It's a euphemism that I have my doubt about the sincerity of any American business when it comes to respecting users privacy when you know what's going on with the full-take NSA collection and warrantless requests.
But I am intrigued by the fact that every software vendor out there, not just in the US, ironically, is bound by parties to use encryption modules that are FIPS-compliant. FIPS-compliant is a set of standard algorithms and key lengths.
All FIPS-level algorithms have a thing in common, the key lengths are fairly low by today standards, especially when NSA super computers can compute trillion keys every second.
I am therefore suspicious that FIPS-level algorithms are in fact all cracked by the NSA already, and that by having parties asking vendors to comply to FIPS, what they are actually asking is that NSA be able to read anything that gets encrypted by you without much effort.
As a consequence, I think the proper action should be the opposite. Any business that requires a vendor to be FIPS compliant should be told that they are an active piece of pariot act and as such have lost any credible reason to conduct business with. Such party should not be supported in their request.
Whenever the vendor is not from the US, it should be all the more natural to take this stand.
Or vendors should admit that they are just toys of a big conspiracy against everyone.
You decide.