Every company has to comply with the laws of the country in which they operate, and no company is going to go to jail for you. There’s other encrypted email providers, but they will still have to abide by their local laws. The best you can hope for is that they have minimal data on you and that anything potentially incriminating is encrypted and can only be decrypted by you.
Assnuts. They’d not go to jail anyway. Companies pay fines at most, you might arrest a specific legal representative (one of 123456789 employees of the company) for three days while the lawyer comes up with better papers, but companies never, meaningfully go to jail.
Right. The point is that they’re not going to do you any favors with regard to the law. They have zero incentive to fight the law on your behalf, because your relationship is purely transactional.
Another way to say it is, “No company is going to break the law for you.”
I mean, you need to abide by laws even when you self host. I’m not saying it’s likely, but if you self host and the authorities legally demand records from you, are you prepared to go to court or prison over it?
Evidence: “We know you had this data based on emails between you and X entity, who already gave us emails and confirmed it was with you who they were communicating. We know you destroyed hard drives based on the fact that we found hard drive remains in your trash within 24 hours of receiving the subpoena. Cough up the data or face prison time.”
It’s not hard to solve for X when you know the rest of the equation.
It very much depends on your local laws. Despite the current administration, the law in the US, for example, is that you do not have to divulge passwords (a Fifth Amendment right to silence). You can hand over your entire encrypted database intact, no destruction needed, and unless the authorities can decrypt it, it’s useless evidence in court. Prosecutors may still try to build a case without that evidence (as you pointed out by getting decrypted correspondence with an accomplice), but it’s not illegal to hand over encrypted data, even if they demand that you decrypt it; you are under no legal obligation to help incriminate yourself.
That right may not exist in other countries, so as always, one should know their individual rights and threat model.
For all questions: your own.
Every company has to comply with the laws of the country in which they operate, and no company is going to go to jail for you. There’s other encrypted email providers, but they will still have to abide by their local laws. The best you can hope for is that they have minimal data on you and that anything potentially incriminating is encrypted and can only be decrypted by you.
Assnuts. They’d not go to jail anyway. Companies pay fines at most, you might arrest a specific legal representative (one of 123456789 employees of the company) for three days while the lawyer comes up with better papers, but companies never, meaningfully go to jail.
Right. The point is that they’re not going to do you any favors with regard to the law. They have zero incentive to fight the law on your behalf, because your relationship is purely transactional.
Another way to say it is, “No company is going to break the law for you.”
My nose keeps pointing towards selfhosting. TY!
The [email protected] community has lots of info and helpful people!
I mean, you need to abide by laws even when you self host. I’m not saying it’s likely, but if you self host and the authorities legally demand records from you, are you prepared to go to court or prison over it?
Lol what?
If I am in control of the data and I have a reason to don’t disclose said data, guess what’s gonna happen as soon as they demand it?
Destruction of evidence is also a crime in most places.
What evidence?
Evidence: “We know you had this data based on emails between you and X entity, who already gave us emails and confirmed it was with you who they were communicating. We know you destroyed hard drives based on the fact that we found hard drive remains in your trash within 24 hours of receiving the subpoena. Cough up the data or face prison time.”
It’s not hard to solve for X when you know the rest of the equation.
It very much depends on your local laws. Despite the current administration, the law in the US, for example, is that you do not have to divulge passwords (a Fifth Amendment right to silence). You can hand over your entire encrypted database intact, no destruction needed, and unless the authorities can decrypt it, it’s useless evidence in court. Prosecutors may still try to build a case without that evidence (as you pointed out by getting decrypted correspondence with an accomplice), but it’s not illegal to hand over encrypted data, even if they demand that you decrypt it; you are under no legal obligation to help incriminate yourself.
That right may not exist in other countries, so as always, one should know their individual rights and threat model.