Advocating for privacy in Australia(fastmail.blog) |
Advocating for privacy in Australia(fastmail.blog) |
> Law enforcement has always been able to request information from us through the Telecommunications Act with a lawful warrant. Because we have the ability to decrypt all data, there is no need to make changes that circumvent encryption. ... While FastMail is not directly affected, we don’t support this legislation because it carries serious implications for the Australian tech industry.
> Of course, should our users choose to end-to-end encrypt their mail via PGP, we have no way to access that content, even under the AABill. Our blog explains why we have never offered PGP ourselves, and describes third-party PGP tools you can use with FastMail if you wish to manage your own encryption.
The second one in particular highlights to me the fact that whilst there are many downsides to the legislation, any serious culprits i.e. state actors or organised crime have many counter moves, severely limiting the upside - something all tech people knew anyway.
So we use effective methods to protect the privacy of our users while performing our civic duty of assisting law enforcement when bad actors use or abuse our platform, and we never pretend to use the bulk of our customers as human shields to protect bad actors trying to hide among them.
I understand that you're not a privacy-first company, but still, your communications haven't been reassuring me. There is extensive documentation (e.g. Yahoo FISA) that ALL content not end-to-end-encrypted is ingested for bulk surveillance and decades-long (if not infinite) retention.
The only solution is 100% end to end encryption, with NO mechanism for unauthorised access (including law enforcement). Like iMessage and Signal. Anything partial of that, while saying you are pro-privacy, is IMHO harmful to privacy.
Some might argue whatsapp or signal or Telegram E2E is exactly that. I talk about the email.
https://protonmail.com/support/knowledge-base/how-to-use-pgp...
"This means that with ProtonMail, anybody can use PGP, regardless of their technical knowledge."
Something like this would make things even more transparent to end users:
These three are not equivalent.
Signal is the gold standard for secure, end-to-end encrypted messaging. The client is open-source, and (at least on Android) builds are reproducible. It's possible to audit the code and confirm that Signal isn't intercepting the messages via side-channel and sending them to Signal's servers, encrypted with a different key. It also notifies you whenever a users's public key has changed (ie, when they switch to a different phone), which protects against someone hijacking your phone number using the telecom system.
WhatsApp does encrypt messages with per-user keys, but it's not end-to-end in the sense that Facebook still manages the keys and could provide you with a compromised key. Facebook also produces the only client, which means that it could easily eavesdrop messages and send them to Facebook's servers via a side-channel. Until recently, WhatsApp also didn't notify you when a user's key had changed. This wasn't a "backdoor" as the Guardian sensationally reported it, but it is a security liability for users looking for secure end-to-end encryption.
Telegram is completely insecure. For starters, group messages on Telegram are sent... in plain text. No encryption whatsoever.
What I really really like about this blog entry and the Fastmail service in general is that it is practical and clear.
Fastmail does not and has not ever offered data privacy from properly constituted legal requests. Within the service they offer of email (and calendaring and contacts), they protect their user data by having it encrypted at rest and in transit.
Email protocols are not suited to E2E encryption because of the historical evolution of those protocols. So if you want E2E, there are appropriate solutions.
In terms of people who want access to your data, there are two types, bad/illegal actors and those operating under the judicial system. Under the judicial system in place in Australia, as has been explained, warrants (and the equivalent for non-law enforcement security services) are still required for access to an identified person's information.
Fastmail has always been clear that they would respond to a properly constitued legal request.
In terms of lobbying, it is up to all Australian tech people to respond to this legislation and its ill-considered requirements.
I've already written to Mark Dreyfus as Shadow Attorney General and also the senior ALP person on the PJCIS which is responsible for this legislation.
I intend to engage further in the new year with all those relevant MPs, ministers and shadow ministers, with the primary goal of clarifying that the tradeoff between security and privacy is not a zero-sum game, that invading privacy in such a ham-fisted manner as defined in the legislation is more damaging to both our industry and our community than the stated objectives of our security services to avoid bad actors "going dark".
I've been using FastMail for 11 years now, and I've recommended it to several other people. I will continue to do so for the foreseeable future.
The company I work for uses Fastmail but our CEO has already decided to switch mail providers sometime in 2019. I don't know what other service they'll choose.
---
One problem not being addressed is that via #AABill data access requests can now be submitting without warrants issued by a judge, so it removes the judicial oversight.
