If you don’t submit to America’s heavy handed surveillance laws, you’re screwed. Time to make that stop.
If the owners knowingly aided spearphishing and other business email compromise laundering, that’s not cool. That has nothing to do with any surveillance laws, either. Assuming there is evidence that proves this, then they should go down. If the evidence is just “yeaaaaahhhh they knew what it was used for,” that’s bullshit and falls into your complaint. Based on similar prosecutions, the feds wait to prosecute this stuff until they have actual evidence that shows the defendants knew they were directly supporting crime (assuming we’re not talking trumped-up narcoterrorism charges). As a security professional this narrow band, assuming all of my assumptions are true, is legit and should be prosecuted. You should not enable spearphishing and ransomware because that makes lots of problems.
If my assumptions don’t pan out, ie there is no direct evidence linking them to that narrow band, sure, it’s a shitty prosecution.