Again: this has nothing to do with LE; any CA can issue any certificate at any time by design, and it's the responsibility of the CT scheme to detect misissuances and malevolent behavior.
A NSL sent to the operators of a CT log cannot stop the log operators from logging inauthentic certificates: each CT log is a timely and append-only signed ledger of all certificates issued, meaning that any deviation between logs would also be detected and treated as a sign of mis-issuance or compromise by the larger Web PKI. What's more, certificates need to be logged as a matter of validity: an order compelling log operators to refuse a certificate would effectively ensure that the certificate never becomes valid. That's what makes CT nice: anybody who wants to create a malicious certificate needs to do so in a way that's globally detectable.
It can be fun to play mind games about shadowy agencies, but that's not really how these things work: if you're of sufficient interest to a country's intelligence service, then they're going to spearphish you, exploit your phone, steal your TLS session keys, your cookies, or do any number of other much less visible things to get the access they want. And, if they're competent, they will get it[1].
A NSL sent to the operators of a CT log cannot stop the log operators from logging inauthentic certificates: each CT log is a timely and append-only signed ledger of all certificates issued, meaning that any deviation between logs would also be detected and treated as a sign of mis-issuance or compromise by the larger Web PKI. What's more, certificates need to be logged as a matter of validity: an order compelling log operators to refuse a certificate would effectively ensure that the certificate never becomes valid. That's what makes CT nice: anybody who wants to create a malicious certificate needs to do so in a way that's globally detectable.
It can be fun to play mind games about shadowy agencies, but that's not really how these things work: if you're of sufficient interest to a country's intelligence service, then they're going to spearphish you, exploit your phone, steal your TLS session keys, your cookies, or do any number of other much less visible things to get the access they want. And, if they're competent, they will get it[1].
[1]: https://www.usenix.org/system/files/1401_08-12_mickens.pdf