Australia-based email service FastMail claims to be safe from NSA

fastmail

Since all the madness with the NSA spying on Americans and other folks around the world, we’re confident some of you have been seeking out more secure ways to traverse the Internet. Well, until John McAfee grace us with $100 NSA blocking device, you have the option to give FastMail a test drive for your secure email communication needs.

FastMail is an Australia-based paid email service that was once acquired by Opera back in 2010. However, the staff bought the company free of Opera last month for an undisclosed sum of money. Now that FastMail is back as an independent company, it has begun to make wild claims in order to attract new users.

Apparently, FastMail founders believe Australian law prohibits any type of data request from Washington and the NSA:

We do not have a legal presence in the US, no company incorporated in the US, no staff in the US, and no one in the US with login access to any servers located in the US. Even if a US court were to serve us with a court order, subpoena or other instruction to hand over user data, Australian communications and privacy law explicitly forbids us from doing so.

One should be very skeptical of these claims, for two reasons.

First of all, history has proven over and over that the US government will apply pressure on other governments to get its way. It isn’t hard to imagine the US government twisting some Australian arms to force FastMail to do their bidding. Secondly, and more importantly, the US government could gain access to the FastMail servers stored in the United States without the need of any consent from FastMail. Would it be legal? Most people would say no, but everything is fair when it comes to love, war, and national security.

Nevertheless, we like the idea of a secure email system and we may even pay for it if it was truly secure. How about you? Let us know in the comments below!

[via FastMail]

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

13 comments

  1. BruceM

    As much as I am / have been a Fastmail cheerleader since I started using it in December 2001, I have to debunk this claim of theirs (I’ll have to write Rob & Jeremy, the two co-founders, on this one). Unfortunately, under the Patriot Act in the US, the FBI has served all too many “warrantless” (i.e., not reviewed or authorized by a judge) search & seizure subpoenas on internet companies, including ISPs, hosting companies, and data center providers. A quick Google search on “warrantless internet searches” in the US will provide you with more info on this than you probably care to read.

    If the FBI wanted to access Fastmail’s servers in the US, they could, and probably would, just march in and either take the servers (they’ve done this to other companies many times over) with one of their special subpoenas, or just use time on site to access the server(s). While Fastmail might notice the on-site intrusion, their is nothing they could do about it, under this law (Obama campaigned against it, after it was signed into law under Bush, and then approved both an extension to the Patriot Act and far reaching expansion’s to it that not even Bush / the Republicans had thought of putting into place… such is the state of political integrity in the US). Nor would Fastmail be able to do anything if the FBI chose to seize their servers, as other companies have learned the hard way.

    While the NSA doesn’t have the manpower, or the legal authority, to either physically go seize Fastmail’s servers, or tap into them on US soil, I have no doubt they could tunnel into them, if they wanted to (when I had a job interview, over 30 years ago, with the NSA after graduating from University as an engineer, they told me that one of the “perk’s” of working for them was being able to use technology that was 3-5 generations ahead of what was available commercially). And, while NSA could undoubtedly tap the servers electronically, if they felt there was something that they really wanted to access / evaluate, as a “threat” to US national security, it would probably take only an informal phone call to their FBI liaison for some help in gaining physical access to the server / its data, or the actual server itself. As a company that is operating on US soil, with their servers physically present in New York City, again, there is nothing they could do about that under our expanded Patriot Act law.

    If you would like to see a pretty good story about a terrifically funny t-shirt that lampoons the NSA, and how this thin-skinned agency has already had it banned from sale on one on-line site, check out: http://www.businessinsider.com/the-nsa-wants-to-ban-sales-of-this-t-shirt-on-zazzle-2013-8. I’ve already ordered one from their new e-commerce site, and, living in Washington, DC, can’t wait to wear it proudly when I’m downtown on our National Mall (home of the Washington Monument, the Lincoln & Jefferson memorials, and monuments to the Vietnam and WWII veterans).

  2. Shawn

    ok i’ll bite…

    If the US of A doesn\t get their gear together they will go bankrupt first thing to make money is blackmail but guess what all that other countries need to do is grease the paws of china and a few other lenders and well life support for the states is hasta-la-vista..

    It’s just that no one got the balls …

    Anyone seen kim with the mushrooms (Food kind not nuclear?)

    P.S: Anyone else noticed since the last windows update the machines feel more like a keylogger?

    Just my 2 cents…
    Enjoy thanksgiving on monday for those who have it on that day.

  3. Louis

    [@oldtimer56] True enough, Mossad is probably the Agency that may even (potentially) be better than the NSA at that.

    It’s more of a case of which one would I trust less with my data, should there actually be a backdoor, and they are in fact capable of decrypting these emails. At least they’re (I assume) not in bed with the US Big Corporations, which is where the NSA obtained data probably ends up…

    Why did you stop using Safe-mail, if I may ask ?

