Can I reclaim ex employee gmail account?

Question

This is the best place in SE I can find to post this.

We have an ex employee who created a gmail account for work purposes that looks like staff_name.company_name@gmail.com

He left the company and refuses to surrender the password to the account. Do we, the company, have the legal rights to stop him from using the account? Or do we have to wait until he actually intentionally misrepresent our company before we can take action against him?

EDIT:

This email account came about because he is one guy who travels around. At one time when he needed to send an important email, he could not access his fname.lname@company.com email. So he went ahead to create that gmail account to finish the job. Since it was an important email that had to go out, nobody frowned upon that and the gmail account continues to be in use. Now that things turned sour, we realized we could not do anything.

Maybe the moral of story is: His dedication to service excellence was admirable, but we should not allow it to happen at the expense of IT security.

Could you please add to your question which country you're in? Laws vary by jurisdiction. Thanks :) — , May 27 '11 at 08:00
I don't think you can prevent misrepresentation by having him give up this account. Another similar account is easily created. Make sure his clients know he has left your company, so they won't be confused when receiving e-mail from him. — beetstra, May 27 '11 at 10:32
@Graham, the OP appears to be from Singapore. I would be presumptuous though in stating that the laws of Singapore would apply to this case. — Vineet Reynolds, May 27 '11 at 12:36
Is that email naming pattern standard practice at your company? It *might* make a difference. Though it would be hardly be a "best practice" as The Learner notes. — nealmcb, May 27 '11 at 13:20
@nealmcb kindly see my edited post. that naming is not a standard for we have our own email domain. but our skype accounts are in the form staffname_companyname — Jake, May 27 '11 at 17:12
I know i'm not directly talking on the point but just wanted people to make note of. This is one of the few very good reasons why small corporates(who cannot afford email servers) can use google apps(gmail to be specific). which can easily tackle these kind of annoying problems. if you do not want the employee to use the email, you can take him down with a click of a button. — Karthik, May 27 '11 at 11:41
Even if you don't use customized Google Apps, you can easily buy a package comprising domain name + e-mail redirections nowadays (some are under EUR 10 / year, for example). The redirections will work fine with normal GMail accounts, or any other provider for that matter, and the company can stop the redirections with a click of a button indeed. — Bruno, May 27 '11 at 14:45
"_refuses to surrender the password to the account._" for which reasons? — curiousguy, Oct 21 '11 at 14:04
All Gmail accounts are property of Google according to : http://news.cnet.com/2010-1036_3-5214467.html — Jeff Burdges, Dec 12 '11 at 06:29
Can you tell me the outcome of this? We are in Wisconsin and having a very similar situation with someone we fired. Did you get the account back? Go to court? Etc? — , Dec 12 '11 at 03:42
@Chris Not-so-ethical, but this is it: right till the end, he was unwilling to surrender the password to the account. but our IT somehow managed to harvest the password from the company laptop that he used to log in and then we talk him into closing the account. — Jake, Dec 12 '11 at 07:27
@Jeff-Burdges, I've read article you linked but it does not tell that "Gmail accounts are property of Google". It tells that GMail addresses are property of GMail what is IMO banality since gmail.com is probably owned or rented by Google — Gennady Vanin Геннадий Ванин, Jan 20 '12 at 16:36
@Jake, the Questioner, by your logic, If I create WebMAOhist.Russia@gmail.com account then my account belongs to Russian Federation???? and if WebMAOhist.Putin@gmail.com then to Putin? — Gennady Vanin Геннадий Ванин, Jan 20 '12 at 17:24
@WebMAOhist That's your logic, not mine. And according to your logic, company_name belongs to a single owner and is an international trademark and have copyrights. Certain communications via this label may constitute representation. However, Russia and last name Putin (I assume it is?), are essentially public so I don't think there will be a problem with that. — Jake, Jan 23 '12 at 14:15

Vineet Reynolds · Accepted Answer · 2011-05-29T21:36:45.550

8

Do we, the company, have the legal rights to stop him from using the account?

