> Law enforcement has always been able to request information from us through the Telecommunications Act with a lawful warrant. Because we have the ability to decrypt all data, there is no need to make changes that circumvent encryption. ... While FastMail is not directly affected, we don’t support this legislation because it carries serious implications for the Australian tech industry.
> Of course, should our users choose to end-to-end encrypt their mail via PGP, we have no way to access that content, even under the AABill. Our blog explains why we have never offered PGP ourselves, and describes third-party PGP tools you can use with FastMail if you wish to manage your own encryption.
The second one in particular highlights to me the fact that whilst there are many downsides to the legislation, any serious culprits i.e. state actors or organised crime have many counter moves, severely limiting the upside - something all tech people knew anyway.
So we use effective methods to protect the privacy of our users while performing our civic duty of assisting law enforcement when bad actors use or abuse our platform, and we never pretend to use the bulk of our customers as human shields to protect bad actors trying to hide among them.
I understand that you're not a privacy-first company, but still, your communications haven't been reassuring me. There is extensive documentation (e.g. Yahoo FISA) that ALL content not end-to-end-encrypted is ingested for bulk surveillance and decades-long (if not infinite) retention.
The only solution is 100% end to end encryption, with NO mechanism for unauthorised access (including law enforcement). Like iMessage and Signal. Anything partial of that, while saying you are pro-privacy, is IMHO harmful to privacy.
Some might argue whatsapp or signal or Telegram E2E is exactly that. I talk about the email.
https://protonmail.com/support/knowledge-base/how-to-use-pgp...
"This means that with ProtonMail, anybody can use PGP, regardless of their technical knowledge."
Something like this would make things even more transparent to end users:
These three are not equivalent.
Signal is the gold standard for secure, end-to-end encrypted messaging. The client is open-source, and (at least on Android) builds are reproducible. It's possible to audit the code and confirm that Signal isn't intercepting the messages via side-channel and sending them to Signal's servers, encrypted with a different key. It also notifies you whenever a users's public key has changed (ie, when they switch to a different phone), which protects against someone hijacking your phone number using the telecom system.
WhatsApp does encrypt messages with per-user keys, but it's not end-to-end in the sense that Facebook still manages the keys and could provide you with a compromised key. Facebook also produces the only client, which means that it could easily eavesdrop messages and send them to Facebook's servers via a side-channel. Until recently, WhatsApp also didn't notify you when a user's key had changed. This wasn't a "backdoor" as the Guardian sensationally reported it, but it is a security liability for users looking for secure end-to-end encryption.
Telegram is completely insecure. For starters, group messages on Telegram are sent... in plain text. No encryption whatsoever.
What I really really like about this blog entry and the Fastmail service in general is that it is practical and clear.
Fastmail does not and has not ever offered data privacy from properly constituted legal requests. Within the service they offer of email (and calendaring and contacts), they protect their user data by having it encrypted at rest and in transit.
Email protocols are not suited to E2E encryption because of the historical evolution of those protocols. So if you want E2E, there are appropriate solutions.
In terms of people who want access to your data, there are two types, bad/illegal actors and those operating under the judicial system. Under the judicial system in place in Australia, as has been explained, warrants (and the equivalent for non-law enforcement security services) are still required for access to an identified person's information.
Fastmail has always been clear that they would respond to a properly constitued legal request.
In terms of lobbying, it is up to all Australian tech people to respond to this legislation and its ill-considered requirements.
I've already written to Mark Dreyfus as Shadow Attorney General and also the senior ALP person on the PJCIS which is responsible for this legislation.
I intend to engage further in the new year with all those relevant MPs, ministers and shadow ministers, with the primary goal of clarifying that the tradeoff between security and privacy is not a zero-sum game, that invading privacy in such a ham-fisted manner as defined in the legislation is more damaging to both our industry and our community than the stated objectives of our security services to avoid bad actors "going dark".
I've been using FastMail for 11 years now, and I've recommended it to several other people. I will continue to do so for the foreseeable future.
