Rocky Mountain Bank v. Google, Inc.

Last updated

Rocky Mountain Bank v. Google Inc.
US DC NorCal.svg
Court United States District Court for the Northern District of California
DecidedSeptember 23, 2009
Docket nos.09-cv-0438503
Court membership
Judge sitting James Ware

Rocky Mountain Bank v. Google Inc. was a decision by the United States District Court for the Northern District of California holding that Google had to reveal the account information of a Gmail user who had been mistakenly sent sensitive information from Rocky Mountain Bank.

Contents

In August 2009, a Rocky Mountain Bank employee was asked by a customer to forward loan reports to the customer's agent. Instead, the employee mistakenly sent the email to a different account and mistakenly included a file of sensitive loan details from 1,325 individual and business customers. He emailed the Gmail user, asking the user to contact the bank and delete the email. Because the user was unresponsive, the employee asked Google to divulge the user's identity. Pursuant to its privacy policy, Google refused, noting that the bank needed to obtain a court order to obtain the information.

After the bank sued Google, judge James Ware ruled that Google had to lock the Gmail account and divulge the user's account information to the bank. If the user had accessed the sensitive email, Google also had to reveal the user's identity. After Google revealed the account information, both parties filed a joint motion requesting that the judge's ruling be vacated. They explained that Google's disclosures mooted the order. The Gmail user had marked the email as spam without opening it and the email had been deleted unread on September 19, 2009.

Background

In August 2009, an employee of the Wilson, Wyoming-based Rocky Mountain Bank was asked by a bank customer to email loan reports to the customer's agent. [1] However, on August 12, 2009, the employee accidentally emailed the information to an incorrect Gmail account when he misspelled one letter in the email address. [2]

His second blunder was including an attachment in the email that had private details for 1,325 individual and business customers. The attachment comprised loan details from 2008, such as "customers' names, addresses, Social Security or tax ID numbers, loan numbers, balances, interest rates and principal amounts". [3] Upon discovering his mistake, the employee unsuccessfully attempted to rescind his email. He then sent a second email to the Gmail account, ordering the individual to expunge both the email and the attachment and refrain from looking at the attachment's contents. Directing the Gmail user to respond to him to "discuss his or her actions", the employee received no response. [1] The bank asked Google to divulge the unresponsive account holder's identity. Pursuant to its privacy policy, the company denied the request, telling the bank that it needed to get a court order. [4]

To preclude the error from occurring again, the bank added a second tier of security access barriers. [3] It also apprised by telephone and writing all clients whose confidential information was sent in the email. The bank also gave customers the option to have credit monitoring for a year without charge. [5]

Rocky Mountain Bank sued Google to force the company to delete the email account and reveal the account holder's identity. [6] It stressed that speedy action was needed to protect its clients from "irreparable" and "unnecessary" danger. [7] The bank attempted to file the case under seal because it wanted to preclude consternation from its customers and a "surge of inquiry". [6] The motion to seal was denied by U.S. District Court Judge Ronald M. Whyte. [4] Whyte wrote that "[a]n attempt by a bank to shield information about an unauthorized disclosure of confidential customer information until it can determine whether or not that information has been further disclosed and/or misused does not constitute a compelling reason that overrides the public's common law right of access to court filings". [1]

The case was later transferred to James Ware of the United States District Court for the Northern District of California. [4] The judge placed an ad interim restraining order mandating Google to shut down the Gmail address. Ware forbade Google and the Gmail user from reviewing or dispensing the sensitive information. He also granted the bank's request to have Google reveal if the Gmail user had looked at the sensitive email or "otherwise manipulated" it and if the account was inactive or recently used. If the account had been recently used, Ware required Google to reveal to the bank the account holder's identity. [8]

Following Google's disclosures to the bank in adherence to Ware's order, Rocky Mountain Bank and Google requested in a joint motion that the restraining order be vacated. Telling the judge that the order had been mooted by Google's revelations, the motion requested that Google be allowed to restore the Gmail account. The motion did not enumerate Google's disclosures. [8]

In a report filed in late September with the U. S. District Court for the Northern District of California, Google wrote that the confidential email was sent on August 12. Without entering the email, the Gmail user sent it to the account's spam folder. Google noted that the user could no longer access the email since it had been automatically deleted on September 19. Although Google had apprised the user of Rocky Mountain Bank's lawsuit on September 21, the company noted though that "with suspension of the Gmail account, the user now will be precluded from retrieving that notice, other communications about this matter or any other e-mail of importance to the user". [2]

