If you pass a law stating you are a Triceratops, it would become 'true' in the legal sense... and since we are dealing with legality, it being declared 'secure' does matter
It depends on the threat model. If I need to prove to a court in the US, then I'm signing paper and faxing it. To do it differently would be more expensive to prove.
I'm talking about the technical sense. Where there is no encryption at all, anyone with a phone line splitter can listen in, and the machines are usually not in a secured area so anyone could just pick up the fax and walk away. Not secure at all.
I don’t think you need to argue that fax is not technically secure on HN. Pretty sure we are all on the same page there. What matters is legal precedent and existing policy in various countries.
It depends on what your threat model is. The attacks you're talking about are real, absolutely.
For the threat model of a physically local attacker with either the right timing (for grabbing an incoming fax) or the right knowledge (for the phone system equivalent of tcpdump), you're quite right that fax is insecure. Likewise for state sponsored adversaries or certain organized crime groups.
But if you just want to make it hard for people scanning the internet to see what juicy corporate espionage they can find and resell, without specifically targeting you, fax is probably less vulnerable to that threat model than, for example, an undermaintained email server. Likewise if you piss off script kiddies somewhere on the internet with botnets and exploit kits, your website is probably a bigger risk than your fax machine.
They're secure in the sense of being low-risk for active content shenanigans and a small surface area for vulnerabilities. Attacking a network through a .tiff of a fax is a lot harder than attacking it through an email, pdf, word doc, http session, etc.
