We do not think the law requires us to cooperate with broad surveillance orders permitting blanket surveillance by the the NSA or other government agencies, and we would fight an order to cooperate.
Virtru does not believe these orders should apply to encryption providers and would vigorously contest any attempt to extend such orders to us.
Changes to FISA under the Patriot Act and the FISA Amendments Act permit some forms of surveillance that are not based on individualized court orders. Virtru would challenge any order to assist in broad surveillance programs by the NSA or other government agencies that are not based on individualized court orders.
Under the “business records” provision of FISA (as amended by the Patriot Act), any person can be required by the FISA court to provide records or other tangible things in international terrorism and other foreign intelligence investigations. The FISA court has approved the government’s requests under this provision for very broad access to telephone metadata (e.g., phone numbers called and phone numbers received; date, time, and length of call).
Under Section 702 of FISA (as added by the FISA Amendments Act), communications service providers can be required to provide the content of communications and other data under blanket orders pursuant to court-approved procedures where the target of the surveillance is not a US citizen or permanent resident and is reasonably believed to be outside the United States.
Virtru does not believe that these provisions allowing non-targeted surveillance authorize the government to obtain encryption keys or other technical assistance from Virtru. Virtru believes that a court would agree with its legal position if it were asked to cooperate with government requests for encryption keys under these provisions.
If Virtru received an order for encryption keys under either of these provisions of FISA or under any other legal theory that was not based on individualized court orders, it would vigorously contest it.