Reactions

Opinions on the Internet from privacy advocates were divided. A number of commentators chastised the bank for trying to block the guiltless Gmail user from entering his or her account. Some said that with limited options, the bank had responsibly tried to contact the user to erase the confidential email; when no answer was forthcoming, the bank rightfully attempted to have the account locked. [5]

Related Research Articles

<span class="mw-page-title-main">Phishing</span> Form of social engineering

Phishing is a form of social engineering and a scam where attackers deceive people into revealing sensitive information or installing malware such as viruses, worms, adware, or ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim navigates the site, and transverses any additional security boundaries with the victim. As of 2020, it is the most common type of cybercrime, with the FBI's Internet Crime Complaint Center reporting more incidents of phishing than any other type of cybercrime.

<span class="mw-page-title-main">Gmail</span> Email service provided by Google

Gmail is the email service provided by Google. As of 2019, it had 1.5 billion active users worldwide, making it the largest email service in the world. It also provides a webmail interface, accessible through a web browser, and is also accessible through the official mobile application. Google also supports the use of third-party email clients via the POP and IMAP protocols.

<span class="mw-page-title-main">Google Desktop</span> Computer program

Google Desktop was a computer program with desktop search capabilities, created by Google for Linux, Apple Mac OS X, and Microsoft Windows systems. It allowed text searches of a user's email messages, computer files, music, photos, chats, web pages viewed, and the ability to display "Google Gadgets" on the user's desktop in a sidebar.

Email privacy is a broad topic dealing with issues of unauthorized access to, and inspection of, electronic mail, or unauthorized tracking when a user reads an email. This unauthorized access can happen while an email is in transit, as well as when it is stored on email servers or on a user's computer, or when the user reads the message. In countries with a constitutional guarantee of the secrecy of correspondence, whether email can be equated with letters—therefore having legal protection from all forms of eavesdropping—is disputed because of the very nature of email.

<span class="mw-page-title-main">AOL Mail</span> Free web-based email service provided by AOL

AOL Mail is a free web-based email service provided by AOL, a division of Yahoo! Inc.

The following tables compare general and technical information for a number of notable webmail providers who offer a web interface in English.

<span class="mw-page-title-main">James Ware (judge)</span> American judge (born 1946)

William James Ware is a retired United States district judge of the United States District Court for the Northern District of California.

<span class="mw-page-title-main">History of Gmail</span>

The public history of Gmail dates back to 2004. Gmail, a free, advertising-supported webmail service with support for Email clients, is a product from Google. Over its history, the Gmail interface has become integrated with many other products and services from the company, with basic integration as part of Google Account and specific integration points with services such as Google+, Google Calendar, Google Drive, Google Hangouts, Google Meet, YouTube, and Google Buzz. It has also been made available as part of G Suite. The Official Gmail Blog tracks the public history of Gmail from July 2007.

<span class="mw-page-title-main">Google Pay Send</span> Mobile payment system developed by Google

Google Pay Send, previously known as Google Wallet, was a peer-to-peer payments service developed by Google before its merger into Google Pay. It allowed people to send and receive money from a mobile device or desktop computer.

A Google Account is a user account that is required for access, authentication and authorization to certain online Google services. It is also often used as single sign-on for third party services.

Google Workspace is a collection of cloud computing, productivity and collaboration tools, software and products developed and marketed by Google. It consists of Gmail, Contacts, Calendar, Meet and Chat for communication; Drive for storage; and the Google Docs Editors suite for content creation. An Admin Panel is provided for managing users and services. Depending on edition Google Workspace may also include the digital interactive whiteboard Jamboard and an option to purchase add-ons such as the telephony service Voice.

<span class="mw-page-title-main">Outlook.com</span> Microsoft webmail service

Outlook.com, formerly Hotmail, is a free personal email service offered by Microsoft. This includes a webmail interface featuring mail, calendaring, contacts, and tasks services. Outlook can also be accessed via email clients using the IMAP or POP protocols.

<span class="mw-page-title-main">Gmail interface</span>

The Gmail interface makes Gmail unique amongst webmail systems for several reasons. Most evident to users are its search-oriented features and means of managing e-mail in a "conversation view" that is similar to an Internet forum.

A recent extension to the cultural relationship with death is the increasing number of people who die having created a large amount of digital content, such as social media profiles, that will remain after death. This may result in concern and confusion, because of automated features of dormant accounts, uncertainty of the deceased's preferences that profiles be deleted or left as a memorial, and whether information that may violate the deceased's privacy should be made accessible to family.

<span class="mw-page-title-main">Sparrow (email client)</span> Email client

Sparrow was an email client for OS X and iOS. After a 4-month beta period, Sparrow went on sale in the Mac App Store on February 9, 2011 and became the top paid and top grossing app in less than one day. On July 20, 2012, the company announced that it had been acquired by Google and was ceasing continued development of the application except for critical bug fixes.

EmailTray is a lightweight email client for the Microsoft Windows operating system. EmailTray was developed by Internet Promotion Agency S.A., a software development d.

Zorpia is a social networking service with customers in China. Zorpia is one of the few international social networks with a Chinese Internet Content Provider license. The social networking site reports 2 million unique users per month and a total worldwide user base of 26 million. Jeffrey Ng is the company's founder and CEO of Zorpia. The privately funded company is based in Hong Kong and has 30 employees.

<span class="mw-page-title-main">Mailbird</span> Desktop email client software app

Mailbird is a desktop email client for Microsoft Windows, compatible with Windows 10 and Windows 11. As well as sending and receiving emails, Mailbird includes managing calendar events and contacts from different email providers, social media, task management, file share, and video-conferencing integrations. Mailbird is offered via paid subscription, but also includes a free version.

<i>United States v. Google Inc.</i>

United States v. Google Inc., No. 3:12-cv-04177, is a case in which the United States District Court for the Northern District of California approved a stipulated order for a permanent injunction and a $22.5 million civil penalty judgment, the largest civil penalty the Federal Trade Commission (FTC) has ever won in history. The FTC and Google Inc. consented to the entry of the stipulated order to resolve the dispute which arose from Google's violation of its privacy policy. In this case, the FTC found Google liable for misrepresenting "privacy assurances to users of Apple's Safari Internet browser". It was reached after the FTC considered that through the placement of advertising tracking cookies in the Safari web browser, and while serving targeted advertisements, Google violated the 2011 FTC's administrative order issued in FTC v. Google Inc.

Google's changes to its privacy policy on March 16, 2012, enabled the company to share data across a wide variety of services. These embedded services include millions of third-party websites that use AdSense and Analytics. The policy was widely criticized for creating an environment that discourages Internet innovation by making Internet users more fearful and wary of what they do online.

References

  1. 1 2 3 Zetter, Kim (September 21, 2009). "Bank Sends Sensitive E-mail to Wrong Gmail Address, Sues Google". Wired . Archived from the original on May 7, 2011. Retrieved April 28, 2011.
  2. 1 2 Gallob, Joel (September 29, 2009). "E-mail with bank information was deleted, Google says". Laramie Boomerang . Archived from the original on May 25, 2024. Retrieved April 28, 2011.
  3. 1 2 "E-mail with personal info never opened". Billings Gazette . September 28, 2009. Archived from the original on May 25, 2024. Retrieved April 28, 2011.
  4. 1 2 3 Davis, Wendy (September 24, 2009). "Judge Orders Google To Deactivate User's Gmail Account". MediaPost. Archived from the original on August 12, 2011. Retrieved April 27, 2011.
  5. 1 2 Provost, Ruffin (September 29, 2009). "Bank gets attention with Google lawsuit". Billings Gazette . Archived from the original on May 25, 2024. Retrieved April 28, 2011.
  6. 1 2 Metz, Cade (September 23, 2009). "Bank sues Google for identity of Gmail user". The Register . Archived from the original on October 8, 2011. Retrieved April 28, 2011.
  7. Mintz, Howard (September 23, 2009). "Bank Sues Google to Get Missent Email Back". San Jose Mercury News . Archived from the original on May 25, 2024. Retrieved April 28, 2011.
  8. 1 2 "Google, bank end dispute over Gmail account". Computerworld . September 28, 2009. Archived from the original on March 22, 2012. Retrieved April 28, 2011.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.