Exactly correct. We already share customer emails under limited circumstances and for explicitly requested accounts only (we've never participated in dragnets and we don't believe this legislation will require us to either).
We have a standard process for verifying each request with the AFP and ensuring that they have followed due process to get a warrant for the data. We strongly support (also spelled out in that submission) keeping judicial oversight of requests - which this legislation does still require for the access requests themselves - hence saying that nothing has changed for us, since we have existing capabilities and we already respond to legal requests.
Due process is not the only question though. FastMail users will also be wondering whether the content of their email has to comply with other laws made by the very same lawmakers that have just shown their complete disregard for privacy and a shocking level of technical incompetence.
To be fair, they also explicitly point out in their docs that encryption on their end is pointless (since they have the keys) and that you should encrypt your e-mails on the client side with something like PGP (where you control the keys).
E-Mail sucks, that's all. Fastmail is transparent about it and does a good job.
(PS: I still think that they encrypt their storage servers, but again, this will only protect against someone physically taking away their servers, not against a warrant or an intruder.)
I'm reading that as "we don't encrypt customer emails, so we already had to share them." That's consistent with what they've said in the past.
reply