The company I work for uses Fastmail but our CEO has already decided to switch mail providers sometime in 2019. I don't know what other service they'll choose.
Of course the "people are planning to leave us because of the hamhanded way you introduced this legislation" is a major part of all our feedback to legislators.
The AABill happened the way it did in Australia because our politics is particularly broken right now (seriously, we have a minority government which has change leaders twice and lost multiple members to scandals). We call it "wedge politics" and Labor were forced into supporting it because otherwise they'd look soft on terrorism going into the holiday period, and anything at all which happened would be blamed on them not supporting the bill.
Which is idiotic, since the LNP would blame Labor either way, as they do for every single other failure they (the LNP) are responsible for. I wish Labor had some fucking guts once in a while.
Though of course, since you're in the jurisdiction of our great nation you have to turn over data if requested anyway (this hasn't changed). Actually I'm a bit more concerned that you store data in the US.
> The AABill happened the way it did in Australia because our politics is particularly broken right now (seriously, we have a minority government which has change leaders twice and lost multiple members to scandals). We call it "wedge politics" and Labor were forced into supporting it because otherwise they'd look soft on terrorism going into the holiday period, and anything at all which happened would be blamed on them not supporting the bill.
Our politics has been broken for almost 2 decades. It's not really a recent phenomenon.
This isn't a matter of where data is kept, the location of that data being irrelevant, but a matter of jurisdiction. Companies with a legal presence in Australia have to comply with Australian laws.
The only other possibility is for the company and its employees to leave Australia. That's not doable, people have families, friends and for the business relocation implies costs, you can't just move on a whim.
That's not your problem of course, however the wave of populism has been spreading, in the US, in the UK, the far-right is on the rise in Europe, so moving around isn't the answer, fighting against such laws is.
Passage of this bill seems to have been all about the government attempting to create short-term political opportunities and the opposition attempting to minimise their short-term political risk. With effective lobbying, it seems reasonable to assume that the ongoing legal part of this mess can be fixed. Hopefully the reputational damage won't be too severe.
The Liberal & Labor parties both decided among themselves to support it, and have policies that lead to 100% of MPs following the party line.
(Don’t know if it’s a good idea for Australia, but it’s the game-theoretically correct thing for the parties to do under the rules we have, so...)
No-one ‘crossed the floor’, voting against their party, because it gets you kicked out of your party. [Automatically, if you’re a Labor MP]
They knew they wouldn’t change the outcome here, and they’d be out of the conversation going forward.
In particular, Labor gave the measure 100% of its votes, but it seems like the only way the party got majority support for it is by agreeing to vote to repeal and amend it next session. It was not a solid agreement.
If the reason for switching is because of such laws, your company could look at providers outside the:
* Five Eyes (Australia, Canada, New Zealand, the United Kingdom and the United States)
* Nine Eyes (Five Eyes plus Denmark, France, the Netherlands and Norway)
* and Fourteen Eyes (Nine Eyes plus Belgium, Germany, Italy, Spain and Sweden).
There are very few well known and good providers outside these jurisdictions, in my knowledge.
---
One problem not being addressed is that via #AABill data access requests can now be submitting without warrants issued by a judge, so it removes the judicial oversight.
Also this law says that all such requests need to be "reasonable", but it doesn't define what that means. For example is blanket surveillance reasonable? AFAIK this law doesn't say. And companies like FastMail cannot report abuse publicly, or the people responsible risk 10 years in jail.
Couple this with the fact that Australia is part of the "Five Eyes", being the only country without a "Bill of Rights", it means that agencies like the NSA could use Australia for their dirty work.
Please correct me if I'm wrong, I haven't read the actual bill, just random commentary on the net.
I'm a FastMail customer, but reading this blog article is leaving me worried, because FastMail keeps mentioning "lawful warrants", but from what I've read warrants aren't needed anymore.
It's pretty sad. I've seen many Australian software companies doing a good job, like FastMail here and their reputation is now tarnished due to incompetent politicians. The wave of populism and stupidity has been spreading.
