How we handle requests for subscriber data
U.S. law allows communications service providers to deliver products that use encryption to protect customers' communications without that provider having the ability to decrypt those communications. History has shown that backdoors created for law enforcement are themselves a security liability. Time and again, these well-intentioned backdoors have been exploited by hackers and by hostile states that do not respect or protect civil rights.
We're here to protect the good guys. Our customers include big companies that you've heard of, NGOs doing important humanitarian work, news organizations and their journalists, government agencies (including military, intelligence, and law enforcement), defense contractors, law firms, and the many small and medium-sized businesses that drive so much of our economy. What all these organizations have in common is that they want to protect their staff and their important secrets from the real threats that are out there. Protecting these people and these secrets from the bad guys is important to the national interest of the U.S. and those of its Western allies. We take our responsibility here seriously.
Unsurprisingly then, Silent Circle's service offerings have no backdoors. Furthermore, we keep very limited data regarding our subscribers. We do not track IP addresses or keep logs of calls and messages between our users. The less data we have, the better we can protect our customers from those who would do them evil.
However, occasionally, we receive requests for the subscriber data of a user or a set of users. In these cases, when presented with a valid legal order, we provide the information that we have. When possible and permissible, we notify our customer of the request in order to give our customer an opportunity to object to the disclosure.