Actually I am a lawyer. In the past I have even advised clients who received ACC notices (they are more common than most people would think).
Needless to say I was staggered at the scope of the powers granted. Forget about transparency, justice and the rule of law. If you receive one of these you can be compelled to give evidence or documents in secret, without judicial oversight or public scrutiny.
I just checked upstairs. The advice we have is roughly:
- ACC has judicial oversight
- its unclear how this interacts with the Telecommunications (Intercept and Access) Act
With my boss throwing in:
- law is a giant mess
- until you have two extremely well-funded parties disagreeing vehemently about the interpretation, you'll never get a final answer
We're still happy with our publicly-stated position. You might disagree, and I'm not really in a position to argue with you. Its my corporate masters with their necks on the line, and they seem relaxed about it. That's good enough for me :)
Fair enough, I agree that these laws are a mess and you'll never get the final answer unless a disputed application of the Act is determined by the High Court.
But these laws have been active and in common use for over 10 years without a single public challenge. I also know that the ACC's interpretation of their own powers has been used to prevent suspects disclosing certain matters even to their own lawyers.
The fact that no high-profile judicial decisions have placed limits on what the ACC does indicates to me that the law is fairly settled in this area.
I just wanted to point out that the original statement "Australia does not have any equivalent to the US National Security Letter, so we cannot be forced to do something without being allowed to disclose it." does not seem well-founded.
I read the blog post and was nearly persuaded that fastmail might be better in than US providers on some level of privacy.
But now reading this exchange I now see that your company doesn't actually know the Australian law any better than it knows the US law, and now I feel that fastmail might actually be WORSE than a US company in terms of privacy. Thanks for letting us know.
The title of this post should be changed to:
FastMail’s servers are in the US – what this means for you -> absolutely nothing.
Either way, it makes your service completely vulnerable to the government's interpretation of the law. If they force you to disclose your customers' data in secret tomorrow, or face jail time, I have no doubts what your choice will be.
I'm not calling you a liar, btw, I just think you're naive/oblivious, and considering you just now discovered what ACC is and had to check with your lawyer (who isn't even sure how it interacts with other laws), I wouldn't use your service to send any critical information. Ever.
> If they force you to disclose your customers' data in secret tomorrow, or face jail time, I have no doubts what your choice will be.
We have no doubts either. The privacy policy clearly states we will give your data to the Australian authorities if supplied with the proper supporting documentation.
I didn't just find out about the ACC, though I wasn't aware of the details. But I'm not a lawyer, just a sysadmin, so I don't need to be. The "its not clear" bit is simply that there are two laws that appear to be in contradiction with each other. Its never been tested in court. And thus, its not clear. But we have confidence that what our position is legally supportable or we wouldn't be here.
When you say "compelled", do you mean "divulge at the threat of guaranteed jail time" as in the UK's RIPA-based mandatory key disclosure law? Wikipedia seems to indicate it'll cost you 6 months in jail: https://en.wikipedia.org/wiki/Key_disclosure_law#Australia
A year of incarcerating someone is only worth $3,400 to the government? Strange, considering that if you're going to be pedantic about money, the cost of incarceration is surely at least one order of magnitude more than that.
We're talking about a particular subset of criminal/person that can afford a computer, has the knowledge and forethought to encrypt it, and is committing a type of crime/action which makes the state want to see the encrypted contents of said computer badly enough to invoke that law. I would think that someone in that subset could easily afford $3,400.
I wouldn't say this is the same as the NSL letters. You're allowed to get legal assistance and there are multiple independent bodies you can disclose to, including two that seem to have the power to fight it. Plus, disclosure is allowed after 5 years.
It seems to me that this kind of thing is for investigations where they don't want suspects to know they're being investigated, which is fair enough. It doesn't seem like they're doing it to keep secrets for "National Security".
Needless to say I was staggered at the scope of the powers granted. Forget about transparency, justice and the rule of law. If you receive one of these you can be compelled to give evidence or documents in secret, without judicial oversight or public scrutiny.