
Goldman says client data leaked, wants Google to delete email - Deinos
http://www.reuters.com/article/2014/07/02/us-google-goldman-leak-idUSKBN0F729I20140702
======
mmahemoff
Pro tip: If you're using GMail, install the Undo Send plugin, going strong
since 2009.

[http://gmailblog.blogspot.com/2009/03/new-in-labs-undo-
send....](http://gmailblog.blogspot.com/2009/03/new-in-labs-undo-send.html)

(I realise in this case it was the receiver, not the sender, using GMail, but
I'm sure a lot of people here send from GMail.)

------
cottonseed
To me the point here should be that Goldman can't control their data and a
simple typo can lead to a "massive" breach of "highly confidential"
information.

~~~
chaz
How would you fix this problem? Because something similar happened to me.

Someone pasted in a bunch of confidential info into an email that was for
discussion, with a few replies back and forth. After a hallway discussion with
another colleague, I sat down to forward the latest email to him, but Outlook
autocompleted the email address to an external vendor. Before I knew it, the
email was away. I quickly sent the vendor rep asking him to delete the email I
just sent, and he agreed. I assume he was professional about it.

What can be done? Confidential discussions via email is a must. Trying to get
the entire company into a secure web/app-based platform only is a non-starter.
You can't take away the ability to send email out. A custom "Internal
Distribution Only" flag in Exchange might work, but I can already hear the
complaints already of having to set/unset it with every email.

~~~
Alupis
Most major companies with sensitive data to protect have multiple safeguards
in place to ensure said data does not leave their control. It's
common/standard practice for email filters to auto-encrypt all email
attachments, or just downright forbid them from going out. Some appliances
will even read text of emails for sensitive data being discussed with
unauthorized individuals.

See SEJeff's comment below for more details and links.

~~~
Mandatum
What if it was just a copy-paste of the data and not sent as an attachment?

------
QuantumChaos
Putting aside the issue of whether there is any legal basis for ordering
Google to delete something that was accidentally disclosed, I also take issue
with their claim that the request is in itself reasonable.

They are not only requesting Google to delete this email, but also provide
information to Goldman Sachs about who accessed that information. This
violates the privacy of the person who received the email. What right does a
company have to know how you accessed your own email, or who you shared it
with, just because they accidentally sent you an email?

~~~
themartorana
I agree. If said person does disseminate private information, and it's
illegal, that's on the receiver.

In any case, I don't trust Goldman Sachs. They lie [1] with no hint of limit
or shame. Did they leak client information, or incriminating evidence?

Sure, it's conjecture, but the last thing I'd do is violate someone's privacy
or hand over personal information on Goldman's word.

[1] [http://m.rollingstone.com/politics/news/the-people-vs-
goldma...](http://m.rollingstone.com/politics/news/the-people-vs-goldman-
sachs-20110511?page=1)

------
chbrown
It makes me sad that asking Google to fix their problem is the best solution
Goldman Sachs can come up with. A few other options off the top of my head:

* DDoS the gmail account in question with spam, particularly spam that looks like it contains confidential information.

* Create a clever job ad on reddit, advertising a GS position in IT Security division by tracking down an email user supposedly played by a GS confederate, and then provide the gmail account in the ad

* Blackmail the unintended recipient, perhaps by sending the sort of data it's illegal in the U.S. to even own

* Mock the "From" header for thousand of typical spam messages with the gmail account address, send them to destinations that are sure to pass through Spamhaus & co.'s filters

* Fill the user's inbox to capacity; e.g., sign up for Quora with the gmail address in question

Certainly on the gray hat side of things, but asking Google to delete an email
isn't exactly kosher to begin with.

~~~
x0054
How on earth are any of the things you listed "gray hat"? Asking Gmail to
delete an email you have sent by mistake may be a little unethical, but
entirely legal. ALL of the ideas you have posted are blatantly illegal.

~~~
Alupis
Bigger picture... this happened in any capacity. GS should be in serious hot
water with somebody... perhaps even a government regulatory body.

------
rurounijones
I am surprised that the information got out. In my company any email
attachments to addresses outside the company domain were automatically zipped
and passworded at the mail-server.

