We are a law-abiding company, and US law (the Communications Assistance for Law Enforcement Act, CALEA) makes it clear that communications service providers can deliver products to their customers that use encryption to protect their communications without having the ability to decrypt those communications. This means Silent Circle’s service offerings have no government-mandated backdoors. Indeed, history has shown that backdoors created for law enforcement interception are themselves a security liability and present an irresistible target for hackers and state-sponsored attackers.
In providing this service, however, it’s also important to recognize that a small number of people will use our products and services to do bad things. We obviously don’t want that: it hurts everyone, but we know it will happen. Various law enforcement agencies will therefore demand that we disclose existing subscriber data, and that we preserve data that we would not normally keep. Such legal demands are inevitable. We must and will comply with valid legal demands for the very limited information we hold. We want to make it clear that when legally compelled to do so, we will turn over the little information we hold, described above. Before turning it over, we will evaluate the request to make sure it complies with the letter and spirit of the law. And, consistent with best privacy practices followed by other companies, when possible and legally permissible, we will notify the user in order to give him or her the opportunity to object to the disclosure.