September 2014 Transparency Report
Virtru recognizes that being 100% transparent with our customers is vital to our position as a digital privacy leader. We have taken aggressive measures to protect our users’ information and data from unwanted third parties. You deserve to know what we are doing with your data. Are we fighting requests that we have promised to fight? What has been the outcome? To this end, Virtru is pleased to issue regular transparency reports detailing government demands for user data and how we are handling them.
Virtru never stores the content of user communications or files. However, Virtru does hold and secure encryption keys, which we anticipate could be of interest to government agencies. Encryption keys are generated for each message or file a user protects and are necessary to read the content that you share using your e-mail or other cloud service that you are protecting with Virtru.
The United States government may try to seek access to encryption keys with a variety of legal powers. Some of its powers are used in criminal investigations – principally, search warrants and wiretap orders which require probable cause, and subpoenas, pen/trap orders and or similar orders which do not.
Some of the government’s powers are used in foreign intelligence or national security investigations. The government usually tries to impose more secrecy for national security powers than for criminal powers. These powers also can be divided into those that require probable cause – for example, search warrants and traditional wiretap orders under the Foreign Intelligence Surveillance Act – and those that do not, including pen/trap orders, business records orders, and new “section 702” wiretap surveillance orders under FISA, as well as national security letters.
As of the filing of this transparency report, Virtru has not received any government requests for any user data. We plan to continue filing a transparency report every six months, so if we receive any requests in the next six months, our report will provide detail on the type of requests we have received and whether we have challenged them. Note that the government may seek to limit the detail we can provide in future transparency reports, as it has done with other companies. We will fight for more detail rather than less.
Although we have not received any requests, if we do so, we will fight to provide our community with the kind of detail below, so you will have an idea of what kinds of information will be provided:
|Type of government request||Number received by Virtru||Number challenged by Virtru||User keys provided|
|Criminal – search warrant (probable cause)||0||0||0|
|Criminal – wiretap (probable cause)||0||0||0|
|Criminal – pen/trap||0||0||0|
|Criminal – subpoena or similar||0||0||0|
|FISA – search warrant (probable cause)||0||0||0|
|FISA – wiretap (probable cause)||0||0||0|
|FISA – pen/trap||0||0||0|
|FISA – business records||0||0||0|
|FISA – “section 702” surveillance||0||0||0|
|National security letters||0||0||0|
|State governments, if any||0||0||0|
|Foreign governments, if any||0||0||0|
We expect the government may object to providing you with this level of detail, especially on the FISA or other national security requests. Since we’ve received no requests and therefore are under no secrecy orders, we can provide as much detail as we want at present. We will fight to continue to provide our user community with the details above on a routine and consistent basis.