  4. oldtimer56

    Don’t know who is worst,, Mossad or NSA in using backdoors, twisting arms in their quest on reading our secure emails. Used Safe-mail for years for medical records transfers and such. Right after Hushmail got compromised in the steroids bust.

  5. Louis

    Being in China, and always slightly paranoid, If I need to send secure text emails (i.e. the typed message, not referring to attachments), I use this service, which is based in Israel :

    http://www.safe-mail.net/

    It’s a paid service if you need significant storage space, however it is available free — but with storage space limited to 3 MB, making it suitable only for text emails, or for emails with up to 3 MB attachments that will have to be deleted just after sending or receiving..

    If I need to send sensitive attachments, I encrypt it with AxCrypt or 7Zip selfextracting file functions, and just send it as usual via Gmail etc, this is NSA proof, provided you use a password >14 characters, containing the proper mix of characters, no known words, no obvious keyboard patterns etc.

    However, if your message itself contains sensitive info, safe-mail.net is the only free email service that seems to be secure enough, at least that I’ve managed to find thus far (provided you don’t use it for attachments — you can, but will likely need to upgrade to a paid option due to 3MB being too little storage space).

    This service is based on functionality, it’s got a business like approach, with very little eye candy.

    If other free and secure services exist, please mention it here !

  6. weylin

    fastmail.ca has no relation to fastmail.fm.
    I signed up to Fastmail many years ago with a one-off payment members account. It is very limited compared to what is freely available today. My Opera offers much more for free.
    The only companies that the NSA might have trouble with would be in enemy territory (North Korea) or someplace that has the cajones to fight back (China, Russia).

  7. Godel

    The Australian government wouldn’t need any arm twisting; they’re fully in bed with the US, both political parties.

    You only have to look at the NZ example of Megaupload and Kim Dotcom for an example of how it might work.

    If you want really secure email I’d select a provider in other than one of the Five Eyes network countries, such as Switzerland or maybe Malaysia. End to end PKI encryption would also be a good idea (although a real pain to manage).

  8. Mags

    Don’t know much about fastmail.au but I do know that Fastmail is worldwide. I happen to use fastmail.ca and have been for over 10 years now.

    I was fortunate enough to get a free account when they were offered back then. Now one has to pay for an account.

    I find it is the best web based email service that I have used. Forget hotmail, gmail etc. etc. etc.

    Just my 2 cents worth.

  9. Seamus McSeamus

    The NSA’s motto should be “all your data are belong to us”, because that is the reality of things. I agree with JonE – if they want access to a server, regardless of location, they will gain access by any means necessary. During the Cold War days, if an American spy (or a Russian one, for that matter) wanted to see secret documents, he broke into the place where they were stored and made copies. This is the same thing, only with electronic rather than paper data.

  10. JonE

    Do we actually believe that the NSA is getting permission to access everything they want access to? I think not! Of course it’s a lot easier to access data when you have permissions and don’t have to hack, but hack they will, I’m confident, if they want the data badly enough.

    And I’m confident that the NSA is accessing data from servers off shore without permission in many small and large countries; just my opinion.

    I don’t know about security, I mean I’m sure if the NSA thinks they have a need to access FastMail servers then they will – with or without permission. But I’ve been using FastMail long before it was sold to Opera. I wasn’t aware that it was bought back. But regardless I’ve always been satisfied with the service and have always felt that my email is more secure with FastMail than my ISP, Yahoo!, Hotmail, or anywhere other provider. But, do I believe they are NSA bullet proof? NO!

  11. Machar

    Hmm. The key to this this article seems to be that “history has proven over and over that the US government will apply pressure on other governments to get its way”, despite the fact that this has only really happened since the end of the Second World War, and particularly in the last couple of decades. There’s also an assumption that Australia, being a smaller nation, will somehow roll over and play dead. Big mistake. It’s not the size of the dog in the fight…

    The technical realities are another issue, of course. However, where there’s a will there’s a way, and there’s a helluva lot of technical expertise spread around the world, including Australia. Just because the American people are apparently willing to suffer the iniquities of the NSA (and multiple other US government acronyms), it doesn’t mean the rest of the world will continue to put up with their crap.

    tl;dr Some Americans feel they own the WorldWide Web, others from smaller nations disagree. Time will tell.

  12. Darcy

    The NSA probably doesn’t even need access to the Australian servers here in the US. Email works on a pass and erase system. Each server pushes the message to the next available server, whether it’s going in the right direction or not.

    The theory is that by keeping the message moving it will reach the destination faster, though I once had an email take 8 days to reach me (true story). Again theoretically, if a server waits for the best route, one server being down can delay the message considerably but by pushing it to the next available server it will work it’s way around any obstruction quickly. Because of this, it will pass through a lot of servers, whether they belong to that company or not.

    The only server in the chain that doesn’t push it out immediately is the Pop3 or IMAP server you download your mail from. At that point it becomes pull technology instead of the push technology involved in SMTP.