Everybody and everyone is worried about how safe their data is these days and Fastmail is joining an increasing number of communications companies that claim to be out of reach of US intelligence agencies. The Australian technology firm is claiming to be beyond the reach of US intelligence agencies, stating that it “does not co-operate with blanket surveillance” and does not give information on its users to anyone outside Australia.
This is in response to growing public debate over online surveillance by the US National Security Agency. A blogpost from Fastmail to its users emphasised the fact that it is incorporated in Melbourne, and so only has to respond to demands made under Australian law, though it accepted that some of Fastmail’s servers are based in the US. Fastmail has recently became an independent company in September following a staff buyout from browser developer Opera.
“Australia does not have any equivalent to the US National Security Letter, so we cannot be forced to do something without being allowed to disclose it…We are required to disclose information about specific individual accounts to properly authorised Australian law enforcement with the appropriate supporting documentation, which means a warrant signed by an Australian judge,” Robert Norris, Fastmail technical lead, said. “We do not co-operate with any kind of blanket surveillance, monitoring or ‘fishing expeditions’, and we do not give out user information to anyone outside Australia. We do not have a legal presence in the US, no company incorporated in the US, no staff in the US, and no one in the US with login access to any servers located in the US.”
Two secure email services, Silent Circle and Lavabit, have been forced to close recently after pressure from security agencies, while others, including a new service in Germany, are making a selling point of protecting user data from the NSA.
Norris specifically addressed the issue of Fastmail’s server location, and said even if its servers were seized; consumer data is protected by encryption. “Even if a US court, were to serve us with a court order, subpoena or other instruction to hand over user data, Australian communications and privacy law explicitly forbids us from doing so. We can make it extremely difficult for these things to occur by using strong encryption and careful systems monitoring,”
Only recently, the creator of PGP encryption, Phil Zimmermann, pointed out that no security model can overcome the intrinsic flaws of email. PGP, (pretty good privacy), can protect the contents of messages, but message headers can never be hidden. Mike Janke, with Zimmermann the co-founder of Silent Circle, a secure communications company, described email as “fundamentally broken”.
What do you think? Is our data secure? Is there a more viable solution to our communication needs other than email? As always, your comments are always appreciated.
[Image via: blogdowntheborders]