Forgot your password?
typodupeerror
Google Communications Privacy The Courts Your Rights Online

Goldman Sachs Demands Google Unsend One of Its E-mails 346

Posted by timothy
from the need-to-turn-on-google-labs-for-unsend dept.
rudy_wayne (414635) writes A Goldman Sachs contractor was testing internal changes made to Goldman Sachs system and prepared a report with sensitive client information, including details on brokerage accounts. The report was accidentally e-mailed to a 'gmail.com' address rather than the correct 'gs.com' address. Google told Goldman Sachs on June 26 that it couldn't just reach into Gmail and delete the e-mail without a court order. Goldman Sachs filed with the New York Supreme Court, requesting "emergency relief" to avoid a privacy violation and "avoid the risk of unnecessary reputational damage to Goldman Sachs."
This discussion has been archived. No new comments can be posted.

Goldman Sachs Demands Google Unsend One of Its E-mails

Comments Filter:
  • by what2123 (1116571) on Thursday July 03, 2014 @09:28AM (#47375479)
    Ha. Hahahaha. Ha.
    • Re: (Score:2, Informative)

      by Anonymous Coward
      yeah. [rollingstone.com]
      • by flyingsquid (813711) on Thursday July 03, 2014 @12:06PM (#47377125)
        So basically what happened is that someone started typing an email to "Joeblow@gs.com" and got as far as "Joeblow@g" before the autocomplete helpfully added "gmail.com". And then they hit "send". Through a combination of carelessness and cluelessness, this employee managed to put hundreds of millions if not billions of dollars of customer funds at risk. Well, given what happened the last time Goldman made a mistake of this magnitude, it's clear that there's only one course of action for the company. And that's to give this employee a massive bonus.
        • What this also indicates is that "Joeblow@gmail.com" was already in the employee's address book, which means it is someone they correspond with. Given this, did the employee then contact that person and ask them to delete the previous email? I presume they did, and got a "fat chance" in reply. And if THIS was the case, you can rest assured that "Joeblow@gmail.com" has already saved the email elsewhere and likely forwarded it to other email addresses; so this attempt at a court order, while it may show that the employee was attempting to do the right thing (so protecting their job), won't actually accomplish anything in the name of privacy or "name polishing".

          It's like Barbara Streisand has suddenly requested the world forget about her... and they have.

        • Email Insecure (Score:5, Insightful)

          by Roger W Moore (538166) on Thursday July 03, 2014 @03:01PM (#47378789) Journal

          Through a combination of carelessness and cluelessness, this employee managed to put hundreds of millions if not billions of dollars of customer funds at risk.

          Sending information like this via email is where the mistake happened, not mistyping the address. Email is not secure even if it is sent to the right address you have no control over how it gets there and it could be easily intercepted and read enroute. Their reputation loss has already occurred by admitting that they use email for highly sensitive information like this.

    • by bondsbw (888959)

      Not that I care a hoot about bad things happening to GS... not that I believe this should have been emailed...

      But I wish it weren't so easy to send a message to an unknown address, particularly one on a different server. I'd almost rather have a separate protocol for sending to known/safe addresses than for unknown addresses.

      • That's why there are TLD's [wikipedia.org] just for that purpose.

        • by bondsbw (888959)

          I don't see how that would help this situation. The "testing" was an internal business process, not an email system test. The email was a report related to testing.

      • Actually, exchange server does have security to help inforce this. Maybe they need new IT policies.
      • Re: (Score:3, Funny)

        by ketomax (2859503)
        Don't worry it will be automatically deleted after 30 days.
      • It is called a filter. We use them all the time. Add confidential, private, internal only and the email won't leave our domain. Why is it goldman sachs hasn't figured it out?
  • Non-story. (Score:5, Informative)

    by u38cg (607297) <calum@callingthetune.co.uk> on Thursday July 03, 2014 @09:29AM (#47375495) Homepage
    Already blocked [reuters.com]
    • Re:Non-story. (Score:5, Insightful)

      by mwvdlee (775178) on Thursday July 03, 2014 @09:39AM (#47375605) Homepage

      Just because an issue was quickly resolved doesn't make it a non-story.

      If Goldman Sachs uses the insecure SMTP protocol to transmit highly sensitive unencrypted data, they deserve the reputation damage (and a security audit).

    • That doesn't make this a non-story, only a slightly out-of-date one.

