Judge Rules Against Gmail User After Bank Screws Up
By Chris
Well. Here you have it. If you want a judge to order someone’s GMail account to be switched off, all you must do is send them a large amount of sensitive information. Actually this ruling does not seem to necessarily touch on the size of the information. Perhaps you could just send your bank account information.
Also, let me point out the sheer idiocy of sending sensitive information like this via email. Email is not encrypted in the first place and can rather easily be intercepted by a third party. This bank was already putting its users at far greater risk simply by using email to send data about them across the internet than it did by sending the information to a stranger. Let me explain. As Schneier likes to point out, random strangers are generally helpful, whereas, I might point out that people snooping on emails are generally not trustworthy.
Someone might object that it is possible to set up authenticated email and perhaps the bank was using this. This is true, but it was evidently not terribly effective to this bank. Presumably such a system would not send an email if the connection was unable to be secured. But since it was sent to a random GMail account, this was obviously not the case.
Idiocy.