"[a judge doesn't have to sign off on the specific method by which data is requested] However there must be an underlying warrant to access communications under the Telecommunications (Interception and Access) Act or the Surveillance Devices Act or state-level equivalents."
So the request still requires a warrant that specifies which communications are to be intercepted, but not a warrant that specifies how the interception is to be performed.
Sadly, random commentary on the net does tarnish reputations every bit as well as facts :(
There is definitely a lot of FUD, though I think the ZDNet article is underplaying several quite reasonable concerns about the legislation.
In addition, I've not seen any concrete explanation of how you could make use of the Commonwealth Ombudsman to effectively appeal the decision of assessors for a TCN.
You might want to update the article, to make it clear that warrants are still needed.
Also keep up the good work and I hope #AABill doesn't hurt your business.
TANs require a warrant (or rather, a TAN is unenforceable if it would require the agency to get a warrant -- but a TAN instead is a method to give force to a warrant). The restrictions on notices are in s317ZH (which is a while after the definitions of the notices so people might be forgiven for misunderstanding the limitations).
> And companies like FastMail cannot report abuse publicly, or the people responsible risk 10 years in jail.
5 years in gaol is the limit. There are also processes for them to provide statistical information about how many notices they've received, as well as provisions for courts and the Commonwealth Ombudsman to make public notice information.
> Couple this with the fact that Australia is part of the "Five Eyes", being the only country without a "Bill of Rights", it means that agencies like the NSA could use Australia for their dirty work.
This is definitely true, and GCHQ has already started requesting similar powers in the UK (not that they need to, since they can just use the Australian powers). There are several provisions in the act which specify that it can be used for investigations into "serious foreign crimes".
> Please correct me if I'm wrong, I haven't read the actual bill, just random commentary on the net.
I would recommend reading it, a lot of people haven't.
THe use case for emails is a tad clunky as the bag of words would require precomputing, however, it is privacy preserving for both parties.
If you feel this is something interesting that you would like to contribute to please msg me. I have working code in javascript (so it may soon be a plugin) and the architecture is decentralized but requires a a single message interaction between the actor querying and the data source.
2. Can't a user search all common words against a message and then rearrange those found to roughly match the message length. There are only so many ways the words "noon begins the tomorrow revolution at" can be arranged and make sense.
2) A random salt is used so only exact keywords will match (I have a fuzzy matching implementation using jaccard similarity and minhashing but that is an extension). To answer your question technically yes, but what you describe would require many interactions with the data source as the content producer must apply the encrypted queries against their encrypted data.
Again, I am trying to provide a solution that is beyond just giving someone the ability to read your private messages without your consent. No doubt it will require work from sidechannel attacks so appreciate any feedback
Isn't this, "No need to force us to install a backdoor, we've already got one!"
Kind of disappointing. Nothing in this article seems to be promoting privacy, just ways they comply with the laws -- and have been for as long as they've been around.
If you care about privacy, shouldn't you move your HQ out of Australia? You aren't allowed to even tell people you've been served warrants now, correct? Gag orders mean we have to trust the Australian Government... we can't trust service providers. Eww.
* Honest Government Ad | Anti Encryption Law - YouTube || https://www.youtube.com/watch?v=eW-OMR-iWOE
Fundamentally there is no need for a backdoor for emails. The entire protocol results in plaintext being received on the server, and so there is no need to add a backdoor. Email isn't end-to-end encrypted -- you've always had to use PGP if you wanted that.
Lavabit had the same problem when the US sent and NSL that asked for the TLS keys of his server to decrypt the email traffic that Snowden had sent.
--
John Noble
Happy Fastmail customer of, I dunno, 5+ years?
Melbourne, Australia :-)
Is this supposed to be a PR-positive announcement from FastMail, because I can't quite tell?!
We don't have data trading agreements with anybody, and we don't sell or provide backdoor channels - we only provide data in response to lawful warrants.