Also this law says that all such requests need to be "reasonable", but it doesn't define what that means. For example is blanket surveillance reasonable? AFAIK this law doesn't say. And companies like FastMail cannot report abuse publicly, or the people responsible risk 10 years in jail.
Couple this with the fact that Australia is part of the "Five Eyes", being the only country without a "Bill of Rights", it means that agencies like the NSA could use Australia for their dirty work.
Please correct me if I'm wrong, I haven't read the actual bill, just random commentary on the net.
I'm a FastMail customer, but reading this blog article is leaving me worried, because FastMail keeps mentioning "lawful warrants", but from what I've read warrants aren't needed anymore.
It's pretty sad. I've seen many Australian software companies doing a good job, like FastMail here and their reputation is now tarnished due to incompetent politicians. The wave of populism and stupidity has been spreading.
THe use case for emails is a tad clunky as the bag of words would require precomputing, however, it is privacy preserving for both parties.
If you feel this is something interesting that you would like to contribute to please msg me. I have working code in javascript (so it may soon be a plugin) and the architecture is decentralized but requires a a single message interaction between the actor querying and the data source.
2. Can't a user search all common words against a message and then rearrange those found to roughly match the message length. There are only so many ways the words "noon begins the tomorrow revolution at" can be arranged and make sense.
2) A random salt is used so only exact keywords will match (I have a fuzzy matching implementation using jaccard similarity and minhashing but that is an extension). To answer your question technically yes, but what you describe would require many interactions with the data source as the content producer must apply the encrypted queries against their encrypted data.
Again, I am trying to provide a solution that is beyond just giving someone the ability to read your private messages without your consent. No doubt it will require work from sidechannel attacks so appreciate any feedback
Isn't this, "No need to force us to install a backdoor, we've already got one!"
Kind of disappointing. Nothing in this article seems to be promoting privacy, just ways they comply with the laws -- and have been for as long as they've been around.
If you care about privacy, shouldn't you move your HQ out of Australia? You aren't allowed to even tell people you've been served warrants now, correct? Gag orders mean we have to trust the Australian Government... we can't trust service providers. Eww.
* Honest Government Ad | Anti Encryption Law - YouTube || https://www.youtube.com/watch?v=eW-OMR-iWOE
Fundamentally there is no need for a backdoor for emails. The entire protocol results in plaintext being received on the server, and so there is no need to add a backdoor. Email isn't end-to-end encrypted -- you've always had to use PGP if you wanted that.
Lavabit had the same problem when the US sent and NSL that asked for the TLS keys of his server to decrypt the email traffic that Snowden had sent.
--
John Noble
Happy Fastmail customer of, I dunno, 5+ years?
Melbourne, Australia :-)
Is this supposed to be a PR-positive announcement from FastMail, because I can't quite tell?!
End to End encryption defeats the purpose of the "server-side" component of any government request/demand to decrypt messages/data.
Any server-side email platform that 'integrates' email encryption (that is, envelope encryption, not encrypted transports) is effectively not "end to end" because your computer is not the server, and thus it's decrypted before "the end".
It's one of the few ways to ensure privacy between two people who trust each other.
Of course the "people are planning to leave us because of the hamhanded way you introduced this legislation" is a major part of all our feedback to legislators.
The AABill happened the way it did in Australia because our politics is particularly broken right now (seriously, we have a minority government which has change leaders twice and lost multiple members to scandals). We call it "wedge politics" and Labor were forced into supporting it because otherwise they'd look soft on terrorism going into the holiday period, and anything at all which happened would be blamed on them not supporting the bill.
Which is idiotic, since the LNP would blame Labor either way, as they do for every single other failure they (the LNP) are responsible for. I wish Labor had some fucking guts once in a while.
Though of course, since you're in the jurisdiction of our great nation you have to turn over data if requested anyway (this hasn't changed). Actually I'm a bit more concerned that you store data in the US.
> The AABill happened the way it did in Australia because our politics is particularly broken right now (seriously, we have a minority government which has change leaders twice and lost multiple members to scandals). We call it "wedge politics" and Labor were forced into supporting it because otherwise they'd look soft on terrorism going into the holiday period, and anything at all which happened would be blamed on them not supporting the bill.
Our politics has been broken for almost 2 decades. It's not really a recent phenomenon.
This isn't a matter of where data is kept, the location of that data being irrelevant, but a matter of jurisdiction. Companies with a legal presence in Australia have to comply with Australian laws.
