Last month, a Wyoming bank employee was routinely emailing some loan documents to a customer’s personal Gmail account. It sounds like a simple enough task, yet somehow the employee made an enormous error.
Not only did he erroneously attach a file to the email that included the names, addresses, tax IDs, and loan information for 1,325 customers, but he sent it to the wrong Gmail address!
We’ve all been there… victims of our own fat-finger negligence– good intentions gone horribly wrong because our technology moves so quickly.
And so, with pulse pounding and panic setting in, the bank employee immediately sent a follow-up email to the mistaken address, pleading with the account owner to delete the sensitive data and contact him as soon as possible. And then he waited…
After several days had passed without response, the bank contacted Google for help. They wanted information about the unintended email recipient– is the Gmail account even active? What is the account holder’s name? Would Google take steps to ensure that the confidential information is not open or disclosed?
Google refused to comply without a court order, so the bank sued… and in this particular case the wheels of justice moved rather swiftly– within a few weeks, US District Judge James Ware ordered Google to temporarily deactivate the recipient’s Gmail account and disclose information about the account to the court and to the bank.
Days later, Google and the bank jointly announced that the issue had been resolved… but because of the court order, the user’s email account has to remain deactivated until the judge hears the case again on October 5th.
I read through the case files with great interest because, frankly I was disgusted that ‘the honorable’ Mr. Ware could compel Google to deactivate an individual’s email account.
Sure, the bank employee made an unfortunate mistake. But email accounts are deeply personal, even more than physical home mailboxes. I wondered if the employee had accidentally put a physical package in the mail to the wrong mailing address, would a federal judge direct FBI agents to beat down the recipient’s door?
Doubtful. Rather the judge would have told the bank, “Sorry guys, but you’d better start notifying customers of the security breach pronto.”
Advances in technology have a significant impact on the world; as I am fond of saying, technology is key economic growth engines over the long-term. But governments and regulatory authorities have a bad habit of abusing the ease and comforts that technology provides as a means to erode personal privacy.
Email usage, web searches, e-commerce, credit cards, etc. all make life easier and more convenient for consumers. They also make it easier for the government to keep tabs on our activity and whereabouts– and as this Google case demonstrates, the burden of proof required to violate an individual’s electronic privacy is quite low.
To take a page from WG Hill’s ‘Three Flags’ approach, I believe wholeheartedly in spreading one’s sovereign risk among different jurisdictions– establishing residency in a country that values foreign visitors, while maintaining citizenship in a country that doesn’t tax worldwide income and basing assets in yet another no-tax/low-tax jurisdiction.
To this approach, however, I would add another ‘flag’: jurisdictions in which an individual should base sensitive and electronic assets. The goal is to ensure that the computer server where your email is hosted, as well as the company which owns/manages the servers, are both outside of your country of residence and citizenship.
Clearly there is going to be some element of counterparty risk in any transaction that involves more than one person; but if the Gmail recipient had been using an email account in, say, Singapore or Switzerland, the chances of a foreign judge ordering the account to be deactivated are slim to none… and slim’s out of town.
Below I provide a links to a few offshore email providers whose servers are located overseas. With a properly configured account, you can switch to an offshore provider and still keep your existing email address:
Neobox- http://www.neomailbox.com (Netherlands)
e-mail.ph- http://www.e-mail.ph (Philippines)
HongKong Mail- http://www.mymailhk.com (Hong Kong)
mBox- http://www.mbox.com.sg (Singapore)
Green- http://www.mails.ch (Switzerland)
Swiss Mail- http://www.swissmail.org (Switzerland)
Remember, using these providers decreases the likelihood of your email account being confiscated or deactivated by your home government– offshore email hosting does not guarantee privacy or security unless you use encryption schemes (to be discussed in the future).
If you have suggestions for other providers, please let me know.