|
Stunningly bad privacy law just passed in Australia - what does it mean for FastMail?
So a remarkably short-sighted, overreachingly invasive -- and some are calling it "dangerous" and "disastrous" -- privacy/encryption law just passed in Australia, and I am very interested in what it might mean for FastMail? Not to mention the ramifications and direction for the rest of the Five Eyes countries, the whole industry, and frankly the entire Internet.
I'm hoping FM will post something soon about it, as it has when other similar things have come up in the past. Although, this has to be the very worst of this kind of legislation I've seen from a democratic country. I can't even begin to express the myriad of issues this presents... better to leave it to the press to explain in case you've missed it: Australian Government Passes Contentious Encryption Law https://www.nytimes.com/2018/12/06/w...ill-nauru.html Australia passes controversial anti-encryption law that could weaken privacy globally https://www.theverge.com/2018/12/7/1...-global-impact Australia's 'Disastrous' New Encryption Law Throws Privacy on the Barbie https://breakermag.com/australias-di...on-the-barbie/ Google, Apple, Facebook face world-first encryption laws in Australia https://www.cnet.com/news/australia-...-apple-amazon/ Tech companies slam new Australian law allowing police to spy on smartphones https://www.cnn.com/2018/12/07/tech/...ntl/index.html Controversial anti-encryption laws rushed through by Australian Government https://www.techradar.com/uk/news/co...ian-government |
They wrote about it on their blog in September:
https://fastmail.blog/2018/09/10/acc...sistance-bill/ Nicola Nye, their chief of staff, vented her frustration on Twitter: https://twitter.com/impishfae/status...37538632736768 You'll find more official replies from Fastmail on Twitter, just search for #aabill or @Fastmail to go through all the responses to questions from various customers. I'm sure they'll write up something on the blog in due course. Edit: This tweet confirms my assumptions above: https://twitter.com/FastMail/status/1071092471352958977 "Hello! As we blogged in September, we don’t think it affects FastMail services. We will carefully look at the final state in which the bill was passed (including amendments) and issue an update when we've had a chance to get advice." |
Advocating for privacy in Australia
@FastMail on Twitter today:
Quote:
|
I'm not sure saying that you already bend over backwards to assist law enforcement so you are not affected by this bill is making anyone feel any better.
I hate to say it but after 8 years I'm finally moving on and cancelling. I really enjoy the service but you will be affected by this law and to saying that you are not is just just splitting hairs. Australia is going down a dangerous road and I can't see why anyone would trust their privacy with any company in that country. |
I'm not sure saying that you already bend over backwards to assist law enforcement so you are not affected by this bill is making anyone feel any better.
I hate to say it but after 8 years I'm finally moving on and cancelling. I really enjoy the service but you will be affected by this law and to saying that you are not is just just splitting hairs. Australia is going down a dangerous road and I can't see why anyone would trust their privacy with any company in that country, or any 5 eyes country for that matter. |
Quote:
If you have something to hide then yes I can understand that you will be cancelling your service....:D:D:D |
Quote:
My usual tack with such thoughtless declarations is to ask people if they talk differently to family members or close friends when they know they will be overheard, as in a lift (elevator) or small restaurant, as opposed to how they would speak to the same people when alone and unheard by others. Most people would say yes, of course they do. If you knew that all of your email was presumptively available to strangers to read, to your boss or to the govenment, wouldn't you write some things differently and omit writing other things completely, even if they were reasonably innocent and not obviously "something to hide"? Of course, unfortunately, as a practical matter that is technically already the case, considering the ubiquity of hackers, your ISP's abilities, the inexorably feckless Facebook's latest outrage, and government surveillance capabilities. Some measure of vulnerability must be assumed, but unless you are specifically targeted for some reason, it is unlikely that your messages will be read. They might be scanned by a computer for commercial purposes, but while that is certainly not desirable, neither does it conjure up memories of East Germany and the Stasi the way the Australian law does. Just because your body lacks overtly hideous blemishes or other deficiencies that trouble or