The only other possibility is for the company and its employees to leave Australia. That's not doable, people have families, friends and for the business relocation implies costs, you can't just move on a whim.
That's not your problem of course, however the wave of populism has been spreading, in the US, in the UK, the far-right is on the rise in Europe, so moving around isn't the answer, fighting against such laws is.
Passage of this bill seems to have been all about the government attempting to create short-term political opportunities and the opposition attempting to minimise their short-term political risk. With effective lobbying, it seems reasonable to assume that the ongoing legal part of this mess can be fixed. Hopefully the reputational damage won't be too severe.
The Liberal & Labor parties both decided among themselves to support it, and have policies that lead to 100% of MPs following the party line.
(Don’t know if it’s a good idea for Australia, but it’s the game-theoretically correct thing for the parties to do under the rules we have, so...)
No-one ‘crossed the floor’, voting against their party, because it gets you kicked out of your party. [Automatically, if you’re a Labor MP]
They knew they wouldn’t change the outcome here, and they’d be out of the conversation going forward.
In particular, Labor gave the measure 100% of its votes, but it seems like the only way the party got majority support for it is by agreeing to vote to repeal and amend it next session. It was not a solid agreement.
If the reason for switching is because of such laws, your company could look at providers outside the:
* Five Eyes (Australia, Canada, New Zealand, the United Kingdom and the United States)
* Nine Eyes (Five Eyes plus Denmark, France, the Netherlands and Norway)
* and Fourteen Eyes (Nine Eyes plus Belgium, Germany, Italy, Spain and Sweden).
There are very few well known and good providers outside these jurisdictions, in my knowledge.
"[a judge doesn't have to sign off on the specific method by which data is requested] However there must be an underlying warrant to access communications under the Telecommunications (Interception and Access) Act or the Surveillance Devices Act or state-level equivalents."
So the request still requires a warrant that specifies which communications are to be intercepted, but not a warrant that specifies how the interception is to be performed.
Sadly, random commentary on the net does tarnish reputations every bit as well as facts :(
There is definitely a lot of FUD, though I think the ZDNet article is underplaying several quite reasonable concerns about the legislation.
In addition, I've not seen any concrete explanation of how you could make use of the Commonwealth Ombudsman to effectively appeal the decision of assessors for a TCN.
You might want to update the article, to make it clear that warrants are still needed.
Also keep up the good work and I hope #AABill doesn't hurt your business.
TANs require a warrant (or rather, a TAN is unenforceable if it would require the agency to get a warrant -- but a TAN instead is a method to give force to a warrant). The restrictions on notices are in s317ZH (which is a while after the definitions of the notices so people might be forgiven for misunderstanding the limitations).
> And companies like FastMail cannot report abuse publicly, or the people responsible risk 10 years in jail.
5 years in gaol is the limit. There are also processes for them to provide statistical information about how many notices they've received, as well as provisions for courts and the Commonwealth Ombudsman to make public notice information.
> Couple this with the fact that Australia is part of the "Five Eyes", being the only country without a "Bill of Rights", it means that agencies like the NSA could use Australia for their dirty work.
This is definitely true, and GCHQ has already started requesting similar powers in the UK (not that they need to, since they can just use the Australian powers). There are several provisions in the act which specify that it can be used for investigations into "serious foreign crimes".
> Please correct me if I'm wrong, I haven't read the actual bill, just random commentary on the net.
I would recommend reading it, a lot of people haven't.
We don't have data trading agreements with anybody, and we don't sell or provide backdoor channels - we only provide data in response to lawful warrants.
That's the right amount of privacy and the right tradeoff with usability for just about everyone. Certainly storing your emails super encrypted in a concrete bunker on an island somewhere is theoretically safer along one axis - I wrote a whole series about Confidentiality, Availability and Integrity just over 4 years ago on this very topic: https://fastmail.blog/2014/12/02/security-confidentiality-in...
And the specific one on confidentiality here: https://fastmail.blog/2014/12/15/security-confidentiality/ (excuse the line wrapping, we moved to a new blog platform a while back and some of the older posts didn't import perfectly, but I don't want to look suspicious by editing it today!)
Of course this is reasonable, but I'm curious what you think of companies who do put themselves above law enforcement when it's the right thing to do.
i.e. lawmakers do not always make laws that are right and law enforcement does not always do the right thing when interpreting and enforcing laws. A case to cite might be Apple vs. FBI in 2016. The company placed itself above law enforcement. They disagreed with law enforcement and would not cooperate when I am certain many companies would have cooperated. It was a gamble. As a user, I am glad they stood their ground and I was/am glad to give Apple my money. I've also set my businesses up on FastMail at least twice, which is why I ask.
