Tuesday, September 29, 2009

Receive an email, get your account shut down

Suppose you get Internet email (who doesn't). Suppose that someone somewhere on Al Gore's Intartubes sends you an email by mistake - someone at a bank, let's say. They meant to send it to someone else, but sent it to you. Imagine that they included a file that contained all sorts of sensitive data about their customers: bank account numbers and so forth.

Seems like they screwed up big time, right? So what should happen?

Well, if the bank is Rocky Mountain Bank in Wyoming, they'd sue to get your email account frozen. And some mouth breathing Judge would issue a court order to force your email provider to freeze it:

When Google refused to release the identity of the person behind the Gmail account, the bank sued. Last week, Google told The Reg it would not release the users identity unless it receives a subpoena or court order, and such an order soon arrived.

Judge James Ware of the US district court for the northern district of California issued a temporary restraining order on Wednesday, insisting that Google deactivate the account.
Looks like the account is going to be frozen, and remain frozen, until October 5 at the earliest.

Let's play "Count the idiots", shall we?

1. Whoever at Rocky Mountain Bank in Wyoming sent the wrong email to the wrong address.

2. Whoever at Rocky Mountain Bank in Wyoming refused to approve budget for their IT department to deploy Data Loss Prevention technology, which would likely have blocked the email before it went out onto Al Gore's Intarwebz.

3. Whoever at Rocky Mountain Bank in Wyoming decided that a lawsuit targeting the innocent bystanders why were subject to the fallout from the above screw-ups.

4. Judge James Ware of the US district court for the northern district of Californi, who seemingly does not get enough oxygen at the high altitudes experienced in Wyoming. Or something.

That's one powerful lot of Due Diligence failures, all wired in series.

3 comments:

Paladin said...

If I were the innocent email account holder caught up in all this, I'd be really tempted to suggest that my email account be released IMMEDIATELY - or all the "sensitive" information would mysteriously be released into the wilds of the internet for all to see and enjoy. I don't know how to anonymously put stuff out on the net where it can't be traced - but I know people who do.

I wouldn't actually do it, of course, 'cuz the actual people whose info was released don't have anything to do with the problem -

But then the Bank turds wouldn't know that about me, would they?

Anonymous said...

I wonder if it's common practice for this bank to (presumably) send sensitive financial data out over the public Internet in unencrypted cleartext? Why not zip it, encrypt it, and password protect it, thereby ensuring not only the integrity of the data but the authenticity and authorization of the recipient.

Eagle said...

Judge Ware, eh?

Is he a member of the Ware family? Does this make him "a Ware"?

Uh... nope. Just oblivious...