(Sigh) I'm beginning to recommend lawyers a lot, but this is one of the scenarios where they will help. [Disclaimer: I am not a Lawyer, and this is not legal advice] I'm not sure what the laws are in your jurisdiction, but this appears to be a case of withholding one of the following

access to the account; this point is not cut and dry. If the employee created this account for a one-off scenario, then it depends on the laws of the land (and the interpretation) of the courts, as to how this account could be treated as belonging to the company due to its prolonged use.
work created for hire or any other materials that belong to the company (if it is resident in that account). If you do have an employment agreement that stipulates how the company owns any material created on company time, along with an agreement that also stipulates how such materials ought to be relinquished by employees on resignation, then a lawyer would be able to aid in your next course of action.

Ultimately there ought to be applicable laws for this scenario and my advice in earnest, is to speak to your lawyer on this.

More importantly, I think you ought to establish procedures for handling termination of employment. If they do not exist, establish them. But stating what measures ought to be established, is probably beyond the scope of IT Security or Application Security.

However, there are few points where your IT department (if it exists) can help. Critical accounts (e-mail accounts, NTLM/Kerberos accounts and others like your accounts with Domain Registrars) should ideally have a fail-safe mechanism to ensure that you can regain control of the account, or terminate access to the account if no longer required. In some cases, this would mean that you would have to run your own software (like an Outlook Exchange or Postfix/SendMail server, instead of relying on GMail). In other cases, it would mean that you should have access to a human being on the other side, who can immediately revoke/expire access to compromised accounts or reset passwords to them (to prevent further access by unauthorized people).

edited May 29 '11 at 21:36

answered May 27 '11 at 08:02

Vineet Reynolds

1,246
11
13

2

Sure, worth asking, but nothing in the original question comes under the company or IT remit. Gmail is entirely external to the company, the domain name is just gmail.com etc. – Rory Alsop May 27 '11 at 08:21
2

@Rory, I think you're missing the point that it's not the domain, but the account that could be considered company property (in the same way an account with a Domain Registrar is), and it is up to the courts to determine whether they are company property or not. I haven't seen any caselaw similar to this, and I don't think I'm interested in debating this either. However, I would admit, that this is poor practice to have company accounts on what is essentially an uninterested third-party server. – Vineet Reynolds May 27 '11 at 08:31
@Vineet see my updated answer – Rory Alsop May 27 '11 at 09:16
@Rory, yes, that's what I meant. – Vineet Reynolds May 27 '11 at 09:18
2

@Vineet, Email addresses are not property. This answer is probably bad advice. I suspect trademark or fraud are more likely to be the relevant areas of law. – D.W. May 27 '11 at 16:13
@Vineet. Regarding company property, I actually thought it might be that anything "created" by employee in order to fulfill work requirements can be considered company property. (see edited post). Then if it were considered personal, then it should be de facto that personal email not allow for work purposes. – Jake May 27 '11 at 17:18
@D.W. I've offered advice to go to a lawyer; maybe you should re-read the answer carefully. If you do go through employment contracts and other agreements signed by employers, you'll notice that emails (and all communications sent from company owned machines) are considered property of the company (and prone to monitoring). In this case, the account resides on a different domain, and that's why it isn't cut and dry. If there is data or Intellectual Property in the account that belongs to the company, are you suggesting that the company has no recourse? – Vineet Reynolds May 28 '11 at 05:42
3

@Vineet, I think you're being sloppy or imprecise in your wording. Precision matters in the law. There might be IP rights implicated, but that is different: IP is not property, in the same way as a tangible physical item. Talking about IP as if it were property is sloppy and tends to trigger people's intuition in a misleading way. The legal rights that apply to IP are very different from the legal rights that apply to property. To the original question-asker, I do not recommend relying upon @Vineet's answer. – D.W. May 28 '11 at 19:40
1

