Is there something at that Bullrun link that shows the USG uses legal methods (or even illegal methods) to force product makers to insert backdoors into their equipment against the product makers' will?[1]
The NSA inserting backdoors into the product without the cooperation or maybe even knowledge of the vendor -- while troubling for any number of reasons -- is vastly different. Especially when giving advice to developers about how to stay in bounds with the law. If the metagame becomes "the government can legally force you to insert backdoors into your product" any developer faced with this threat might believe it, when he should know it's bunk.
[1] RSA allegedly got paid $10 million to make a change the NSA wanted. RSA customers should demand an answer, but that's not forcing the RSA. People get paid to do things all the time.
>Hushmail turned over cleartext copies of private email messages associated with several addresses at the request of law enforcement agencies under a Mutual Legal Assistance Treaty with the United States.; e.g. in the case of U.S. v. Tyler Stumbo.
>if a court order has been issued by the Supreme Court of British Columbia compelling us to reveal the content of your encrypted email, the "attacker" could be Hush Communications, the actual service provider.
the company that provides Hushmail, states that it will not release any user data without a court order from the Supreme Court of British Columbia,
This is malarkey. Someone in the US could say "I'll fight all the way to the Supreme Court!!!" but you would be a fool to trust your business to their determination. Especially if they say it about a subpoena, which means they haven't even retained a lawyer to ask about this. (If your business plan depends on being able to wage a legal battle, you really shouldn't be scrambling through the yellow pages for a lawyer when you get your first subpoena.)
Back to the topic, I'll have to point out that this still isn't evidence of a company being required to backdoor a product. Hushmail, the same company that thinks it can fight a subpoena for third-party data all the way to the Supreme Court, said "well, we might be compelled to backdoor our product." This is just more repeating of the meme without evidence. It's unfortunate because some developer who remembers Hushmail might take their ill-informed legal opinion as reality.
Of course, Hushmail had access to cleartext copies of the messages. That's the killer. The government has the right to evidence about third parties in your possession. (Canada derives from British law tradition like the US. The government's right to all evidence is a concept that goes back centuries. If you can show that Canada broke from this tradition I would be most interested.)
The NSA inserting backdoors into the product without the cooperation or maybe even knowledge of the vendor -- while troubling for any number of reasons -- is vastly different. Especially when giving advice to developers about how to stay in bounds with the law. If the metagame becomes "the government can legally force you to insert backdoors into your product" any developer faced with this threat might believe it, when he should know it's bunk.
[1] RSA allegedly got paid $10 million to make a change the NSA wanted. RSA customers should demand an answer, but that's not forcing the RSA. People get paid to do things all the time.