I like fastmail, but the Australian Government has anti-encryption laws that are just a dealbreaker.
Australian companies (of which Fastmail is one) can be forced to handover user data silently[1].
"At its core, the legislation allows law enforcement agencies to compel companies to hand over user information, even if it’s protected by end-to-end encryption. If companies do not have the ability to intercept encrypted information, they can be forced to build tools to do so."
So fastmail can be compelled to hand over user data[2], and if that data is encrypted, can be compelled to build tools to subvert that security (this is a shame because Fastmail itself is anti that bill).
They're a Melbourne-based company, but their servers are in other countries. Does ASIS' reach include data stored in other countries? (NYC, Amsterdam, Iceland)
Yes it does, because they can compel the company employees. A previous company that I worked for used to have data centres in Amsterdam and Sydney (pre-cloud), but it was an Australian company with Australian engineers, so it wouldn't matter very much in this context.
It's the old xkcd "million-dollar cluster to crack encryption VS wrench"[1]
If you or your engineers with production access live within a jurisdiction then your security and laws are impacted by that jurisdiction.
Australian companies (of which Fastmail is one) can be forced to handover user data silently[1].
"At its core, the legislation allows law enforcement agencies to compel companies to hand over user information, even if it’s protected by end-to-end encryption. If companies do not have the ability to intercept encrypted information, they can be forced to build tools to do so."
So fastmail can be compelled to hand over user data[2], and if that data is encrypted, can be compelled to build tools to subvert that security (this is a shame because Fastmail itself is anti that bill).
[1]:https://www.theverge.com/2018/12/7/18130391/encryption-law-a... [2]:https://fastmail.blog/2018/09/10/access-and-assistance-bill/