embarrass you and make you feel like the Elephant Man, would you strip naked and submit to being seen by strangers who have no clear need or entitlement to see you in that state? Unless we were clinical exhibitionists, most of us would not, even if we thought fairly well of our naked selves. Here's a summary by the people at DuckDuckGo that summarizes the situation fairly well: _________________________________________________________ Three Reasons Why the "Nothing to Hide" Argument is Flawed FILED UNDER OPINION ON 27 JUN 2018 Over the years, we at DuckDuckGo have often heard a flawed counter-argument to online privacy: “Why should I care? I have nothing to hide.” As Internet privacy has become more mainstream, this argument is rightfully fading away. However, it’s still floating around and so we wanted to take a moment to explain three key reasons why it's flawed. 1) Privacy isn’t about hiding information; privacy is about protecting information, and surely you have information that you’d like to protect. Do you close the door when you go to the bathroom? Would you give your bank account information to anyone? Do you want all your search and browsing history made public? Of course not. Simply put, everyone wants to keep certain things private and you can easily illustrate that by asking people to let you make all their emails, texts, searches, financial information, medical information, etc. public. Very few people will say yes. 2) Privacy is a fundamental right and you don't need to prove the necessity of fundamental rights to anyone. You should have the right to free speech even if you feel you have nothing important to say right now. You should have the right to assemble even if you feel you have nothing to protest right now. These should be fundamental rights just like the right to privacy. And for good reason. Think of commonplace scenarios in which privacy is crucial and desirable like intimate conversations, medical procedures, and voting. We change our behavior when we're being watched, which is made obvious when voting; hence, an argument can be made that privacy in voting underpins democracy. 3) Lack of privacy creates significant harms that everyone wants to avoid. You need privacy to avoid unfortunately common threats like identity theft, manipulation through ads, discrimination based on your personal information, harassment, the filter bubble, and many other real harms that arise from invasions of privacy. In addition, what many people don’t realize is that several small pieces of your personal data can be put together to reveal much more about you than you would think is possible. For example, an analysis conducted by MIT researchers found that “just four fairly vague pieces of information — the dates and locations of four purchases — are enough to identify 90 percent of the people in a data set recording three months of credit-card transactions by 1.1 million users.” It’s critical to remember that privacy isn't just about protecting a single and seemingly insignificant piece of personal data, which is often what people think about when they say, “I have nothing to hide.” For example, some may say they don't mind if a company knows their email address while others might say they don't care if a company knows where they shop online. However, these small pieces of personal data are increasingly aggregated by advertising platforms like Google and Facebook to form a more complete picture of who you are, what you do, where you go, and with whom you spend time. And those large data profiles can then lead much more easily to significant privacy harms. If that feels creepy, it’s because it is. We can't stress enough that your privacy shouldn’t be taken for granted. The ‘I have nothing to hide’ response does just that, implying that government and corporate surveillance should be acceptable as the default. Privacy should be the default. __________________________________________ |
Quote:
|
Quote:
|
Why do people worry so much about the privacy laws, they are only implemented when someone has broken the law.
. |
Quote:
As I pointed out the only access your data if a crime has been committed. |
Quote:
I find your statement chilling. |
Quote:
There is a problem too when legislation intended for one thing is used for something else, eg http://news.bbc.co.uk/1/hi/uk_politics/8003123.stm and more recently https://www.theguardian.com/world/20...-spy-on-public |
Quote:
You are 100% right Just remember Hitler would have love this law:mad: |
I see no reason why internet-based information should be treated differently ("more privately") than any other sort of data. Law enforcement agents may, in certain circumstances, see your bank account, read documents you store at home, or ask you to empty your pockets. And obviously (and unfortunately) sometimes these actions are taken against innocent people.
