The way this works is that in addition to the more colorful clients, you absolutely need to make sure that you have a sufficient number of clients among law enforcement and security services in countries with a decent(-ish) track record regarding human rights. This way, your products and services are not obviously illegal. You can even tell your employees that your products and services are saving lives because it's actually true.
This strategy mostly works because the major operating system suppliers refuse to implement requested lawful intercept solutions for their consumer products. Instead, we end up with companies that try to fill the gaps, making a business of exploiting security flaws. It's possible for the OS vendors to completely dry this swamp, by offering competing services to law enforcement using the interfaces they already have (automated software updates, for example). The reputable clients would migrate rather quickly. These companies would be left with just the shady clients, making it much more difficult to justify their continued existence.
The OS vendors refuse to implement lawful intercept capability because there is no such thing as a lawful intercept capability. There is only intercept capability for any purpose because ROM bootloaders and secure enclaves cannot vet the lawfulness of a request to subvert their owners. You can make a phone relatively secure against people trying to break into it, but only if it has unique access keys for the owner. If you give any government a second key for intercept capabilities, that key will be a single point of failure for the entire system. Eventually it will leak and your phone password will be effectively useless.
I don't even need to invent a scenario for this: you can buy the TSA master keys off Amazon right now. The only reason why it's not a huge problem is that TSA locks are a special thing you buy and use solely for airline luggage that is already in TSA custody anyway. If you use TSA locks on anything else, however, you're just asking for it to be stolen because the locks don't actually provide any security.
The shady clients will get their hands on any intercept key provided by law enforcement, because it's legally unreasonable for Apple or Google to only provide intercept capability to some of the countries they operate in. e.g. if you give the US and UK a decryption key you also have to give it to Saudi Arabia[0]. Hell, in some countries the shady and legit clients are part of the same government - e.g. you can't give the key to just the FBI but not the NSA or CIA.
[0] The Saudis have one very big lever they can use to force the west to do what it wants: gas prices.
2nd is Saudi Arabia then Russia. However it happens that US is also the largest consumer and their production doesn't meet the demand so they have to import from other countries like Canada and Saudi Arabia
So Saudi Arabia most definitely does have a lever, and so does Russia since the rest of the world including US allies like Japan, South Korea, Australia, NATO countries depend on their lovely black gold to have functioning economies.
I want to add that even if the US produced more oil, we currently don't have enough industrial refining capacity for the type of crude that we produce to meet our demand, so we would still need to rely on foreign imports.
> [...] so does Russia since the rest of the world including US allies like Japan, South Korea, Australia, NATO countries depend on their lovely black gold to have functioning economies.
Have you been following the news for the past two years? Russia's sanctioned up the wazoo. No NATO country is buying Russian oil. India is now their number one costumer.
There is truth in that Europe isn’t buying directly from Russia. However plenty are buying from countries are buying refined oil products from India (and possibly others) where the source is Russian crude oil.
If the US was like Saudi Arabia where they exported half of their oil, and could supply most of the world at competitive prices, Russia would have really felt the Sanctions.
But right now Russia doesn’t feel the Sanctions. They’re more isolated and Putin’s propaganda has somewhat worked at making the general population anti-west and support the Ukraine invasion.
That is a slippery slope though, because the OS vendors could offer Law Enforcement everything today, and there will be a special request made for a little something extra tomorrow.
This strategy mostly works because the major operating system suppliers refuse to implement requested lawful intercept solutions for their consumer products. Instead, we end up with companies that try to fill the gaps, making a business of exploiting security flaws. It's possible for the OS vendors to completely dry this swamp, by offering competing services to law enforcement using the interfaces they already have (automated software updates, for example). The reputable clients would migrate rather quickly. These companies would be left with just the shady clients, making it much more difficult to justify their continued existence.