[dannyw]

The M-code from GPS (for military use) is almost certainly signed (as part of being encrypted), but unfortunately, while the latest L2C (civilian) has ECC, there is no signing.

I would suspect this is probably intentional, as it's difficult to imagine otherwise why this would be omitted in the latest standard.

The US probably wants the operational capability to spoof the civilian GPS; and signing would provide verifiable attributability.

[forinti]

They could still spoof an encrypted public signal as they would be the owners of the key.

[dannyw]

Of course they could, but then you'd know it's the US doing it; with cryptographic evidence.

If there are covert operations going on somewhere in the world, where the US isn't publicly claiming to be (and I don't just mean DoD; but also CIA for example); this would be an irrefutable cryptographic trail.

Another case is unintended collateral damage; e.g. say a civilian airliner (with US citizens perhaps) goes down; the US can't have plausible deniability and suggest it was the enemy doing it.

[mikepurvis]

Right but then it would be obviously them vs having the deniability to be like "well it got spoofed by someone who knows who might have interfered in your operation hmmm??"