
Judge Orders Google To Deactivate User's Gmail Account and Disclose Identity - Flemlord
http://www.mediapost.com/publications/?fa=Articles.showArticle&art_aid=114264
======
naveensundar
There are many things wrong with this order, but the most obvious ones are:
1\. Both the emails could be in the spam folder of an account which the user
is heavily dependent on. 2\. In the future, to deactivate somebody's account
just send a sensitive mail to that account.

~~~
jwecker
I think people on this board especially understand that something as simple as
an email account can directly affect our means of making a living and can have
very serious consequences, therefore we understand that a blanket deactivation
could be the equivalent of "to help me fix my mistake, you must lose your
job."

To non-geeks loosing an email account isn't as big of a deal, so it's easy to
see why a judge would not realize the significance.

~~~
scott_s
I know many non-geeks who would consider losing their email account a big deal
and would be upset. More than just geeks rely on their online identities to
talk and work.

~~~
rokhayakebe
I think the point he was trying to make was how much does the Judge value
electronic mail. Not much apparently.

------
alanthonyc
Apparently, the judge who ordered this doesn't have very good judgement:

 _"In 1998, Judge Ware was reprimanded by the Judicial Council of the Northern
District Court of California for fabricating the story of being the brother of
Virgil Ware[5], a 13 year old black boy shot by teenage racists in Alabama in
1963 on the same day as the 16th Street Baptist Church bombing. According to a
story Judge Ware had told many audiences, he was riding his bike with his
brother Virgil on the handlebars when Virgil was shot and killed by white
racists.[6] The incident was a real one, however it happened to a different
James Ware,"_

<http://en.wikipedia.org/wiki/James_Ware_%28judge%29>

~~~
jpwagner
No he doesn't...

[http://en.wikipedia.org/wiki/James_Ware_(judge)#Noted_ruling...](http://en.wikipedia.org/wiki/James_Ware_\(judge\)#Noted_rulings)

~~~
jacquesm
How come the guy didn't get thrown off the bench for that ?

Judges are supposed to be beyond doubt, if a judge has done something like
that their career should be over.

~~~
jrockway
Especially if they have a lifetime appointment.

If you fuck up and are re-elected, that's one thing. If you fuck up but have a
lifetime appointment, well, I can't see the benefit to the people he
represents to keep him on the bench.

------
ianbishop
The thing that really blows my mind about this whole story is this:

What the fuck was a bank doing sending the confidential information of
thousands to a GMail account in the first place?

~~~
stakent
And why _all_ emails were _not_ strongly encrypted?

~~~
seiji
Have you ever seen an encrypted email sent to a wide audience?

~~~
stakent
Did I say its easy?

The point is that there is an organisation. And some people are responsible
for security.

And yes, it _will_ cost.

~~~
jrockway
Why do it right when the legal system is perfectly happy to violate the rights
of innocent people at no cost to you? "It's the economy, stupid."

------
naveensundar
By the same reasoning:

1\. If I "accidentally" send an email to the bank I could get the court to
kick the bank off the interwebs.

2\. If I send a sensitive snail mail "accidentally" to the bank, can I get the
court to lock down the bank's premises and order a search for my mail (and any
copies of it)?

~~~
jhancock
No, because your not a bank ;). Our government thinks very highly of banks,
don't expect similar treatment.

------
cschep
Does Google have any incentive to fight this? I find myself wishing that they
would just reply with "No, that is ridiculous."

Why, WHY?, would someone be held legally responsible for not replying to an
email!? That is the most ridiculous and stupid thing I've ever heard in my
life. The bank messed up, we all mess up, but isn't it within his legal right
to publicly distribute that list if he wanted?

Obviously he didn't, but it's not his problem that they sent it to him!

Frustrating. Maybe I should move my email to my own servers.

~~~
palish
I doubt he would be able to legally distribute the list.

~~~
mikeyur
Plus it wouldn't be fair to the 1300 bank customers who don't know how crappy
their bank really is - and how insecure their personal information is.