We would then receive an email with the password which we have to then inform
to the original recipient (usually by forwarding the email... MITM? What does
that mean).

And this is for a company that is nowhere near as regulated. How did GS let
this happen?

~~~
SEJeff
Clearly someone in their infosec department just got fired. In the financial
industry (I work in tech for finance), the "DLP" aka Data Loss Protection
segment is very busy.

A few ideas:
[https://www.verdasys.com/solutions/eip.html](https://www.verdasys.com/solutions/eip.html)

[http://www.symantec.com/data-loss-prevention](http://www.symantec.com/data-
loss-prevention)

[http://interguardsoftware.com/sp_dlp_lnd_v6.html](http://interguardsoftware.com/sp_dlp_lnd_v6.html)

[http://technet.microsoft.com/en-
us/library/jj150527(v=exchg....](http://technet.microsoft.com/en-
us/library/jj150527\(v=exchg.150\).aspx)

DLP software is what keeps sensitive software inside the confines of where it
is supposed to stay. Funnily enough, DLP software like exactly the stuff in
those links is what was not installed in the base Edward Snowden was at in
Hawaii because it used too much bandwith.

The Federal Reserve uses Verdasys to prevent digital copies of the plates that
print money from making it out (I know a guy who works in their tech
department). It is scary to work at a place where they don't always trust even
their administrators who have root/Administrator privs.

~~~
greatquux
Is such a setup able to figure out if I base64 or uuencode a file and include
it as text inside of a plain text e-mail? I would think there'd always be a
way around this somehow.

~~~
SEJeff
Yes. The software we use will actually log when you perform any sort of read
on files matching certain strings (ie sensitive source codes).

One of our infosec guys encoded some sensitive source code and played it
through the speaker to his phone and reconstructed it. The DLP software
detected that and it was in a dashboard buried amongst other things.

------
zhte415
There are multiple problems with this, from both a regulatory and internal
control perspective:

* Regarding testing internal changes - banks maintain vast test databases (admittedly full of customers called Ronald McDonald) covering almost every scenario. Testing goes far beyond unit testing and smoke testing, but dedicated teams of system integration and user acceptance testers. This 'test' was not a 'test' by any measure of internal policy.

* Contractors should not ordinarily have access to customer data. Regulators across jurisdictions make this clear. They can, but an excruciating approval process is necessary.

* Contractors having external email access to anything but whitelisted domains is unusual, and worth raising an eyebrow at.

* Why is the email address being typed in? I've never worked at Goldman but expect like almost every other bank in the world they use Exchange, which typically allows typing in [Lastname], [Firstname} with a list of people to then select (Jones, David1; Jones, David2; Jones, David3; etc).

* Why aren't attachments required to be encrypted, especially to external domains? This is an automated feature in Exchange.

I'm pretty familiar with all the duck tape that gets used in daily banking. So
are regulators, who take a dim view of VBA being used as glue to tie together
1000s of internal systems, but often turn a blind eye. But this is not a case
of duck tape, it is institutionalised failings at several levels. So the
response is not surprising, Goldman have to show they take this seriously,
despite so many internal failings, and shirk a bit off on 'external
contractors' too.

------
beedogs
It's funny how companies run by psychopaths -- such as Goldman -- seem to
think they can play by a different set of rules than anyone else.

Google should tell them to go get fucked and take some damned responsibility
for their mistakes for once.

~~~
Zancarius
That's the funny thing. Didn't it technically become a "needless and massive
privacy breach" the instant the email was dispatched from their servers? Who
knows who might've intercepted, read, or otherwise had access to it.

They _definitely_ need to take responsibility at this point and contact all
affected parties since there's no guarantee the data went unread.

~~~
vehementi
Yeah, they will only suffer reputation loss if that email gets out further,
you see!

~~~
Zancarius
The sad thing is, it seems your tongue-in-cheek comment is _exactly_ their
mode of thought.

Mind boggling, isn't it?

------
dontmindifido
This is interesting from the context of a whistleblower. What if the
contractor intentionally emailed the file to an external address because they
had found out some kind of management impropriety.