@Jake, when people say "your emails are considered company property", they are being sloppy and imprecise. They're trying to communicate a rough concept to a non-lawyer, in one sentence. That characterization of the law is not helpful here and may well be misleading. It is amazing how people who know a teeny bit about the law are often willing to opine confidently about what the law requires. If you needed surgery, you would go to a professional: a doctor who had studied in medical school. If you need legal advice, go to a professional: a lawyer who has studied in law school. – D.W. May 28 '11 at 19:43
@D.W., you need to work on your comprehension skills. Where have stated that Jake should not go to a lawyer. My first paragraph states exactly that. Should I spell it out in precise words for you, in the manner that you desire? As far as IP is concerned, I shall stick to emphasizing the expansion of the term - Intellectual **Property**. Do you see something there, that is contrary to the definition of the word "Property"? – Vineet Reynolds May 29 '11 at 01:01
1

@Vineet, I'm sorry this seems to have upset you. I am not criticizing the part of your answer where you suggest Jake go to a lawyer. I *am* criticizing the part where you write "this appears to be a case of withholding company property and there ought to be applicable laws for this". P.S. Like I wrote, referring to IP (Intellectual Property) as "property" is sloppy, imprecise, and likely to mislead people's intuitions. Writing "property" when you mean "intellectual property" is sloppy, imprecise, and often triggers misleading intuitions. – D.W. May 29 '11 at 21:03
@D.W, I get your point. I've edited my answer. – Vineet Reynolds May 29 '11 at 21:29
2

Email addresses are much more like ordinary property than intellectual property. They're not IP just because they're intangible -- a bank account is intangible, just numbers in a computer, and it's property. Email addresses are something that can only be used by one person and all other uses are conflicting. This is the touchstone of property and the very opposite of IP -- copyrights, patents, and trademarks are all capable of non-conflicting, multi-party use, an email address is not. – David Schwartz Sep 29 '11 at 13:09
1

@VineetReynolds "_you'll notice that emails (and all communications sent from company owned machines) are considered property of the company_" If it is your property, keep it! If you volontarily send emails to people outside of your company, how can you still claim that it's your property? You cannot give me something and at the very same time claim it's your property. That's crazy talk. – curiousguy Oct 21 '11 at 13:47
@David-Schwartz, I wish I could understand what you meant under "Email addresses are something that can only be used by one person". I worked in a public library where all the staff sent and received Emails from the one library public webEmail – Gennady Vanin Геннадий Ванин Jan 20 '12 at 16:53
Besides property (ownership, economic rights), there are also (inalienable/moral) author's rights. The writings, work, etc. can be (owned) property of someone/something else which does not exclude author's rights that are perpetual, inalienable, imprescriptible, unseizable http://www.sacd.fr/Authors-rights-and-their-work.2163.0.html – Gennady Vanin Геннадий Ванин Jan 20 '12 at 17:01
@WebMAOhist I don't know if you're serious or joking. Sure, like all property, an email address can be shared. But special arrangements are needed to ensure the uses don't conflict. If one of the staff members started using the email address to subscribe to lots of mailing lists, there'd be a problem. The difference between regular property and intellectual property is that regular property must be shared while multiple users of the same intellectual property don't directly conflict. (If you want to nitpick my choice of words, fine, but don't say you don't understand what I mean.) – David Schwartz Jan 20 '12 at 21:12
@David Schwartz,1)u imply potential subversive activity which cannot be assumed from such cases by presumption of innocence 2) It is irrelevant to owning addresses. If s.o.'s objective is to do what u wrote, nothing impedes to create non_staff_name.company_name@gmail.com addresses! Nobody would seriously associate it to the company if its name before @ but not after @ 3)Address is not the property 3a)There are no implications of parts of addresses with other possible addresses I once worked in building outside of any street which was named, also, in post-addresses as Sweden,it was in Portugal – Gennady Vanin Геннадий Ванин Jan 21 '12 at 04:01
@WebMAOhist I honestly have no idea what you're talking about. The simple fact is, email address behave like physical objects. If you and I want to use the same email address, we have to coordinate or we conflict. With intellectual property, conflicts don't happen. You can I can both use the same invention or read the same literary work (but not the same *copy* of a work) without conflict or coordination (except for the affect on the market for the work). Email addresses are intangible property, not intellectual property, just like bank accounts. – David Schwartz Jan 21 '12 at 04:30
@David Schwartz, I'm trying hard to understand what you wrote. Nobody can use registered/protected as intellectual property invention without prior explicit consent of its rights-holder though it can be read, studied. Everybody can read any protected literary work, it cannot be reproduced, modified, copied, etc. Why cannot I read the same copy of literary work? I can - over the shoulder, webcamera or at different time – Gennady Vanin Геннадий Ванин Jan 21 '12 at 05:08
@WebMAOhist Exactly, that's the difference between intellectual property and ordinary property. With a car, or a particular copy of a literary work, ordinary property, for two people to use it requires coordination. With a car, we have to arrange times or be going to the same place. With a *copy* of a work, we have to arrange times or be in the same place. By contrast, with intellectual property, no coordination is needed. You can I can both use the same invention or the same literary work (but not the same *copy*) with no need to coordinate and no chance of conflict. – David Schwartz Jan 21 '12 at 05:12
Because an email address acts like a car or a particular copy of a literary work, it's not intellectual property. Two people can't use the same email address unless they cooperate or coordinate, just like two people can't use the same bank account. It's *not* intellectual property, but intangible property. (Again, like a bank account. Not like an invention.) – David Schwartz Jan 21 '12 at 05:13
@David-Schwartz, Any known to me laws and de-facto practices contradict the notion that email address is ordinary property. Can you give any references to support your statement that email addres is property of its user (or rather to override my 1st sentence in this comment)? The property cannot be confiscated without court decision, email addresses can (for spamming or violating ToS), etc. – Gennady Vanin Геннадий Ванин Jan 21 '12 at 05:16
@WebMAOhist You're putting words in my mouth. I never said it was property of its user. – David Schwartz Jan 21 '12 at 05:28

