A lot of these laws are now attempting to apply extra-territorially, e.g. to servers and companies in the US just because people in the UK are connected to the same internet, with punishments meted out if any part of that company does any business in the UK even if it's unrelated.
It might be interesting to go the other way: Get it put into the constitution of a major country that these kind of backdoors are banned world-wide and you can't do business in that country if any part of your enterprise implements them anywhere else.
To begin with this would make it harder to pass laws like this in other places -- domestic companies with international operations would put up stronger opposition because it would compromise their ability to do business elsewhere, and legislators might actually be concerned about that. And then on top of that it would force the companies to choose which subset of the world they want to operate in, allowing people in oppressive countries to pick up uncompromised devices from the places where compromised devices are banned.
The US constitution already has a provision against unreasonable search properly enshrined, and well tested in courts. Things like KOSA can be rejected as clearly violating it.
The EU does not seem to have such simple and ironclad norm.
Ah, that constitution must explain why we never see people being abducted in broad daylight by goon squads in the US, right? Because anything that clearly violates the constitution would obviously never happen there. Because you're the best country. The greatest.
I'm not sure if the 4th amendment applies to deportation of non-citizens, and secondly you would have to take it to supreme court to find out.
In comparison to the US constitution, EU "norms" might as well be toilet paper. For example, they have some notion of "free expression" which sounds like free speech but is defined to be so weak as to be useless. The european public broadly does not seem to care, they certainly aren't willing to kill for their rights.
Other commenters already mentioned that the current situation in the US shows how fragile this "ironclad" norm is. Aside from that, though, the fourth amendment wouldn't necessarily prevent a law that requires companies to scan the data and creates certain liabilities if they don't. The weakness in the US's version of such "rights" is that none of them are actually guarantee that any individual rights are to be protected against all comers; they restrict the government from doing certain things but allow private actors to do those same things.
I mean that'd certainly be nice, and it is also their only job, but even if they wanted to do it in regular legislation that'd be better than nothing.
Make a law that says companies have to protect the data of their citizens without the possibility of any intentional backdoor, perhaps. Make a law that says companies can't require people to dox themselves with ID scans simply to use a publicly available internet platform that provides no services in the physical world. Make a law that says OS developers can't create client-side scanning services that upload results off-device without revocable user consent.
It might be interesting to go the other way: Get it put into the constitution of a major country that these kind of backdoors are banned world-wide and you can't do business in that country if any part of your enterprise implements them anywhere else.
To begin with this would make it harder to pass laws like this in other places -- domestic companies with international operations would put up stronger opposition because it would compromise their ability to do business elsewhere, and legislators might actually be concerned about that. And then on top of that it would force the companies to choose which subset of the world they want to operate in, allowing people in oppressive countries to pick up uncompromised devices from the places where compromised devices are banned.