Sure that's valid, they do need to conply with legal orders. But they don't need to store bitlocker keys in the first place, they only need to turn over data they actually have.