nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
Judge used personal email to send out details of sensitive case

Anonymous Coward

At least it seems it's an exception

Around here I've often seen people use free "cloud" accounts such as OneDrive or GoogleDrive to, erm, "backup" proprietary information sometimes, including thing as sensitive as patients details... despite very explicit and repeated instructions to not do that under any circumstances.

Anon for obvious reasons.

26
0
Silver badge

Re: At least it seems it's an exception

If companies don't want staff to use things like cloud then policy/guidance is only the first step. Step two is to block them on work computers.

This is typically where things get messy as there's almost always exceptions to be made as companies you collaborate with start supplying information only via cloud based solutions.

13
0
Silver badge
Flame

Re: At least it seems it's an exception

Around here I've often seen people use free "cloud" accounts such as OneDrive or GoogleDrive to, erm, "backup" proprietary information sometimes, including thing as sensitive as patients details...

I've had some stuff backed up to megaupload that has a level of sensitivity few people can imagine.

Of course, it was encrypted first. So long as the encryption was good enough, no worries.

With MS carefully recording every keystroke (that's what "typing history" means, right?) and selling that to anyone with a wallet their "trusted partners", the whole idea of personal data security is gone bye-bye anyway.

If you work in a medical establishment with a Win7 or later MS OS and haven't taken efforts to stop MS spying, you'd better hope your country has crap privacy laws - you are giving your patient's data to a corporation who will pass it on to who they want for their profit alone. Soon, I hope, the patients and then the courts take notice.

14
6
Anonymous Coward

Re: At least it seems it's an exception

"With MS carefully recording every keystroke (that's what "typing history" means, right?) and selling that to anyone with a wallet their "trusted partners""

I think you are confusing Microsoft with Google. Microsoft don't sell OS telemetry data or use it for targeting browser advertising. Only Slurp do that...

1
12
Anonymous Coward

Re: At least it seems it's an exception

Around here, Onedrive, Googledrive and iCloud are all blocked. It makes me feel better.

The third item does not upset the "important" people. It does upset some of those who think they are important though.

5
0
Silver badge
FAIL

Re: At least it seems it's an exception

No ms don't do browser advertising.... They put it in the bloody start menu!

And as to "don't sell', take some time to read their T&Cs.

15
1
Silver badge

Re: At least it seems it's an exception

It's my understanding that Google don't sell telemetry data either, not directly anyway.

They certainly use it to target advertising, but it's for their own advertising service, the clients of which don't get to see the data in question they just get sold an advertising target market i.e. 18-24 year old males living in this area with these interests, who have visited these websites.

Selling the actual personal data wouldn't be as profitable, since once they've sold it they can't continue to squeeze that particular client for money.

6
0
Silver badge
Trollface

Re: At least it seems it's an exception

"target market i.e. 18-24 year old males living in this area with these interests"

I think you'll find that advertisers have that one figured out already...

0
0
Anonymous Coward

Re: At least it seems it's an exception

"And as to "don't sell', take some time to read their T&Cs."

I just read the latest privacy T&C - which seem to agree that Microsoft do not sell your data. They only use it within Microsoft companies or companies working for Microsoft.

It also makes clear "we do not use what you say in email, chat, video calls or voice mail, or your documents, photos or other personal files to target ads to you"

0
0
Silver badge
Big Brother

Re: At least it seems it's an exception

It also makes clear "we do not use what you say in email, chat, video calls or voice mail, or your documents, photos or other personal files to target ads to you"

There are, I believe, a number of complaints on various forums about that, people claiming they've seen ads based on the content of ducments they have open. ICBW however, and will keave it to the reader to find out either way.

From what I recall of doing installs on 8+, going through the privacy settings, there was plenty about data going to "adertising partnets'. And why are ms taking your keystrokes and document data always rather than as needed?