That's the right amount of privacy and the right tradeoff with usability for just about everyone. Certainly storing your emails super encrypted in a concrete bunker on an island somewhere is theoretically safer along one axis - I wrote a whole series about Confidentiality, Availability and Integrity just over 4 years ago on this very topic: https://fastmail.blog/2014/12/02/security-confidentiality-in...
And the specific one on confidentiality here: https://fastmail.blog/2014/12/15/security-confidentiality/ (excuse the line wrapping, we moved to a new blog platform a while back and some of the older posts didn't import perfectly, but I don't want to look suspicious by editing it today!)
Of course this is reasonable, but I'm curious what you think of companies who do put themselves above law enforcement when it's the right thing to do.
i.e. lawmakers do not always make laws that are right and law enforcement does not always do the right thing when interpreting and enforcing laws. A case to cite might be Apple vs. FBI in 2016. The company placed itself above law enforcement. They disagreed with law enforcement and would not cooperate when I am certain many companies would have cooperated. It was a gamble. As a user, I am glad they stood their ground and I was/am glad to give Apple my money. I've also set my businesses up on FastMail at least twice, which is why I ask.
Maybe only a company with Apple's resources can take a risk like this? Thoughts?
The concrete bunker thing is a ridiculous diversion. Why are you even bringing that up?
I understand that privacy is a difficult problem especially when subject to legislation but bunkers have nothing to do with it. You will obviously provide user information to government on request, you and your staff maintain the ability to access user information at all times, and you have some procedures in place to try and make sure none of this is misused.
That’s ok.
Just about everyone who agrees with Australian laws you mean?
You seem to be conflating the concept of "I don't want my emails read" with "I am a criminal".
Why?
So are you saying that just by offering end-to-end encryption yourselves would be "helping people who have broken the law"?
Well, at least it's good to know where you stand and to have this in the public record, in case someone mistakenly thinks that Fastmail is a good alternative to other end-to-end encrypted email service providers.
If you want to use PGP for encrypted email, and they supported it e.g. in their webmail - that would open them up to being a valid 'target' for the new bill, to provide access to your encrypted messages.
If they're just a conduit for your PGP (or even S/MIME) encrypted messages, the government can compel them all they like - there's literally nothing they can do to decrypt those messages.
Note: I am not a customer, or involved in FastMail at all (I am Australian though). This is just one of the facets of encrypted email IMO - if it's decrypt able somewhere between your laptop/phone/etc and the other persons laptop/phone/etc, it's not end-to-end encrypted, is it?
Either you give the factual power to access your emails to some party, then whoever you give that power to can as a matter of fact access your emails, and in particular that means that they can be coerced into accessing your emails, or you don't give them the power, then they can't.
You are demanding that they offer a product where they have the power to access your emails (as an unavoidable technical necessity for what you expect from the product) while they at the same time can truthfully state that they can not access your emails. That is simply a logial contradiction that cannot exist, and any PR that pretends that it did would be simply marketing bullshit.
Your tl;dr is not quite accurate.
All companies, including FastMail, have to cooperate with local law enforcement. But there are different levels of cooperation. FastMail's level of cooperation, according to TFA, is, "Show us a valid warrant, and we'll show you exactly what you asked for, nothing more".
Certain other companies might be more cooperative, handing over user information in response to informal (warrantless) police queries, or handing over information to copyright-enforcement lawyers who write threatening (but not legally enforceable) letters, or handing over more information than is specified in a warrant. (I can't remember specific examples, but they get mentioned on HN now and then).
So FastMail is stating it will try to limit privacy violations as much as it can, without violating Australian law. This is not total privacy, but neither is it the same as "we aren't going to try to offer you any".
(Not affiliated in any way with FastMail, not even as a user)
It almost feels like it’s written for the Aussie Police and not really for the users.
End to End encryption defeats the purpose of the "server-side" component of any government request/demand to decrypt messages/data.
Any server-side email platform that 'integrates' email encryption (that is, envelope encryption, not encrypted transports) is effectively not "end to end" because your computer is not the server, and thus it's decrypted before "the end".
It's one of the few ways to ensure privacy between two people who trust each other.
