Good writeup. Since I can already see not everyone here actually read the article, here are some highlights.<p>> Law enforcement has always been able to request information from us through the Telecommunications Act with a lawful warrant. Because we have the ability to decrypt all data, there is no need to make changes that circumvent encryption. ... While FastMail is not directly affected, we don’t support this legislation because it carries serious implications for the Australian tech industry.<p>> Of course, should our users choose to end-to-end encrypt their mail via PGP, we have no way to access that content, even under the AABill. Our blog explains why we have never offered PGP ourselves, and describes third-party PGP tools you can use with FastMail if you wish to manage your own encryption.<p>The second one in particular highlights to me the fact that whilst there are many downsides to the legislation, any serious culprits i.e. state actors or organised crime have many counter moves, severely limiting the upside - something all tech people knew anyway.
[disclaimer: happy fastmail user, 30+ year Aussie programmer]<p>What I really really like about this blog entry and the Fastmail service in general is that it is practical and clear.<p>Fastmail does not and has not ever offered data privacy from properly constituted legal requests. Within the service they offer of email (and calendaring and contacts), they protect their user data by having it encrypted at rest and in transit.<p>Email protocols are not suited to E2E encryption because of the historical evolution of those protocols. So if you want E2E, there are appropriate solutions.<p>In terms of people who want access to your data, there are two types, bad/illegal actors and those operating under the judicial system. Under the judicial system in place in Australia, as has been explained, warrants (and the equivalent for non-law enforcement security services) are still required for access to an identified person's information.<p>Fastmail has always been clear that they would respond to a properly constitued legal request.<p>In terms of lobbying, it is up to all Australian tech people to respond to this legislation and its ill-considered requirements.<p>I've already written to Mark Dreyfus as Shadow Attorney General and also the senior ALP person on the PJCIS which is responsible for this legislation.<p>I intend to engage further in the new year with all those relevant MPs, ministers and shadow ministers, with the primary goal of clarifying that the tradeoff between security and privacy is not a zero-sum game, that invading privacy in such a ham-fisted manner as defined in the legislation is more damaging to both our industry and our community than the stated objectives of our security services to avoid bad actors "going dark".
The ability to use standard protocols (IMAP and SMTP) is much more important to me than end-to-end encryption. I won't even touch an email service that doesn't support IMAP with a 10-foot pole no matter how secure they claim it is. I know some people are developing self-hosted gateways that can speak IMAP on the local side and a more secure protocol on the public side, and I think it shows promise. But the whole setup still feels way too fragile compared to good old email.<p>I've been using FastMail for 11 years now, and I've recommended it to several other people. I will continue to do so for the foreseeable future.
Their "Actions we are taking" section is almost entirely composed of a political lobbying strategy. Given the outcome of the vote, 44 votes for and only 12 against, their plan doesn't exude much confidence. I would have expected plans to move data and key technologists out of Australia at the very least.<p>The company I work for uses Fastmail but our CEO has already decided to switch mail providers sometime in 2019. I don't know what other service they'll choose.
EDIT: note that I'm probably wrong, see reply below by @brongondwana!<p>---<p>One problem not being addressed is that via #AABill data access requests can now be submitting without warrants issued by a judge, so it removes the judicial oversight.<p>Also this law says that all such requests need to be "reasonable", but it doesn't define what that means. For example is blanket surveillance reasonable? AFAIK this law doesn't say. And companies like FastMail cannot report abuse publicly, or the people responsible risk 10 years in jail.<p>Couple this with the fact that Australia is part of the "Five Eyes", being the only country without a "Bill of Rights", it means that agencies like the NSA could use Australia for their dirty work.<p>Please correct me if I'm wrong, I haven't read the actual bill, just random commentary on the net.<p>I'm a FastMail customer, but reading this blog article is leaving me worried, because FastMail keeps mentioning "<i>lawful warrants</i>", but from what I've read warrants aren't needed anymore.<p>It's pretty sad. I've seen many Australian software companies doing a good job, like FastMail here and their reputation is now tarnished due to incompetent politicians. The wave of populism and stupidity has been spreading.
Im hoping to resolve this using a "searchable encryption" scheme leveraging homomorphic encryption and elliptic curve based el-gamal. This would allow law enforcement to search for key words on encrypted data sets. This prevents leakage for both parties.<p>THe use case for emails is a tad clunky as the bag of words would require precomputing, however, it is privacy preserving for both parties.<p>If you feel this is something interesting that you would like to contribute to please msg me. I have working code in javascript (so it may soon be a plugin) and the architecture is decentralized but requires a a single message interaction between the actor querying and the data source.
So are you guys going to change or put an asterix on the front pages "Get private, secure, ad-free email hosting for you or your business" claim? :)
> FastMail won’t be making changes to our technology or policies in response to this bill. Law enforcement has always been able to request information from us through the Telecommunications Act with a lawful warrant. Because we have the ability to decrypt all data, there is no need to make changes that circumvent encryption.<p>Isn't this, "No need to force us to install a backdoor, we've already got one!"<p>Kind of disappointing. Nothing in this article seems to be promoting privacy, just ways they comply with the laws -- and have been for as long as they've been around.<p>If you care about privacy, shouldn't you move your HQ out of Australia? You aren't allowed to even tell people you've been served warrants now, correct? Gag orders mean we have to trust the Australian Government... we can't trust service providers. Eww.<p>* Honest Government Ad | Anti Encryption Law - YouTube || <a href="https://www.youtube.com/watch?v=eW-OMR-iWOE" rel="nofollow">https://www.youtube.com/watch?v=eW-OMR-iWOE</a>
So the article's tl;dr is basically: "We're advocating for privacy, but we aren't going to try to offer you any. We never did, and we certainly won't now that this law passed. You're on your own."<p>Is this supposed to be a PR-positive announcement from FastMail, because I can't quite tell?!