The Panama papers revelations are worth pondering on many levels. (This Wired article is a good summary.)
My first reaction to the high level tax evasion and corruption allegations was to blanch at the thought that someone had basically given the entire contents of a law firm’s document management system to a third party.
As a lawyer, the fact that law firm files were leaked causes me to wince. After all, solicitor-client privilege is a fundamental tenet of democratic society. Law firms take the security of their files very seriously, and getting access to this information would not be an easy task.
This has parallels to the Snowden leaks. I’ve said before that Snowden should be congratulated, not prosecuted.
But this is not the same.
Snowden leaked information about one government entity. This is a leak with personal, sensitive, and confidential information about thousands of individuals and corporations. Some of the activities exposed by the press are no doubt illegal or unethical, some may raise a debate over were the line should be between tax avoidance and tax evasion, and issues around tax havens in general.
But that does not justify this kind of breach to the press.
Unfortunately this has set a smell test where anyone who has an offshore company, or any business such as a law firm that is involved in their creation, gets unfairly tarred with suspicion.
According to press reports the journalists won’t release the actual documents to respect the privacy of the innocent. That’s good – but that shouldn’t be a decision that a journalist should have to, or should get to make.
Apple fought the FBI to keep phones secure. In that case the end the FBI was seeking did not justify the means. That is largely because it puts the information of everyone using an iPhone at risk. So how is this leak that exposes legal files of thousands of people any different? It seems that one minute we are applauding security and privacy – and yet we now seem to be applauding a massive breach of security and privacy.
It is too easy to dismiss this as a risk that is peculiar to law firms in tax havens that are perceived to facilitate unsavoury activities. Has this perhaps put a bigger target on law firms for both inside and outside hackers?
An IT security firm told me this morning that they have been contacted by a number of law firms that are wondering what shape their security measures are in in light of the Panama Papers.
Perhaps law firms everywhere should take another look at their security measures to reduce the chances this could happen to them.
Cross-posted to Slaw