I’ve been with multiple email service providers over the years, and have always used my own domain name so that I don’t get locked into any particular email provider. I believe this is important to maintain control over your own digital life and also crucial to be able to root up and move to another provider when there is reason to leave one provider for another. Whether that be for market forces like price, innovation, service policy changes, or as in this case: a change in service trustworthiness ushered in by the introduction of a new law in the country the company operates in.
Long story short: The Australian government don’t believe anyone should be able to keep any secrets from them in any sphere so they’ve voted in a incredible dangerous law that seeks to undermine security and privacy protections on the web. The Telecommunications Assistance and Access Bill (TAAB or AssAccess) require technology companies like FastMail, Google, Apple, Cisco to provide Australian law enforcement and security agencies with access to all communications without any judicial oversight, transparency, or reason. The only restrictions offered to protect people’s privacy is the vague terms “reasonable and proportionate.”
I personally have a huge problem with the complete lack of transparency and judicial oversight. Companies forced to comply with the law can receive permanent gag orders that will prevent any public discussion regarding when the government can and can’t access someone’s personal communications or what reason they thought they had to request it in the first place.
For more specific details on the law itself, you can read some interesting takes on it in these well-written write-ups by Paul Karp for The Guardian, Ariel Bogle for ABC News, and Mark Nottingham on his personal blog. Or you can watch this quick satire video that does an excellent job of summarizing the bill:
Email service providers are a soft-target for agencies wanting to test out their newfound powers of investigation. There isn’t much encryption to speak of and emails are most often transported unencrypted between service providers and it’s most often stored unencrypted with your service provider.
FastMail have voiced concerns over TAAB and they’ve also noted that they don’t believe that the new bill will have any impact on their customers. That is the only thing they could say that made any business sense. However, my concern is that this is the last we’ll hear from FastMail regarding the bill. They can’t tell their customers a word about what assistance and access they’re providing to the Australian government or for what reason. So we’d never really know whether it has had any impact on them or not. The Aussie government could request FastMail to build a tool that gave them a live feed of all emails containing the word “the” and FastMail would have to comply or face huge fines.
I’ve been a customer of FastMail for the last three years (November 2015 – December 2018) after getting tired maintaining my own own email server located in my own home. I’ve not had any reason to complain about FastMail’s services and I’m still happy with the service they offer. They support all the protocols I need to keep my devices and data in sync, and their webmail and groupware tools have been good as well. I’ve not been super-happy with FastMail for hosting their email business on servers located in the United States; a country much criticized for their spying and vast data collection programs. I’ve actually considered moving from FastMail several times over the past few years over this matter, but haven’t found a comparable email service that I’ve wanted to use instead.
I’ve got one year left on my current FastMail subscription. However, this new bill tipped the scales so far that I’ve decided to migrate off FastMail to an European email provider right away. More details on that to follow in another post.
I’ve self-hosted my own email service for many years before I moved to FastMail. The decision to stop self-hosting came down to time, interest, and repeated hardware failure and frequent power and internet service disruptions at home. The final straw was when many local businesses stopped sending billing emails to me not because of any fault of my own but because a large infrastructure provider that many of them relied on began blocking outgoing emails to residential IP address ranges. I’m hesitant to try and host my own email again due to the maintenance work required. Forcing me to build-in surveillance tools into my own instances of open-source communications tools to monitor me seems rather pointless, although I’d have the transparency I’m asking for.
So long, FastMail! And thanks for protecting me from all the phishing emails!