Google Blogoscoped


Google sued for Gmail user identity  (View post)

Juha-Matti Laurio [PersonRank 10]

Thursday, September 24, 2009
13 years ago7,015 views

Ionut Alex. Chitu [PersonRank 10]

13 years ago #

From a comment: "So if I wanted to find out the identity behind a Google account, all I have to do is accidentally send it some confidential data, then demand that Google puts me in touch with the recipient?"

Juha-Matti Laurio [PersonRank 10]

13 years ago #

From the article:

"A US bank is suing Google for the identity of a Gmail user after a bank employee accidentally sent the user a file that included the names, addresses, tax IDs, and loan info for more than 1,300 of the bank's customers.

In mid-August, according to court documents filed in a California federal court, the Wyoming-based Rocky Mountain Bank was asked by a customer to send certain loan documents to a Gmail account belonging to a third party. A bank employee attempted to do so. But a day later, he realized he had sent the documents to the wrong address – along with a file containing confidential information for 1,325 other customers.

After a failed attempt to recall the email, the employee sent a second note to that wrong address, requesting that the confidential email be deleted before it was opened. There was no response, so the bank contacted Google to determine what could be done to ensure that the confidential info remained confidential.

Above 3 comments were made in the forum before this was blogged,

imma [PersonRank 3]

13 years ago #

I'd go with the rather harsh 'The bank has no right to get the information back or to receive communication from the person it was sent to' & I'd expect the bank to behave courteously & accept that the data may be long gone.

However, I'd hope the individual in question assured the bank that the data had not and was not going to be passed on.

re: "Oh, but what about the bank's customers, what will happen to them? They're not at fault & their data should be safe"
They get to sue the bank for compensation / no, no they're not / it wasn't & that's between them and their bank & that security is not for anyone external to provide :-(

David Mulder [PersonRank 10]

13 years ago #

I wonder about one thing... if you get a file with lots of private data and you would release them... would you be punishable? I would actually think only the bank would be in such a case, such an individual has only acted inmorally, but in essence did nothing wrong.

James Hall [PersonRank 1]

13 years ago #

[put at-character here]David Mulder: Unfortunately, morality has nothing to do with the law.

carigis [PersonRank 1]

13 years ago #

I wonder if the bank employee actually owns the google account....

ehm [PersonRank 0]

13 years ago #

1. for first – if the bank system allow someone to get personal data and the processes allow to send them to anyone, there is some problem

2. maybe if the bank ask Google not to get the information about email, but just to
a) delete the mail (declare some parameters of the mail – from, to, date, time ...)
b) give information if the mail was read (using POP3, SMTP or WEB)

they could reach their target without layers and hundrets of thousands of dolars, just because it is not asking for any personal information, and because they are legaly owners of the corespondation, not google and everyone MUST prevent any damage.

If Google recieve the information about this problem before the owner of the mailbox, and then the information were abused, so that Google COULD prevent the harm but did nothing, than Google will be in REAL TROUBLE.

Andy Wong [PersonRank 10]

13 years ago #

The bank can sue, and Google stated requiring legal process before taking any action. Google is all right regarding to legal process and internal operation process.

Who gain?

Solicitors only of both companies.

The court may order Google to release details. However, privacy of the bank customers is not necessarily protected after all.

Steven Sanderson [PersonRank 1]

13 years ago #

well they had to sue, since Google is protecting user privacy

Billy Bob [PersonRank 1]

13 years ago #

If I were the recipient I would politely write back to the bank that the file arrived in good order and will go no further, provided the bank does not try to violate my privacy. In the latter event, all 1300 of their customers will instantly learn of their negligence.

Bart [PersonRank 0]

13 years ago #

Duh. Wish the bank employee used "Undo feature" in Google Labs.

Michael Martinez [PersonRank 5]

13 years ago #

Extortion is illegal in all states. I would not make any threats about releasing confidential information.

The Gmail user should have responded to the bank, assuming he or she was actively using the account.

Having been the victim of identity theft, I would say the bank's action was appropriate given the lack of response from the Gmail user.

Dan Tobias [PersonRank 6]

13 years ago #

There does not appear to be any evidence so far of either the anonymous user or Google doing anything illegal, immoral, or improper. All the bad behavior was committed by the bank employee who was careless with sensitive information. It's questionable whether it's fair in such a case for Google to have to bear the expense of defending against a lawsuit, or the anonymous user to risk having his/her privacy compromised.

Stephan Locher [PersonRank 9]

13 years ago #

Which bank sends confidential data trough external e-mail?
And even if we assume e-mail would be a safe was aof data transport(Which it isn't at all), for what should a third party receive data of more than thousand customers?

Juha-Matti Laurio [PersonRank 10]

13 years ago #


Roger Browne [PersonRank 10]

13 years ago #

So the recipient of the accidentally-sent message had his email account disabled through no wrongdoing of his own.

Of course Google has to respond to the court order, but I hope they will post the details somewhere like chillingeffects.

jane james [PersonRank 0]

13 years ago #

Have customers been informed that their personal details have been put at risk? So that they can take measures to safe guard themselves.
Unless the user of the account has broken the law, could they sue google for disclosing their id? And the bank for putting google in a position to allow the breaking of a privacy policy even legally. Could be a good few court cases around this.
Bank is at fault for
1. Sending emails that can be opened without a password, this should be automatic, even went sent internally to bank employees.
2. That it was sent thought an external system.
3 That staff who deal with this type of things are multi-tasked, this making mistakes easier.
4. That the same computer is used to send customers everyday emails are used for sending and keeping details that are confident.
The 4 above spells for total contempt for customers confidentiality and reflects the banks attitude towards their customers.
I also find it hard to believe that, a bank cannot type in the email address and find out the id themselves, they can do this with other information, even a telephone number.
The fact that they have had to take google to courts to get customers id is well done google, id has not broken law. (unless the bank thinks the employee is going to use the imformation).

The bank should be held accountable big time for this.

I also think that banks and governments should also start to encrypt their information using a programme that is adapted to their unique encryption code, so that very few people outside of that organisation would be able to decode it, making the transportation of digital information more secure.

Roger Browne [PersonRank 10]

13 years ago #

> could they sue google for disclosing their id?

You can sue someone for anything you like. But they have no chance of winning if they sue someone for complying with a court order.

DPic [PersonRank 10]

13 years ago #

Forum home


Blog  |  Forum     more >> Archive | Feed | Google's blogs | About


This site unofficially covers Google™ and more with some rights reserved. Join our forum!