Every company must comply with lawful warrants and subpoenas.

EDIT: Original parent was "Every company does this."

Not Mullvad. Swedish police showed up looking for some dat, Mullvad didn't even collect what they wanted, police left empty handed.

Yes -- even Mullvad -- which is precisely why they do not collect the data. Because if they did have the data, they would have to give it over, or they could go to prison.

Typically, courts will summon a specific person to comply with their request, often a corporate officer or director with a role or authority relevant to what is being requested. If they don't comply with their request, they can be held in contempt.

The specifics vary by country, but basically all legal systems require you to comply with what they say and impose penalties if you don't. I don't know if there are any countries where it's legal to ignore the courts, but I would imagine that their court systems don't work too well.

Typically that would require uncovering the veil of the corporation and usually a limited company has safety provisions against these egregious acts.

Courts, in the US at least, can hold an officer of a corporation personally responsible for violating a subpoena order, if they were in a position to comply with it and chose not to. It's not technically a piercing of the corporate veil (because they are being personally ordered to comply), but it's effectively the same thing.

See Wilson v. United States

https://supreme.justia.com/cases/federal/us/221/361/

It is true that one cannot produce the data that one does not collect. I'm not sure that is a revelation.

It is, with this crowd, where data is currency. I literally have solitaire games, trying to get me to create server accounts, so that the authors can extract PiD from me.

Tech is full of people that make extremely good money, from other people's personal information, and they plug their ears and sing "La-la-laaaa-I-can't-hear-yooouuu-la-la-la", when confronted with information that says what they are doing has problems. Not just techhies. That's fairly basic human nature.

This is pretty much the embodiment of Upton Sinclair's quote: "It is difficult to get a man to understand something, when his salary depends upon his not understanding it."

For my part, I don't collect any data that I don't need; even if it makes it more difficult to do stuff like administer a server.

It's only a problem if you don't want to be legally obligated to produce it. Either way, probably paying lawyer time for a response. Not that I disagree with you at all.

It's also a problem if you actually care about your users, and don't want to expose their data, in ways that could -literally- end up putting their lives in danger.

I'm but a mere lawyer, not a godly developer.

Sheesh. I don't feel especially "holy." Did I miss the manna line?

they HAD to? didnt Apple refuse to do this exact thing?

Apple refused to create new software to allow the FBI to brute force an encrypted device. OpenAI just had this info floating around on hard drives.

> And then 3 or 4 allies of the US passed laws enabling the government to require companies to develop tools or face prison time

My understanding is that Apple’s executives were surprised at the forcefulness of the opposition to their stand together with the meekness of public support.

(Having worked on private legislation, I get it. You work on privacy and like two people call their electeds because most people don’t care about privacy, while those who do are predominantly civically nihilists or lazy.)

If you are referring to the incident below, it is different because the government asked Apple to write software to allow access to the device:

https://en.wikipedia.org/wiki/Apple%E2%80%93FBI_encryption_d...

If Apple had simply had the text records, they would have had to comply with the government order to provide them.

And Apple did provide all iCloud data they had available.