back to article Judge used personal email to send out details of sensitive case

Concerns have been raised over a British judge's use of his personal email address to send out a ruling in a family court case, which contained sensitive personal information. The Register has seen evidence that the judge in question used two personal accounts to send out a draft ruling and final ruling: one using a domain …

  1. Anonymous Coward
    Anonymous Coward

    At least it seems it's an exception

    Around here I've often seen people use free "cloud" accounts such as OneDrive or GoogleDrive to, erm, "backup" proprietary information sometimes, including thing as sensitive as patients details... despite very explicit and repeated instructions to not do that under any circumstances.

    Anon for obvious reasons.

    1. Halfmad

      Re: At least it seems it's an exception

      If companies don't want staff to use things like cloud then policy/guidance is only the first step. Step two is to block them on work computers.

      This is typically where things get messy as there's almost always exceptions to be made as companies you collaborate with start supplying information only via cloud based solutions.

    2. Kiwi
      Flame

      Re: At least it seems it's an exception

      Around here I've often seen people use free "cloud" accounts such as OneDrive or GoogleDrive to, erm, "backup" proprietary information sometimes, including thing as sensitive as patients details...

      I've had some stuff backed up to megaupload that has a level of sensitivity few people can imagine.

      Of course, it was encrypted first. So long as the encryption was good enough, no worries.

      With MS carefully recording every keystroke (that's what "typing history" means, right?) and selling that to anyone with a wallet their "trusted partners", the whole idea of personal data security is gone bye-bye anyway.

      If you work in a medical establishment with a Win7 or later MS OS and haven't taken efforts to stop MS spying, you'd better hope your country has crap privacy laws - you are giving your patient's data to a corporation who will pass it on to who they want for their profit alone. Soon, I hope, the patients and then the courts take notice.

      1. Anonymous Coward
        Anonymous Coward

        Re: At least it seems it's an exception

        "With MS carefully recording every keystroke (that's what "typing history" means, right?) and selling that to anyone with a wallet their "trusted partners""

        I think you are confusing Microsoft with Google. Microsoft don't sell OS telemetry data or use it for targeting browser advertising. Only Slurp do that...

        1. Kiwi
          FAIL

          Re: At least it seems it's an exception

          No ms don't do browser advertising.... They put it in the bloody start menu!

          And as to "don't sell', take some time to read their T&Cs.

          1. Anonymous Coward
            Anonymous Coward

            Re: At least it seems it's an exception

            "And as to "don't sell', take some time to read their T&Cs."

            I just read the latest privacy T&C - which seem to agree that Microsoft do not sell your data. They only use it within Microsoft companies or companies working for Microsoft.

            It also makes clear "we do not use what you say in email, chat, video calls or voice mail, or your documents, photos or other personal files to target ads to you"

            1. Kiwi
              Big Brother

              Re: At least it seems it's an exception

              It also makes clear "we do not use what you say in email, chat, video calls or voice mail, or your documents, photos or other personal files to target ads to you"

              There are, I believe, a number of complaints on various forums about that, people claiming they've seen ads based on the content of ducments they have open. ICBW however, and will keave it to the reader to find out either way.

              From what I recall of doing installs on 8+, going through the privacy settings, there was plenty about data going to "adertising partnets'. And why are ms taking your keystrokes and document data always rather than as needed?

              Even if I am wrong about the advertising, MS still takes peoples data in clear breach of many privacy laws around the world. There is no way that it can be legal for my Dr to ship my medical notes to ms, even if yhe use of that data is only by machines, only within MS, and never seen by human eyes. Doesn't matter if I am wrong about the advertising stuff as taking the data is still wrong.

        2. Phil W

          Re: At least it seems it's an exception

          It's my understanding that Google don't sell telemetry data either, not directly anyway.

          They certainly use it to target advertising, but it's for their own advertising service, the clients of which don't get to see the data in question they just get sold an advertising target market i.e. 18-24 year old males living in this area with these interests, who have visited these websites.

          Selling the actual personal data wouldn't be as profitable, since once they've sold it they can't continue to squeeze that particular client for money.

          1. ElReg!comments!Pierre
            Trollface

            Re: At least it seems it's an exception

            "target market i.e. 18-24 year old males living in this area with these interests"

            I think you'll find that advertisers have that one figured out already...

    3. Anonymous Coward
      Anonymous Coward

      Re: At least it seems it's an exception

      Around here, Onedrive, Googledrive and iCloud are all blocked. It makes me feel better.

      The third item does not upset the "important" people. It does upset some of those who think they are important though.

  2. Gordon Pryra

    Weird

    The cloud mail was probably just from his phone, easy mistake to make if you don't really understand how email works (or rather don't realize that you are not using a work mail rather than the crappy one which throws "sent from my iPhone" at the bottom.

    I am making the assumption that the Judge is of the older generation and not good old Judge Rinder.

    Sending an email using his sons crappy mail server is probably just a sign that the Judge is so used to applying laws differently for different groups of people that he forgets that he is also covered by them....

    1. Doctor Syntax Silver badge

      Re: Weird

      "Sending an email using his sons crappy mail server"

      Gordon, I'm glad you're not a judge as you seem to be unable to limit your conclusions to the evidence.

      The article said it was a domain owned by the son. Owning a domain does not mean you run the server. Many of us own out own domains* but that doesn't mean we run the servers; it's possible to buy that as a service. Secondly, even if the son owned his own server there's still no evidence that it was crappy. For all we know the son might be running a mail service provider.

      *It's a useful means of controlling spam - we can use it to issue temporary addresses or addresses specific to a particular company with whom we do business. Owning your own domain is also a good idea if you're running a business; $companyname.co.uk looks so much more businesslike than $companyname@yahoo.co.uk.

      1. Gordon Pryra

        Re: Weird

        Objection!!!

        Most people who have a domain name use the rubbish mail that is given as a freebie as part of the hosting package.

        Not secure and generally crappy.

        I rest my case

        1. Phil W

          Re: Weird

          Most people accused of murder did it, therefore I accuse you of murder. Off to prison with you.

        2. Doctor Syntax Silver badge

          Re: Weird

          "Most people who have a domain name use the rubbish mail that is given as a freebie as part of the hosting package."

          My previous comment applies. There is nothing at all in the article to say that this is the sort of service being used here.

          "I rest my case"

          I haven't seen you produce anything that resembles a case worth resting.

    2. collinsl Bronze badge

      Re: Weird

      Judge Rinder isn't a judge - he's a barrister. It's in the small print of his shows

  3. Zog_but_not_the_first
    IT Angle

    A digital watch?

    What pray, is a digital watch?

    1. Halfmad

      Re: A digital watch?

      80085

      Had to be done.

      1. cbars Bronze badge

        Re: A digital watch?

        When AI can work out what that comment was supposed to mean - actually work it out, not look it up - it'll be ready to be a child. Probably then needs a couple of years to giggle until it can be trusted to drive cars around.

        Off topic but I was just reading another article about AI, apologies

  4. NightFox

    I've see this type of thing happen a lot when people add their personal email accounts to their work Outlook profiles. They then send a work email straight after looking at their personal inbox and don't realise it'll be sent from that account. Not saying that's what's happened here, but it wouldn't surprise me.

    1. TonyJ

      "...I've see this type of thing happen a lot when people add their personal email accounts to their work Outlook profiles. They then send a work email straight after looking at their personal inbox and don't realise it'll be sent from that account. Not saying that's what's happened here, but it wouldn't surprise me..."

      That was my immediate assumption as well.

      Having all of your email accounts in one place can be handy but with that comes the chance you could send the wrong thing, to the wrong person(s) from the wrong account.

      Another place to take care too, being the autocomplete feature for mail addresses. You need to be sure you're sending that wholly work-inappropriate joke to the correct person(s)

  5. Mr Dogshit

    Why's there a picture of a gavel?

    1. Aristotles slow and dimwitted horse

      @ Why a gavel?

      There are many reasons. I'm sure if you try really hard you can think of at least one related to this story.

      1. TonyJ

        Re: @ Why a gavel?

        "...There are many reasons. I'm sure if you try really hard you can think of at least one related to this story..."

        You do realise that the question was asked because in the UK, judges do not use and never have used gavels?

        1. davenewman

          Re: @ Why a gavel?

          And here is where you find out about it:

          https://inappropriategavels.tumblr.com/

          Fine the Register picture editor an hour's pay every time he includes a picture of a gavel.