Even if I am wrong about the advertising, MS still takes peoples data in clear breach of many privacy laws around the world. There is no way that it can be legal for my Dr to ship my medical notes to ms, even if yhe use of that data is only by machines, only within MS, and never seen by human eyes. Doesn't matter if I am wrong about the advertising stuff as taking the data is still wrong.

3
0
Silver badge

Weird

The cloud mail was probably just from his phone, easy mistake to make if you don't really understand how email works (or rather don't realize that you are not using a work mail rather than the crappy one which throws "sent from my iPhone" at the bottom.

I am making the assumption that the Judge is of the older generation and not good old Judge Rinder.

Sending an email using his sons crappy mail server is probably just a sign that the Judge is so used to applying laws differently for different groups of people that he forgets that he is also covered by them....

7
5
Silver badge

Re: Weird

"Sending an email using his sons crappy mail server"

Gordon, I'm glad you're not a judge as you seem to be unable to limit your conclusions to the evidence.

The article said it was a domain owned by the son. Owning a domain does not mean you run the server. Many of us own out own domains* but that doesn't mean we run the servers; it's possible to buy that as a service. Secondly, even if the son owned his own server there's still no evidence that it was crappy. For all we know the son might be running a mail service provider.

*It's a useful means of controlling spam - we can use it to issue temporary addresses or addresses specific to a particular company with whom we do business. Owning your own domain is also a good idea if you're running a business; $companyname.co.uk looks so much more businesslike than $companyname@yahoo.co.uk.

23
0
Silver badge

Re: Weird

Objection!!!

Most people who have a domain name use the rubbish mail that is given as a freebie as part of the hosting package.

Not secure and generally crappy.

I rest my case

2
14
Silver badge

Re: Weird

Most people accused of murder did it, therefore I accuse you of murder. Off to prison with you.

13
0
Bronze badge

Re: Weird

Judge Rinder isn't a judge - he's a barrister. It's in the small print of his shows

6
0
Silver badge

Re: Weird

"Most people who have a domain name use the rubbish mail that is given as a freebie as part of the hosting package."

My previous comment applies. There is nothing at all in the article to say that this is the sort of service being used here.

"I rest my case"

I haven't seen you produce anything that resembles a case worth resting.

5
0
Silver badge
IT Angle

A digital watch?

What pray, is a digital watch?

10
1
Silver badge

Re: A digital watch?

80085

Had to be done.

12
0

Re: A digital watch?

When AI can work out what that comment was supposed to mean - actually work it out, not look it up - it'll be ready to be a child. Probably then needs a couple of years to giggle until it can be trusted to drive cars around.

Off topic but I was just reading another article about AI, apologies

7
0

I've see this type of thing happen a lot when people add their personal email accounts to their work Outlook profiles. They then send a work email straight after looking at their personal inbox and don't realise it'll be sent from that account. Not saying that's what's happened here, but it wouldn't surprise me.

16
0
Silver badge

"...I've see this type of thing happen a lot when people add their personal email accounts to their work Outlook profiles. They then send a work email straight after looking at their personal inbox and don't realise it'll be sent from that account. Not saying that's what's happened here, but it wouldn't surprise me..."

That was my immediate assumption as well.

Having all of your email accounts in one place can be handy but with that comes the chance you could send the wrong thing, to the wrong person(s) from the wrong account.

Another place to take care too, being the autocomplete feature for mail addresses. You need to be sure you're sending that wholly work-inappropriate joke to the correct person(s)

4
0
Bronze badge

Why's there a picture of a gavel?

8
2
Silver badge

@ Why a gavel?

There are many reasons. I'm sure if you try really hard you can think of at least one related to this story.

9
4
Anonymous Coward

inappropriate gavels

Perhaps the judge is a part-time auctioneer?

23
0
Silver badge

Re: @ Why a gavel?

"...There are many reasons. I'm sure if you try really hard you can think of at least one related to this story..."

You do realise that the question was asked because in the UK, judges do not use and never have used gavels?

22
0

Re: @ Why a gavel?

