A recent case seems to show that we can lose access to our e-mail accounts and other cloud-based apps for simply avoiding the kinds of e-mails that pretty much everyone would assume were spam.
Oh, well-just another day in the
technology grind. I think I'll fire up my Gmail account to see if I have any
important e-mails in there.
One thing I'm pretty sure about is
that there will be more spam and phishing e-mails. Gmail was pretty good about
catching these things, but lately I've been getting "urgent" e-mails from some
bank in Wyoming. Since I don't
have anything to do with any banks in Wyoming,
I'm very sure that these e-mails are just some form of spam or possibly
dangerous phishing attempts.
Everyone who knows anything about
Internet security knows that it's very common for bad guys to send out e-mails disguised
as messages from banks, hoping some sucker will follow through and provide the account
number and password for his or her online banking account.
But I'm too smart for that. In
fact, these fake e-mails from this "bank" in "Wyoming"
have been so persistent that I think I'll set up a filter to block them
Hmm. Something seems to be wrong
with Gmail. All I can see is this message from Google that says, "Per court
order in a case brought by a Wyoming-based bank, your Gmail account has been
disabled and your account information provided to the bank." What the ...?
Sound unlikely? Guess again.
While the above scenario didn't
actually happen to me, it is happening right now to a Gmail user whose only
crime was to receive an e-mail accidentally sent to his or her (the identity of
the account holder has not been revealed) address by the Rocky Mountain Bank of
In a story that is being reported
on by multiple news sources, it appears that someone at the Rocky Mountain Bank
inadvertently sent an e-mail containing sensitive information on more than 1,300
customers to the wrong Gmail e-mail address. (I won't get started on how it was
even possible for someone from a bank to do this in the first place.)
After the error was discovered, the
bank sent subsequent messages to the same e-mail address and contacted Google
to get the account holder's personal information.
Google has a policy (and a good
one, in my opinion) that it won't divulge account information to third parties
without a court order. But the bank decided to go further than just seeking a
court order for the account information-it also asked the court to force Google
to deactivate this random and, most likely, completely innocent person's Gmail
And that's just what the court did.
Now, it seems, we can lose access to our e-mails and-most likely-our Google
Apps, calendar, chat and Wave applications, as well as our Google AdSense
accounts-for simply avoiding the kinds of e-mails that pretty much everyone
would assume were spam. For any of the small companies and independent
consultants who have moved their entire business to Google's clouds, this could
mean being shut down completely until the whole mess got sorted out.
Talk about the risks of moving your
business to the cloud! This is one of the scariest, most nuclear outcomes I can
think of for anyone who uses cloud-based services heavily.
One has to wonder what the involved
parties were thinking here. Clearly, this bank isn't that tech-savvy. I guess the
bank asked for the Gmail account to be shut down to prevent the sensitive data inadvertently
sent to it from being spread. But if the account holder was inclined to do this,
shutting the account down wouldn't stop the person. He or she could spread the
data using another e-mail account, and, if Gmail offline or a POP
or IMAP client was used, the account holder might still have access to the
The judge is even more of a
mystery. One would expect that a northern California-based judge would be at
least a bit tech-savvy, but apparently this judge has never seen spam or
phishing e-mails in his in-box.
It will be interesting to see how
this turns out. Maybe the person involved really did try to use the data in a
criminal way. But most likely he or she had no clue what was going on until
Google gave him the bad news.
And for the rest of us, this is
just one more reason why a totally cloud-based solution might not be the silver
bullet solution that many think it is.
Technology Analyst Jim Rapoza can be reached at firstname.lastname@example.org.