ask Google the last time that email account was contacted before they start in with court orders.
(3) The words,"The email was sent in error, please delete all instances of it from your files," can be very effective if they're stated in a non-threatening manner.
(4) Going to the Supreme Court when you haven't at least investigated the possibilities above is just stupid.
Then I demand Goldman Sachs to undo the financial crisis to avoid unneccessary reputational damage to myself.
There is an ad for gmail business on this page.
http://michaelsmith.id.au
Sack the incompetent staff member who sent the email, instead of "cheating" your way out of it?
Ah, its Goldman Sachs. Carry on cheating the system.
Why was this sensitive material not sent using PGP encryption?
http://en.wikipedia.org/wiki/Sergey_Aleynikov
It is very likely that if the unsuspecting recipient were to have logged onto their Gmail account and checked for new e-mail that it would have already been in the Spam/Junk folder due to Google's awesome filters! I mean who in their right mind would think even if that e-mail was not marked as SPAM that it was not a forged Goldman Sachs e-mail. That and the fact that it had confidential client information. In this day and age with privacy and encryption, no one would have suspected this to be a legit Goldman Sachs e-mail.
Goldman Sachs core business data/info ..., looks like they don't own a/o act responsible for the data. Goldman Sachs should be fined for the core-business data breach by their contractor, and rehab their core-business model. Goldman Sachs has become just another brand-name that contracts out their core-business requirements ... much like many others in the .Gov, .Mil, .Com domains. They are in name only an institution without actual substance. IMO
Unaccountable leaders are masters, and unrepresented people are slaves. How do US and EU fare?