Hacker News new | ask | show | jobs
by brongondwana 2744 days ago
We never offered, and never claimed to offer, a safe haven for people who have broken the law in both Australia and their own country to hide from the police. We don't place ourselves above law enforcement.

We don't have data trading agreements with anybody, and we don't sell or provide backdoor channels - we only provide data in response to lawful warrants.

That's the right amount of privacy and the right tradeoff with usability for just about everyone. Certainly storing your emails super encrypted in a concrete bunker on an island somewhere is theoretically safer along one axis - I wrote a whole series about Confidentiality, Availability and Integrity just over 4 years ago on this very topic: https://fastmail.blog/2014/12/02/security-confidentiality-in...

And the specific one on confidentiality here: https://fastmail.blog/2014/12/15/security-confidentiality/ (excuse the line wrapping, we moved to a new blog platform a while back and some of the older posts didn't import perfectly, but I don't want to look suspicious by editing it today!)
6 comments
emptybits 2744 days ago
> We don't place ourselves above law enforcement.

Of course this is reasonable, but I'm curious what you think of companies who do put themselves above law enforcement when it's the right thing to do.

i.e. lawmakers do not always make laws that are right and law enforcement does not always do the right thing when interpreting and enforcing laws. A case to cite might be Apple vs. FBI in 2016. The company placed itself above law enforcement. They disagreed with law enforcement and would not cooperate when I am certain many companies would have cooperated. It was a gamble. As a user, I am glad they stood their ground and I was/am glad to give Apple my money. I've also set my businesses up on FastMail at least twice, which is why I ask.

Maybe only a company with Apple's resources can take a risk like this? Thoughts?

link
xyzzy123 2744 days ago
I think enlightenment values ultimately support the position that consenting adults should be able to say whatever they like to each other in private, and that should be a protected right.

This puts me in direct conflict with the way the law is going right now, where it is supposed to be acceptable for government and/or searches to be an invisible third party to all conversations.

Not sure where this goes but I feel like there is an MLK or electronic Jesus moment here somewhere.

link
rswail 2744 days ago
Apple did not place themselves about the law, they went to a properly constituted court and asked the judge to rule on whether what the FBI was asking was lawful.

During those proceedings, they also explained how complying with the FBI's request would lead to a highly damaging corruption of the privacy of their users data.

They asked the judge to make a judgement which was that Apple were right in saying that the FBI had over-reached in their warrant.

The case was headed to appeals when the FBI withdrew after finding another way to get the information they needed. Notably they did so without Apple having to compromise security or user data privacy.

link
emptybits 2744 days ago
> Apple did not place themselves about the law

Exactly. I didn't say they did. The comment was about being above law enforcement. See my other peer response here.

link
jacques_chester 2744 days ago
> I'm curious what you think of companies who do put themselves above law enforcement when it's the right thing to do ... A case to cite might be Apple vs. FBI in 2016. The company placed itself above law enforcement.

Apple did no such thing. They asserted their legal rights. They used the exact mechanism -- the law -- that you are saying they ignored or held themselves above.

link
emptybits 2744 days ago
I did not say they held themselves above the law. Law enforcement is what OP commented on and that's what I responded to. I think it's an important distinction.

When law enforcement takes a wrong turn (as the FBI did) it is, I believe, reasonable for a citizen to consider themselves above (read: "better than") law enforcement. Mechanisms to deal with this include constitutional principles (which may also be considered above the law) and, generally, the courts.

link
xyzzy123 2744 days ago
Funny how wanting to keep your personal correspondence private is now being conflated with “above the law”.

The concrete bunker thing is a ridiculous diversion. Why are you even bringing that up?

I understand that privacy is a difficult problem especially when subject to legislation but bunkers have nothing to do with it. You will obviously provide user information to government on request, you and your staff maintain the ability to access user information at all times, and you have some procedures in place to try and make sure none of this is misused.

That’s ok.

link
brongondwana 2744 days ago
"We don't place ourselves above the law" - AKA we don't believe we are better placed than a judge to know whether sufficient evidence has been presented to allow law enforcement access to data about a user of our platform.

Unless you're starting from a premise that bad actors don't exist, and the police never do anything of value, there needs to be a facility by which police perform the role we expect of them in a civilised society, which includes following chains of evidence and requesting assistance of third parties they find along the way. The warrant system is a check against abuse of that process, not a repudiation of the idea that police also have a job to do.

link
xyzzy123 2744 days ago
Sorry, I edited my comment a lot.

I guess if a judge wants they should be able to watch you poo, pity we don’t have mandatory poo cams yet.

The judge should according to the laws be able to hear what you say to your wife at night.

Just that technology hasn’t caught up with what the law dictates yet.

