> To date, CloudFlare has never received an order from the Foreign Intelligence Surveillance Act (FISA) court. ... As part of these challenges, we always request the right to disclose at least the fact that we received such an order but we are not always granted that request.
Are you challenging orders you haven't received? It might help to be more clear. For all we know, CloudFare has been required to give all its data to the NSA. The law allows that, and the law could prevent CloudFare from disclosing it.
I suggest the paragraph be more clear on that, then. "We may however receive orders unrelated to FISA, in which case we are legally allowed to challenge the order."
It might be best to be completely forthcoming. Let the customers know that their data can always be secretly read by the NSA with CloudFlare's assistance, even all customers' data, but you challenge what you are legally allowed to challenge. Or say nothing about it. As it is the text implies that the customers' data is better protected against snooping, which isn't possible and most everyone knows that now, so it leads to suspicion.
Are you challenging orders you haven't received? It might help to be more clear. For all we know, CloudFare has been required to give all its data to the NSA. The law allows that, and the law could prevent CloudFare from disclosing it.