Behind Simple CEO's email snafu is a larger problem with web security
Everyone has sent a message to the wrong person at some point in their lives. Maybe they sent a particularly salacious text message to their mother instead of their significant other. Maybe they accidentally sent their boss a raging rant in an instant message meant for a co-worker. Or maybe they sent an email meant for one of their employees to a journalist with the same name.
That's what happened when Joshua Reich, the chief executive of the Simple banking startup, ended up sending a board presentation to a Quartz reporter instead of his newest employee. The email revealed Simple's difficulty with attracting new users to its service -- a problem that many companies do everything they can to prevent journalists and consumers from learning.
That mistake was quickly managed with an open-and-shut blog post explaining Simple's goals for the future and, hopefully, a sense of paranoia that will make Reich triple-check the address on any email containing sensitive information meant for his company's board of directors. But this snafu is still a good reminder that sending an email might be harder than people think, or at least it must be, given the number of email-related fuck-ups that have happened recently.
Consider the city employee who sent the names, addresses, and social security numbers of 300 retired police officers and their dependents to another retired officer in March. The problem? All of that information was mistakenly added to an email with a single attachment. That news followed other examples of technical illiteracy threatening privacy, as I wrote at the time:
All of these problems were caused or perpetuated by technical ignorance. That’s what allowed Apple to patch such a serious vulnerability without significant public backlash. It’s what convinced Twitter users that they could share information without having to worry about anyone outside their intended audience seeing it, even though it’s a public network. And it’s what compromised the privacy of many retired police officers and their families because Syracuse didn’t safeguard their data or teach city employees how to properly send emails.
This isn’t a small problem in a small city – it’s the latest example where having little regard for how technology works is dangerous not just for the people making or using it, but for many others. Or consider the mistake that led New York's health insurance marketplace to reveal the email addresses -- and, in many cases, the names -- of hundreds of people who visited its site later in March. Marci Natale, the deputy director of the New York Department of Health’s public affairs group, confirmed the leak in a statement to Pando, as I reported at the time:
A reminder e-mail to a small group of individuals from NY State of Health regarding the up-coming March 31st enrollment deadline for selecting a health insurance plan inadvertently included the e-mail addresses of the addressees. Other than the email addresses, no identifying information was included in the email. We have investigated the cause of this error and have taken steps to prevent it from occurring again.There's got to be a way to make sure that people aren't accidentally compromising the personal information of retired public employees, revealing the names of people shopping around for health insurance, or mistakenly sending confidential information to reporters. (Note the mistakenly there -- I, obviously, am in full support of people intentionally leaking information about their companies to, oh, I don't know, firstname.lastname@example.org, for example.)
Maybe Clippy, the infamous assistant from earlier versions of Microsoft Word, could make a comeback. He could say things like "You're making it easy to find retired police officers who might have a few people wondering where they live so they can exact revenge, would you like to not screw them over by removing this attachment?" or "Are you sure that you want to make this sensitive document available to someone who will report the shit out of it, especially since you're the chief executive of a company that was acquired for $117 million earlier this year?"
Those might be some ultra-specific examples, but I think you take my point. After all, Gmail already warns you when you send an email with the word "attached" that contains no attachment. Email is apparently too damned hard for most people to understand, so it's about time we all got some supervision. Privacy, or at least some semblance of it, depends on it.
[Image via Circuitry Solution]