FastMail loses customers, faces calls to move over anti-encryption laws

Hosted email provider FastMail says it has lost customers and faces “regular” requests to shift its operations outside Australia following the passage of anti-encryption laws.

The Victorian company, which offers ad-free email services to users in 150 countries, told a senate committee that the now-passed laws were starting to bite.

“The way in which [the laws] were introduced, debated, and ultimately passed ... creates a perception that Australia has changed - that we are no longer a country which respects the right to privacy,” FastMail CEO Bron Gondwana said. [pdf]

“We have already seen an impact on our business caused by this perception.

“Our particular service is not materially affected as we already respond to warrants under the
Telecommunications Act.

“Still, we have seen existing customers leave, and potential customers go elsewhere, citing this bill as the reason for their choice

“We are [also] regularly being asked by customers if we plan to move.”

Gondwana’s comments are similar to those of Senetas, which said it now “regularly fields questions” from customers about how encryption-busting laws might impact the products they have installed and are using. Senetas also said that its sales pipeline had dulled.

FastMail also used its submission to the senate committee to raise concerns that secretive “technical capabilities” added to products and services to aid law enforcement were unlikely to stay secret for long.

Moreover, he said that technical capabilities could be removed and destroyed internally by coders not privy to those capabilities even existing in the code base.

“Our staff are curious and capable - if our system is behaving unexpectedly, they will attempt to understand why. This is a key part of bug discovery and keeping our systems secure,” Gondwana said.

“Technology is a tinkerer’s arena. Tools exist to monitor network data, system calls, and give computer users more observability than ever before.

“Secret data exfiltration code may be discovered by tinkerers or even anti-virus firms looking at unexpected behaviour.

“[Additionally, as code is refactored and products change over time, ensuring that a technical capability isn’t lost means that everybody working on the design and implementation needs to know that the technical capability exists and take it into account.”