score 5 · Answer 2 · edited Jan 20 '12 at 20:44

5

Currently he is not breaking any laws. You can legally register any name @ gmail.com (barring some offensive ones and a few others - those are prohibited by Google's ToS though, not by law).

Depending on your country, you are likely to have no legal rights to the account either, but would need to rely on local defamation legislation to prosecute if he does misuse the name.

I am not a lawyer, but the above looks valid in most regions.

Edit: after reading again subsequent to Vineet's comment, I think it is not quite so cut and dried.

If you created the account for him then it should be yours, but of course you should have admin access anyway.
If you asked him to create it to use while working for you, it may be debatable.
If he created it personally then my original point stands.

But as everyone says - talk to a lawyer!

edited Jan 20 '12 at 20:44

Iszi

26,997
18
98
163

answered May 27 '11 at 08:02

Rory Alsop

61,367
12
115
320

The other side of this is the question of whether or not company owned data exists on the account. The question about how to handle misrepresentation of affiliation is worth thinking of, but not a pot that *I* want to stir. – Scott Pack May 27 '11 at 12:11
@scott pack in fact we are very keen to come up with a way to monitor this gmail account. but it's bleak at the moment. we still want to think the company owns the gmail account. (see @Vineet above) – Jake May 27 '11 at 17:21
"breaking any laws" is not the question. He might not be breaking any criminal laws, but the company might still have a cause of action against him nonetheless. I think your bottom line is right -- talk to a lawyer -- but I'd question whether the beginning part of your post is good advice. What matters is not how plausible the argument sounds to a non-expert in the law; what matters is what the law says, and what the practical courses of action available to the company may be. – D.W. May 28 '11 at 19:46
@DW - but that's the problem. I could register name_anycompany@gmail.com if I wanted. Gmail jurisdiction for the .com domain is US. The OP is in Singapore - they can't do anything until the guy misuses the email address (fraud or misrepresentation) - as far as I am aware. But I am not a lawyer - I have just been involved in the fallout of a lot of legal cases and follow these things closely. – Rory Alsop May 28 '11 at 20:13
1

_If_ the right to use "staff_name.company_name@gmail.com" is a legal right, then it has a legal owner. Since the right was created/obtained by an employee for company business, presumably while on the company payroll, the owner cannot be the employee personally. It would be property of the company, and refusing to turn over company property after dismissal should be sufficient ground for a civil suit. – MSalters May 31 '11 at 14:40
@MSalters, your logic is fallacy. My private house address bears the name of the city. Then, as soon as I am employed by the city, my house would become the property of the city? Addresses and identifications have nothing to do with property and ownership – Gennady Vanin Геннадий Ванин Jan 20 '12 at 17:55

Jeff Burdges · Answer 3 · 2011-12-12T06:57:33.827

Does anyone besides Google "own" this Gmail account? An email's author retains the copyright, but effectively issues irrevocable licenses when sending the email. But afaik Google own the account itself.