So wake up in the real world. |
Quote:
Quote:
Quote:
|
Quote:
The arguments in favor of invasive laws such those passed in Australia completely miss the point, and it's honestly exhausting to have to explain over and over again the fundamental principles of privacy and freedom of speech. Such laws harm the average, innocent user far more than they help, and they enable the potential for incredible abuse. The unintended (and often unpredictable) consequences are far more troubling than the so-called benefits, and unfortunately, we are witnessing the creation of precedent and infrastructure that will have enormous potential for negative impact on society. I also think this is a generational issue to some degree, and these idiotic laws are buoyed up by lousy reasoning and apathy, plus the younger generation is clueless as to what can happen when such power is truly abused. And those "bad actors" who are supposed to be targeted by the new laws can quickly adapt and find ways to circumvent them, thus encouraging even more invasive laws. It is a giant unfolding tragedy that will cause immense problems in the future. One of the worst and most predictable outcomes of these kinds of laws, is that infrastructure to comply with such regulations will be increasingly forced on services we rely upon every day for personal, private communications, eroding the security of a number of our services. This will creep slowly but surely across the Five Eyes countries, and even if one or more of them don't duplicate the regulations, their global application platforms will duplicate the vulnerabilities. It is very sad to see such stupidity continue to reign in government mandates, and the consequences will be felt far and wide, well beyond Australia. I for one am now reconsidering my usage of FastMail. I'm not satisfied by FM's response, and definitely not satisfied by the justifications and protections related to the current law. Not to mention the ineptitude of the people running any oversight of such powerful invasive regulations, and where they might go next. At the minimum, I feel I will have to look to change my habits and usage of email and related tools. Like I mentioned, I feel like we're fighting a losing battle, and certain fundamental rights will continue to be eroded. For me, anything sensitive or personal will most likely not flow through Fastmail anymore, for example... not sure if that means I cancel my accounts, or if I reduce/change usage patterns over time. We'll see. :( EDIT: annoying typo -- "untended" should have been "unintended" |
Quote:
|
Quote:
I think there are just a handful of approaches to privacy in this situation, and I'm not sure which one I'll apply to FastMail in light of the new law (and the apparent/potential direction of the laws), and also FastMail's inadequate (IMO) response. Maybe if we're lucky, they'll reverse course... but I don't see solid evidence of that. I see this law as a little gateway experiment in a way by the Five Eyes countries to see how far they can push things. And I certainly don't see enough outrage in Australia to reverse course. Welcome to the new normal IMO. Folks, it's a very slippery slope... So here are the approaches I'm considering: 1) Privacy by anonymity -- I may just pull FastMail's email back to mega US providers that allow somewhat of a semblance of privacy due to their massive size. There's something to be said about getting lost in the noise, I hate to say. I have heavily used various paid business email accounts at Microsoft and Google (enterprise Office 365 and paid G Suite accounts), so I might just fold my FastMail email into one of those services with another paid account. US corporate liability standards and better EULAs/SLAs add another layer of accountability to those services, which IMO provides a slight improvement in terms of protection. 2) Privacy by US-based security-oriented service with extra hoops to jump through -- I may sign up for Luxsci again, which although very small, they have a decent security focus, and they have HIPAA compliant services, which is one more hoop anyone has to jump through... which is a slight improvement in terms of protection. Plus they have vastly superior customer support compared to FastMail. Downside they are more expensive. 3) Privacy by jurisdiction -- I might move more mail over to services located in jurisdictions that have far superior laws. Right now I already have an account at Runbox, which has a better jurisdiction than FastMail by far, and I've also been looking at ProtonMail as an option, and a while ago I was looking at what is now called Kolab Now. The problem with these kinds of providers is that by default their servers are associated with the perception that their services are for people who specifically seek privacy, and that carries its own marker TBH. You're basically advertising that you want privacy when you use those services. Runbox to a lesser extend BTW, since it existed prior to the whole privacy mess we live in now. My main problem with Runbox, though, is that I can never escape the feeling that they are going to disappear on me... or get crushed by some attack or philosophical change in the legal winds that blow in Norway, although they keep hanging in there. Who knows? Runbox is the little provider that keeps going and going... and the folks there are really nice, and I like what they are trying to do. 4) Privacy by changing usage patterns -- I might just stick with FastMail and simply change my email patterns and only run less personal stuff through it. After all, if you remove all the jurisdiction and Five Eyes issues, FastMail is actually a very good service -- good interface, good features, good uptime... It will be hard to say goodbye to FastMail entirely. I just don't consider it in the category of privacy-oriented services at this point... it was always borderline before, but now I have to demote it a notch. 5) Privacy by spreading it around -- so the last approach I'm personally willing to take, which is more or less the way I've been doing it -- is by spreading things around to a bunch of providers. It's a hassle of course, but it creates little firewalls between pieces of my content. 6) Privacy by self-managed encryption -- of course I have to mention there is the hard-core encryption approach, and this would obviously solve many of the issues. However, once again, you are advertising that you want privacy, but more significantly, you are introducing a whole new layer of hassle. I have yet to find a service or workflow that didn't get in the way of basic smooth communication, and I've never been able to make it work for normal life. Alas, I have had to admit to myself that I actually need to find a balance that includes simplicity and convenience to some degree too. And so this approach is not really going to work for me until someone comes up with a really great way to do it. And honestly, at that point, you are only as safe as your weakest link... but that's a different discussion. So I'm still not sure what I will do, and I don't mean to sound pessimistic... but well, I am now pessimistic when it comes to these issues and FastMail. :eek: |
One further approach, very tricky these days for most people, is to host your own mail server. Security and spam issues may make this time consuming.