And here is where you find out about it:

https://inappropriategavels.tumblr.com/

Fine the Register picture editor an hour's pay every time he includes a picture of a gavel.

3
0
Silver badge

Re: @ Why a gavel?

Fine the Register picture editor an hour's pay every time he includes a picture of a gavel.

But what if it's a story about a US court, or an auctioneers?

2
0
Silver badge
Trollface

Re: @ Why a gavel?

"Fine the Register picture editor an hour's pay every time he includes a picture of a gavel."

El Reg has editiors?!

6
0
Anonymous Coward

Re: @ Why a gavel?

"El Reg has editiors?!"

Yes, unlike some.

0
0
Bronze badge
Devil

Re: inappropriate gavels

Percussive maintenance of the keyboard? "Send you bugger send".

Use of "appropriate force" as a 4lb club hammer leaves nasty dents in the desk.

1
0
TRT
Silver badge

iCloud...

So he probably had a Mac...

And the Apple Mail client is pretty good, I like it. It's way better than Outlook in terms of user friendliness. Although it has developed some annoying behaviours as Apple have tinkered around the edges, such as decoupling the window display from the actual mailbox/message cache so that it looks like it's deleting a message quickly but it has, in fact, just changed the window display BEFORE the connection to the server has been established, resulting in the sync every few seconds returning deleted messages to the on screen list, shuffling everything up and down, causing the wrong message to be highlighted, so it's very easy to accidentally reply to or delete the wrong message.

But it has one extremely irritating quirk... it will send emails from the account last highlighted in the combined Inbox window view. So it is incredibly easy to, say, send from the wrong account revealing a private email address to a recipient you never intended.

2
0
Anonymous Coward

Re: iCloud...

it will send emails from the account last highlighted in the combined Inbox window view

Preferences - Composing - "Send new messages from" and set that to an email address considered safe instead of "automatically select best account" as that matches the target address with the last account used to email that address. That way, selecting a non-safe email address requires an explicit action, but you fail safe.

1
0
TRT
Silver badge

Re: iCloud...

True. I did have that set once, but I started emailing people from my work account and it got all messy... in combination with a "default conversation mode" in the contacts list, it would be quite powerful.

0
0
Silver badge

"Internet e-mail is not a secure medium..."

So, what sort of e-mail do I need to use?

6
0
Silver badge

Re: "Internet e-mail is not a secure medium..."

"So, what sort of e-mail do I need to use?"

Intranet?

Local mail account on a Unix server?

UUCP?

How quickly we forget that email existed before there was an internet protocol for it.

4
2
Silver badge
Boffin

Re: "Internet e-mail is not a secure medium..."

Well, I wouldn't classify UUCP as more secure than SMTP. UUCP was, more-or-less, an electronic implementation of PG Wodehouse's method for physical letters: throw them out the window, and trust that an honest person will pick them up and pop them in a letter box. At least with SMTP you have a TCP connection between your mail server and the recipient's mail server, so the bar is raised to ankle height: only admins at the sending or receiving organisations, plus anyone who can get a packet sniffer on the route in between.

3
0
Silver badge

Re: "Internet e-mail is not a secure medium..."

"Internet e-mail is not a secure medium..."

Protonmail may disagree. Well if you do it properly anyway.

4
0
Silver badge
Pint

Re: "Internet e-mail is not a secure medium..."

" throw them out the window"

" so the bar is raised to ankle height: "

very droll

1
0
Anonymous Coward

Re: "Internet e-mail is not a secure medium..."

"So, what sort of e-mail do I need to use?"

Email where you have checked that both ends support TLS encryption at a minimum I would guess? Most email will travel over the Internet at some point.

I enabled that on my own Exchange server ages ago - very easy - just enable opportunistic TLS and select a certificate. TLS makes it much more difficult for third parties to intercept the contents of your email. Without encryption at a minimum probably all Echelon countries, the Russians and the Chinese are reading everything you have to say...

