The lion's share of the blame should always go to the person that performed the illegal act.
That said, if the victim doesn't perform due diligence then they deserve some blame too. There's nothing unusual in "blaming the victim" of a car theft if the victim left the keys in the ignition. That doesn't take anything away from the blame assigned to the car thief, but the car owner still should be chastised for leaving the keys where they provide easy access to a thief.
And, as usual, it all comes down to Layer 1. In computer networking Layer 1 is the physical layer, the wire. It's also a euphemism for the physical part of any network infrastructure from the room that it's in, to the cabinet the server sits in to the server case itself.
If you don't have physical control of the hardware, you don't really have control at all. Using a third party to manage your email means that a third party has access to your email. There's just no way around that.
My email server is at my house. A person wanting physical access to it is going to have to deal with locks, dogs, guns and alarms.
If your email is at Yahoo! or Google then the people that run the network there have access to it. If you're using your email account to receive email from eBay when you win something then it doesn't much matter.
If you're doing official government business then it does. If you are exchanging messages with someone and you'd rather not find them on the front page of the New York Times, then it does.
No one is saying that it's all the Governor's fault. But she did something dumb and someone else took advantage of that.
This probably had something to do with the fact that my dad shot a burglar and it made the news . . . .
Word gets around.
I hope her password wasn’t “lipstick”, or something else easy to guess.
Has there been any evidence that any government information was transferred over Yahoo? I haven't seen any thus far.