    • Already blocked [reuters.com]

      Yea no, the idea that blocking the email relieved the privacy concern is a joke. They sent that "massive privacy leak" or whatever, over the open internet. In fact, it sounds like they are routinely doing this, and their only concern is that they sent it to the wrong address. The real story here is that Goldman Sachs is sending this kind of info via email!!! In my job, if I were to send even your name and address via email outside our corporate network I'd be fired on the spot. The email traversed dozens of

  • Too late now (Score:4, Insightful)

    by itzly (3699663) on Thursday July 03, 2014 @09:30AM (#47375505)
    If this is interesting information, it has already been copied from the Google server to somebody's personal computer.
  • Yeah (Score:5, Funny)

    by boristdog (133725) on Thursday July 03, 2014 @09:31AM (#47375511)

    Barbara Striesand never returns my e-mails either.

  • E-mail? (Score:5, Insightful)

    by Scutter (18425) on Thursday July 03, 2014 @09:31AM (#47375515) Journal

    Massive privacy breach....e-mailed a report...containing sensitive details...e-mailed...

    The problem here isn't that it was sent to the wrong account. It's that it was e-mailed AT ALL.

    • Re:E-mail? (Score:5, Insightful)

      by MikeBabcock (65886) <mtb-slashdot@mikebabcock.ca> on Thursday July 03, 2014 @09:35AM (#47375567) Homepage Journal

      Good luck explaining this to companies ... I'm still working over people who insist on sending confidential Excel spreadsheets by E-mail.

      • Don't put anything in an email that you wouldn't put on a postcard. If you MUST email sensitive information, encrypt it before sending -- the encryption is the envelope.

        • Re:E-mail? (Score:4, Insightful)

          by Charliemopps (1157495) on Thursday July 03, 2014 @10:29AM (#47376079)

          Don't put anything in an email that you wouldn't put on a postcard. If you MUST email sensitive information, encrypt it before sending -- the encryption is the envelope.

          No... encryption doesn't work either. If the data is only sensitive in the short term then you can encrypt it. So, for example, a configure file that wont matter in a month when you change it. But if the data is actually sensitive, like your financial records, eventually that encryption will be worthless and if anyone saved that file, they'll be able to decrypt it.

    • Re:E-mail? (Score:5, Insightful)

      by Dr. Evil (3501) on Thursday July 03, 2014 @09:36AM (#47375573)

      "testing internal changes... with sensitive client information"

      Should violate all security policies right there.

    • There are more than a few email filtering products, some designed specifically to prevent sensitive data from being emailed at will via heuristics designed to detect sensitive information.

      You would think as heavily regulated as Goldman is they would have these kinds of systems in place to prevent this kind of thing from happening.

      • You would think as heavily regulated as Goldman is supposed to be they would have these kinds of systems in place to prevent this kind of thing from happening.

        FTFY.

        Regulations only work if they are actually enforced.

    • by nahpets77 (866127)
      What if they had used encryption? Seems to me that had they send an encrypted attachment they wouldn't have had to go through all this trouble.
    • by Chewbacon (797801)

      First, they don't understand it's not secure. Second, if the thought did cross their mind, then they wouldn't know who to ask for a secure solution or be patient enough to take the time to implement it.

      Did companies learn nothing from Target?

    • Correct. Confidential data should only go over an encrypted email system like we use in health care to protect PHI. It's bizarre that they're eve able to send a confidential report over plaintext email, which is the equivalent of a postcard.
    • Massive privacy breach....e-mailed a report...containing sensitive details...e-mailed...

      The problem here isn't that it was sent to the wrong account. It's that it was e-mailed AT ALL.

      Right, the breach occurred the second the guy hit "Send"
      There is no "Fixing" this. The fact that Goldman Sachs doesn't have any security controls to block the sending of spreadsheets outside their network is eyebrow raising to say the least.

  • Too late (Score:5, Funny)

    by Slizzo (3610599) on Thursday July 03, 2014 @09:32AM (#47375533)
    "avoid the risk of unnecessary reputational damage to Goldman Sachs." I'd say it's too late for that now, mate.
  • by Lawrence_Bird (67278) on Thursday July 03, 2014 @09:33AM (#47375545) Homepage

    At least every lawyer type e-mail I get has a giant disclaimer at the end if you are NOT the intended recipient. Perhaps GS should have considered using that? Over paid dopes.

    • Re:Disclaimer? (Score:5, Insightful)

      by blane.bramble (133160) on Thursday July 03, 2014 @09:36AM (#47375577) Homepage

      The problem with that is, is if was sent to your email address, you are the intended recipient.

      • >The problem with that is, is if was sent to your email address, you are the intended recipient.

        No you're not, when the email was sent by mistake.
        • Re: (Score:3, Informative)

          by blane.bramble (133160)

          You are incorrect. The email may be mis-addressed, but you are still the intended recipient of that email, as given by the fact the email envelope has you as the recipient. You therefore have a legally acceptable record that that individual email was sent directly to you.

        • >The problem with that is, is if was sent to your email address, you are the intended recipient. No you're not, when the email was sent by mistake.

          I'm having trouble figuring out where to begin explaining how incorrect this statement is. Your argument is intent? OK, let's start there. The users intent was to send an Email. This user intentionally entered real world confidential information into the body of this Email message. Then this user intentionally entered a fully qualified and valid Email address into the "TO:" field of the Emails header and finally they intentionally sent this message to the previously mentioned Email address. Tripping over a

      • by Cajun Hell (725246) on Thursday July 03, 2014 @12:33PM (#47377367) Homepage Journal

        The problem with that is, is if was sent to your email address, you are the intended recipient.

        This is incorrect, and yet, the error does not matter.

        Intent is known only by the sender. From the recipient's point of view, it does make sense to assume that an email addressed to you, is intended for you. That asumption is sometimes wrong, but it's a rare occurance. And whenever you're wrong, you won't know until you've already read some of the email. This really is the best any recipient can be reasonably expected to do.

        The sender has all the power here (they get to decide whether or not to encrypt, for example, and which key to use (typically looked up by intended-recipient's name!!)) so I think they should have all the responsibility.

    • Re:Disclaimer? (Score:5, Insightful)

      by u38cg (607297) <calum@callingthetune.co.uk> on Thursday July 03, 2014 @09:37AM (#47375597) Homepage
      These disclaimers are worthless (legally), as you can't accept conditions just by receiving something; none of the heads of contract are satisfied. However, if they motivate the receiving party to do what you want them to then they serve their purpose.
    • by msauve (701917) on Thursday July 03, 2014 @09:40AM (#47375617)
      What's your email address? Because, I want to send you an email with a giant disclosure at the end which says you owe me $1 million if you read the email.
    • What good is a disclaimer going to do? Are any instructions within legally, or in another way, enforceable?

    • Re:Disclaimer? (Score:5, Informative)

      by fuzznutz (789413) on Thursday July 03, 2014 @09:41AM (#47375631)

      At least every lawyer type e-mail I get has a giant disclaimer at the end if you are NOT the intended recipient. Perhaps GS should have considered using that? Over paid dopes.

      Every time I see one of those worthless disclaimers, I crack up. You can't unring a bell and I am under NO obligation to delete any email that was sent to me if it was addressed to my email account. If you typed the wrong address, that's your problem, not mine.

      • ***** IMPORTANT INFORMATION/DISCLAIMER *****
        This document should be read only by those persons to whom it is addressed. If you have received this message it was obviously addressed to you and therefore you can read it, even it we didnt mean to send it to you. However, if the contents of this email make no sense whatsoever then you probably were not the intended recipient, or, you are a mindless cretin; either way, you should immediately delete yourself & destroy your computer! Once you have taken this a

    • by PA23 (1708056)

      Can't image those disclaimers are enforceable...Plus I have a disclaimer on my email server that states that "any email received by this system is subject to full public disclosure at the sole discretion of the recipient. If you do not accept these terms do not transmit your email and disconnect now"

  • by MindPrison (864299) on Thursday July 03, 2014 @09:34AM (#47375557) Journal
    ...companies in the world.

    This is a test case for them, it's all about control and it's all about the money.

    Do you guys remember this: "Give me control of a nation's money and I care not who makes the laws."?
    Well, you better remember it - and understand what it means, because your FREEDOM is at stake!

    Cryptic to you?
    READ BETWEEN THE LINES!
  • "By contrast, Google faces little more than the minor inconvenience of intercepting a single email - an email that was indisputably sent in error," it added.

    Losing a few thousand dollar is little more than a minor inconvenience for GS.
    So how about it GS... send me a few thousand dollars.

    Google is abso-fucking-lutely right to require a court order. If they don't, it'll just open the flood gates for other companies and people to "retract" damaging e-mails. The news here isn't that Google required proper legal procedures before violating it's users rights, it's that GS sends highly sensitive data by e-mail.

    • by plasm4 (533422)
      What's shocking is that google has locked the user out of their email account while this is happening.
    • by Somebody Is Using My (985418) on Thursday July 03, 2014 @10:21AM (#47375995) Homepage

      As disturbing is that the threat of "reputational damage" is enough to get a court on your side.

      The United States government should not be helping people or business protect their reputation from their own mistakes. It opens a floodgate to potential abuses. This request should have been laughed out of court. "You screwed up, bub; you deal with the consequences."

      I can see this ruling being used as a precedent in many future law cases.

  • That oughta larn 'em to check before they click send. But it probably won't.
  • by BenJeremy (181303) on Thursday July 03, 2014 @09:49AM (#47375685)

    ...and used Microsoft's legal team. They would have gotten the gmail.com and google.com domains and then it would just have been a matter to use Microsoft name servers to commit a DoS attack against gmail's hackers, erm, users.

    The Federal judges in Nevada are suckers for a good story, I hear, even if it's blatantly false.

  • How the fuck? (Score:4, Interesting)

    by Anonymous Coward on Thursday July 03, 2014 @09:52AM (#47375701)

    How the fuck did they reach anyone at Google to get that response?!

    • by Kardos (1348077)

      It's the "they have lots of money" effect that ensures their requests are read and acted upon, rather than automatically filtered out and discarded.

    • by u38cg (607297)
      They almost certainly have a contractual relationship with Google on other matters that would involve a human. From there it's a matter of a few phonecalls.
  • by schwit1 (797399) on Thursday July 03, 2014 @09:53AM (#47375723)

    Aren't these legally binding? :-)

  • So can I (Score:5, Insightful)

    by Kardos (1348077) on Thursday July 03, 2014 @09:59AM (#47375785)

    make the same request when I accidentally reply-all to save myself 'reputational damage'? Or does this only work for large companies with lots of money?

  • by grahamm (8844) <gmurray@webwayone.co.uk> on Thursday July 03, 2014 @10:01AM (#47375813) Homepage

    Someone should tell Goldman Sachs that you cannot unsend an email. Usenet articles can be cancelled, even though most servers ignore cancels, but like snail mail, once email is posted it cannot be recalled.

  • by Joe Gillian (3683399) on Thursday July 03, 2014 @10:02AM (#47375819)

    What I'm wondering is whether or not the person whose email account was blocked because they received an email from Goldman Sachs has any form of legal recourse against Goldman Sachs.

  • They asked google to do something, google said they can't without a court order, and now they seem to be getting one.
  • by Anonymous Coward

    Everyone makes mistakes. I understand that. I make mistakes too.

    But here's what I don't get. I am sending an email to dude@gs.com and accidentally type dude@gmail.com. But I also I just happen to have dude@gmail.com's PGP key and a sufficient trust path to know the key is correct, for the confidential information in question? That's the part I simply don't believe. All of Goldman Sachs' protestations that the sender just happened to also know dude@gmail.com and that they key was verified, ring hollow.

  • by dbIII (701233) on Thursday July 03, 2014 @10:21AM (#47375999)
    After 2008, Greek crisis etc what damage will this do to their reputation?
  • by countach (534280) on Thursday July 03, 2014 @10:25AM (#47376027)

    My question is, what law gives a court the right to do such thing? While there may well be laws that compel companies to keep their own data private, I find it hard to believe there is a law that gives a court the right to undelete stuff in a scenario like this. Courts don't tend to do stuff no matter how reasonable unless there is some law that says they should.

    The disturbing thing about this is that the real owner of that mail box, whoever he may be, doesn't get to show up in court and put forward his viewpoint.

    • I can see one way that the court is authorized by law to do that. Under common law, we each have a duty to not be reckless about doing things that might cause harm to another. Had Google chosen to deliver the email after having been notified that it could bring harm to Goldman _and_its_customers, Goldman could then file a suit for negligence. The judge or jury would then decide if Google failed to exercise ordinary care in preventing the leak, or if they did all that a reasonable person would do to protect

  • Unsending E-mail (Score:5, Interesting)

    by DERoss (1919496) on Thursday July 03, 2014 @10:53AM (#47376307)

    The ancient Roman Horace (65-8 bce) said: "Once a word has been allowed to escape, it cannot be recalled."

    More recently, Omar, the Tentmaker (died ca 1123 ce) said:
    "The moving finger writes; and, having writ,
    Moves on: nor all your Piety or Wit
    Shall lure it back to cancel half a Line,
    Nor all your Tears wash out a Word of it."

  • by 140Mandak262Jamuna (970587) on Thursday July 03, 2014 @11:26AM (#47376673) Journal
    If the mail has not yet been delivered, then Google can stop the deliver and bill Goldman for the cost of stopping the delivery. If it has already been delivered, it is the property of the recipient. You can't do anything about it. At best Goldman can go after the recipient and get a gag order from the court. But Google is out of the picture.
  • by 140Mandak262Jamuna (970587) on Thursday July 03, 2014 @01:30PM (#47377935) Journal
    I am very sure Google lawyers will be pointing out to Goldman lawyers the exact clause and paragraph where Goldman pledged the everlasting life and soul of all the board of directors to Google when they clicked on the "accept" button of the EULA agreement of the Gmail.

IF I HAD A MINE SHAFT, I don't think I would just abandon it. There's got to be a better way. -- Jack Handley, The New Mexican, 1988.

Working...