~~~
palish
Err.. Offtopic: I can't see how many points the parent comment has. That's
weird. I see the uparrow, followed by "by mikeyur 8 hours ago", but the "N
points" part is missing.

~~~
ptomato
<http://news.ycombinator.com/item?id=844979>

------
slackerIII
Someone should accidently send some confidential info to the judge's email
account.

------
Hoff
Imagine if someone emailed confidential data to various of the folks involved
in the court case, and then demanding its return under the same terms as this
decision. This decision would then become a whole new form of denial of
service.

------
manish
There should be some way to fight this. It is not acceptable for some one send
you a wrongly addressed email and then make court deactivate your email
account. I wonder how could a Judge rule this way?

~~~
lnguyen
Imagine the consequence if it was sent via an old-fashioned method: snail mail
or fax. Clearly the remedy would not be to destroy the home, office or
deactivate the phone line of the receiver. It's an extremely poor
understanding of technology but sadly, not at all surprising.

------
rtrunck
New business idea: start a email service similar to Gmail and operate it in a
country with a more reasonable judiciary and/or better privacy rights.

~~~
varjag
There isn't such a country. A conflict with money will get your ass served
anywhere.

------
absurdman
And what of the 1,300 people? They should all be notified that their security
was breached, AND they should be suing the bank.

------
dkokelley
Does anyone know what sort of precedent is set for the rights someone has who
unintentionally receives confidential information? I think that it would apply
directly here.

------
araneae
The bank was completely out of line to request this. What they should have
done was to insure every single person on that list against identity theft for
the rest of their lives. Then, if a significant number of them _did_ have
their identities stolen, request the identity of the gmail user; only then
would their be evidence of wrongdoing on the part of the gmail address owner.

------
TallGuyShort
How do they know he didn't already download a copy and keep it? (not that I
think they ought to pursue that, I just think that if the bank is worried
about their security - they screwed themselves over long ago!)

------
cabalamat
It's just as well the bank didn't send it by smail mail, then the judge would
have ordered the recipient's house to be bulldosed.

------
mcantor
Wouldn't it be funny if this person had a desktop client auto-fetching their
e-mail via POP3, and released the data just to spite the judge & bank
afterwards?

------
EGF
I have a serious question about this entire thing.

Does this set a precedence for future "mistakes" by large companies to
deactivate and identify accounts simply because they send compromising
information?

Put another way, what if you wanted to "nuke" someones gmail account - do you
simply need to send "confidential information" then ask for the court order?

It is certainly a far fetched and expensive plan, but the question is really
about precedence this case has set.

I spoke to a lawyer friend about this entire thing:

"The judge should have conducted a "balancing test" in which he asked whose
rights it was more important to protect: those of hundreds of people whose
account information was in the hands of some schmuck, or those of the schmuck
who won't be able to email that dirty joke to his Mom if his email is
suspended. It seems that the rights of the hundreds of account holders are
more important, but you can protect their rights without suspending the
schmuck's email address (and that is where I agree with Mr. Morris). The court
could have ordered him to turn over all of the data he inadvertently received
and swear under oath that he did not retain any further copies and that he did
not distribute the copies to anyone else. Once that is done, if it turns out
that the sensitive information was compromised in any way, the account holders
can hold the bank accountable AND the schmuck. If the schmuck is a decent guy
-- and if an IT professional certifies that he purged all the data and that it
was not otherwise disseminated to outsiders -- then the story should end there
and there is no First Amendment violation."

I think this balance test makes way more sense than what happened in this
case.

~~~
extension
The schmuck can't "turn over" the data and there's no conceivable way to
verify that he deleted it, so this scenario just puts the blame on him if any
of that data ever leaks and there's nothing he can do about it.

Also, I'm no legalologist, but I don't see how the rights of the bank's
customers are being violated. Their agreement with the bank has been severely
breached, but that's between them and the bank. Violating the schmuck's
fundamental rights to correct someone else's mistake doesn't seem very
balanced to me.

------
jrwoodruff
What would they have done if this guy e-mailed back and said "Yea, I found
your e-mail in my spam folder. It's been deleted. K bye."

Would we have even heard about this?