Case 1. Do you need access to the account's contents? If so, you are screwed. Google does not hand over accounts easily. For all Google knows, you might be doing all manor of illegal or immoral things, like exposing a whistle blower, attacking a critic, etc. You could earn yourselves a dishonorable mention on Chilling Effects or Google's Transparency Report for even asking.

Google fought China over Gmail hacking. Google's Transparency Report probably makes the CIA and NSA nervous. Google refuses 7% of law enforcement requests for user data in the U.S. In Singapore, Google refuses fully one quarter of government requests for user data. Isn't happening man.

Case 2. Do you merely need the account terminated? If so, you might convince Google that the account violates their terms of service. I'd consider this too risky myself because they might still post your emails to Chilling Effects. You might be trying to silence a critic after all.

A priori, you're concerned with the ex-employee sending official looking emails, but the employee is concerned with receiving emails from personal correspondences who know that email address. If so, ask him to create another gmail account, forward his emails form this one to that one, so no emails come from this account.

If he still says no, you could search Gmail's Terms of Service for any violations. If you find one, you must still take care when contacting Google. Tell them you just want the account renamed or closed with forwarding to another account. Attach his letter of resignation and post employment correspondences. If they see he left by choice, you'll look less like you're trying to silence a whistle blower or critic.

Just remember that a lawyer cannot help you if a Google search for your company shows this dispute with an ex-employee over their effectively personal email address.

+1 It is not not separate/isolated euther cases Case 1 or Case 2, they are unseparably fused both 1 and 2 and more. From practical pov, the only sound advice is searching for infringement of GMail's ToS. There is no sense to consult lawyers, as Google itself sabotages laws and law enforcement that Google considers to violate its own ToS and p.o.v.s — Gennady Vanin Геннадий Ванин, Jan 20 '12 at 17:14
Google has good reasons for worrying about such things because the world is full of repressive regimes and employers violating laws. "Don't Be Evil" has proven to be quite a commitment, even if they're slack about it. — Jeff Burdges, Jan 20 '12 at 18:45
Well, this point of view is subjective (IMO, this practice is subversive, agitating and destabilizing) and probably should be avoided in this thread. It's not Google's practice There are other reasons and practices when laws are being ignored. Read, e.g.. wiki's [de facto](http://en.wikipedia.org/wiki/De_facto) vs. [de jure](http://en.wikipedia.org/wiki/De_jure), etc. — Gennady Vanin Геннадий Ванин, Jan 21 '12 at 04:28

score 2 · Answer 4 · answered May 27 '11 at 16:15

2

You need to talk to a lawyer. The folks here probably don't know, and don't have experience. Neither do I. You wouldn't ask a lawyer for advice about a technical subject; you shouldn't ask a technologist for advice about the law.

My guess would be that lawyers might look into the areas of trademark (if your company name is trademarked and the ex-employee is using that company name) and fraud (if the ex-employee's continued use the email address is considered deceptive and unfair). But I don't know, and I suspect others here don't know.

In short, talk to a lawyer.

answered May 27 '11 at 16:15

D.W.

98,420
30
267
572

I was hoping to find a "Courtroom" or something on SE initially, but this place is second best like I said in the post. – Jake May 27 '11 at 17:25
3

@Jake, note that you need to talk to a lawyer *with experience on **this** topic* (e.g. there are many who focus on internet law), as this will probably be quite niche, and most lawyers would not be familiar with this. – AviD Jun 05 '11 at 10:35
1

I hate the answers "talk to a lawyer". Lawyers are morons! Besides, I would advice you to read the wiki's definitions of de-facto http://en.wikipedia.org/wiki/De_facto and de-jure http://en.wikipedia.org/wiki/De_jure – Gennady Vanin Геннадий Ванин Jan 20 '12 at 17:03

score 1 · Answer 5 · answered Jan 20 '12 at 19:17

1

If all else fails, have your lawyers make an offer to buy the account from the account holder. A price tag on the account (the one you put on it) determines how valuable it ultimately is to you.