Maybe only a company with Apple's resources can take a risk like this? Thoughts?
The concrete bunker thing is a ridiculous diversion. Why are you even bringing that up?
I understand that privacy is a difficult problem especially when subject to legislation but bunkers have nothing to do with it. You will obviously provide user information to government on request, you and your staff maintain the ability to access user information at all times, and you have some procedures in place to try and make sure none of this is misused.
That’s ok.
Just about everyone who agrees with Australian laws you mean?
You seem to be conflating the concept of "I don't want my emails read" with "I am a criminal".
Why?
So are you saying that just by offering end-to-end encryption yourselves would be "helping people who have broken the law"?
Well, at least it's good to know where you stand and to have this in the public record, in case someone mistakenly thinks that Fastmail is a good alternative to other end-to-end encrypted email service providers.
If you want to use PGP for encrypted email, and they supported it e.g. in their webmail - that would open them up to being a valid 'target' for the new bill, to provide access to your encrypted messages.
If they're just a conduit for your PGP (or even S/MIME) encrypted messages, the government can compel them all they like - there's literally nothing they can do to decrypt those messages.
Note: I am not a customer, or involved in FastMail at all (I am Australian though). This is just one of the facets of encrypted email IMO - if it's decrypt able somewhere between your laptop/phone/etc and the other persons laptop/phone/etc, it's not end-to-end encrypted, is it?
Either you give the factual power to access your emails to some party, then whoever you give that power to can as a matter of fact access your emails, and in particular that means that they can be coerced into accessing your emails, or you don't give them the power, then they can't.
You are demanding that they offer a product where they have the power to access your emails (as an unavoidable technical necessity for what you expect from the product) while they at the same time can truthfully state that they can not access your emails. That is simply a logial contradiction that cannot exist, and any PR that pretends that it did would be simply marketing bullshit.
Your tl;dr is not quite accurate.
All companies, including FastMail, have to cooperate with local law enforcement. But there are different levels of cooperation. FastMail's level of cooperation, according to TFA, is, "Show us a valid warrant, and we'll show you exactly what you asked for, nothing more".
Certain other companies might be more cooperative, handing over user information in response to informal (warrantless) police queries, or handing over information to copyright-enforcement lawyers who write threatening (but not legally enforceable) letters, or handing over more information than is specified in a warrant. (I can't remember specific examples, but they get mentioned on HN now and then).
So FastMail is stating it will try to limit privacy violations as much as it can, without violating Australian law. This is not total privacy, but neither is it the same as "we aren't going to try to offer you any".
(Not affiliated in any way with FastMail, not even as a user)
It almost feels like it’s written for the Aussie Police and not really for the users.
Right now the only authentication signal we display on the website is a green tick if the message came from one of our staff or one of our trusted systems.
(Not the only one who suggested the same thing though)
https://fastmail.blog/2018/02/14/email-is-your-electronic-me...
End-to-end encryption is great for "this message will self destruct in 5 seconds" type instant messaging, but I have a friend who recently forgot her password on an "end-to-end encrypted" email service and lost all her emails. Not a great choice, though luckily she hadn't been using it long, so she didn't lose many memories.
An extreme black-and-white view on confidentiality vs the other parts of security is poor threat modeling, and we especially don't like the idea of selling snakeoil where we claim a level of confidentiality from ourselves which is not supportable by facts.
Not for European users. Microsoft is fighting this same fight in the US (albeit with surer footing since the European data is stored by Microsoft Ireland). Basically, another country can compel a company to provide EU users their data as much as they want, if the data is stored in the EU and the request is not legal under EU law this data may not be shared and the company will be in extremely deep legal shit if they do.
But my point was that these protections don't extend to Australian data -- the location of the data is irrelevant to jurisdiction if you're talking about Australian data being stored by an Australian company.
Most people are not on ProtonMail and do not have a PGP key published.
If I were to guess, I’d say that 99%+ emails sent or received by ProtonMail customers are seen by ProtonMail’s servers in unencrypted form.
Really? I use Hotmail, GMail, and Yahoo, and all of these use TLS so it is encrypted in transit.
Neemo of Brisbane.
