Why is the US Government Allowed to Legally Read Private Emails Abroad?

A couple months ago, Kyle Gonzales showed us the loophole the US government is using to access some of the "privately stored" digital data of its citizens. Unfortunately, it's not just US citizens that have to watch out for Uncle Sam.

As you'll soon discover, prying eyes are looking far beyond their borders, even across oceans...

US Patriot Act: Not Just for Americans

Could US law enforcement authorities be reading the private e-mail of Australians in their own country? They absolutely can! ... and more.

Being thousands of miles away from the mainland US, Australian citizens and businesses who host their website or have their e-mail service with what they believe to be an 'Australian company' may think they are safe from US law. Not so fast... A report from the website "Image & Data Manager" is raising the alarm on a new privacy threat. US Internet service providers are expanding their presence into the country and bringing US laws like the US Patriot Act along with it.

This quote from the article sums up the concern:

"Many businesses have assumed that a local data centre, even if owned by an offshore provider, is enough to avoid data sovereignty issues," said Peter James, Managing Director at Ninefold. "However, data stored in an Australian data centre owned by a provider headquartered in the US would face the same exposure to The US Patriot Act - and wider US law - as if it were stored in California."

It is great that entities in other countries are starting to see the issue with these entangling, privacy-stealing laws. Australian businesses are now in a position where they need to steer clear of using services from companies who are either owned - or host data - in the US, otherwise they may violate the privacy laws in their own home country.

Unfortunately, even individual Australians need to be aware of these issues, or else their data might get swept up in the far-reaching net of US laws.

Take for example Australian e-mail provider Fastmail.fm. The company was started by Australians and is still run in Australia (although now owned by Opera, a Norwegian company), but hosts their servers in New York City. This puts all of the e-mail content, account information, and more under the jurisdiction of the US Patriot Act and other US laws. An Australian could sign up for e-mail service from an Australian company and, without knowing it, be handing over their data to US authorities to read at their convenience.

Privacy Laws and US Patriot Act Face Off in Canada

But Australia isn't the only country affected. Canada, America's "neighbor to the north", also encountered this problem earlier on. A report compiled by Torys LLP in Toronto noted that Canadian companies who store data in the US (or share it with US companies) would be placing that data under the jurisdiction of the US Patriot Act, causing them to violate Canadian Privacy Laws. From the report:

"While the risk of access by U.S. authorities has always been present, the introduction of U.S. anti-terrorism legislation has raised concerns about the increasing ease and secrecy of that access, as well as its interaction with Canada's privacy laws."

Another good report, written by the Information & Privacy Commissioner for the Province of British Columbia, shows that government officials in Canada are seeing this as well. This report is unique in that it is one of only a few written by government officials which addresses the implications to foreign citizens when their data is located in the US, or held by a US company in a foreign country. From the report:

"Much of the discomfort voiced about the implications of the USA Patriot Act for Canadians can be attributed to the fact that there currently exists such disparity between the American and Canadian approaches to privacy. Moreover, regardless of which approach one favours-stringent laws or very little law at all-the rules must be clear and clearly understood. As a result of the disparity, Canadian personal information flowing across the border into the US does not always meet with the same standards for protection that we have come to expect [in Canada]."

This is a key point.

If you live in a country that puts a high value on privacy, that country will often have strong laws to protect that privacy. Unfortunately, you lose the protection of those laws by willingly placing your data in a jurisdiction which places much less value on your privacy (such as the US). Thank you US Patriot Act.

Next Steps

What should you take away from all this? Well, regardless of the country you're from, ask the following questions about your current email provider (or any email provider you are considering):

  • Is the provider a US company or owned by a US company?
  • Is any of the data you will be storing with the provider located on systems within any territory of the US?

If the answer to either of these questions is "yes", then your data WILL be under the jurisdiction of laws like the Patriot Act. So unless you are interested in giving US authorities a virtual open door to your data, you may want to look elsewhere for another provider.

[If you don't have a strategy for dealing with the dangers of the online world, download our Online Privacy report, which will share some common sense steps you can take to protect yourself and your family from the dark side of the Internet. Available to International Man Network Members. If you are not yet a member, you can join here.]

About the Author: Kyle Gonzales is a self-taught, self-made business professional with 13 years of experience in the IT industry. Over that time, he has assumed leadership positions ranging from corporate networking to technical sales. In 2011 he launched JumpShip Services, a firm that offers "multi-flagged" e-mail solutions that offer enhanced security, privacy and peace of mind for your digital communications.

Tags: privacy, digital diversification,