A Bank's Mistake and Gmail Lockout Conjure Cloud Cautions

 
 
By Jim Rapoza  |  Posted 2009-09-29 Email Print this article Print
 
 
 
 
 
 
 

A recent case seems to show that we can lose access to our e-mail accounts and other cloud-based apps for simply avoiding the kinds of e-mails that pretty much everyone would assume were spam.

Oh, well-just another day in the technology grind. I think I'll fire up my Gmail account to see if I have any important e-mails in there.

One thing I'm pretty sure about is that there will be more spam and phishing e-mails. Gmail was pretty good about catching these things, but lately I've been getting "urgent" e-mails from some bank in Wyoming. Since I don't have anything to do with any banks in Wyoming, I'm very sure that these e-mails are just some form of spam or possibly dangerous phishing attempts.

Everyone who knows anything about Internet security knows that it's very common for bad guys to send out e-mails disguised as messages from banks, hoping some sucker will follow through and provide the account number and password for his or her online banking account.

But I'm too smart for that. In fact, these fake e-mails from this "bank" in "Wyoming" have been so persistent that I think I'll set up a filter to block them entirely.

Hmm. Something seems to be wrong with Gmail. All I can see is this message from Google that says, "Per court order in a case brought by a Wyoming-based bank, your Gmail account has been disabled and your account information provided to the bank." What the ...?

Sound unlikely? Guess again.

While the above scenario didn't actually happen to me, it is happening right now to a Gmail user whose only crime was to receive an e-mail accidentally sent to his or her (the identity of the account holder has not been revealed) address by the Rocky Mountain Bank of Wyoming.

In a story that is being reported on by multiple news sources, it appears that someone at the Rocky Mountain Bank inadvertently sent an e-mail containing sensitive information on more than 1,300 customers to the wrong Gmail e-mail address. (I won't get started on how it was even possible for someone from a bank to do this in the first place.)

After the error was discovered, the bank sent subsequent messages to the same e-mail address and contacted Google to get the account holder's personal information.

Google has a policy (and a good one, in my opinion) that it won't divulge account information to third parties without a court order. But the bank decided to go further than just seeking a court order for the account information-it also asked the court to force Google to deactivate this random and, most likely, completely innocent person's Gmail account.

And that's just what the court did. Now, it seems, we can lose access to our e-mails and-most likely-our Google Apps, calendar, chat and Wave applications, as well as our Google AdSense accounts-for simply avoiding the kinds of e-mails that pretty much everyone would assume were spam. For any of the small companies and independent consultants who have moved their entire business to Google's clouds, this could mean being shut down completely until the whole mess got sorted out.

Talk about the risks of moving your business to the cloud! This is one of the scariest, most nuclear outcomes I can think of for anyone who uses cloud-based services heavily.

One has to wonder what the involved parties were thinking here. Clearly, this bank isn't that tech-savvy. I guess the bank asked for the Gmail account to be shut down to prevent the sensitive data inadvertently sent to it from being spread. But if the account holder was inclined to do this, shutting the account down wouldn't stop the person. He or she could spread the data using another e-mail account, and, if Gmail offline or a POP or IMAP client was used, the account holder might still have access to the data.

The judge is even more of a mystery. One would expect that a northern California-based judge would be at least a bit tech-savvy, but apparently this judge has never seen spam or phishing e-mails in his in-box.

It will be interesting to see how this turns out. Maybe the person involved really did try to use the data in a criminal way. But most likely he or she had no clue what was going on until Google gave him the bad news.

And for the rest of us, this is just one more reason why a totally cloud-based solution might not be the silver bullet solution that many think it is.

Chief Technology Analyst Jim Rapoza can be reached at jrapoza@eweek.com.


 
 
 
 
Jim Rapoza, Chief Technology Analyst, eWEEK.For nearly fifteen years, Jim Rapoza has evaluated products and technologies in almost every technology category for eWEEK. Mr Rapoza's current technology focus is on all categories of emerging information technology though he continues to focus on core technology areas that include: content management systems, portal applications, Web publishing tools and security. Mr. Rapoza has coordinated several evaluations at enterprise organizations, including USA Today and The Prudential, to measure the capability of products and services under real-world conditions and against real-world criteria. Jim Rapoza's award-winning weekly column, Tech Directions, delves into all areas of technologies and the challenges of managing and deploying technology today.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...

 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel