On August 12th, an employee of Rocky Mountain Bank sent a spreadsheet with 1300 names, address, and social security numbers to a GMail (Google email) address. Unfortunately, the person sent it to the wrong address. The data was apparently unencrypted (this is a conclusion that I have come to, based solely on RMB’s subsequent actions).

The bank employee sent another email to same address, asking the recipient to contact the bank, and also to delete the file without opening it.

The bank has not heard back from the email recipient, so they asked Google to disclose the GMail account holder’s personal information, so that they could initiate another form of communication with the person.

Not surprisingly, Google denied the request. The bank then went to court to get a court order to get that information, as well as having the account deactivated. Here comes the crazy part – a judge actually agreed!

Let’s do a sanity check here. What crime has this person committed? Um, none. It’s not a crime to be the recipient of unintended email. The person didn’t hack into the bank’s system or anything like that. There is exactly one person at fault here – the person who sent the email. If the same information had been sent through the postal service, would the bank have asked the postal service to suspend mail service?

There is the distinct possibility that the person doesn’t even realize that they have received this email. If they use “whitelists” to restrict their email to pre-approved address, the bank’s email would not have gone into their inbox. Even if the person did see the email, it’s very possible that they suspected a phishing scam and deleted both emails immediately. If the exact same thing happened to me, I would assume a phishing scam. I get a lot of emails that appear to come from banks.

Even if the bank’s request had some sort of merit, I’m not sure exactly what they intend to accomplish by having the GMail account deactivated, other than attempting the punish the recipient. If the bank thinks that the person hasn’t viewed the email yet, I could understand them requesting that Google simply delete that one email from the person’s account. I’m not saying they would be right to do this, but I could understand the logic.

If the person has already viewed the email, then this action will not accomplish anything. If the recipient wanted to take some action with the spreadsheet – such as forwarding to all their friends – then the horse is already gone. Not much point in closing the barn door. If the person already deleted the document, then the action also won’t accomplish anything.

Most disturbing is that this creates the opportunity for abuse of process. What is to prevent companies – or individuals – from “accidentally” sending emails to competitors and then going to court to deactivate the email account of the competitor?

In my opinion, a lot of today’s judges do not have the background to understand some of today’s technology. This is not the first situation where a judge has made a strange decision on a matter related to technology. As technology continues to advance, this is going to become even more of a problem. I would propose the creation of an agency that judges could consult in order to get an accurate and unbiased exlanation of how certain technologies work. This would, of course, have to be at taxpayer expense … but isn’t the cost of miscarried justice even worse?

What did you miss over the weekend?