If a Swiss company were to pop up with a competitive mail offering, I imagine they'd sweep up a lot of business easily eh? Not that it's much more secure, just harder to imagine Switzerland easily handing over records, whereas with folks like MS, they've shown they'll do it on even non-legal requests.
tl;dr - We are Australian, so PATRIOT Act doesn't apply.
http://blog.fastmail.com/2013/10/07/fastmails-servers-are-in...
"It has been pointed out to us that since we have our servers in the US, we are under US jurisdiction. We do not believe this to be the case. We do not have a legal presence in the US, no company incorporated in the US, no staff in the US, and no one in the US with login access to any servers located in the US. Even if a US court were to serve us with a court order, subpoena or other instruction to hand over user data, Australian communications and privacy law explicitly forbids us from doing so."
"Australia does not have any equivalent to the US National Security Letter, so we cannot be forced to do something without being allowed to disclose it."
I'm glad jurisdictional conflict is being used for good.
We (FastMail) have a far superior product in just about every other way though, so it comes down to what you consider important, and what tradeoffs you're willing to make.
In my opinion there is a very tiny gap between things for which a security agency is willing to take the PR hit of taking our servers out of the datacentre in New York (and dealing with the fact that the disks are encrypted and there are replicas in Amsterdam of all the data anyway) - and where they're willing to bribe/coerce a staff member or datacentre tech in Switzerland (or just quietly do a backroom deal with the government there). You would have to, as robn said - be doing some pretty shady stuff - stuff that's probably against our terms of service anyway - stuff that's probably going to get a lawful intercept done in any country. Speaking of which, Switzerland does lawful intercept too, and don't think that any service there will magically be immune from legal process. https://www.li.admin.ch/en/themes/procedure
tl;dr - we don't place ourselves above the law. We obey the laws of Australia, which has strong privacy protections still - despite this silly metadata retention business (which is totally knee jerk and poorly written and, our legal advice suggests, not relevant to us anyway). It's mostly so a handful agencies (actually fewer than before, it tightened that up) can get their hands on mobile phone tower records faster and with guaranteed timeframes of retention - local ISP email just got caught in the crossfire.
http://www.wired.com/2015/10/mr-robot-uses-protonmail-still-...
Go read: http://blog.fastmail.com/2014/12/15/security-confidentiality...
And then read: http://blog.fastmail.com/2014/12/10/security-availability/
In short - the datacentres in the USA are insanely cheaper than Australia, they speak English (well enough, and you can learn the accent from TV), they have clueful staff, you can buy equipment cheaply in country and have it shipped to your datacentre quickly... lots of little things.
It's why we've moved the European datacentre to Amsterdam as well - it was that or London for price, language, availability of equipment.
> Not really quite sure what the benefit is there; email isn't latency sensitive.
Amsterdam may be the safer bet, not safe, but safer.
But it is a bit nicer to know that there's a harder legal standard in order for a party to snag a whole copy of your mailbox.
As a founder of an Australian startup that facilitates communication it's interesting to hear that using international hosting seems to bypass the requirements. IANAL etc. As the post mentions this is a pretty good way to discourage investment in local tech infrastructure.
Previous discussion : https://news.ycombinator.com/item?id=9345935
And yes, totally agree. It made us put our plans of an Australian datacentre on the shelf for the foreseeable future.
Data in Australia is already crazy expensive (https://blog.cloudflare.com/the-relative-cost-of-bandwidth-a...) and we're working at the latency problem from the other direction (http://jmap.io) as well, so we're focusing more on making the location of the datacentres not matter so much. We're currently in Amsterdam, Los Angeles and New York.
PSA: This is why you don't privatise public infrastructure
To your credit, I'm in Melbourne too and have always thought Fastmail was really snappy, which I assumed was due to Australian servers. So it looks like I was wrong, and your Jmap strategy is right.
The one who explained how to get around that law is our current Prime Minister [1].
1. http://www.businessinsider.com.au/malcolm-turnbulls-sky-news...
PP:https://www.fastmail.com/about/privacy.html
Also, I feel they overstate the jurisdiction piece. Being in Australia is important, but it certainly doesn't make you a paragon of privacy or Australia a privacy Eden. Company culture is great, but a five-eyes becoming more surveillance-heavy by the day doesn't make the technical aspects of maintaining private communication any easier. I'd be wary not to oversell.
I don't believe we made any claims that Australia is a "privacy Eden" or that we're "paragon of privacy". Indeed, we frequently say we're _not_ a privacy service, just an email service that cares about privacy among other things.
More specifics on both these points would help us discuss them properly.
It's a very direct, honest policy; it's definitely not the usual CYA bullshit that's kept in legalese to reduce clarity.
First, the meaning of a law can only be settled in the courts, strictly speaking. A legal opinion is a best effort, but it is an opinion, not a judgement.
Second, Parliament can amend any law it passes at will. And it has the power -- rarely but sometimes exercised -- to make its legislation retroactively effective.
https://mako.cc/copyrighteous/google-has-most-of-my-email-be... HN discussion: https://news.ycombinator.com/item?id=10229928