IT professionals are familiar with the business advantages of cloud-based communications, primarily anytime, anywhere access to email, on virtually any device. They also know a good deal about the dangers, such as outages that can result in access from nowhere, at no time and on no devices. But a new and quite ominous danger was flagged only last week, when Goldman Sachs moved in a New York state court to force Google to delete an email that the financial firm had accidentally sent to a Gmail user.
A ruling in Goldman's favor would be a big deal to enterprises.
Ever since email became a popular business tool in the mid-'90s, companies have relied on email files as mini-archives. For years now, when anyone has put an offer in writing, it has tended to take the form of an email. If a client or partner reneged on the terms of an agreement, you forwarded the initial email, with relevant passages highlighted. If the recipients had any doubts, they could access their own email archives to find their copy of the message. If the two matched, everyone pretty much conceded the point.
All of that changes, though, if senders win the right to have emails zapped. Our trust in cloud-based email archives will evaporate. Processes will change. Users or IT might begin routinely saving important emails to hard disks, away from potential manipulation by Google or anyone else, or doing screen captures of their most important emails. And companies that get burned might decide to pull email back from the cloud -- a possibility that suggests that Google will fight Goldman Sachs tooth and nail on this. (Scary thought: How many small-scale cloud operations without Google's resources have already given in to similar demands, with no court order needed?)
This is a new issue for email, but we have seen before that cloud providers can exercise a lot of control over the things we entrust to them. Most notoriously, Amazon, as a result of a publisher dispute, has taken back and deleted legally purchased e-books, music, games and videos. Clearly, when you cloud your data, it is subject to manipulation by anyone controlling those systems.
The details of this case, as outlined in Goldman's filing, are interesting. At issue is one email that was accidentally sent to the wrong person.
The Financial industry Regulatory Authority (FINRA) requires financial firms to periodically generate reports about client investments. In addressing that FINRA requirement, Goldman's IT group sent the information needed for the report to its compliance department for validation. An unspecified outside technology consulting firm had been hired to assist with this process, according to the filing. On June 23, 2014, an employee of that consulting firm tried to send a copy of this report to a Goldman Sachs internal address, which would take the form of NAME@gs.com, "but instead mistakenly sent a copy of the internal report" to that same name but @Gmail.com. (Was this another autofill fail? The filing doesn't say.)
When it realized what had happened, Goldman sent a message to that Gmail address, but it never heard back, according to the court filing. Goldman then reached out to Google's incident response team to request that the email be deleted and was told that a court order was needed.