A $1 Billion Email Gaffe 314
Jake writes in with the story behind an explosive NYTimes scoop last week. It seems that the Times's pharmaceutical industry reporter, Alex Berenson, scored a page-one blockbuster when he revealed that Eli Lilly was looking to reach a settlement with federal prosecutors over the company's alleged inappropriate marketing of anti-psychotic drug Zyprexa. A settlement figure of $1 billion was mentioned. This scoop dropped into Berenson's inbox when a lawyer for one of Lilly's retained firms mis-addressed an email to a colleague with the same last name as that of the Times reporter. Some online observers are speculating that auto-complete is to blame, but this has not been confirmed.
Update: 02/08 17:19 GMT by KD : Jake writes in with an update: it seems that while Berenson did receive a misdirected e-mail from Pepper Hamilton, that e-mail did not contain a detailed description of the status of the Eli Lilly settlement talks. Berenson got his story from other sources.
Update: 02/08 17:19 GMT by KD : Jake writes in with an update: it seems that while Berenson did receive a misdirected e-mail from Pepper Hamilton, that e-mail did not contain a detailed description of the status of the Eli Lilly settlement talks. Berenson got his story from other sources.
auto-complete is at fault? (Score:5, Insightful)
I don't know what Eli Lilly's lawyers charge (Score:5, Insightful)
It's funny, you know ... (Score:5, Insightful)
Huh. I'll bet they will now.
Um, no. (Score:5, Insightful)
As I tried to explain to one of the Three Letter Acronyms of our company this morning, "Auto-Complete" is not to blame. "Not Paying Attention" is to blame. If you can't be bothered to look at who you are sending stuff like this to, then please step back from the computer and have someone else handle complicated things like email for you.
Surely if you are doing billion dollar deals then you can afford to hire someone capable of working a keyboard without embarrassing him or herself.
Re:Very Nasty Stuff (Score:2, Insightful)
Re:auto-complete is at fault? (Score:4, Insightful)
My current peeve in this area is my cellphone directory. Every entry is in the same huge list, which means I have to thumb carefully past people I definitely *don't* want to call by accident (but still need to have in my book). The lame workaround is to use an alphabetic prefix to move important people to the top of the list, take-out restaurants to the bottom, etc. Is this really the 21st century?
Re:auto-complete is at fault? (Score:5, Insightful)
If someone emails me something and then whines about what I do with it, perhaps they should have come to me first and said "I'm sending you (x), but if I do, will you not do (y) with it?" and then only sent it after I agreed? THAT would be enforceable.
The lawyer is SOL.
Re:Um, no. (Score:4, Insightful)
Agreed.
"Not Paying Attention" is to blame.
Yes, but mistakes happen. You can't just tell people 'pay more attention' and expect that to solve all problems.
If you can't be bothered to look at who you are sending stuff like this to, then please step back from the computer and have someone else handle complicated things like email for you.
Surely if you are doing billion dollar deals then you can afford to hire someone capable of working a keyboard without embarrassing him or herself.
The sarcasm was unwarranted, but the idea is right. If you are dealing with really sensitive material, it should be vetted by a 2nd set of eyes before its released.
And in any case it holds it in the outbox for 5 minutes before actually sending, so if you have one of those... "push send... oh shit"... moments you can still stop it from being sent.
And maybe something can be done at the software level, like a custom email client that requires you enter a passphrase that encrypts the email . The software won't send without a passphrase, and the recipient must know the passphrase to open the email. Each case file would have its own passphrase, and the case file is included in the message. So if the email reached the wrong recipient they wouldn't know the passphrase and couldn't read the message.
You could speed the process up by maintaining a dictionary of cases and passphrases, and let the recipients automatically open any email in the passphrase dictionary, and rather then enter a passphrase have them enter a case number. So, anyone involved with the case would have to add the passphrase-case number pair to their dictionary just once.
Its not bullet proof... I'm sure better solutions exist. but it would be more effective at dealing with this sort of mistake than either 'typing in the address each time', or 'yelling pay more attention' at people.
You'd use a separate email program entirely for casual non-sensitive communication with your family, friends, reporters, your chauffer, dog groomer, and staples representative...
Re:WARNING: GNAA (Score:3, Insightful)
Re:It's funny, you know ... (Score:3, Insightful)
If the lawyer had been encrypting his messages, his email would have automagically used the specified recipient's public key, just as it automagically used the specified recipient's email address. So the reporter would still have gotten the leak — but it would be a secure leak!
Note that I hate the cutesy cliche word "automagically". But it serves a certain sarcastic purpose in this context!