|
Quote:
It definitely is a viable option though... there is good documentation out there (including in this forum!) on how to set up and secure an email server, and with careful security/patch maintenance and monitoring at a really good hosting provider, it could work. I very much respect any brave soul who ventures into email hosting... |
But the F/m servers are in the US along with all the data so are they governed by Australia law or US Law?
|
I think that while there is the ability for an email Administrator to recover or access an account, then there is always a security hole in the service.
For us in Australia, looking for an alternative is a moot point. We are now obliged to unlock our devices if requested. Our recent laws may have implications for all residents of 5 eyes countries too. A nice little video here |
Quote:
|
Quote:
The more I learn about it, the more I realize this new Australian law is so terrible and insanely stupid I can't even believe the parliament voted for it. I don't see any real, meaningful oversight mechanism... at least in the US we have judicial oversight (and yes, we even have a lovely secretive FISA court, but it's still a court, right?!?!)... the Aussies just blew right past that and set a new low.... what in the world just happened? And did you read about the whistleblower provisions? It's positively draconian. The language is so vague and subject to interpretation... and tramples so thoroughly on due process, I don't see how any company that values their data ANYWHERE will ever trust an Australian IT company at this point... and any big international service that operates in Australia is going to have to deal with this one way or another. What a mess. Even on a business level, the Australian government just lobbed a giant bomb at their own IT industry. In fact, the more I think about it, the more I'm certain I'll be migrating away from FastMail, unless Australia comes to her senses. If I were involved with FastMail, I'd be signing on to any huge lawsuit right now against this law... oh, but wait, Australia doesn't have an actual Bill of Rights... so I guess the legal battle will be that much more difficult... Or, I'd be packing up my bags and moving FastMail to a better jurisdiction. |
Quote:
Effectively, the way I see it, any Company/App that provides services to an Australian is impacted by these laws. Or will there be an App for Australians (with the backdoor facility) and another version for everyone else? :confused: |
Quote:
Quote:
|
Quote:
BTW, Runbox customer service is excellent, very personal, very competent. Not quite to the level of Luxsci (which is the gold standard IMO), but still much better than FastMail. The folks at Runbox are very nice and have a good philosophy and direction IMO, so I plan to stick with them for at least one of my accounts. Just not sure I want to move tons of email over to them yet! :-) And don't get me wrong, FastMail is still good... minus the jurisdiction issues... After the Opera adventure, they really settled into a decent groove. I just don't think I can stomach dealing with this whole Australia insanity and Five Eyes mess much more. Quote:
|
Quote:
|
Quote:
|
@BritTim Agreed completely.