answered Jan 20 '12 at 19:17

adamo

163
9

And tell me about. I'll create a few name.that_company_name@gmail.com addresses too. If to speak seriously, I doubt that it is legal to sell GMail addresses since it is not the property of its holder – Gennady Vanin Геннадий Ванин Jan 21 '12 at 06:16
We've had cybersquatting for DNS for many many years. However, if inflation of email addresses happens the way you suggest, both the price will drop rapidly and this kind of email addresses will not be considered as possibly legitimate by the mail recipients. Or so I hope. – adamo Jan 21 '12 at 06:50

score 1 · Answer 6 · answered Jan 23 '12 at 16:14

Gmail accounts belong to Google. Not to you, not to your ex-employee.

You can ask Google nicely and see what they say. You can also ask Google in a threatening way and see what they say. You can send angry lawyers to ask Google and see what they say.

I'd imagine your best angle is probably to take the trademark confusion route and say that by using your company name in his email address he's confusing people into thinking he represents your company. Though Google may just respond by suspending the account; I doubt they'd turn over to you all of his email.

In the future you can avoid this problem by using Google Apps. It's like Gmail, but your company controls all the accounts.

score 0 · Answer 7 · edited Mar 17 '17 at 10:46

The answer lies in "who created a gmail account".

Were your company created the account (for use by employer), then, IMO, it would have owned it as well as had all the data permitting to identify the original owner permitting to easily (automatically) reclaim the account

Update:
My opinionated synopsis:

the ownership of an address has nothing to do what with ownership and/or authorship of what is under it - content and communication
ownership (economic rights) is unrelated to author's rights. The latter are:
- perpetual,
- inalienable,
- imprescriptible,
- unseizable
Generally, there were and always be differences between
- de facto
  and
- de jure

The existing Google's practice is not governed by laws, so there is no point to send to lawyers.
The GMail account belongs to the one who created it.
The only viable non-criminal way to expropriate it is to contest infringement of GMail's ToS

P.S.
After commenting all posts in this thread, I decided to collect all my comments here in one place:

My comments to original question:
- @Jake, the Questioner, by your logic, If I create WebMAOhist.Russia@gmail.com account then my account belongs to Russian Federation???? and if WebMAOhist.Putin@gmail.com then to Putin?
- "@Jeff-Burdges, I've read article you linked but it does not tell that "Gmail accounts are property of Google". It tells that GMail addresses are property of GMail what is IMO banality since gmail.com is probably owned or rented by Google"
My comments to the answer by @Vineet Reynolds :
- "@David-Schwartz, I wish I could understand what you meant under "Email addresses are something that can only be used by one person". I worked in a public library where all the staff sent and received Emails from the one library public webEmail"
- "Besides, property (ownership, economic rights), there are also (inalienable/moral) author's rights. The writings, work, etc. can be (owned) property of someone/something else which does not exclude author's rights that are perpetual, inalienable, imprescriptible, unseizable "
My comments to the answer by Rory Alsop:
- "@MSalters, your logic is fallacy. My private house address bears the name of the city. Then, as soon as I am employed by the city, my house would become the property of the city? Addresses and identifications have nothing to do with property and ownership"
My comments to answer by @D.W.:
- @D.W., I hate the answers "talk to a lawyer". Lawyers are morons! Besides, I would advice you to read the wiki's definitions of de-facto en.wikipedia.org/wiki/De_facto and de-jure en.wikipedia.org/wiki/De_jure
My comments to answer by Jeff Burdges:
- "+1 It is not not separate/isolated euther cases Case 1 or Case 2, they are unseparably fused both 1 and 2 and more. From practical pov, the only sound advice is searching for infringement of GMail's ToS. There is no sense to consult lawyers, as Google itself sabotages laws and law enforcement that Google considers to violate its own ToS and p.o.v.s"

Can I reclaim ex employee gmail account?

7 Answers7