          1. Anonymous Coward
            Anonymous Coward

            Re: @ Why a gavel?

            Fine the Register picture editor an hour's pay every time he includes a picture of a gavel.

            But what if it's a story about a US court, or an auctioneers?

          2. m0rt
            Trollface

            Re: @ Why a gavel?

            "Fine the Register picture editor an hour's pay every time he includes a picture of a gavel."

            El Reg has editiors?!

            1. Anonymous Coward
              Anonymous Coward

              Re: @ Why a gavel?

              "El Reg has editiors?!"

              Yes, unlike some.

    2. Anonymous Coward
      Anonymous Coward

      inappropriate gavels

      Perhaps the judge is a part-time auctioneer?

      1. Scroticus Canis
        Devil

        Re: inappropriate gavels

        Percussive maintenance of the keyboard? "Send you bugger send".

        Use of "appropriate force" as a 4lb club hammer leaves nasty dents in the desk.

  6. TRT Silver badge

    iCloud...

    So he probably had a Mac...

    And the Apple Mail client is pretty good, I like it. It's way better than Outlook in terms of user friendliness. Although it has developed some annoying behaviours as Apple have tinkered around the edges, such as decoupling the window display from the actual mailbox/message cache so that it looks like it's deleting a message quickly but it has, in fact, just changed the window display BEFORE the connection to the server has been established, resulting in the sync every few seconds returning deleted messages to the on screen list, shuffling everything up and down, causing the wrong message to be highlighted, so it's very easy to accidentally reply to or delete the wrong message.

    But it has one extremely irritating quirk... it will send emails from the account last highlighted in the combined Inbox window view. So it is incredibly easy to, say, send from the wrong account revealing a private email address to a recipient you never intended.

    1. Anonymous Coward
      Anonymous Coward

      Re: iCloud...

      it will send emails from the account last highlighted in the combined Inbox window view

      Preferences - Composing - "Send new messages from" and set that to an email address considered safe instead of "automatically select best account" as that matches the target address with the last account used to email that address. That way, selecting a non-safe email address requires an explicit action, but you fail safe.

      1. TRT Silver badge

        Re: iCloud...

        True. I did have that set once, but I started emailing people from my work account and it got all messy... in combination with a "default conversation mode" in the contacts list, it would be quite powerful.

  7. frank ly

    "Internet e-mail is not a secure medium..."

    So, what sort of e-mail do I need to use?

    1. Doctor Syntax Silver badge

      Re: "Internet e-mail is not a secure medium..."

      "So, what sort of e-mail do I need to use?"

      Intranet?

      Local mail account on a Unix server?

      UUCP?

      How quickly we forget that email existed before there was an internet protocol for it.

      1. Allan George Dyer
        Boffin

        Re: "Internet e-mail is not a secure medium..."

        Well, I wouldn't classify UUCP as more secure than SMTP. UUCP was, more-or-less, an electronic implementation of PG Wodehouse's method for physical letters: throw them out the window, and trust that an honest person will pick them up and pop them in a letter box. At least with SMTP you have a TCP connection between your mail server and the recipient's mail server, so the bar is raised to ankle height: only admins at the sending or receiving organisations, plus anyone who can get a packet sniffer on the route in between.

        1. Prst. V.Jeltz Silver badge
          Pint

          Re: "Internet e-mail is not a secure medium..."

          " throw them out the window"

          " so the bar is raised to ankle height: "

          very droll

    2. Anonymous Coward
      Anonymous Coward

      Re: "Internet e-mail is not a secure medium..."

      "Internet e-mail is not a secure medium..."

      Protonmail may disagree. Well if you do it properly anyway.

    3. Anonymous Coward
      Anonymous Coward

      Re: "Internet e-mail is not a secure medium..."

      "So, what sort of e-mail do I need to use?"

      Email where you have checked that both ends support TLS encryption at a minimum I would guess? Most email will travel over the Internet at some point.

      I enabled that on my own Exchange server ages ago - very easy - just enable opportunistic TLS and select a certificate. TLS makes it much more difficult for third parties to intercept the contents of your email. Without encryption at a minimum probably all Echelon countries, the Russians and the Chinese are reading everything you have to say...

