Planting Other Flags

  • Electronic Flags
  • Contrary to popular belief, use of the Internet is anything but anonymous. In fact, without appropriate safeguards, everything you do can be tracked and traced right to you: every (private) e-mail you send, every web site you visit, every YouTube video you watch.

    This is information that can then be used against you in legal proceedings, by identity thieves and/or by advertisers who custom tailor the ads you see.

    That's why it's critically important to protect yourself online. And diversification can play a part. Consider that many of those who are planning a multiple flags lifestyle, who want to go "offshore"; who want to get a second passport in order to travel more freely; who want more freedom, more privacy, and less interference from their government. Amazingly, many of these people investigate their options by sending out email inquires using their free US-based e-mail account, or their local ISP e-mail service.

    Perhaps they do not realize that the Internet has seen some of the highest level of government intrusion in the English-speaking world. We hear about Internet filtering and censorship from the "evil" government of China. However, we rarely hear about the same filtering being done in New Zealand or Australia, both supposedly free and democratic nations. We shake our heads in disgust at the widespread Internet monitoring being done in Russia, while remaining unaware or blissfully ignorant of the very same Internet monitoring being done by the US government.

    Perhaps they are not aware that many of the free e-mail services they use are complicit in the governments' monitoring schemes. AT&T's involvement with the NSA, allowing the spy agency nearly unlimited access to their network, is well documented. European ISPs are being called "the new secret police" for their governments.

    The bottom line is that: Using an e-mail account based in the US, UK, EU, or any other country with a "western government" is basically the same as sending every single piece of your confidential information through the mail written on a postcard for everyone to see - your mailman, your nosy neighbor, everyone.

    And in this case, "everyone" includes governments that store and monitor virtually every piece of e-mail you send, advertising companies that 'read' through your messages looking for information to customize the advertising you receive, not to mention other malicious forces that would love to steal your identity for ill-gotten gains. Needless to say, if you're looking for "freedom in an unfree world" - as least when it comes to e-mail privacy, you need to go overseas. You need to internationalize your inbox.

    • Privacy: Not all jurisdictions are as flippant about your privacy as the US and other Western countries are. For instance, Swiss Internet privacy laws and the actions of its government to protect privacy online have been strong. In 2009, the Swiss Federal Data Protection and Information Commissioner prevented Google from implementing their Street View feature on privacy grounds. In 2010, the Swiss High Court ruled that a user's IP address is personal information and is protected by their strict privacy laws.
    • There are other jurisdictions that have strong privacy laws when it comes to digital content, but Switzerland is very good.
    • Legal Protection: When the government wants to get information about you from a domestic ISP or e-mail provider, they simply go straight to the provider with a subpoena that is often secret. You don't even know the government is investigating you. We saw an example of this with a subpoena to Twitter that was made public. When your e-mail is hosted in a foreign jurisdiction, however, things become more interesting. The domestic law enforcement agency must now work through the foreign legal system to serve the subpoena. While many governments have a Mutual Legal Assistance Treaty (MLAT) in force, this does not make the subpoena automatic. The foreign government may decide to block the subpoena. The e-mail provider can fight the subpoena using the laws in the jurisdiction where the data is located. In some cases, additionally in the jurisdiction where the provider is incorporated. This is rarely a private affair, especially in a country with strong privacy laws.

    Email Muliple Flag solutions

    • Encrypted E-mail Service ?
    • Some people believe that if you want real privacy, you need a service that will encrypt your e-mail for you. There are overseas e-mail services that will do this for you, like Hushmail. But encryption itself is not a protection against federal governments. The US government has proven at least twice that it can and will get access to the customer data of these sorts of services. Additionally, Hushmail is now associated with an NSA whistleblower and drug dealers. While you may see no issues with these activities, it puts the service and those who use it in the crosshairs of the law enforcement entities in which these activities are illegal.

    • Anonymous Overseas E-mail Service?
    • There are even more people who believe the only real way to get privacy is to use a service that anonymizes all the information about the customer's e-mail. Scrubbing headers, removing names, using pseudonyms, etc. There are completely legitimate reasons why someone may want to use this type of service. Here are some examples provided by one provider, AnonymousSpeech:
      • express your political standpoint anonymously
      • anonymously report fraud
      • anonymously report sensitive information to the media

      These are all great and legitimate reasons. However, it's also not what you might want to be doing with your regular e-mail account. Especially if you are a professional who is trying to build your name and reputation.

    • The ideal private e-mail service
      • Fully Diversified
      • It might sound strange, but you'll want to check and see if your e-mail provider is really diversified. Fastmail.fm is a good example. It's an Australian based e-mail provider owned by Opera Software, a Norwegian corporation. Fastmail.fm provides a very good, robust e-mail service at a good price. And given that they are based in Australia and the company that owns them is based in Norway, they must be offshore, right? WRONG.

        According to Fastmail.fm's website: "Our main servers are located at NYI in New York City, USA." So if you use Fastmail.fm as your e-mail service, your money might be going overseas, but your e-mail stays under the jurisdiction of US law. The reverse is also true: US corporations may host data outside of the US, but that data is still covered by US law. Even Microsoft has admitted as much, in regards to their European cloud. So if either the company or the servers are based in the US, the data on the servers, including your e-mail, will be under US jurisdiction.

        You will want to check both the jurisdiction of incorporation and where the servers/data are located in order to make sure that the provider you choose is actually diversified appropriately for your internationalization needs. Regardless of where you live, neither part of your chosen provider should be located in the European Union or in the United States. If either part is, you are subject to laws like the Patriot Act in the US, or the data retention policies that the EU has implemented.

        Just as you look to plant multiple flags to reduce risk, your e-mail provider can do so as well. A provider who has distributed their business internationally is better able to cope if any given jurisdiction becomes unfavorable. Consider for example, the email service Jumpmail, who's business is internationally diversified. Their parent company is incorporated in Hong Kong. Their servers are based in Switzerland. Their domain name services are provisioned in Canada. Their domain name's TLD is in Colombia. And they use a service in Israel for secure certificates.

      • Know Who You Are Doing Business With
      • Trust is a big factor when evaluating any provider. This is no exception. See if you can find out who the directors/owners are, and if they are involved in the internationalization community. Get references from people you trust.

      • Security is key
      • E-mail is a big target for hackers, professional and otherwise. Ensure the service you choose is serious about security. Check for any information about security steps they take and any audits to which they have subjected themselves.

        Using Jumpmail as an example again, they use a base system (Enterprise Linux) that is known for its reliability and actively update systems to keep it that way. They enable Security Enhanced Linux (SELinux), the same strong security feature used in military and intelligence systems, to protect every part of the system. Like the bulkheads on a ship, SELinux defends against attacks and isolates parts of the system if a compromise occurs. They get third-party verification in the form of a security audit to make sure we have not missed anything.

        If you haven't already, review your existing provider. Does it have the attributes required to be considered a secure and private e-mail system? Or, is there something that might make your personal and business communications public knowledge? If so, consider explore planting an email flag.