@Terry I'm sure that's part of the idea -- I'd like to give the lawmakers the benefit of the doubt for hopefully having good *intentions*, but sadly, in order to get those powers, they've rammed through a law that will do more harm than good. BTW I've had a chance to look through the law a bit more, and I also re-read FastMail's response (latest blog post here for convenience: https://fastmail.blog/2018/12/21/adv...ill-australia/ ), and I believe that at least for me, FastMail has definitely not responded strongly enough. First, to their credit, FastMail has at least raised concerns about the bill and submitted their opposition to the bill, plus contacted parliament and started working with other firms to "put forward a united call for sensible amendments to the law." BUT ultimately, FastMail "won't be making changes to [their] technology or policies." They continue: "Law enforcement has always been able to request information from us through the Telecommunications Act with a lawful warrant. Because we have the ability to decrypt all data, there is no need to make changes that circumvent encryption." And more: "Every warrant we receive is reviewed by senior staff for legitimacy and scope before data is provided. Each account whose data is requested must be individually identified. Responding for one user does not require us to expose or share the data of our other customers." So this is all fine and dandy, but their statement doesn't really address the deeper issues IMO... in fact, for me, it just passes over them as if it's business as usual for their legal request process... but indeed things have changed on a fundamental level! There's far more to it. They don't address how sweeping and profound the changes are and their theoretical and real ramifications. For example, the ease and facility of how the requests are actually different than in the past -- i.e. Technical Assistance Notices (TAN), Technical Capability Notices (TCN), and worst of all, Technical Assistance Requests (TAR), and how the scope and scale of requests has been broadened with *reduced* government accountability and oversight, along with the serious implications of how much power has been granted to those entities that submit the requests. Not to mention the ambiguous but serious implications of Five Eyes-related intelligence agencies and how they are connected, i.e.: "...assisting the enforcement of the criminal laws in force in a foreign country, so far as those laws relate to serious foreign offences." That's a big deal. Correction. HUGE deal. Not to mention very strong hush clauses and penalties for whistleblowers -- very few protections! And while the parties who request data, for example, are "supposed" to take into account the impact of a request on ALL parties, guess who actually determines the impact? The requesting party! Bias much? Plus, there is little to no substantive oversight of that, and the requester him/herself can be various entities in law enforcement who can also ultimately decide what requirements the requests have! It's actually stunning to read the scope of this. How it will be carried out is beyond me... in the US it would be tied up in courts for years. For all of our problems over here in the US, at least we're incredibly litigious when it comes to things like this, which can at least put a break on some crazy things for a while. I even read that they don't even need to initially submit the request in writing if there is an "an imminent risk of serious harm to a person or substantial damage to property" -- they have 48 hours to follow up with a written request. So someone could literally "phone in" a verbal request? What?!? I mean, how lazy (or in a rush) do they have to be that they can't write out their request (and more rightly have an impartial judge sign off on it, yeah right), and create a legal paper trail with signatures on it... at the very least!?! How imminent does the "risk" have to be? WHO decides how "imminent" it is? What mechanism provides real oversight and accountability? Why not just declare martial law? Maybe the parliament has been watching too much Bourne Identity? How lousy is their law enforcement that they are waiting until the very, very, very last second to intervene, such that they can trample right over a basic written chain of authorization that involves actual human rights? I mean, I get a clear and present danger, but good grief, the person they're forcing to do their bidding over the phone probably has to write the request down anyway, so why can't the requesting party? Might cut down on confusion, right? Might cut down on a few mistakes, right? I'm surprised they didn't put in a voice dictation clause. It's just bonkers. And that's nothing compared to what else is in there. We're literally off in some Hollywood movie now with this law. But let's just say I misread all that -- so let's throw that one out... what other goodies are in there? And, like others have commented here in this thread, the law extends to ANY service that "provides an electronic service that has one or more end-users in Australia" -- and this even applies to device manufacturers and component manufacturers! So this even theoretically impacts all the other TOOLS and INFRASTRUCTURE that FastMail uses! Now in a practical sense I don't know how that would be implemented, but just think about it... the language is so sweeping it goes all the way to "component manufacturers!" On both philosophical and practical levels, this goes way beyond a response from FastMail where they say that they "won't be making changes to [their] technology or policies." It's an outright assault on the very nature of what their business MEANS and the very building blocks of the services they provide. I could go on. And some folks might think I'm overreacting. Most won't notice or care. And yes, it's just academic at this point since the practical application has yet to be seen... but then again, the hush provisions are so strong that we actually wouldn't KNOW what is being done TBH. Just read what the requests can actually contain. Carried to one end of the scale of interpretation, it's quite frightening how broad and in some cases vague the law is. Honestly, the law should never have been passed like this in any sensible democracy. It reads straight out of a totalitarian government's playbook. And then we can talk about how the law was actually passed, and Labor's caving in to it. I don't even know what to think about what happened. Anyway, I don't mean to go on and on (and yet, I guess I can't help it, I must be venting). I'm so surprised by what ultimately amounts to a brazen, unrestrained, audacious assault on basic rights of freedom of speech and privacy with a fundamental failure of accountability and fair oversight from a democratic country. The more I look at it, the more I'm floored by it. As for FastMail, I feel bad for them TBH. It's not their fault. They are just going about their business trying to be a great service provider and they get this bomb lobbed at them. I think their response is very underwhelming and definitely not to the scale of the implications and even the potential unintended side-effects of this law. While their day-to-day operations may not change on the surface... they are now in a whole new ball game in terms of environment, unless this law gets amended right away. One can hope. Not to mention about what it means down the road for the rest of the world that uses products and services from Australia and offer services sold to Australians! Yikes. And while in the end, FastMail may choose to do nothing since most people don't know or care what's going on (the apathy problem of our society), FastMail does have to decide what their core mission and philosophy will be going forward. This is IMO a new chapter for FastMail to either make a strong stand against this vast government overreach, or maybe they'll slip into the comfortable (and financially justifiable) position of sitting back and treating it like any other business navigating normal regulations. I mean, even Microsoft and now Google are willing to compromise their own search engine products to satisfy China's censorship requirements, so if big powerful American companies are willing to compromise that much on core values, why should FastMail fight something that is clearly not their fault? They could put on a good show of it, join some digital rights groups and send letters to Parliament, and then write nice little blog posts about it to meet the minimum PR requirements to satisfy 99% of the users, right? It's just business, right? Well, no. It's not just business IMO. It's a core value of democratic societies to protect certain human rights and due process. Even if we see those very rights being swallowed up by poorly justified, grossly overreaching, terribly worded laws like this, however well intended. Okay, I'll call it quits on this discussion. There's a lot more. And I'm sure it can be argued in minute detail by legal experts about how I'm wrong about everything. The fact that any legal experts have to go in and parse through this vaguely written mess of a law is tragic by itself, let alone what the real-world implementation may be. At least in the US, civil liberties and digital rights groups would be taking this to the Supreme Court before it could ever be implemented. The fact that Labor crumbled like this and the law was passed with so little friction is a miscarriage of democracy IMO. Okay, that just about wraps things up on my thoughts. Thanks to anyone who gets this far in my post! :-) BTW, on a more positive note, I want to once again thank this forum for the great conversations and info... I've always learned a lot from you all over the years, and this is often one of the first places I find out about some of these issues. Much appreciated! |
Fastmail vs other mail
@ioneja, I read through all your post and agree this is a huge crossroads.
Partly because of the draconian nature of the non-recourse and potentially vast overreach, I am not convinced that Fastmail would be served by publicly posting all their complaints. Can you imagine the headlines, "Australia company tells Australians they should flout the law" or some such? What they said was that they already do have plaintext access to our emails and it is used for service on a regular basis, eg search and password reset. They also said that we can encrypt, did you read all those articles and/or have you done such yourself? I have never tried, and I'm not clear it would be practical for me. They said they never wanted to offer GPG and now that this comes up I see that they can just say, hey, we didn't even offer it , if customer used our help, it's on the net years ago. Maybe like that bellweather thing - if those posts all about how to do it disappear - watch out. Fastmail also has in place a system where images are loaded on their machine, not ours, so the IP does not trace back. If that feature changes, then maybe they would have been directed to post [malware] on us. Imho, we are at a big tipping point on alot of this. Every day I try to do something, eg write emails to Pres. Trump. Have you read Dinesh D'Souza's great books and videos? His topic is not privacy per se but statism. I feel like I see it clearer now. We need to fix the whole trajectory. There are many, many things to do. Some inroads appear to have been made by Pres. Trump, eg ; - no TPP which via this very thread and research I found was worse/equal to this Australian law - no Paris commitment to CO2-tree-fuel tax - less commitment to world government , which increases the opportunity for experiment, protection of individual rights, and safety in at least corners of the globe - cross fingers, some resolution to China direct copying and property takings, eg to spy on us. - similarly Russia's spy operations and malinformation campaigns perhaps will get some heat A government's proper job is to protect individual rights at home, at work, and abroad. Socialist governments want to 'do' 'everything' - in other words control our home, work, and play by mob/dictat rule. More people need to know that difference. OK now I gave you a soapbox back for your soapbox! I too congratulate you if you read through! Thank you SO much for everyone's posts about this vital topic. |
Moving our privacy advocacy forward to protect Australia and you
https://fastmail.blog/2019/02/28/aabill-and-fastmail/
Quote:
|
What I wonder is how this impacts a company, say Protonmail, that is based outside of Australia and may not have any servers or own any infrastructure in Australia? I suspect a company like Apple could be hugely impacted. If a "backdoor" is granted to one country it will eventually be used by every country, and eventually be found out by some bad actor. It is just a matter of time. Fastmail says that this law does not impact them directly because they already hold the keys to unencrypt any emails and they also provide that information to authorities if a warrant is served.
|
I wonder if Fastmail could diverge itself into two different companies. One being the site, servers and email data itself, and one being the programmers, programming the interface and the back end. The staff could be employees in Australia, but the data could be managed by another company in another country. Therefore the programmers in Australia could say, "we don't manage the data, we just write the code" and then refer the requests to the country housing the data, in a way, forcing due process to occur...
|
Quote:
Sigh. |
Plus you have Trump...:D
|
As has been pointed out, these potential "backdoors" won't really do anything to protect from real terrorists or semi-skilled criminals. There are still plenty of ways to send encrypted messages that are very hard if not impossible to crack in any realistic amount of time. If I'm not mistaken, services like Signal and Protonmail still exist and could be used by Australians just as before. In the US of A it seems like the FBI and others have no shortage of information with which to catch wrongdoers even without enhanced backdoors into private communications. The argument I hear and read seems to be that these things are needed in order to prevent a major terrorist attack like 911, or to catch a mass killer. In reality, there is always a different soft target and another way of doing things, so I really don't think this whack-a-mole approach to stopping crime is going to be effective. It still takes humans to understand and act on all the information flooding in, and resources are not infinite. Hence, judgment calls are made concerning what is important, what action should be taken. In hindsight there was all sorts of information that if pieced together correctly might have alerted someone about the 911 attacks. More information by itself won't really aid law enforcement
|
I have deliberated on this issue very carefully. If not Fastmail, what else?
1) Which service gives you WebDAV access, for example, to store your files? 2) Dropbox integration. 3) Unlimited aliases. 4) Reasonable storage space (some of the plans are overkill for me) but they serve the purpose. Proton mail has benefitted from the refuge to "privacy enthusiasts", but even their paid plans can't hold a candle to Fastmail. Customer support has been pretty decent for me, and I haven't found any reason to argue about it. I have been using the web version and hooked to numerous email clients without breaking a sweat. Their android app is better now, and I am excited about the new backend/UI to roll out. I have a reason to firmly believe that Fastmail is "fighting" on our behalf, but I honestly don't think that a few email newsletters would qualify for an "investigation". I don't subscribe to "I have nothing to hide argument"; but an individual is tracked on so many levels. Facebook/Google know more about you than your spouses. Cookies/Supercookies/E-tags/Browser profiles (or whatever means) can be used to track you. Apple knows about your sleeping patterns, health details, card spending habits and probably follows you more than Google/Facebook does. Once you are online, email represents only a part of the problem. Unless there is a verifiable, quantifiable report from Fastmail that I have personally broken any Australian laws, I don't find any reason to shift out. What are the alternatives, either way? Runbox? I haven't used them so I wouldn't be able to comment. Kolab Now? Try getting email support from them, and they are lazy as hell. They will choose to respond when they can and not at all proactive. I haven't had any decent experience with them. Microsoft 365/G-Suite? Its part of the same problem, unless you believe that someone has to go through loops. If you are targeted, they will merely bug your device, and you'll not even know about it. Let's wait for the situation to evolve, how things are placed. Those who wish to leave, of course, can go back to much inferior options! |
I agree that Fastmail remains a great service and is not yet diminished by the existence of this law, but that doesn't make the law any better. And, yes, many other countries also have terrible laws on privacy, including the USA where I am writing from. I do think there is some safety in numbers when choosing a service. In other words, if you are one of the billions on Gmail or Outlook.com chances are someone will discover a serious security issue or be subject to an attack long before you will be, and you know the company is putting serious resources behind preventing these issues. Fastmail is probably large enough to provide some protection in this regard, but I think you really have no way of knowing with most smaller email providers. In some cases, services appear to be run by one or two people, and it is simply a matter of trust. For all we know, they may read our emails and browse our photos just for kicks! More likely, they are using some wonky software, or have rickety infrastructure, or possibly they just don't care and are not monitoring things closely enough. Witness the recent issue with VFEmail.
|
| All times are GMT +9. The time now is 09:45 AM. |
Copyright EmailDiscussions.com 1998-2022. All Rights Reserved. Privacy Policy