------
petercooper
I wonder.. the easy reaction to this is "Don't use a third party for your
e-mail" which is easy enough if you're a geek, but then if you have your own
server/domain, could you end up with a court order taking your server or
domain off the air under similar circumstances?

~~~
pyre
I imagine that if you didn't reply to requests in that instance they would
just go to your hosting provider. If you _were_ your own hosting provider,
then they would just take your to court, and if you didn't show up then the
ruling would be in the bank's favor.

At _some_ point, you would have to respond to them.

------
nearestneighbor
Google must not have very good lawyers. This is clearly a miscarriage of
justice.

~~~
billswift
Google most likely doesn't that care much; it's not their email account being
terminated. They go through the proforma requirement that a judge sign off on
or require whatever, then stick it to their customer since it's no longer
their fault.

------
acg
You've got to wonder who's paying the judge's salary

~~~
jhancock
The federal government? He has a job for life and can go home and get baked on
some righteous NoCal weed every night. Really, what else do you expect?

~~~
acg
Rather single minded response, I'm not sure what you are asking. To spell it
out, asking who is paying his salary is to ask a number of questions (I think
you've immediately assumed conspiracy):

\- If it is the people/government are they getting their money's worth?

\- If he's taking backhanders is it corruption?

\- If it's neither of these what is the motivation for this sort of justice?

Perhaps I don't understand the make-up of the federal government in the US but
it's presumably has to answer to the citizens.

------
mitko
I will be happy to hear which was this bank so that I put my money of there if
I have account. I wouldn't like my money support an institution with such poor
practices and with such disrespect for people's privacy.

------
jey
I don't understand why the order is to deactivate the account, and not just
recover/delete the email and maybe release the identity of the account owner?

------
milkshakes
time to move my email offshore

------
lucifer
There is a mad logic to it:

Reasoning for de-activing the account: gmail account holder has not replied to
follow up emails from the bank to destroy email and sensitive content.
Therefore it is possible that the account is dormant and/or infrequently used.
If that is the case, deactivation insures that the sensitive data is protected
if the user happens to at this late date access their gmail account and lo and
behold, surprise email from idiot bank. (This also applies if sensitive data
is in the spam folder.)

Reasoning for disclosing identity: gmail account is active and frequently
accessed, but the user (for whatever reason) has decided not to respond to the
idiot bank. This raises the possibility that s/he has malicious intent of
misusing the idiot bank's customers' information. Therefore lets find out who
this person is in case the idiot bank's customers' information happens to show
up elsewhere on the internet.

~~~
rokhayakebe
Dude the guy/gal does not have to respond to any email unless he wants to.
This is not a conversation. It was a request to communicate, and s/he can
decide to remain silent.

~~~
lucifer
> Dude the guy/gal does not have to respond to any email unless he wants to.

Obviously. (There is nothing in the earlier comment that in any way addresses
the recipient's rights.)

Equally obvious is the fact that the bank in question certainly has to take
every possible measure to limit the impact of their stupid mistake. Its
possible (ianal) that they even have a legal obligation to do so.

------
tom_fb
This kind of stuff only happens in America

~~~
araneae
Not really. A lot of European countries, particularly the UK, are a lot worse.

~~~
ig1
Although at least in the uk the company would get prosecute for sending client
details unencrypted over the internet.

------
albertsun
While the bank obviously made a monumental screw up, Google's initial response
to the bank is at least in part to blame. Regardless of the privacy rights of
the person who's Gmail account it is, there obviously should be an interest in
protecting the confidential information of the 1,300 customers.

Google could have responded by helping the bank recover and delete the file,
as well as sending an unmissable notification to the Gmail user.

~~~
catweasel
An 'unmissable' notification from Google wouldn't be anymore unmissable than
the request email sent by the bank. Which is why the bank wanted Google to
disclose the identity of the user. If Google deleted a users emails and
disclosed their identity to a third party then Google would be in breach of
their own privacy policy. They would be exposing themselves to litigation,
hence the requirement for a court order.

~~~
billswift
Except that it could have ended up, possibly along with the original email, in
a never read spam folder. Google has more direct means of reaching an account
holder.

