Evan Schuman: What if you can't trust your inbox?
Goldman Sachs is taking Google to court to force the cloud vendor to delete an email accidentally sent to a Gmail user. The consequences of a ruling for Goldman would be devastating.
Computerworld - IT professionals are familiar with the business advantages of cloud-based communications, primarily anytime, anywhere access to email, on virtually any device. They also know a good deal about the dangers, such as outages that can result in access from nowhere, at no time and on no devices. But a new and quite ominous danger was flagged only last week, when Goldman Sachs moved in a New York state court to force Google to delete an email that the financial firm had accidentally sent to a Gmail user.
A ruling in Goldman's favor would be a big deal to enterprises.
Ever since email became a popular business tool in the mid-'90s, companies have relied on email files as mini-archives. For years now, when anyone has put an offer in writing, it has tended to take the form of an email. If a client or partner reneged on the terms of an agreement, you forwarded the initial email, with relevant passages highlighted. If the recipients had any doubts, they could access their own email archives to find their copy of the message. If the two matched, everyone pretty much conceded the point.
All of that changes, though, if senders win the right to have emails zapped. Our trust in cloud-based email archives will evaporate. Processes will change. Users or IT might begin routinely saving important emails to hard disks, away from potential manipulation by Google or anyone else, or doing screen captures of their most important emails. And companies that get burned might decide to pull email back from the cloud -- a possibility that suggests that Google will fight Goldman Sachs tooth and nail on this. (Scary thought: How many small-scale cloud operations without Google's resources have already given in to similar demands, with no court order needed?)
This is a new issue for email, but we have seen before that cloud providers can exercise a lot of control over the things we entrust to them. Most notoriously, Amazon, as a result of a publisher dispute, has taken back and deleted legally purchased e-books, music, games and videos. Clearly, when you cloud your data, it is subject to manipulation by anyone controlling those systems.
The details of this case, as outlined in Goldman's filing, are interesting. At issue is one email that was accidentally sent to the wrong person.
The Financial industry Regulatory Authority (FINRA) requires financial firms to periodically generate reports about client investments. In addressing that FINRA requirement, Goldman's IT group sent the information needed for the report to its compliance department for validation. An unspecified outside technology consulting firm had been hired to assist with this process, according to the filing. On June 23, 2014, an employee of that consulting firm tried to send a copy of this report to a Goldman Sachs internal address, which would take the form of NAME@gs.com, "but instead mistakenly sent a copy of the internal report" to that same name but @Gmail.com. (Was this another autofill fail? The filing doesn't say.)
When it realized what had happened, Goldman sent a message to that Gmail address, but it never heard back, according to the court filing. Goldman then reached out to Google's incident response team to request that the email be deleted and was told that a court order was needed.
More by Evan Schuman
- Evan Schuman: What if you can't trust your inbox?
- Evan Schuman: Supreme Court on obvious patents: Common sense isn't so horrible
- Evan Schuman: Do you know the people you're following on Twitter? Neither does Twitter, apparently
- Evan Schuman: Is Google forgetting that interactivity pays its bills?
- Evan Schuman: Killer robots? What could go wrong? Oh, yeah ...
- Evan Schuman: One law to rule all data breaches -- but let's make it a real law
- Evan Schuman: Snapchat's reputation is vanishing (unlike its images)
- Evan Schuman: Snapchat's latest feature shows why IT must tame marketing's inner monster
- Evan Schuman: With Heartbleed, IT leaders are missing the point
- Evan Schuman: Social media endangers corporate secrets
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!