2
0
Silver badge

Re: "Internet e-mail is not a secure medium..."

"opportunistic TLS"

A Man In The Middle can remove that opportunity.

1
0
Silver badge

Re: "Internet e-mail is not a secure medium..."

I think it's both a mixup and a shortcut.

- free webmail services are inherently insecure

- pretty much anyone with a reasonably big pipe and minimal tech gorm can harvest email content and / or draw a "connection map" (which is where the intel value lies).

But email content can be almost unbreakably secure (GPG / PGP for example). That's one of my pet peeves: "serious" institution adding disclaimers to every outgoing mail stating that there is no way to guarantee email integrity, so they won't take any responsibility if they send you misleading info -or even malware- by email. Yes, there are ways, you lying bastards, you're just too cheap to implement them (or worst, that's a preemptive get-out clause if they do send you nasties).

As for network masquerading, well, I won't rant on that again, but if you're serious about it there are easy and readily-available solutions. Which doesn't matter much: history proves that unencrypted channels are good enough for terrorists because the limiting factor here is not technological: the plods are so busy trawling the humongous databases for evidence that their girlfriend is cheating on them that they wont notice a terr'ist if he sticks a fist-sized piece of C4 in their ass. Blanket surveillance, as everything else, follows the rule: "too much data is worst than no data". TB/s is NOT a substitute for proper intel.

6
0
Anonymous Coward

Re: "Internet e-mail is not a secure medium..."

"A Man In The Middle can remove that opportunity."

Sure but that needs active interception equipment in the communications path. If that was done en mass it would be quickly spotted. The purpose of SMTP TLS is primarily to defeat passive monitoring.

That being said, as soon as SMTP STS is fully supported by Exchange I will turn it on and use a proper cert though.

Lets face it, if you are a target of the security services - what ever mail server, OS and firewall you are running, balance of probability is that they can just log right in and get it...

2
0

This post has been deleted by its author

Silver badge

The draft judgement is maybe more of a worry than the final judgement unless the latter was sent out with some extra comment. After all, the judgement is a matter of public record.

6
0
Silver badge

The email addresses of concerned parties probably aren't though

3
0
Bronze badge
Childcatcher

"judgement is a matter of public record"

It used to be before all the secret courts were introduced here in the UK and the guilty but "under age" murderers, rapists, serial offenders, etc... were given anonymity by law*.

(* psychopaths and sociopaths obviously grow out of it - well according to the PC crowd of idiots)

1
2
Silver badge

Re: "judgement is a matter of public record"

"It used to be before all the secret courts were introduced here in the UK and the guilty but "under age" murderers, rapists, serial offenders, etc... were given anonymity by law"

What actually happened is pretty much the exact opposite.

2
0
Anonymous Coward

I did contract IT support for a major scottish court once, and they are generally not tech savvy in the slightest, nor are they used to listening to advice in some cases. As an aside, a lot of my job at that time (this was back in Windows 98 era) involved cleaning adware and the like off judges and law library machines. *ahem* my nephew must have been messing around on this when he was in the other day. *checks browser history* OK, this is how you clean milfhunter dot com from your browser history, you know this stuff gets logged centrally right?

8
0
Anonymous Coward

This is a worry

This article raises a number of concerns and questions. The fact that the article references sensitive personal data indicates that this judgment could be a family court judgment which is a closed court and not a matter of public record, although the article does not expressly say that but the implication is clear. Also, it's curious that two personal emails are referred to and makes you wonder how many people are impacted by this. The cyber security risks are very real. I sincerely hope that action is taken before we have a repeat of what happened with our NHS.

1
0
Silver badge

Re: This is a worry

"...The fact that the article references sensitive personal data indicates that this judgment could be a family court judgment..."

Your investigative powers are astounding given the very first line of the article was this:

Concerns have been raised over a judge's use of his personal email address to send out a ruling in a family court case, which contained sensitive personal information.

6
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing