FastMail is not required to implement the Australian metadata retention laws

[auser]

First, I am glad that it looks like the Australian data retention law does not apply to Fastmail.

I am also happy about the practical approach to privacy described by robn. Personaly, I am interested in an email provider that runs as a business and provides the most privacy possible in practice under the law, not in an activist provider. Here in the US, there was a provider that abruptly shut down because of what looked like a disagreement with the courts - this is definitely not what I am looking for.

Privacy can be invaded by the government, but also by companies. I am not a lawyer, but as a layman it seems to me that when it comes to privacy from government, all Western world countries end up roughly the same, at least if you want to operate as a reliable business. Although this Australian data retention law was definitely a close call!

On the other hand, as far as I understand, Gmail ties together your account information, your Google searches, but also your visits to sites that use Google ads and Google analytics (and all that information is available to governments as well). Fastmail enables us to avoid that.

[auser]

One thing I thought about is that since Fastmail's servers are in the US, the privacy offered by Fastmail is always going to be the lower of Australia privacy and US privacy. So far, I don't view it as a problem, because Australia is not that different from the US in this regard.

But if privacy law gets worse in Australia, have you thought about establishing a US presence? Basically, you could have a small Fastmail USA company that licenses the Fastmail brand, domains, and technology from Fastmail Australia in return for some percentage (say 90%) of its operating profit. I am not a lawyer, but now it looks to me like Fastmail Australia can service the Australian accounts, and Fastmail USA is completely outside Australia's jurisdiction and can service non-Australian accounts.

Then you would need maybe a couple of part time IT people to run it. This should be a low cost in places like Minneapolis or Texas. This might be a way to make the long term viability of your business independent of Australian privacy legislation.

[David]

After all this time, I am totally amazed, that some folk just don't understand, that there is no privacy with email, unless it is encrypted (end to end) from the sender to the receiver - period.

[ioneja]

Quote:

Originally Posted by David

After all this time, I am totally amazed, that some folk just don't understand, that there is no privacy with email, unless it is encrypted (end to end) from the sender to the receiver - period.

Technically, you're right in my view, however, I think many are using the word "privacy" in a different way -- not so black and white. There are varying degrees of privacy to many people and different thresholds for what some people are willing to accept -- who, what, where, when, how those emails are retained, legal framework for how email can be accessed, what content is used by whom, etc....

Take for example, a HIPAA compliant email system and your typical free Google/GMail account. Utterly different in almost every single way. From privacy policies, enforcement, data/profile harvesting, retention, etc... Yes, on one level, they are both "not truly 100% private" but it's easy to see how one is definitely "more private" than the other.

The argument that FastMail insulates you from the GMail profiling madness is totally reasonable. In that sense alone, FastMail is "more private" than GMail out of the gate. However, at the end of the day, if some government entity really wanted to get either your FastMail or GMail content they almost certainly could get it one way or another.

Two bits only.

[kijinbear]

Thank you for your honesty and down-to-earth perspective. I'd much rather trust my email with someone who has a clear understanding of his priorities and limitations than an idealist who makes bold claims he cannot honor.

Please keep us informed if and when the political landscape changes again, and give us ample opportunity to reconsider our options when push comes to shove. On the other hand, please also keep toying with crazy ideas like incorporating in another country (don't you have some old friends in Norway?) or adding another data center (even if it is limited to a small number of domains). Who knows, that little expansion might be the beginning of the Galactic Empire of FastMail!

[paul29]

Quote:

Originally Posted by David

After all this time, I am totally amazed, that some folk just don't understand, that there is no privacy with email, unless it is encrypted (end to end) from the sender to the receiver - period.

Unfortunately encryption won't help since this is about metadata, which should be considered just as private as content. Email wasn't built for this.

Robn, thanks for the update and for your continued efforts in this.

[David]

Quote:

Originally Posted by paul29

Unfortunately encryption won't help since this is about metadata, which should be considered just as private as content. Email wasn't built for this.

Paul: I am talking about the contents of a message - not about its container, or its description - which is what this thread is about.

[paul29]

Quote:

Originally Posted by David

Paul: I am talking about the contents of a message - not about its container, or its description - which is what this thread is about.

The thread is supposedly about a new Australian law that requires ISP's to maintain customer metadata. Not content. The good news is that for various technical and legal reasons, that law apparently doesn't apply to Fastmail. Either way though, encryption of the sort you're describing is of no help with that. There's nothing wrong with encrypting content, but metadata is also potentially very sensitive despite various people's illusions or pretentions that it isn't.

[David]

Quote:

Originally Posted by paul29

The thread is supposedly about a new Australian law that requires ISP's to maintain customer metadata. Not content. The good news is that for various technical and legal reasons, that law apparently doesn't apply to Fastmail. Either way though, encryption of the sort you're describing is of no help with that. There's nothing wrong with encrypting content, but metadata is also potentially very sensitive despite various people's illusions or pretentions that it isn't.

ok paul - I will accept that.

[MoonWalka]

Quote:

Originally Posted by rusl

Thanks for letting us know how the warrantless data access laws affect Fastmail customers. Good news that Fastmail infrastructure is offshore. It's interesting how only recently everyone was saying that they were concerned about Fastmail having servers in USA, but it turns out to be favourable in this case. These spying laws are both horrible and hopeless. They give burden without benefit and don't make much sense.

I'm so glad I can keep using Fastmail.

Exactly! Every other service that is offshore and not bound by Australian laws will not be bound by the act according to:

Quote:

(a) it is a service for carrying communications, or enabling communications to be carried, by means of guided or unguided electromagnetic energy or both; and

(b) it is a service:

(i) operated by a carrier; or

(ii) operated by an internet service provider (within the meaning of Schedule 5 to the Broadcasting Services Act 1992); or

(iii) of a kind for which a declaration under subsection (3A) is in force; and

(c) the person operating the service owns or operates, in Australia, infrastructure that enables the provision of any of its relevant services;

but does not apply to a broadcasting service (within the meaning of the Broadcasting Services Act 1992).

This means pretty much anything not form australia or any region with similar monitoring laws is safe, or safer than one operating from these regions anyways. This would come in handy especially in terms of tor, vpns like ivacy and express and nord and others, antiviruses and anti-malware like kaspersky and others and other mailing service providers like yandex and gmx too since they're neither from australia nor from us or uk, or from any place that would require them to maintain records.

[TenFour]

Personally, my advice is not to email anything that might get you in trouble with the authorities--for that matter, stop doing whatever it is you are doing that is illegal! Hopefully, you are not, and yes, I understand your worries about privacy, etc., but that ship has sailed and basically you have to trust that you are a needle in a haystack. I have absolutely zero trust in any service, anywhere in the world, protecting my email correspondence from snooping state-level agencies if they decide they want to read my dull correspondence. In fact, I wouldn't be surprised if choosing a supposed secure email service in some country with strict privacy laws is a bit of a red flag to some spy agencies--"Oh, look, he's using encryption and SnoopProofMail--he must have something to hide!"

[anonymouse]

Quote:

Originally Posted by robn

"Privacy above all else" is a valid thing to want but not something we can provide

A clear and helpful business stance, thank you.

Each user will have her/his own view. Personally I will remain a strong advocate of FastMail. Your policy is clear. And I am happy that you are able to respond when law enforcement needs help; there are many very, very bad people in the digital world and FastMail does not need to give them an easy place to hide. They can choose another email provider. Or go to Google and have all their data snooped on for advertising reasons :-)