To me the point here should be that Goldman can't control their data and a simple typo can lead to a "massive" breach of "highly confidential" information.
How would you fix this problem? Because something similar happened to me.
Someone pasted in a bunch of confidential info into an email that was for discussion, with a few replies back and forth. After a hallway discussion with another colleague, I sat down to forward the latest email to him, but Outlook autocompleted the email address to an external vendor. Before I knew it, the email was away. I quickly sent the vendor rep asking him to delete the email I just sent, and he agreed. I assume he was professional about it.
What can be done? Confidential discussions via email is a must. Trying to get the entire company into a secure web/app-based platform only is a non-starter. You can't take away the ability to send email out. A custom "Internal Distribution Only" flag in Exchange might work, but I can already hear the complaints already of having to set/unset it with every email.
Really? At whatever company I work for, a simple typo of sending mail to a completely different domain despite warnings from Outlook will let me send various trade secrets & confidential info.
Putting aside the issue of whether there is any legal basis for ordering Google to delete something that was accidentally disclosed, I also take issue with their claim that the request is in itself reasonable.
They are not only requesting Google to delete this email, but also provide information to Goldman Sachs about who accessed that information. This violates the privacy of the person who received the email. What right does a company have to know how you accessed your own email, or who you shared it with, just because they accidentally sent you an email?
It makes me sad that asking Google to fix their problem is the best solution Goldman Sachs can come up with. A few other options off the top of my head:
* DDoS the gmail account in question with spam, particularly spam that looks like it contains confidential information.
* Create a clever job ad on reddit, advertising a GS position in IT Security division by tracking down an email user supposedly played by a GS confederate, and then provide the gmail account in the ad
* Blackmail the unintended recipient, perhaps by sending the sort of data it's illegal in the U.S. to even own
* Mock the "From" header for thousand of typical spam messages with the gmail account address, send them to destinations that are sure to pass through Spamhaus & co.'s filters
* Fill the user's inbox to capacity; e.g., sign up for Quora with the gmail address in question
Certainly on the gray hat side of things, but asking Google to delete an email isn't exactly kosher to begin with.
How on earth are any of the things you listed "gray hat"? Asking Gmail to delete an email you have sent by mistake may be a little unethical, but entirely legal. ALL of the ideas you have posted are blatantly illegal.
While at one time, the bank's proprietors may have been clever, I suspect that these days they are much more accustomed to getting what they want by throwing their weight around.
I am surprised that the information got out. In my company any email attachments to addresses outside the company domain were automatically zipped and passworded at the mail-server.
We would then receive an email with the password which we have to then inform to the original recipient (usually by forwarding the email... MITM? What does that mean).
And this is for a company that is nowhere near as regulated. How did GS let this happen?
Clearly someone in their infosec department just got fired. In the financial industry (I work in tech for finance), the "DLP" aka Data Loss Protection segment is very busy.
DLP software is what keeps sensitive software inside the confines of where it is supposed to stay. Funnily enough, DLP software like exactly the stuff in those links is what was not installed in the base Edward Snowden was at in Hawaii because it used too much bandwith.
The Federal Reserve uses Verdasys to prevent digital copies of the plates that print money from making it out (I know a guy who works in their tech department). It is scary to work at a place where they don't always trust even their administrators who have root/Administrator privs.
The article doesn't mention the email contained an attachment. I've sent and received a lot of emails with confidential data in the form of people chatting, parts of a spreadsheet pasted in, or an entire HTML automated report.
There are multiple problems with this, from both a regulatory and internal control perspective:
* Regarding testing internal changes - banks maintain vast test databases (admittedly full of customers called Ronald McDonald) covering almost every scenario. Testing goes far beyond unit testing and smoke testing, but dedicated teams of system integration and user acceptance testers. This 'test' was not a 'test' by any measure of internal policy.
* Contractors should not ordinarily have access to customer data. Regulators across jurisdictions make this clear. They can, but an excruciating approval process is necessary.