A series of amendments that were dropped, despite the political reasons for keeping them (including the Nauru medical bill which didn't pass). Now, there were a series of useful House of Representatives amendments, but a series of useful amendments to an awful idea really isn't much of an improvement.
Feel free to put Labor above the Liberals on your next ballot, but please consider putting a third party (Greens, Science Party, Pirate Party) above them. We have preferential voting for a reason.
When you’re communicating with email addresses outside of ProtonMail, their servers will see your emails. Your emails might then be encrypted “at rest”, but they’ve passed through their servers unencrypted anyway.
To workaround it, for sending to email addresses without a ProtonMail account, AFAIK they also give the possibility to send a link to a ProtonMail interface for decryption.
And also web interfaces are inherently insecure for E2E encryption, which ProtonMail encourages.
This is not how email is supposed to work.
Speaking of email ProtonMail also doesn’t work via standard IMAP and SMTP. You need an adapter to use classic mail clients and that only works on the desktop.
In other words ProtonMail is anti-standards.
And for me standards are more important than promises of privacy that an email service can’t really meet.
Unless you’re doing PGP or similar, independent of the email service being used, then email is incompatible with encryption.
Decryption is done in the browsers so it's not passing through the servers unencrypted. (ProtonMail is one of the biggest contributors to Openpgpjs).
> To workaround it, for sending to email addresses without a ProtonMail account, AFAIK they also give the possibility to send a link to a ProtonMail interface for decryption.
And you can add the recipient PGP key in ProtonMail settings so it's pure PGP. (I've heard that they're working on Web Key Directory support for automatic contact key retrieval)
> And also web interfaces are inherently insecure for E2E encryption, which ProtonMail encourages.
Not strictly true. The problem is web interface hosted on a foreign host. For a secure web interface see e.g. Mailpile.
There are also other ways of minimizing risk like using Mailvelope that communicates with GnuPG through Native Messaging.
> In other words ProtonMail is anti-standards.
Not for all standards for example ProtonMail is very active in OpenPGP mailing list.
For the record I'm not using ProtonMail but I like that they're promoting PGP by showing that it can be made relatively easy. Too much people think that the UI complexity in PGP is intrinsic.
That cannot be for unencrypted emails, which is how most communications over email are going to be, because:
1. Most people or businesses are not on ProtonMail
2. Usage of PGP is nice, but very few people have published PGP keys
3. Opening a link to view a message is a big problem; personally I ignore such emails, can’t remember the last time that happened
It also doesn’t work for unencrypted emails being sent to you, which are a majority.
If I were to guess 99%+ of emails sent or received by ProtonMail customers are seen by ProtonMail’s servers in unencrypted form.
And this is why ProtonMail is snake oil.
Sending a link with a symmetrically encrypted mail is still possible for users without PGP but those aren't in cleartext on the server either (they are encryped and decrypted) in the client.
(in theory, PM could swap code in the webclients but you can use the Bridge or Android/iOS app to circumvent that hole easily)
It’s a similar deal on mobile apps; the situation is probably a little better if it’s truly a native app (by which I mean: all executable code comes from the app store, rather than executing arbitrary code fetched at runtime, as with websites) in that they probably can’t serve you specifically a different version to everyone else (I expect that’d need cooperation from the app store provider—not implausible, I caution) and so any vulnerabilities are more likely to be noticed in any auditing that others may do; but it’s also much worse because there you can’t lock it down with a browser extension that intercepts and verifies all the code.
Running the encryption no the user’s computer instead of your own servers is not a panacea, because you still control the code.
Unless you're starting from a premise that bad actors don't exist, and the police never do anything of value, there needs to be a facility by which police perform the role we expect of them in a civilised society, which includes following chains of evidence and requesting assistance of third parties they find along the way. The warrant system is a check against abuse of that process, not a repudiation of the idea that police also have a job to do.
I guess if a judge wants they should be able to watch you poo, pity we don’t have mandatory poo cams yet.
The judge should according to the laws be able to hear what you say to your wife at night.
Just that technology hasn’t caught up with what the law dictates yet.
After all, who are we to say what’s right? That’s for the professionals like the people who passed the AAA bill.
Who would you suggest should decide, when shown evidence that a spear phishing that stole thousands of dollars came from an email account, whether the provider should be requested to hand over data.
Policing isn't all poo cams.
I'd prefer that a judge tell me whether the police have sufficient evidence for a data request than have to make that call myself.
