There are many things wrong with this order, but the most obvious ones are:
1. Both the emails could be in the spam folder of an account which the user is heavily dependent on.
2. In the future, to deactivate somebody's account just send a sensitive mail to that account.
Apparently, the judge who ordered this doesn't have very good judgement:<p><i>"In 1998, Judge Ware was reprimanded by the Judicial Council of the Northern District Court of California for fabricating the story of being the brother of Virgil Ware[5], a 13 year old black boy shot by teenage racists in Alabama in 1963 on the same day as the 16th Street Baptist Church bombing. According to a story Judge Ware had told many audiences, he was riding his bike with his brother Virgil on the handlebars when Virgil was shot and killed by white racists.[6] The incident was a real one, however it happened to a different James Ware,"</i><p><a href="http://en.wikipedia.org/wiki/James_Ware_%28judge%29" rel="nofollow">http://en.wikipedia.org/wiki/James_Ware_%28judge%29</a>
The thing that really blows my mind about this whole story is this:<p>What the fuck was a bank doing sending the confidential information of thousands to a GMail account in the first place?
By the same reasoning:<p>1. If I "accidentally" send an email to the bank I could get the court to kick the bank off the interwebs.<p>2. If I send a sensitive snail mail "accidentally" to the bank, can I get the court to lock down the bank's premises and order a search for my mail (and any copies of it)?
Does Google have any incentive to fight this? I find myself wishing that they would just reply with "No, that is ridiculous."<p>Why, WHY?, would someone be held legally responsible for not replying to an email!? That is the most ridiculous and stupid thing I've ever heard in my life. The bank messed up, we all mess up, but isn't it within his legal right to publicly distribute that list if he wanted?<p>Obviously he didn't, but it's not his problem that they sent it to him!<p>Frustrating. Maybe I should move my email to my own servers.
Imagine if someone emailed confidential data to various of the folks involved in the court case, and then demanding its return under the same terms as this decision. This decision would then become a whole new form of denial of service.
There should be some way to fight this. It is not acceptable for some one send you a wrongly addressed email and then make court deactivate your email account. I wonder how could a Judge rule this way?
Does anyone know what sort of precedent is set for the rights someone has who unintentionally receives confidential information? I think that it would apply directly here.
The bank was completely out of line to request this. What they should have done was to insure every single person on that list against identity theft for the rest of their lives. Then, if a significant number of them <i>did</i> have their identities stolen, request the identity of the gmail user; only then would their be evidence of wrongdoing on the part of the gmail address owner.
How do they know he didn't already download a copy and keep it? (not that I think they ought to pursue that, I just think that if the bank is worried about their security - they screwed themselves over long ago!)
Wouldn't it be funny if this person had a desktop client auto-fetching their e-mail via POP3, and released the data just to spite the judge & bank afterwards?
I have a serious question about this entire thing.<p>Does this set a precedence for future "mistakes" by large companies to deactivate and identify accounts simply because they send compromising information?<p>Put another way, what if you wanted to "nuke" someones gmail account - do you simply need to send "confidential information" then ask for the court order?<p>It is certainly a far fetched and expensive plan, but the question is really about precedence this case has set.<p>I spoke to a lawyer friend about this entire thing:<p>"The judge should have conducted a "balancing test" in which he asked whose rights it was more important to protect: those of hundreds of people whose account information was in the hands of some schmuck, or those of the schmuck who won't be able to email that dirty joke to his Mom if his email is suspended. It seems that the rights of the hundreds of account holders are more important, but you can protect their rights without suspending the schmuck's email address (and that is where I agree with Mr. Morris). The court could have ordered him to turn over all of the data he inadvertently received and swear under oath that he did not retain any further copies and that he did not distribute the copies to anyone else. Once that is done, if it turns out that the sensitive information was compromised in any way, the account holders can hold the bank accountable AND the schmuck. If the schmuck is a decent guy -- and if an IT professional certifies that he purged all the data and that it was not otherwise disseminated to outsiders -- then the story should end there and there is no First Amendment violation."<p>I think this balance test makes way more sense than what happened in this case.
What would they have done if this guy e-mailed back and said "Yea, I found your e-mail in my spam folder. It's been deleted. K bye."<p>Would we have even heard about this?
I wonder.. the easy reaction to this is "Don't use a third party for your e-mail" which is easy enough if you're a geek, but then if you have your own server/domain, could you end up with a court order taking your server or domain off the air under similar circumstances?
I will be happy to hear which was this bank so that I put my money of there if I have account. I wouldn't like my money support an institution with such poor practices and with such disrespect for people's privacy.
I don't understand why the order is to deactivate the account, and not just recover/delete the email and maybe release the identity of the account owner?
There is a mad logic to it:<p>Reasoning for de-activing the account: gmail account holder has not replied to follow up emails from the bank to destroy email and sensitive content. Therefore it is possible that the account is dormant and/or infrequently used. If that is the case, deactivation insures that the sensitive data is protected if the user happens to at this late date access their gmail account and lo and behold, surprise email from idiot bank. (This also applies if sensitive data is in the spam folder.)<p>Reasoning for disclosing identity: gmail account is active and frequently accessed, but the user (for whatever reason) has decided not to respond to the idiot bank. This raises the possibility that s/he has malicious intent of misusing the idiot bank's customers' information. Therefore lets find out who this person is in case the idiot bank's customers' information happens to show up elsewhere on the internet.
While the bank obviously made a monumental screw up, Google's initial response to the bank is at least in part to blame. Regardless of the privacy rights of the person who's Gmail account it is, there obviously should be an interest in protecting the confidential information of the 1,300 customers.<p>Google could have responded by helping the bank recover and delete the file, as well as sending an unmissable notification to the Gmail user.