Re:auto-complete is at fault? (Score:4, Insightful)
I routinely send emails to a member of my team named David. At some point a few months ago I emailed another person named David. Guess which one Outlook always autocompletes to, forcing me to arrow down to pick the correct one? I've sent a couple of (innocuous) emails to the other David when I forgot about this 'feature'.
You'd think any sensible autocomplete feature would remember your last selection for the same string, or at least make the default choice the most recently emailed match.
Re:I advised my attorney to encrypt (Score:4, Insightful)
In the opinion of several lawyer friends I've asked about this one, that's wrong, too. Oh, and I mean factually, not ethically. It sounds like there is at least some credibility in some jurisdictions if you have a notice *before* the rest of the content, but all these corporate types appending legalese essays to the end of every outgoing message are just jumping on a bandwagon with no wheels.
No, I'm not going to tell you who my lawyer friends are or the jurisdictions in which they practise. Yes, if you take anything you read on Slashdot as legal advice, you're a fool. No, I am not a lawyer myself.
Re:Very Nasty Stuff (Score:2, Insightful)
This just might be because a large number of people go to a psychiatrist after their psychologist refers them to a psychiatrist. The psychologist (or better in conjunction with the patient) has decided that MAYBE you do need meds, and the psychologist can't prescribe them. A lot of people make use of both a psychiatrist and a psychologist, typically with the psychiatrist as a secondary specialist and the psychologist as the primary. One is not a replacement for the other, different approaches, both effective when used together. Worst thing to do is badger your primary general doc into prescribing some of these things without interacting with a psychologist or a psychiatrist, that gets done a lot and is pretty much the worst of all (and accounts for a lot of the ADD overprescription). Not that I think there aren't a lot of people who go to a psychiatrist and get an unnecessary prescription, but the problem isn't entirely where you're placing it.
Since when did Tom Cruise start reading Slashdot (ducks)
-sk
Re:The best part is, (Score:5, Insightful)
That pretty much assumes that the encryption is done out of band. Personally, most usable variants of email encryption are handled by the client itself (at least as an initiant). At some point, when you select "Jim Smith" as the intended recipient, you have to expect that it will be delivered to "Jim Smith" in a format that he can open, regardless of any interim encryption. This might involve encoding it with his public key, but that wouldn't help the fact that you meant to send it to "Jan Smythe" now would it?
Any more intrusive method just wouldn't be used in the real world, since the hugely vast majority of all emails are actually intended to be read by the person that the author listed in the "To:" field. Any kind of catch-all solution smacks of vistaNag.
Get Over It (Score:3, Insightful)
This is exactly why Scott's idea isn't entirely a bad thing. The fact is, there is a certain amount of parity.
You and I don't necessarily have privacy from Eli Lilly Corporation should it try to profile things about us in order to make up a more compelling lie to get us to try its products.
But, much to its surprise, Lilly doesn't have privacy either as it tries to negotiate an enormous payoff to the government to escape the consequences of one of its screw-ups.
The dystopia is clearly the idea that consumers and citizens are helpless pawns of the big corporations who can skilfully control outcomes to be anything they want, by controlling their messages and carefully monitoring what people are thinking. They'd get away with murder, because they could always tell what's going to be deemed acceptable and what has to be covered up.
The reality and the counterbalance is: it will always be possible to catch information that's off-message when it slips through holes like this one, and that opens up the controlling corporation to the force of public opinion.
They don't have privacy either. If they insist on being monsters- opportunities will arise to bring that to light.
Keep the parity. Make sure these entities remain vulnerable to mistakes of this nature. If they arranged it so that if you publicised the leak you were sent to Guatanamo Bay, it would be quite the chilling effect- you've got to protect freedom of speech w.r.t. stuff that's accidentally leaked. The burden of self-protection has to stay on the company's side, they can't make it your responsibility to not reveal their shattering secrets when you're not actually part of their organization, or might actually be their enemy.
Give me a blame break (Score:2, Insightful)
Re:WARNING: GNAA (Score:4, Insightful)
Re:Very Nasty Stuff (Score:1, Insightful)
I was on this terrible crap for a while...after 2 weeks I had gained 15 pounds (not exaggerating).
My brother also gained a lot of weight on psych meds. You know what though? It sure beats locking himself in a bathroom for four days (really happened), throwing out every article of clothing he owned, including what he was currently wearing, leaving him literally without a shred of clothing to his name (really happened), and several other things which are far, far worse, if you can imagine.
I myself took Paxil ten years ago and chose to stop because of side effects. I had some nausea, shaky hands, chills, and loss of appetite. Big fucking deal. But that was my choice. My brother has his choice, and he chooses to endure some weight gain and other side effects in exchange for, I don't know, not randomly murdering people. He was fully and completely informed about these side effects before taking the drugs. How about you stay out of other people's horrific personal hells and let them deal with it how they see fit?