| image = [[File:Ambox_notice.png|40px|alt=Info]]
| text = The following is not legal advice and does not refer to any specific laws; it is a theoretical consideration by non-lawyers.
Users occasionally raise the possible privacy and security implications if contemporary, draft laws were to be passed. For example, how the {{project_name_short}} project would react to laws:* banning end-to-end encryption
* outlawing anonymity tools like Tor
* demanding that operating systems include a backdoor
It is important to note that government members have diverse and conflicting interests. Bills which are hostile to Internet privacy and security are regularly introduced in various jurisdictions, but common sense usually prevails and ill-conceived legislation normally stalls and fails to become law. Conversely, bills that allocate funding to support cryptographic development and privacy tools garner support and are normally passed because most legislators understand their importance in an open society. While Internet privacy advocacy groups should remain vigilant, it is unproductive to become unduly stressed whenever a bill hostile to privacy or security is proposed.
Although it may be counter-intuitive, in the event privacy-hostile laws are passed this is not a {{project_name_short}}-specific issue, even though {{project_name_short}} would obviously be affected. For the most part, {{project_name_short}} is a compilation of existing software packages provided by third parties which allow re-use in a compilation due to permissive licensing (Freedom Software). In this context, noteworthy components which {{project_name_short}} relies on directly or indirectly are the base operating system (Debian at time of writing) and an anonymizer (Tor at time of writing). At first, such a law would very likely harm the security properties of these and other projects (see footnote). <ref>To learn more about this organizational structure, see: [[Linux User Experience versus Commercial Operating Systems]].</ref>In response to the possibility of privacy-hostile laws being implemented, it is usually suggested that the {{project_name_short}} legal entity should relocate to a different country. The effectiveness of moving to another jurisdiction would of course depend upon the specifics of the legal text, however it is unlikely that simple legal loopholes would exist. For example, legal entity relocation does or did not help people who would like to sell controlled substances (such as medicine) or goods (such as weapons) without all authorizations required by law. Another example are financial services; this is also why unnamed stock certificates on the blockchain do not exist.Some U.S. laws apparently apply to all international jurisdictions. Take the case of Kim Dotcom who is a German/Finnish dual national. Although a permanent resident of and physically present in New Zealand at the time of alleged copyright infringement charges brought forth by the USA, he had his assets seized, worldwide bank accounts frozen, was arrested, and is fighting extradition to the USA. As Kim Dotcom [https://twitter.com/KimDotcom/status/582068295366410240 summarized on Twitter]:
I never lived there<br />
I never traveled there<br />
I had no company there<br />
But all I worked for now belongs to the U.S.
[https://www.techdirt.com/2015/03/27/how-us-government-legally-stole-millions-kim-dotcom/ How The US Government Legally Stole Millions From Kim Dotcom]
Sometimes it is suggested to simply not comply with new laws impacting privacy, however this is an unreasonable request. Most laws include an enforcement mechanism, although it can be selectively applied depending on government interests. Serious penalties apply if a law is not being complied with, especially for repeat and continuous offenses. Penalties may include:
* for failure to pay monetary fines, the threat of asset seizure, imprisonment or worse
Law enforcement has incredibly long arms. In most cases there is no way to openly defy the law for an extended period and get away with it. To a large degree policy issues cannot be fixed only via technological means; it must be combined with peaceful resistance on a political level. Government policy is affected by popular opinion, and those who support privacy-enhancing technologies can help the cause by sharing their reasoned opinions with others. Casual supporters are also important to raise public awareness.
Even if privacy-hostile laws are in place, it might still be permitted to contribute Open Source code to Open Source projects. For example, perhaps only the person(s) redistributing binary builds to the public would be held personally accountable. This is pure speculation until a new draft law catastrophic to security software eventuates.
If {{project_name_short}} was ever forced to add a backdoor by law, users would be notified and the project would be shut down before the law took effect. Fortunately, as yet there are no outrageous law proposals that would force the continued running of backdoored projects. In this case, efforts might focus on a new Linux-based project centered on stability, reliability, documentation, recovery, and usability.[https://forums.whonix.org/t/eu-wants-to-create-device-os-level-backdoor/10402 EU Wants To Create Device/OS Level Backdoor]
or create an account