* Contractors having external email access to anything but whitelisted domains is unusual, and worth raising an eyebrow at.
* Why is the email address being typed in? I've never worked at Goldman but expect like almost every other bank in the world they use Exchange, which typically allows typing in [Lastname], [Firstname} with a list of people to then select (Jones, David1; Jones, David2; Jones, David3; etc).
* Why aren't attachments required to be encrypted, especially to external domains? This is an automated feature in Exchange.
I'm pretty familiar with all the duck tape that gets used in daily banking. So are regulators, who take a dim view of VBA being used as glue to tie together 1000s of internal systems, but often turn a blind eye. But this is not a case of duck tape, it is institutionalised failings at several levels. So the response is not surprising, Goldman have to show they take this seriously, despite so many internal failings, and shirk a bit off on 'external contractors' too.
That's the funny thing. Didn't it technically become a "needless and massive privacy breach" the instant the email was dispatched from their servers? Who knows who might've intercepted, read, or otherwise had access to it.
They definitely need to take responsibility at this point and contact all affected parties since there's no guarantee the data went unread.
This is interesting from the context of a whistleblower. What if the contractor intentionally emailed the file to an external address because they had found out some kind of management impropriety.
"Emergency relief is necessary to avoid the risk of inflicting a needless and massive privacy violation upon Goldman Sachs' clients, and to avoid the risk of unnecessary reputational damage to Goldman Sachs," the bank said.
"By contrast, Google faces little more than the minor inconvenience of intercepting a single email - an email that was indisputably sent in error," it added.
"Emergency relief is necessary"
"We are a big powerful bank, we are going to ask you nicely to do us a favor. Our employees fucked up. Please help us hide the fact that our employees fucked up, so we don't get a reputation for having employees that fuck up." the bank said.
"What we are asking them to do is technically speaking very simple. Whether or not it would open them up to many more such requests, we don't really care(unless one of our employees fucks up again,) fuck you we're goldman sachs." it added.
The question is:
- if the email can cause "needless and massive" damage,
Then
A) why is that information on someone's laptop and
B) how can their email systems not be protected about it
C) particularly when a contractor can have the data
The email attachment has probably already been saved.
I don't think there's any particular outrage. Unless it's along the lines of not having the systems in place so that this doesn't occur. Whether this is outrageous (others in the thread have pointed out solutions) it's definitely a reason to be news worthy.
On a side note, this is why it's so important for these large companies to STOP sending attachments and instead used shared links to files (like via Dropbox or equivalent). One way to do this would be to have a corporate wide email gateway that scans all emails, strips attachments, and converts them to hosted files. The gateway would replace the attachments with links to the same. This way, if something like this happens again, they can simply remove the hosted file or unshare it, no harm done.
> used shared links to files (like via Dropbox or equivalent)
Wait, wouldn't that be sharing their data with Dropbox? If data is so sensitive, I don't see why is Dropbox necessarily more trustworthy than a random stranger with a gmail account.
I if got a random email from GS with some brokerage account mumbo jumbo I would assume it is span and delete it. So would my mom and most friend and most people out there probably.
Presumably if this "stranger" is random, one can make an argument that data would be safer with them then with a big cloud data aggregator (as that would be a single targeted point of attack).
Ideally they should probably set up their own file sharing service with the ability to explicitly share some files externally (taking all the necessary security measures).
How come they did not password protect the file?
And send the password via other media, if the information is of that high importance.This is normal practice.
There very well might be, but my understanding is that courts are not likely to draw decisions on email-related cases based on precedent set on mail-related cases (although like all things, that interruption is likely to vary country to country). Namely, since email is not sent through a government postal service, and is much more akin to a private courier.
How can anyone even think about justifying the failure to encrypt the data before sending it? It wouldn't make the WSJ but would be just as bad if the data moved as a cleartext email to its intended recipient.
I'm more interested in knowing what repercussions are for the recipient of the email if they were then to forward it on or make it public in some way.
Just since someone emails you something, does not mean they have granted you ownership over that information or permission to share it publicly. But that said, show me a corporate mail server which doesn't add 40 lines of disclaimer at the end of the email anyway.
[+] [-] mmahemoff|11 years ago|reply
http://gmailblog.blogspot.com/2009/03/new-in-labs-undo-send....
(I realise in this case it was the receiver, not the sender, using GMail, but I'm sure a lot of people here send from GMail.)
[+] [-] cottonseed|11 years ago|reply
[+] [-] chaz|11 years ago|reply
Someone pasted in a bunch of confidential info into an email that was for discussion, with a few replies back and forth. After a hallway discussion with another colleague, I sat down to forward the latest email to him, but Outlook autocompleted the email address to an external vendor. Before I knew it, the email was away. I quickly sent the vendor rep asking him to delete the email I just sent, and he agreed. I assume he was professional about it.
What can be done? Confidential discussions via email is a must. Trying to get the entire company into a secure web/app-based platform only is a non-starter. You can't take away the ability to send email out. A custom "Internal Distribution Only" flag in Exchange might work, but I can already hear the complaints already of having to set/unset it with every email.
[+] [-] vehementi|11 years ago|reply
[+] [-] QuantumChaos|11 years ago|reply
They are not only requesting Google to delete this email, but also provide information to Goldman Sachs about who accessed that information. This violates the privacy of the person who received the email. What right does a company have to know how you accessed your own email, or who you shared it with, just because they accidentally sent you an email?
[+] [-] themartorana|11 years ago|reply
In any case, I don't trust Goldman Sachs. They lie [1] with no hint of limit or shame. Did they leak client information, or incriminating evidence?
Sure, it's conjecture, but the last thing I'd do is violate someone's privacy or hand over personal information on Goldman's word.
[1] http://m.rollingstone.com/politics/news/the-people-vs-goldma...
[+] [-] chbrown|11 years ago|reply
* DDoS the gmail account in question with spam, particularly spam that looks like it contains confidential information.
* Create a clever job ad on reddit, advertising a GS position in IT Security division by tracking down an email user supposedly played by a GS confederate, and then provide the gmail account in the ad
* Blackmail the unintended recipient, perhaps by sending the sort of data it's illegal in the U.S. to even own
* Mock the "From" header for thousand of typical spam messages with the gmail account address, send them to destinations that are sure to pass through Spamhaus & co.'s filters
* Fill the user's inbox to capacity; e.g., sign up for Quora with the gmail address in question
Certainly on the gray hat side of things, but asking Google to delete an email isn't exactly kosher to begin with.
[+] [-] x0054|11 years ago|reply
[+] [-] cb3|11 years ago|reply
[+] [-] unknown|11 years ago|reply
[deleted]
[+] [-] Dystopian|11 years ago|reply
[+] [-] unknown|11 years ago|reply
[deleted]
[+] [-] rurounijones|11 years ago|reply
We would then receive an email with the password which we have to then inform to the original recipient (usually by forwarding the email... MITM? What does that mean).
And this is for a company that is nowhere near as regulated. How did GS let this happen?
[+] [-] SEJeff|11 years ago|reply
A few ideas: https://www.verdasys.com/solutions/eip.html
http://www.symantec.com/data-loss-prevention
http://interguardsoftware.com/sp_dlp_lnd_v6.html
http://technet.microsoft.com/en-us/library/jj150527(v=exchg....
DLP software is what keeps sensitive software inside the confines of where it is supposed to stay. Funnily enough, DLP software like exactly the stuff in those links is what was not installed in the base Edward Snowden was at in Hawaii because it used too much bandwith.
The Federal Reserve uses Verdasys to prevent digital copies of the plates that print money from making it out (I know a guy who works in their tech department). It is scary to work at a place where they don't always trust even their administrators who have root/Administrator privs.
[+] [-] Mandatum|11 years ago|reply
[+] [-] chaz|11 years ago|reply
[+] [-] shard972|11 years ago|reply
It was a glitch.