      1. Brewster's Angle Grinder Silver badge

        Re: "Internet e-mail is not a secure medium..."

        "opportunistic TLS"

        A Man In The Middle can remove that opportunity.

        1. Anonymous Coward
          Anonymous Coward

          Re: "Internet e-mail is not a secure medium..."

          "A Man In The Middle can remove that opportunity."

          Sure but that needs active interception equipment in the communications path. If that was done en mass it would be quickly spotted. The purpose of SMTP TLS is primarily to defeat passive monitoring.

          That being said, as soon as SMTP STS is fully supported by Exchange I will turn it on and use a proper cert though.

          Lets face it, if you are a target of the security services - what ever mail server, OS and firewall you are running, balance of probability is that they can just log right in and get it...

    4. ElReg!comments!Pierre

      Re: "Internet e-mail is not a secure medium..."

      I think it's both a mixup and a shortcut.

      - free webmail services are inherently insecure

      - pretty much anyone with a reasonably big pipe and minimal tech gorm can harvest email content and / or draw a "connection map" (which is where the intel value lies).

      But email content can be almost unbreakably secure (GPG / PGP for example). That's one of my pet peeves: "serious" institution adding disclaimers to every outgoing mail stating that there is no way to guarantee email integrity, so they won't take any responsibility if they send you misleading info -or even malware- by email. Yes, there are ways, you lying bastards, you're just too cheap to implement them (or worst, that's a preemptive get-out clause if they do send you nasties).

      As for network masquerading, well, I won't rant on that again, but if you're serious about it there are easy and readily-available solutions. Which doesn't matter much: history proves that unencrypted channels are good enough for terrorists because the limiting factor here is not technological: the plods are so busy trawling the humongous databases for evidence that their girlfriend is cheating on them that they wont notice a terr'ist if he sticks a fist-sized piece of C4 in their ass. Blanket surveillance, as everything else, follows the rule: "too much data is worst than no data". TB/s is NOT a substitute for proper intel.

    5. This post has been deleted by its author

  8. Doctor Syntax Silver badge

    The draft judgement is maybe more of a worry than the final judgement unless the latter was sent out with some extra comment. After all, the judgement is a matter of public record.

    1. Loyal Commenter Silver badge

      The email addresses of concerned parties probably aren't though

    2. Scroticus Canis
      Childcatcher

      "judgement is a matter of public record"

      It used to be before all the secret courts were introduced here in the UK and the guilty but "under age" murderers, rapists, serial offenders, etc... were given anonymity by law*.

      (* psychopaths and sociopaths obviously grow out of it - well according to the PC crowd of idiots)

      1. ElReg!comments!Pierre

        Re: "judgement is a matter of public record"

        "It used to be before all the secret courts were introduced here in the UK and the guilty but "under age" murderers, rapists, serial offenders, etc... were given anonymity by law"

        What actually happened is pretty much the exact opposite.

  9. Anonymous Coward
    Anonymous Coward

    I did contract IT support for a major scottish court once, and they are generally not tech savvy in the slightest, nor are they used to listening to advice in some cases. As an aside, a lot of my job at that time (this was back in Windows 98 era) involved cleaning adware and the like off judges and law library machines. *ahem* my nephew must have been messing around on this when he was in the other day. *checks browser history* OK, this is how you clean milfhunter dot com from your browser history, you know this stuff gets logged centrally right?

  10. Anonymous Coward
    Anonymous Coward

    This is a worry

    This article raises a number of concerns and questions. The fact that the article references sensitive personal data indicates that this judgment could be a family court judgment which is a closed court and not a matter of public record, although the article does not expressly say that but the implication is clear. Also, it's curious that two personal emails are referred to and makes you wonder how many people are impacted by this. The cyber security risks are very real. I sincerely hope that action is taken before we have a repeat of what happened with our NHS.

    1. TonyJ

      Re: This is a worry

      "...The fact that the article references sensitive personal data indicates that this judgment could be a family court judgment..."

      Your investigative powers are astounding given the very first line of the article was this:

      Concerns have been raised over a judge's use of his personal email address to send out a ruling in a family court case, which contained sensitive personal information.