Thats the problem here. Computers (smartphone/laptop/server/toaster/etc) are/will continue to hold most intimate and private data about a individual. Do you want all that disclosed on one person's word ? I dont. I dont think there can be any check-and-balance that absolutely prevent any person from giving a malicious order. One bad disclose order can be enough to ruin a life. Is that jurisdiction willing to be liable for the compensation (if compensation is even possible) ?
I believe Internet is a country of its own. Its a virtual world, it has no physical manifestation. There is no need to invade Internet to secure physical world.
There's also no check and balance the absolutely prevents somebody punching me in the face and ruining my life, but I still walk down busy streets.
If you have a problem with the concept of judges as the arbiter of limits on the powers of law enforcement, I am keen to hear your workable alternative that doesn't have worse downsides.
My point, I suppose is that there are ways to architect systems such that concrete bunkers are un-necesary and irrelevant.
The simplest such systems do involve trust in you. I suppose to a first order you are trustworthy since you have explained you will hand over user data upon request according to the laws you are subject to. This is a sane business decision.
Finally, a solid stance against at least business surveillance is a great start.
This puts me in direct conflict with the way the law is going right now, where it is supposed to be acceptable for government and/or searches to be an invisible third party to all conversations.
Not sure where this goes but I feel like there is an MLK or electronic Jesus moment here somewhere.
During those proceedings, they also explained how complying with the FBI's request would lead to a highly damaging corruption of the privacy of their users data.
They asked the judge to make a judgement which was that Apple were right in saying that the FBI had over-reached in their warrant.
The case was headed to appeals when the FBI withdrew after finding another way to get the information they needed. Notably they did so without Apple having to compromise security or user data privacy.
Exactly. I didn't say they did. The comment was about being above law enforcement. See my other peer response here.
Apple did no such thing. They asserted their legal rights. They used the exact mechanism -- the law -- that you are saying they ignored or held themselves above.
When law enforcement takes a wrong turn (as the FBI did) it is, I believe, reasonable for a citizen to consider themselves above (read: "better than") law enforcement. Mechanisms to deal with this include constitutional principles (which may also be considered above the law) and, generally, the courts.
Perhaps, rather than focusing on "most communications over email" (which don't involve ProtonMail's users whatsoever), it's more fair to ask whether ProtonMail enables encrypted communications with non-ProtonMail email users, and what threat models it is reasonably secure against.
You're right, though, that there are trade-offs to be made when it comes to using web-delivered JavaScript (although these problems need to be solved at the web platform layer [0], not unilaterally by a single service provider), and ProtonMail do not exactly advertise their security limitations (and nor do any other webmail providers).
[0] https://tools.ietf.org/html/draft-yasskin-http-origin-signed...
Don't downplay the problem. An overwhelming majority of email that ProtonMail users get is in fact unencrypted. Not only that, but an overwhelming majority of email that ProtonMail users send is unencrypted as well.
It might get encrypted after the fact, but that email passes through their servers, which means ProtonMail can be coerced into doing blanket surveillance if the law allows it and any claims that ProtonMail protects you from that are bullshit.
>> "encrypted email service" is something that you have made impossible by definition.
It's not my definition, that's just what you get with email.
E2E encrypted email can only work if it's optional (e.g. PGP, when both parties agree on the keys), which is for secrecy, not privacy, because a majority of email sent or received will be unencrypted, because that's just how email was designed, that's how it works.
I don't have a problem btw with ProtonMail's implementation per se. Certainly it has value in certain contexts ... like if all of your work colleagues or all of your family is on ProtonMail, then you can have some peace of mind, but then again for a controlled, small group you can just go with PGP directly, which would be more trustworthy actually.
The problem is that many of the claims being made are bullshit. No, ProtonMail is not 100% e2e encrypted, in common use their servers will see most of your emails sent and received unencrypted and it will not protect your privacy.
So that's why it is snake oil.
Could you cite your sources? I'm wondering what are the exact percentages.
As I said there are already enough physical measures (defence, surveillance etc) that can ensure public safety. However If I were to compromise: We can have multiple judges. An order should be vouched by more than one judge. It would be even better if the user can whitelist/blacklist judges to submit. Less bureaucratic liability for the state if data gets leaked/misused.
https://www.smh.com.au/national/teenager-daniel-christie-die...
I guess it's the punch then.
I can avoid sucker punchers. No need to give up privacy. I can avoid going outside a walled garden. No need to give up privacy.
You seem to be saying that its fair trade. I disagree.