------
cb3
_" Emergency relief is necessary to avoid the risk of inflicting a needless
and massive privacy violation upon Goldman Sachs' clients, and to avoid the
risk of unnecessary reputational damage to Goldman Sachs," the bank said.

"By contrast, Google faces little more than the minor inconvenience of
intercepting a single email - an email that was indisputably sent in error,"
it added. _

_" Emergency relief is necessary"_

"We are a big powerful bank, we are going to ask you nicely to do us a favor.
Our employees fucked up. Please help us hide the fact that our employees
fucked up, so we don't get a reputation for having employees that fuck up."
the bank said.

"What we are asking them to do is technically speaking very simple. Whether or
not it would open them up to many more such requests, we don't really
care(unless one of our employees fucks up again,) fuck you we're goldman
sachs." it added.

~~~
Alupis
I see we came to the same translation ;-P

------
hyperliner
The question is: \- if the email can cause "needless and massive" damage,

Then A) why is that information on someone's laptop and B) how can their email
systems not be protected about it C) particularly when a contractor can have
the data

The email attachment has probably already been saved.

------
politician
This story seems plausible, and the relief seems reasonable. I guess I don't
feel the outrage.

~~~
arg01
I don't think there's any particular outrage. Unless it's along the lines of
not having the systems in place so that this doesn't occur. Whether this is
outrageous (others in the thread have pointed out solutions) it's definitely a
reason to be news worthy.

------
x0054
On a side note, this is why it's so important for these large companies to
STOP sending attachments and instead used shared links to files (like via
Dropbox or equivalent). One way to do this would be to have a corporate wide
email gateway that scans all emails, strips attachments, and converts them to
hosted files. The gateway would replace the attachments with links to the
same. This way, if something like this happens again, they can simply remove
the hosted file or unshare it, no harm done.

~~~
rdtsc
> used shared links to files (like via Dropbox or equivalent)

Wait, wouldn't that be sharing their data with Dropbox? If data is so
sensitive, I don't see why is Dropbox necessarily more trustworthy than a
random stranger with a gmail account.

I if got a random email from GS with some brokerage account mumbo jumbo I
would assume it is span and delete it. So would my mom and most friend and
most people out there probably.

Presumably if this "stranger" is random, one can make an argument that data
would be safer with them then with a big cloud data aggregator (as that would
be a single targeted point of attack).

Ideally they should probably set up their own file sharing service with the
ability to explicitly share some files externally (taking all the necessary
security measures).

~~~
joelrunyon
You can revoke access to a shared dropbox file. You can also disable the
shared links.

~~~
rdtsc
You can but not to dropbox. Dropbox still has access. That is the problem,
isn't it?

~~~
x0054
I assure you, I only used Dropbox as an example. Clearly a system like this
should be implemented by the company it self. If it's important, you should
store it on your own servers, and make sure that those servers are safe.

------
nutjob123
Goldman has no process around sensitive emails so google should be
responsible? Goldman should have to tell their customers and own up to their
error.

~~~
visarga
Also, they propose violating constitutional rights to privacy to enter into
and modify one person's email for a civil (commercial) matter.

~~~
Dylan16807
No.

------
fleitz
This actually seems kind of reasonable, extremely limited in scope, very
narrow, and it's going through proper channels.

------
raldi
Is there any case law on the books involving a similar situation but with
postal mail?

~~~
nness
There very well might be, but my understanding is that courts are not likely
to draw decisions on email-related cases based on precedent set on mail-
related cases (although like all things, that interruption is likely to vary
country to country). Namely, since email is not sent through a government
postal service, and is much more akin to a private courier.

------
superuser2
How can anyone even think about justifying the failure to encrypt the data
before sending it? It wouldn't make the WSJ but would be just as bad if the
data moved as a cleartext email to its intended recipient.

------
nness
I'm more interested in knowing what repercussions are for the recipient of the
email if they were then to forward it on or make it public in some way.

Just since someone emails you something, does not mean they have granted you
ownership over that information or permission to share it publicly. But that
said, show me a corporate mail server which doesn't add 40 lines of disclaimer
at the end of the email anyway.

~~~
visarga
They should wikileak it.

