This begs the question, what was the bank doing emailing bulk sensitive data in an insecure fashion?
It seems like the bank needs better security policies and thinks that it is acceptable to go after innocent people rather than admit that they don't take data security seriously. I understand getting caught in a situation like this. It happens and while it might be a sign of bad policies, it might also just be unlucky. What matters is how one handles these situations - and the bank isn't handling it well. You have a data breech. Do you notify account holders affected, help them change their account numbers, take responsibility, and put in place policies that will prevent it from happening again? Or do you yell at Google and go after some innocent Gmail user trying to hide yourself from responsibility?
People use "this begs the question" to mean "this begs [you to ask] the question", and while it's not historically correct accurate, it's modern usage.
People 100 years ago would have thought that Americans using "mad" to mean "angry" instead of "crazy" was equally reckless.
It's not a useful phrase, because nobody knows what it means, and the words "begging the question" themselves don't make sense as a description of the fallacy.
So we've lost (past tense) a part of the vocabulary -- no one knows what it means anymore, but that's okay because it clearly wasn't useful for communicating the idea in question, since nobody knows what it means.
It could be that part of the reason why no one knows what it means anymore is that, at least in my case, the definition of the word 'beg' does not give any intuition about the meaning of the logical fallacy.
I have read the Wikipedia article and I understand what the fallacy is, but for the life of me I cannot stretch my imagination enough to accommodate how "begging the question" fits into it.
When I hear "begging the question" I immediately think of the abstract idea of someone actually begging a question for something. When I read about the logical fallacy, it sounds like it comes from "request for the beginning or premise". In my mind, the phrase should then be "begging for the question" which is still a stretch, but at least I can conceptualize it.
Therefore, it always takes me quite a few cycles to remember what "begging the question" really means because of the complete lack of intuitiveness. I also found this to be true for the term "dynamic programming".
If anyone could explain a better intuition for this phrase, I would greatly appreciate it.
If anyone could explain a better intuition for this phrase, I would greatly appreciate it.
Consider the example from wikipedia:
Person 1: He is mad right now.
Person 2: How do you know?
Person 1: Well, because he is really angry.
If you think of it in terms of the meaning of beg as evade, then Person 1 is begging the inquiry of Person 2. She is evading it by restating the premise.
Words have to make sense separately from what they mean? Maybe you're saying that the phrase doesn't mean the same thing as the literal meaning of the words? What about all the other phrases that mean something apart from the literal meaning of the words; would you have us stop using them, as well? :)
I know what it means and the words describe the fallacy very well. One simple way to describe the fallacy is an attempt to answer a question by trying to squeeze information from the question rather than providing the new information the question asks for. Thus, one begs the question for information.
It's not a useful phrase, because nobody knows what it means
The fact that language evolves is no excuse to just randomly mangle and distort it. English isn't even my native language and I bloody know what it means.
This is not only historically inaccurate but it is currently inaccurate. The fact that a lot of not very smart people use it does not mean we should add it to the language.
I am usually not a stickler for these things, but this is very important because the actually correct phrase "begging the question" has a very specific meaning which is very difficult to convey in other words. Thus, if we allow a bunch of idiots to hijack this phrase in their hopeless quest to sound intelligent, we will lose a very useful phrase for which there is no present substitute.
I actually have a similar story.
As it turns out, I share a first initial and last name with an incumbent congressman's campaign manager.
During their last campaign, I received quite a bit of wholly unsolicited email bound for the manager. Despite a couple "I'm not the guy you're looking for" emails, (i even sent one directly to his 'official' address on the campaign website) I continued to receive the emails.
Most were fairly benign. Some were harmless, but definitely from the sausage-making side of politics.
Quite a few were... very personal. I can easily imagine they'd leverage this precedent if they realized what I was getting.
So this whole topic hits pretty close to home when I wonder about what extents these rulings might go to.
Would they turn over my account itself? Would they scour my outgoing messages to see if I forwarded it? Would they pop open every archive I emailed to see if that might contain the information? Would I be compelled to turn over passwords and keys for secured archives? (violating my client's privacy as well) Would they supply a list of IP addresses where I viewed the messages (and might have made copies)? Would they demand access to those machines?
Exactly how much of mine (and thereby my associates) privacy would these courts be willing to violate due no fault of my own?
In this case they're suing google to acquire the users identity, and google has said they're willing to give the user the chance to oppose the order.
As far as I know ownership of email hasn't been contested in court, but the email was addressed to the accidental recipient, which even under mail tampering laws wouldn't mean he had done anything wrong. The laws for mail are to prevent me mail-box diving my neighbour or opening accidentally delivered mail, however if the mail was mis-addressed to me then it's legally mine through and through.
This email was mis-addressed, which wasn't the fault of the recipient. I highly doubt the Judge will rule in the companies favour and risk setting a precedent against federal mail laws for email, it would seem kind of absurd.
If you're familiar with these laws: if I misaddress something to a PO Box, will the government reveal the identity of the accidental recipient? Will they if I ask nice, or must a court compel them? Is there any sort of requirements that need to be met?
I realize that in this case they haven't asked for anything beyond identity yet. But I'm forced to wonder what happens after they've ascertained identity?
There's no need to compel Google to reveal that person's identity unless there's a follow-up action that they feel they can't execute unless they know the identity of the unintended recipient.
So what is the follow-up action of stripping away this innocent person's privacy? I'm forced to conclude it would be yet-another injustice.
I'm assuming that they want to 'have him by the balls' to use as a scapegoat if any of that information is ever used for identity theft. The problem with this is that I feel if they have such a convenient scapegoat, they will probably rush to crucify him before investigating whether or not the information could have been obtained through other avenues.
Imagine that you are the owner of jgc.org and that there's a popular web site called igc.org. Now imagine that amount of email you receive daily misdirected to jgc.org.
A lot of this mail is mailing lists that didn't do double opt-in and hence *@jgc.org got added to the list. But quite a lot is just personal mail.
For a while I used to receive the itineraries for the private jet of a famous entrepreneur because they were meant to be CC:ed to someone at igc.org but came to me instead.
I imaging if you owned noreply.com you'd get a hefty amount of private correspondence in as well. I bet there are plenty of services out there that use noreply@noreply.com thinking it's the email equivalent of /dev/null for some magical reason.
I wrote an article a while back on this topic and whether the owners of test.com, check the email account test@test.com.
Didn't get a good answer but I would imagine they could see a lot of very personal information come their way as many geeks I've known use that to test their software.
Best practice as I understand it is to use emails that have the TLD "invalid", or one of a couple of others that have been explicitly set aside as "never will be issued" by RFCs. They also have the advantage of looking very out-of-place, where @test.com may slip by.
For testing, I usually use test{n}@testname.test. I've so far managed to avoid no-reply. If someone tries to reply to one of our message emails, I want to know what problem they're having, and the context to go with it from what message we sent them. "noreply" emails are anti-user-friendly.
Doesn't look like the poster works for Mashable. On the other hand, Mash is where he saw the information, so why not post the link there? It's not a bad thing to link to the site that you personally rely on for news.
Maybe they should be sending secure links to sensitive files rather than the files themselves. At least they could regenerate the links rather than just hope that the files get to the correct place.
This makes sense. The bank is doing what it should be doing, by bringing the matter through proper legal channels. If Google just handed over the information, they would be liable to the account holder. I personally hope that the legal system finds the bank was negligent and denies access to the guy's personal information.
Also, what are the 1,300 bank customers doing about this? I'm sure that a class-action suit will be filed against the bank.
So in order to find out who's behind a (Gmail) email address, all I have to do is send an email and then claim that I didn't want to send it to that person.
I had this fun idea of registering an email address with an username being a common noun. Although I found it strange that the address was still available, but I didn't care too much about it, I was happy to have the account. (You know, new inbox smell).
And then emails started to arrive to the address. Of course, lots of them were spam-spam-spam-spam. But there were also some personal letters. For a while I thought it was some mistake, and replied nicely to them pointing it out, and tried to inquire about what could be the reason behind the confusion, but never really figured out.
The mails kept coming, and I realized that they weren't even addressed to the same person. Up to now I have at least 30 alteregos, giving out my email address to their friends, relatives, and using it in an attempt to register on web sites. Most of them seem to be female, so I get many mails trying to hit on "me" after that talk on im or seeing my profile on some website, etc. Also pictures of nieces, invitations to bbqs, and questions about my iron and if I can bring it to "the club" next Tuesday.
My gmail account happens to be my first initial and last name. I get more mail addressed to other P. Welch's than I get addressed to me, but probably because I don't really use the account (I foolishly got it back when gmail accounts were considered a status symbol and used it for online file storage).
There has to be some sort of precedent for this with physical mail.
On the other hand, I don't think that the bank is being unreasonable when you consider that Google said, "Sorry, no, you'll have to file a suit about this and proceed through legal channels."
The bank is being unreasonable by pursuing this at all.
Whatever the outcome, they should contact the people with the accounts involved and start changing details, and should update their data handling practises.
Even in the best case that Google logs prove the user did not open the email, it's still been through who knows what unsecured SMTP servers and is who knows where in Google's replication and backup systems and available to an unknown number of system and mail administrators.
If anything, I think the identities of the bank employees should be revealed just so this nightmare gets put on their permanent records (the internet).
It seems like the bank needs better security policies and thinks that it is acceptable to go after innocent people rather than admit that they don't take data security seriously. I understand getting caught in a situation like this. It happens and while it might be a sign of bad policies, it might also just be unlucky. What matters is how one handles these situations - and the bank isn't handling it well. You have a data breech. Do you notify account holders affected, help them change their account numbers, take responsibility, and put in place policies that will prevent it from happening again? Or do you yell at Google and go after some innocent Gmail user trying to hide yourself from responsibility?
Heck, they even wanted their lawsuit to be confidential: http://www.informationweek.com/news/internet/google/showArti...
At least the judge decided that their embarrassment wasn't cause to keep the lawsuit private.