Virtru Transparency Reports

March 2017 Transparency Report

Virtru recognizes that being 100% transparent with our customers is vital to our position as a digital privacy leader. We have taken aggressive measures to protect our users’ information and data from unwanted third parties. You deserve to know what we are doing with your data. Are we fighting requests that we have promised to fight? What has been the outcome? To this end, Virtru is pleased to issue regular transparency reports detailing government demands for user data and how we are handling them.

Virtru never stores the content of user communications or files. However, Virtru does hold and secure encryption keys, which we anticipate could be of interest to government agencies. Encryption keys are generated for each message or file a user protects and are necessary to read the content that you share using your e-mail or other cloud service that you are protecting with Virtru.

The United States government may try to seek access to encryption keys with a variety of legal powers. Some of its powers are used in criminal investigations – principally, search warrants and wiretap orders which require probable cause, and subpoenas, pen/trap orders and or similar orders which do not.

Some of the government’s powers are used in foreign intelligence or national security investigations. The government usually tries to impose more secrecy for national security powers than for criminal powers. These powers also can be divided into those that require probable cause – for example, search warrants and traditional wiretap orders under the Foreign Intelligence Surveillance Act – and those that do not, including pen/trap orders, business records orders, and new “section 702” wiretap surveillance orders under FISA, as well as national security letters.

Virtru has taken a strong stand in favor of privacy, as described in our privacy policy and our government access policy. We will fight secrecy orders, non-targeted or “bulk” orders, and orders for encryption keys based on any standard less than probable cause.

As of the filing of this transparency report, Virtru has not received any government requests for any user data. We plan to continue filing a transparency report every six months, so if we receive any requests in the next six months, our report will provide detail on the type of requests we have received and whether we have challenged them. Note that the government may seek to limit the detail we can provide in future transparency reports, as it has done with other companies. We will fight for more detail rather than less.

Although we have not received any requests, if we do so, we will fight to provide our community with the kind of detail below, so you will have an idea of what kinds of information will be provided: