The problem being is when you do have a provider that appears to be secure and out of reach, think lavabit, that provider will not survive for long. The CALEA requirements, and Patriot Act provisions will force them into compliance. There only options are to: Disobey the law, unacceptable in my opinion Close down services, noble but I need to eat and you probably want to keep getting email Compromise your principles and obey the law, the path often choosen.
Actually it might not be so horrible if the law was rewritten to be more reasonable, and then on top of that if the executive branch would stop inventing new definitions for words used in the law. However, we shouldn't rely on either of those two things. But the other big giant fail here is that we, as the engineers who have built all this stuff, have made it exceedingly easy for users to "just sign up with Gmail" and have totally failed at providing easy alternatives for the average person to use. That includes building intelligent, secure, and easy-to-use security into MIME and email, and extends to policies by ISP's designed to make it difficult to run your own server/services, and winds up with software authors who totally fail at creating usable server implementations. And that's just a broad brush. There are more failings than that. Reducing or eliminating the third party involvement in operating services would severely impact the ability to perform the sorts of blanket surveillance that we've seen. There's no technically valid reason that my mother couldn't host and run her own e-mail server on her home Internet connection. Except that she doesn't have a fixed IP. And there's no software that would make it trivial for her to do so (there are honorable mentions, but really this has got to be nearly as easy as plug-and-go). The Internet was designed as an any node to any node system. The insertion of ISP mail servers as an intermediate step made lots of sense back in the days of shell and dialup. It makes a little less sense now. But the community is extremely resistant to change. Certainly Gmail has no incentive to suggest that people go run their own mail server. And we've created enough other roadblocks that it isn't likely to happen. Sigh. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.