[+] [-] zhte415|11 years ago|reply
* Regarding testing internal changes - banks maintain vast test databases (admittedly full of customers called Ronald McDonald) covering almost every scenario. Testing goes far beyond unit testing and smoke testing, but dedicated teams of system integration and user acceptance testers. This 'test' was not a 'test' by any measure of internal policy.
* Contractors should not ordinarily have access to customer data. Regulators across jurisdictions make this clear. They can, but an excruciating approval process is necessary.
* Contractors having external email access to anything but whitelisted domains is unusual, and worth raising an eyebrow at.
* Why is the email address being typed in? I've never worked at Goldman but expect like almost every other bank in the world they use Exchange, which typically allows typing in [Lastname], [Firstname} with a list of people to then select (Jones, David1; Jones, David2; Jones, David3; etc).
* Why aren't attachments required to be encrypted, especially to external domains? This is an automated feature in Exchange.
I'm pretty familiar with all the duck tape that gets used in daily banking. So are regulators, who take a dim view of VBA being used as glue to tie together 1000s of internal systems, but often turn a blind eye. But this is not a case of duck tape, it is institutionalised failings at several levels. So the response is not surprising, Goldman have to show they take this seriously, despite so many internal failings, and shirk a bit off on 'external contractors' too.
[+] [-] beedogs|11 years ago|reply
Google should tell them to go get fucked and take some damned responsibility for their mistakes for once.
[+] [-] Zancarius|11 years ago|reply
They definitely need to take responsibility at this point and contact all affected parties since there's no guarantee the data went unread.
[+] [-] fardoche|11 years ago|reply
[+] [-] dontmindifido|11 years ago|reply
[+] [-] cb3|11 years ago|reply
"By contrast, Google faces little more than the minor inconvenience of intercepting a single email - an email that was indisputably sent in error," it added.
"Emergency relief is necessary"
"We are a big powerful bank, we are going to ask you nicely to do us a favor. Our employees fucked up. Please help us hide the fact that our employees fucked up, so we don't get a reputation for having employees that fuck up." the bank said.
"What we are asking them to do is technically speaking very simple. Whether or not it would open them up to many more such requests, we don't really care(unless one of our employees fucks up again,) fuck you we're goldman sachs." it added.
[+] [-] Alupis|11 years ago|reply
[+] [-] hyperliner|11 years ago|reply
Then A) why is that information on someone's laptop and B) how can their email systems not be protected about it C) particularly when a contractor can have the data
The email attachment has probably already been saved.
[+] [-] politician|11 years ago|reply
[+] [-] arg01|11 years ago|reply
[+] [-] x0054|11 years ago|reply
[+] [-] rdtsc|11 years ago|reply
Wait, wouldn't that be sharing their data with Dropbox? If data is so sensitive, I don't see why is Dropbox necessarily more trustworthy than a random stranger with a gmail account.
I if got a random email from GS with some brokerage account mumbo jumbo I would assume it is span and delete it. So would my mom and most friend and most people out there probably.
Presumably if this "stranger" is random, one can make an argument that data would be safer with them then with a big cloud data aggregator (as that would be a single targeted point of attack).
Ideally they should probably set up their own file sharing service with the ability to explicitly share some files externally (taking all the necessary security measures).
[+] [-] aviral|11 years ago|reply
[+] [-] PeterGriffin|11 years ago|reply
[+] [-] nutjob123|11 years ago|reply
[+] [-] visarga|11 years ago|reply
[+] [-] Dylan16807|11 years ago|reply
[+] [-] fleitz|11 years ago|reply
[+] [-] unknown|11 years ago|reply
[deleted]
[+] [-] raldi|11 years ago|reply
[+] [-] nness|11 years ago|reply
[+] [-] superuser2|11 years ago|reply
[+] [-] nness|11 years ago|reply
Just since someone emails you something, does not mean they have granted you ownership over that information or permission to share it publicly. But that said, show me a corporate mail server which doesn't add 40 lines of disclaimer at the end of the email anyway.
[+] [-] visarga|11 years ago|reply