Sunday, September 27, 2009

Can we talk about this (email shutdown)?

This and this.

A bank mis-typed an email address, sending a complete stranger a file with tons of personal information:

The attachment contained confidential information on 1,325 individual and business customers that included their names, addresses, tax identification or Social Security numbers and loan information.

They then sent a second email to this stranger telling him or her to delete the previous email and contact them immediately. They heard no response, went to court, and the court ordered Gmail to close the account. I have to completely agree with this statement, from the second of the above links: (emphasis mine)

"It's outrageous that the bank asked for this, and it's outrageous that the court granted it," says John Morris, general counsel at the Center for Democracy & Technology. "What right does the bank have and go suspend the email account of a completely innocent person?"

I get emails sent to my phone, so I tend to see every email within hours of it being sent. My dad uses email for work, so he checks his regularly. My sister, however, can go weeks without checking her email. It's very possible that the person who was sent this email hasn't even checked his or her account yet, and now it's shut down. I have Google Voice, Reader, and Calendar tied to one Gmail address. How would this court order affect all of those services?

I have to say that it's very possible both emails were read, but the attachment wasn't opened. If you got those two emails isn't there a huge chance you'd just assume they were a phishing scheme and ignore them? That makes me wonder why the court chose to start with the undiplomatic brute force method. Why not order Google to first see if the data has even been viewed yet? Why not have Google attempt to contact the person--then it might become apparent that these emails aren't in fact a scam.

And finally, the question of the day, why the hell wasn't that personal information encrypted? What kind of bank sends an attachment with the private information of 1,325 customers and doesn't encrypt it? Truecrypt is free, banks. This bank should be buried in fines, branded as a high security risk and left as an example to others.


No comments:

Post a Comment