After all, who are we to say what’s right? That’s for the professionals like the people who passed the AAA bill.

link
brongondwana 2744 days ago
It's easy to create hypotheticals.

Who would you suggest should decide, when shown evidence that a spear phishing that stole thousands of dollars came from an email account, whether the provider should be requested to hand over data.

Policing isn't all poo cams.

I'd prefer that a judge tell me whether the police have sufficient evidence for a data request than have to make that call myself.

link
wav-part 2744 days ago
> a judge

Thats the problem here. Computers (smartphone/laptop/server/toaster/etc) are/will continue to hold most intimate and private data about a individual. Do you want all that disclosed on one person's word ? I dont. I dont think there can be any check-and-balance that absolutely prevent any person from giving a malicious order. One bad disclose order can be enough to ruin a life. Is that jurisdiction willing to be liable for the compensation (if compensation is even possible) ?

I believe Internet is a country of its own. Its a virtual world, it has no physical manifestation. There is no need to invade Internet to secure physical world.

link
brongondwana 2744 days ago
That's a nice theory - but computers exist in the real world. I have a sticker on the back of my laptop from our NYI datacentre which says "there is no cloud, it's just somebody else's computer".

There's also no check and balance the absolutely prevents somebody punching me in the face and ruining my life, but I still walk down busy streets.

If you have a problem with the concept of judges as the arbiter of limits on the powers of law enforcement, I am keen to hear your workable alternative that doesn't have worse downsides.

link
wav-part 2744 days ago
You can recover from a punch. You cant undelete your data once it falls on wrong hands and gets used against you (eg debt/purchase history).

As I said there are already enough physical measures (defence, surveillance etc) that can ensure public safety. However If I were to compromise: We can have multiple judges. An order should be vouched by more than one judge. It would be even better if the user can whitelist/blacklist judges to submit. Less bureaucratic liability for the state if data gets leaked/misused.

link
brongondwana 2744 days ago
I'm not sure what's more unrealistic, that you can recover from a punch or that it's viable to have per-user judge blacklists...

https://www.smh.com.au/national/teenager-daniel-christie-die...

I guess it's the punch then.

link
brongondwana 2744 days ago
On the bunker issue, many people seem to expect us to be like some Sealand with armed forces fighting off hostile government ships. No service actually works like that, and the aren't really jurisdictions where you can just tell the police to go jump. You'll get your uplinks disconnected and your payment systems frozen if there's a high enough value target in there. A Sealand-like service makes no sense as a product for regular people because the cost/benefit doesn't match their needs.
link
xyzzy123 2744 days ago
I’m genuinely sorry if I have been a bit rude, dismissive and sarcastic in my comments.

My point, I suppose is that there are ways to architect systems such that concrete bunkers are un-necesary and irrelevant.

The simplest such systems do involve trust in you. I suppose to a first order you are trustworthy since you have explained you will hand over user data upon request according to the laws you are subject to. This is a sane business decision.

Finally, a solid stance against at least business surveillance is a great start.

link
kortilla 2744 days ago
>That's the right amount of privacy and the right tradeoff with usability for just about everyone.

Just about everyone who agrees with Australian laws you mean?

link
raxxorrax 2744 days ago
Not a user and not an Australian but that sounds like a bad deal for customers. Especially since warrants will probably not be thoroughly checked in the future. So the invasion of privacy seems to be seen as a trifle.
link
pdimitar 2744 days ago
> We never offered, and never claimed to offer, a safe haven for people who have broken the law in both Australia and their own country to hide from the police.

You seem to be conflating the concept of "I don't want my emails read" with "I am a criminal".

Why?

link
mtgx 2744 days ago
> We never offered, and never claimed to offer, a safe haven for people who have broken the law in both Australia

So are you saying that just by offering end-to-end encryption yourselves would be "helping people who have broken the law"?

Well, at least it's good to know where you stand and to have this in the public record, in case someone mistakenly thinks that Fastmail is a good alternative to other end-to-end encrypted email service providers.

link
brongondwana 2744 days ago
We've never wanted to be an end-to-end encrypted service provider - there's purely routing blobs of opaque data around. It's not an interesting problem, and it's at direct odds with "email is your electronic memory".

https://fastmail.blog/2018/02/14/email-is-your-electronic-me...

End-to-end encryption is great for "this message will self destruct in 5 seconds" type instant messaging, but I have a friend who recently forgot her password on an "end-to-end encrypted" email service and lost all her emails. Not a great choice, though luckily she hadn't been using it long, so she didn't lose many memories.

An extreme black-and-white view on confidentiality vs the other parts of security is poor threat modeling, and we especially don't like the idea of selling snakeoil where we claim a level of confidentiality from ourselves which is not supportable by facts.

link