  11. Anonymous Coward
    Anonymous Coward

    > This article raises a number of concerns and questions. The fact that the article references sensitive personal data indicates that this judgment could be a family court judgment

    No it doesn't. Sensitive Personal Information (SPI) also includes information relating to commission of a crime, medical data, sexuality, union membership etc.

    So it could be any court.

  12. adam payne

    When I read the title I thought it was going to be another AOL account.

    I thought all the criminal justice system had a secure email system that they had to use.

  13. Bob Hoskins
    Mushroom

    This is clearly the end of the world as we know it

    This guy might as well have been peddling illegal pornography! Meanwhile it was unencrypted on his hard and that of the recipient.

  14. Paratrooping Parrot
    Headmaster

    An idea

    Why don't they have specific training and certification for those who are doing things like health or social or judicial work on using the computer systems? This way they can be approved to use said systems and it can be definitely known that they know how to use the computer systems required.

    The judge or healthcare professional will know not to use hotmail or whatever.

    1. storner
      Unhappy

      Re: An idea

      They were called "secretaries" in the good old days. They are all gone now, thanks to the beancounters and efficiency experts.

  15. Anonymous Coward
    Anonymous Coward

    Many legal people are hide-bound

    So many law firms regularly send confidential stuff in plaintext. Their rationale is that it is marked "privilged & confidential" so encryption not needed. This may give some protection over introducing the contents in court but, of course, says nought about damage outside court. (Sigh)

    1. jabuzz

      Re: Many legal people are hide-bound

      The way it works is like this. Lets assume you get some confidential information wrongly via email that has those sorts of legal warning things. Lets assume to make this example easier to understand it included the details of a divorce settlement for a premier league footballer. You think to yourself I can get some money for this and ring up "The Sun" offering to sell the information you have come by to them. You think that you didn't ask for it be sent, you did nothing illegal to obtain it so no come back when you convey that information to a third party. Problem is you would be dead wrong and your life could now be made a complete misery. At least that is what my brother has told me and he is a Judge.

      Oh and few things here the court email system is actually crappy IMHO, and my personal email server which my brother (along with the rest of the family) uses but not for court stuff is not crappy being a fully patched and secured CentOS7 Postfix/Dovecot based system. Not everyone running a home email system is incompetent. Heck to get working secure remote email sending I *HAVE* to run my own email system because Plusnets SMTP servers don't understand secure authentication!!!!!

  16. JimmyPage Silver badge
    Stop

    Elephant in the room ...

    if one judge has be *caught* doing it, there stands a good chance there are a greater number who haven't been caught yet. (The iceberg view)

    This leads on to the much more worrying suggestion that some judges might be communicating behind the court (or more precisely one party in the court)s back.

    Or don't we care about justice being seen to be done anymore ?

    1. Peter2 Silver badge

      Re: Elephant in the room ...

      The judge is the court in family cases. No jury involved.

      And look, he emailed the draft and final judgements instead of having his clerk print them and posting them snail mail by second class post two weeks later. This is not a case of there being a miscarriage of justice. Nobody is even alleging that.

      Frankly, I think that most people with contact with a court would rather that the judge be able to email judgements quickly, preferably in a more regular noreply@ email address that's not monitored by anybody to prevent any accusation of wrongdoing.

      If one party wants to communicate behind the other parties back then you quietly have a word with the judge, and don't leave records of it. You wouldn't do it in writing, and definitely not by email.

  17. Stevie

    Bah!

    Oh dear.

    The problem is that non-techies (and increasing numbers of techies who are "in the zone") are not really thinking about the technology they are using. To paraphrase Mr Jobs, when they are using email "they just want it to work". Hence all the illicit Blackberries in Congress.

    The convenience blinds them to the danger. We all do stuff like this. Poke a knife in the toaster while it's plugged in. Drive with the tax disc out. Put off rewiring the house because you can't smell fizzing wire today and there's the roof to fix. Some of us even admit to doing so. Doesn't make you stupid, just distracted. That can kill you, but hey-ho, that's the human condition.

    What a shame we don't routinely encrypt everything so there would be no harm, no foul.

    1. Doctor Syntax Silver badge

      Re: Bah!

      "Drive with the tax disc out."

      Tax disc?

  18. theyellowbear

    But... Hillary said it was O.K.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like