Submitted by chromas from IRC, as story from ZDNet:
"The governments of the United States, the United Kingdom, Canada, Australia, and New Zealand are committed to personal rights and privacy, and support the role of encryption in protecting those rights," began a document agreed to last week. Sounds good. But wait.
The government ministers who met on Australia's Gold Coast last week went on to explain that the information and communications technology vendors and service providers have a "mutual responsibility" to offer "further assistance" to law enforcement agencies.
"Governments should recognize that the nature of encryption is such that there will be situations where access to information is not possible, although such situations should be rare," it said. That's clearly setting an expectation for industry to meet.
The good news is that service providers who "voluntarily establish lawful access solutions" will have "freedom of choice" in how they do it. "Such solutions can be a constructive approach to current challenges," the document said, cheerily, before ending with a warning.
"Should governments continue to encounter impediments to lawful access to information necessary to aid the protection of the citizens of our countries, we may pursue technological, enforcement, legislative, or other measures to achieve lawful access solutions."
The document is the Statement of Principles on Access to Evidence and Encryption. It's one of three statements to come out of the Five Country Ministerial (FCM) meeting of the homeland security, public safety, and immigration ministers of the five Anglosphere nations. They were joined by the attorneys-general of these nations, who have met annually as the so-called Quintet of Attorneys-General for a decade now.
These are, of course, the same nations that participate in the so-called "Five Eyes" signals intelligence (SIGINT) sharing arrangements under the UKUSA Agreement, although these close allies cooperate both diplomatically and operationally at a number of levels.
The FCM meeting also issued an Official Communiqué, and a Statement on Countering the Illicit Use of Online Spaces.
Taken together, the three documents represent a toughening-up of the governments' attitudes to the regulation of online communications. For diplomatic language, some of the communiqué's wording is blunt.
Related Coverage
Also found by Arthur and reported at CNET.
Related Stories
Apple argues stronger encryption will thwart criminals in letter to Australian government
Apple has long been a proponent for strong on-device encryption, most notably for its iPhones and the iOS operating system. This has often frustrated law enforcement agencies both in the US and overseas, many of which claim the company's encryption tools and policies are letting criminals avoid capture by masking communications and securing data from the hands of investigators.
Now, in a letter to the Australian government, Apple says it thinks encryption is in fact a benefit and public good that will only strength our protections against cyberattacks and terrorism. In Apple's eyes, encryption makes everyone's devices harder to hack and less vulnerable to take-overs, viruses, and other malicious attacks that could undermine personal and corporate security, as well as public infrastructure and services. Apple is specifically responding to the Australian Parliament's Assistance and Access Bill, which was introduced late last month and is designed to help the government more easily access the devices and data of criminals during active investigations.
Letter here (#53), or at Scribd and DocumentCloud.
Also at Ars Technica, Engadget, 9to5Mac, and AppleInsider.
Police told to avoid looking at recent iPhones to avoid lockouts
Police have yet to completely wrap their heads around modern iPhones like the X and XS, and that's clearer than ever thanks to a leak. Motherboard has obtained a presentation slide from forensics company Elcomsoft telling law enforcement to avoid looking at iPhones with Face ID. If they gaze at it too many times (five), the company said, they risk being locked out much like Apple's Craig Federighi was during the iPhone X launch event. They'd then have to enter a passcode that they likely can't obtain under the US Constitution's Fifth Amendment, which protects suspects from having to provide self-incriminating testimony.
Also at 9to5Mac.
Related:
California Lawmaker Tries Hand at Banning Encryption
New York Judge Sides with Apple Rather than FBI in Dispute over a Locked iPhone
FBI Chief Calls for National Talk Over Encryption vs. Safety
Hacker Decrypts Apple's Secure Enclave Processor (SEP) Firmware
Federal Court Rules That the FBI Does Not Have to Disclose Name of iPhone Hacking Vendor
Law Enforcement Agencies Increasingly Cracking iPhones Using "GrayKey"
Australian Government Pursues "Golden Key" for Encryption
When's A Backdoor Not A Backdoor? When The Oz Government Says It Isn't
Five Eyes Governments Get Even Tougher on Encryption
FBI Used Cooperative Suspect's Face to Unlock His iPhone
With the Australian Labor Party caving in on the proposed encryption law that will allow Australian police and agencies to access private data directly from vendors, the new proposed laws are now agreed in principle to introduce government level snooping of user messages and encrypted files. Agencies like ASIO or the Australian Federal Police will have the ability to request that telecommunications and tech companies help them with their investigations and compel companies to build ways to allow targeted access to encrypted communications data.
Previously: Australian Government Pursues "Golden Key" for Encryption
Five Eyes Governments Get Even Tougher on Encryption
Apple Speaks Out Against Australian Anti-Encryption Law; Police Advised Not to Trigger Face ID
Australia follows New Zealand to demand passwords
New Australian Push For Encryption Backdoor in Wake of Alleged Terrorist Plot
FBI: End-to-End Encryption Is an Infectious Problem
Just in case there were any lingering doubts about U.S. law enforcement's stance on end-to-end encryption, which prevents information from being read by anyone but its intended recipient, FBI executive assistant director Amy Hess told the Wall Street Journal this week that its use "is a problem that infects law enforcement and the intelligence community more and more so every day."
The quote was published in a piece about efforts from the UK, Australia and India to undermine end-to-end encryption. All three countries have passed or proposed legislation that compels tech companies to supply certain information to government agencies. The laws vary in their specifics, including restrictions on to what information law enforcement can request access, but the gist is that they don't want any data to be completely inaccessible.
Related: FBI Chief Calls for National Talk Over Encryption vs. Safety
FBI Failed to Access 7,000 Encrypted Mobile Devices
DOJ: Strong Encryption That We Don't Have Access to is "Unreasonable"
Five Eyes Governments Get Even Tougher on Encryption
Apple Speaks Out Against Australian Anti-Encryption Law; Police Advised Not to Trigger Face ID
Australia Set to Pass Controversial Encryption Law
Split Key Cryptography is Back... Again – Why Government Back Doors Don't Work
If the cops and Feds can't read people's encrypted messages, you will install backdoors for us, regardless of the security hit, US Attorney General William Barr has told the technology world.
While speaking today in New York, Barr demanded eavesdropping mechanisms be added to consumer-level software and devices, mechanisms that can be used by investigators to forcibly decrypt and pry into strongly end-to-end encrypted chats, emails, files, and calls. No ifs, no buts.
And while this will likely weaken secure data storage and communications – by introducing backdoors that hackers and spies, as well as the cops and FBI, can potentially leverage to snoop on folks – it will be a price worth paying. And, after all, what do you really need that encryption for? Your email and selfies?
"We are not talking about protecting the nation's nuclear launch codes," Barr told the International Conference on Cyber Security at Fordham University. "Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations. We are talking about consumer products and services such as messaging, smart phones, email, and voice and data applications. There have been enough dogmatic pronouncements that lawful access simply cannot be done. It can be, and it must be."
Related: DOJ: Strong Encryption That We Don't Have Access to is "Unreasonable"
FBI Director Calls Encryption a "Major Public Safety Issue"
FBI Director: Without Compromise on Encryption, Legislation May be the 'Remedy'
Five Eyes Governments Get Even Tougher on Encryption
Australia Set to Pass Controversial Encryption Law
FBI: End-to-End Encryption Problem "Infects" Law Enforcement and Intelligence Community
(Score: 5, Insightful) by bradley13 on Tuesday September 04 2018, @06:27AM (12 children)
service providers who "voluntarily establish lawful access solutions" will have "freedom of choice" in how they do it
Sounds like the mafia to me. "Nice business you have, be a shame if something happened to it. Of course, it's your choice."
Realistically, most Western governments are out of control. They pretend to be democracies, but the "Swamp" is in charge: that morass composed of the permanent political class and the unelected bureaucracy. The Swamp does not like individual rights or freedoms or privacy - those things make the peons unpredictable and hard to control.
Everyone is somebody else's weirdo.
(Score: 3, Insightful) by Anonymous Coward on Tuesday September 04 2018, @07:04AM (9 children)
I think you vastly overestimate the bureaucrats. Senators and congressman have way more power, and if the "swamp" you refer to has the level of power you describe then it is because they are in with the powers corrupting from the top. The swamp that needs draining is NOT the bureaucrtas but the PACs buying and selling political influence.
The swamp idea does make for a nice bogeyman, but as Trump has proven entrenched government workers are an easily solved problem. If you complain that he cant fire mueler or some shit then you are a fool that doesnt realize the system is designed to work that way to prevent dictatorships. If you still have a problem with that you are a traitor to the US and pretty much to the UK as well. Actually, traitor to the very idea of democracy.
(Score: 5, Insightful) by Arik on Tuesday September 04 2018, @07:11AM
It's both. Swamps seep.
If laughter is the best medicine, who are the best doctors?
(Score: 0) by Anonymous Coward on Tuesday September 04 2018, @07:15AM
Just like the immune system has proven cancer to be an easily solved problem. If you complain that sometimes it cant always get rid of cancer cells or some shit then you are a fool who fails to realize its supposed to work that way to precent auto immune disease, and basically you are a traitor to your species since you want people to die from autoimmune attacks.
(Score: 3, Insightful) by khallow on Tuesday September 04 2018, @11:06AM
We do have 70 or so years of abuse of power here. And I don't buy that elected positions have as much power as unelected positions shielded by a variety of powerful advantages such as sovereign immunity, captive revenue streams from taxation, and immense complexity.
Which remains mostly unsolved despite that easy solution.
(Score: 4, Informative) by requerdanos on Tuesday September 04 2018, @01:06PM (2 children)
No. When there are elections, we get new executive branch leaders and new legislative branch lawmakers.
But the government is run by the various bureaus, agencies, and departments of the government--the department of this, the bureau of that, the department of whatever, as well as the TLA, the EFLA, and other acronym-oriented bodies.
Sure, those congresspeople make the laws. But congresspeople are temporary, and the culture, positions, policies, and staff of the actual institutions of government (bureaus, agencies, and departments) are not.
Oh, sure, your leaders, such as Trump, can appoint and/or fire a person or two at/near the "top" of an agency, but that person only affects the the culture, positions, policies, and staff of the body in question in the same way that Congress does: By establishing guidelines under which the BAD unit (bureau, agency, or departmental unit) operates.
Now the interesting thing about that is that each BAD unit is going to do pretty much what the heck they want, twisted slightly to fit whatever those guidelines are. Should the laws, guidelines, bylaws, whatever change, then the activities of the BAD unit might change 'spin' to appear to comply (or not, depending on what they can get away with--lots of what they do isn't even known, so no one knows to change it), but it's the BAD units that form the actions of >99% of what the government does.
Not Congress, and least of all Trump (who is privy to even less information than Congress is). Figureheads and lawmakers set broad parameters for government, but the government (the BAD units) is the government. We don't get a new government when we have elections: We get new figureheads and congressmen to preside over the same old same old.
To learn more about this process (should you desire*) by way of analogy, I recommend watching the UK television programs "Yes, Minister" and "Yes, Prime Minister", in which an elected minister and an unelected civil servant combine forces to run a "Ministry of Administrative Affairs" and later the government itself. The show is a silly but highly illustrative work of art that demonstrates whether temporary, transient, nominally powerful elected officials--or humble civil servants--actually run things. Same principle applies anywhere humans are involved, such as in the U.S.A.
-------------------
* If that isn't your desire, then watching that program and learning about the situation probably won't help.
(Score: 2) by Immerman on Tuesday September 04 2018, @04:03PM
Congress however has an "easy" solution - completely defund the culpable bureaus, agencies, and departments along with stripping them of all legal authority, and restart from scratch. Of course intelligence agencies are probably near the center of the rats nest, and political corruption being what it is congress is ripe for being blackmailed into avoiding that path. Not to mention those
(Score: 2, Insightful) by curril on Tuesday September 04 2018, @11:35PM
I'm afraid that you are still giving the "deep state" too much credit, even you are calling it "BAD" instead. If elected officials vote to shut down the superconducting super collider, then it gets shuts down. If they decide to send troops to Iraq, then troops go to Iraq. The inertia of government agencies to change isn't because of conspiring bureaucrats pulling the wool over the eyes of naive politicians, it's because agencies are created to fulfill the requirements of a network of laws, and you can't really change the agencies without rewriting the laws that created them. A lot of the directives of Trump's political appointees violate the laws and rules the agencies are supposed to operate under, so if the bureaucrats follow the directives they get sued and lose in court. Maybe if Trump gets enough loyal judges willing to ignore the law for his sake, then you might see the bureaucracy corrupted so that in the future agency behavior is determined more by nepotism and cronyism and so covertly resists changes by the ruling political party.
(Score: 2) by deimtee on Tuesday September 04 2018, @07:10PM
The British produced a couple of excellent documentary series on the power of the elected vs the power of bureaucrats. They are probably available on the web. They were called "Yes Minister" and the sequel "Yes, Prime Minister".
Highly recommended.
If you cough while drinking cheap red wine it really cleans out your sinuses.
(Score: 2) by Phoenix666 on Tuesday September 04 2018, @07:43PM (1 child)
You seem to believe those are discrete entities. They aren't. They are a continuum of corruption. Top bureaucrats cycle out to plum, do-nothing jobs in the private sector or academia. Top players, up-and-comers, the children or connected friends of the power elite, cycle from private industry into those top jobs in the bureaucracy. Round and round it goes.
Others have called that, "The Revolving Door," or, "Regulatory Capture," or, "The Golden Parachute." All those terms are talking about the same phenomenon.
Sadly, Trump has not managed to drain the Swamp one little bit, but he has called it out and made it visible to everyone. At least that's something, instead of continuing to pretend it doesn't exist or that it's something that only The Other Guys (tm) do, and which would only stop if we could elect enough of Our Guys (tm).
Washington DC delenda est.
(Score: 0) by Anonymous Coward on Wednesday September 05 2018, @01:40AM
Yeah, rrrrriiiiight!!!
Look, Trump doesn't give a flying fat fuck about the goddam swamp. The only thing he is interested in calling out are those he perceives as political enemies, where "political enemies" typically means anyone who dares to question him personally or his administration's policies. If any swamp creatures are called out this is merely incidental to his true purpose. In fact, more often than not, those of the swamp who have been exposed are members of his own administration. I'm shocked that you still haven't noticed this yet.
(Score: 2) by PiMuNu on Tuesday September 04 2018, @10:39AM (1 child)
> They pretend to be democracies
I don't think the sort of democracy you envisage has ever existed, certainly not in the UK. There has never been a time when people outside the "political class" have been in control in UK. An interesting test is what is social mobility into, and out of, the "political class". I wonder if anyone did a study...
e.g. John Major and Gordon Brown had no prior history in the political class, Cameron did, not sure about Thatcher, Blair, May...
(Score: 0) by Anonymous Coward on Tuesday September 04 2018, @04:10PM
The USA has historically not been quite as classist as the UK, but that is only because our society was younger.
As time passed, we have acquired very entrenched classes too.
I'll just point out that our founding politicians were rich, so by saying that we HAD been less classist than the UK, I am saying so only in a RELATIVE sense. USA politics has been classist and continues to become more so (Kennedys, Roosevelts, Clintons, Bushes, etc.).
(Score: 5, Insightful) by arslan on Tuesday September 04 2018, @07:00AM (1 child)
Sounds like the 5 eyes should just be called the new Axis powers
(Score: 2) by Osamabobama on Tuesday September 04 2018, @04:27PM
Both are arbitrary labels; they take on meaning over time. With the publicity around this latest story, the meaning of '5 eyes' is taking another step in that direction. Be patient, it will get there someday...
Appended to the end of comments you post. Max: 120 chars.
(Score: 0) by Anonymous Coward on Tuesday September 04 2018, @07:17AM (10 children)
There wasnt any mention of five eyes by the media until a few years ago, why do we always hear about them now?
(Score: 5, Insightful) by Runaway1956 on Tuesday September 04 2018, @07:36AM (5 children)
Few people understood how pervasive, and how powerful, the five eyes are, until recent years. Prior to that, some people had at least a slight grasp on US/UK collusion. But, it was a slight grasp on the real state of affairs.
If a lot of corruption is taking place in your home city, and you keep seeing bits and pieces of it exposed, you know something is wrong, right? But, then, it is exposed that your whole city is pretty much owned by a criminal cartel. How soon would you and others stop talking about that cartel?
(Score: 0) by Anonymous Coward on Tuesday September 04 2018, @07:39AM (4 children)
Youve given a reason for people to discuss the topic, but not what incentive the news has to use that term.
(Score: 1, Troll) by Runaway1956 on Tuesday September 04 2018, @07:41AM (2 children)
It's a cool buzzword that catches people's attention. The media is all about ratings. You don't think they would drop a cool buzzword, when it's paying off so well?
(Score: 0) by Anonymous Coward on Tuesday September 04 2018, @07:54AM
It's not like it's a bad thing. It makes easier to follow/search stories on them.
(Score: 4, Informative) by janrinok on Tuesday September 04 2018, @12:00PM
Er, no, not quite. It was highly classified until a few years back when a certain NSA employee let slip the odd secret or two.... Now, all the people who are just hearing about it think it is something new, but it's been around since the end of WW2.
(Score: 2) by http on Tuesday September 04 2018, @03:55PM
Because it's the shorthand term that the associated intelligence communities actually use to reference it both internally and among themselves - the formal term is significantly long to speak or type.
I browse at -1 when I have mod points. It's unsettling.
(Score: 5, Informative) by takyon on Tuesday September 04 2018, @07:54AM (2 children)
What was happening a few years ago? It was 2013, and Edward Snowden's new friends were dropping docs like candy.
https://en.wikipedia.org/wiki/Five_Eyes [wikipedia.org]
So it was only around then that the extent of their modern activities began to become well known. And the cooperation had already expanded beyond ECHELON. For example, "As of 2010, the Five Eyes also have access to SIPRNet, the U.S. government's classified version of the Internet."
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 3, Interesting) by janrinok on Tuesday September 04 2018, @11:55AM (1 child)
JFYI - The 5-Eyes agreement goes back to just after WW2 - ECHELON is/was only a very small part of it.
There was a book published in the 1970's which compromised Top Secret and Secret codewords which identified product/intelligence produced by member nations. And I'm having trouble now recalling what its title is....
If you Google for books on SIGINT, COMINT and other related topics there are loads of examples.
(Score: 3, Insightful) by takyon on Tuesday September 04 2018, @12:18PM
The question was "There wasnt any mention of five eyes by the media until a few years ago, why do we always hear about them now?"
ECHELON was a major part of the package, and revealed in 1988 [wikipedia.org]. But it didn't get that much media attention at the time. I bet more people today have heard/read about PRISM than ECHELON.
Maybe part of the answer is that while some details about the Five Eyes agreement were already known, the mainstream media chose to ignore it and most people didn't get the memo. But in 2013 and especially today, the media landscape has become far more fragmented, information goes viral, and people are more paranoid. The nature of the Snowden revelations, with the dramatic unveiling of Snowden in Hong Kong and subsequent escape to Russia, the steady drip of stories, etc. also helped to propel the story into the public consciousness and keep it there for a long time.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by janrinok on Tuesday September 04 2018, @11:48AM
You can hardly deny that the 5-Eyes agreement exists after one of your employees blows the lid about a whole load of things that you are doing.... Everybody now knows they exist, what they do and, to some small extent, how they do it.
(Score: 3, Insightful) by bzipitidoo on Tuesday September 04 2018, @07:43AM
All technology, information, and learning is democratic. That is, either everyone can learn it, or no one can. It's possible or it's not possible. There's no such thing as an idea or information that some can learn and others can't. The major limitation to using any idea is lack of critical material, wealth, time, and payback. That's the only thing that keeps nuclear weapons from proliferating, and I don't mean to only nations, but to NGOs and even individuals as well.
For something which does not require any special material, such as plain old information, there's no natural barrier. In the case of encryption, it's possible or it's not possible. Either everyone can encrypt data, or no one can.
Until people and policymakers understand and accept this fundamental fact of nature, we're going to keep seeing this kind of stupidity-- the DRM, the intellectual property rights extremism, and this. It's like the old WWII Allies expect to be able to maintain the happy situation they enjoyed during the war of the Axis not being able to read their communications, while they could read Axis communications. Allied code breaking was only possible because the Axis was stupidly arrogant. Note that the Allies took pains to avoid tipping off the Axis that their communications were breached, as they knew that the Axis could change their encryption to something they could not break.
(Score: 0) by Anonymous Coward on Tuesday September 04 2018, @07:59AM (1 child)
1. take a crypto provider source package
2. compile it on linux
3. perform a trusted key exchange with those who you want to write to without zillion-eyes to see it
[...
5. profit]
I sorta don't think is impossible to put a HOWTO for the first 3 steps above in such a way that a layman can follow.
If this happens, I wonder if the "rarity" of such situation is gonna please the 5eyes.
(Score: 0) by Anonymous Coward on Tuesday September 04 2018, @08:50AM
HAHAHA! You have no clue what you are talking about. "Key exchange" and "Trusted" and "compile" and what not? That is limited to very few individuals right there.
Most people communicate about bullshit on bullshit platforms like Messanger, Skype or related. They have no clue about "crypto" anything except that "haxers break them".
(Score: 3, Informative) by MichaelDavidCrawford on Tuesday September 04 2018, @08:36AM
There are some models of Android device that support unlocking their bootloaders just by flipping a switch with adb. That enables you to install your own Android build.
That's how you can install stuff like Cyanogen.
The only parts that aren't Open Source are the chip firmware blobs. I can see how you'd enjoy building your own handset with a soldering iron from chips you breadboarded in your basement or, at your option, your garage but that's just too much for me.
The beans are quite good. Thanks for asking!
Yes I Have No Bananas. [gofundme.com]
(Score: 5, Insightful) by requerdanos on Tuesday September 04 2018, @01:20PM
You can't have both of those in the same universe. If rare is the situation in which data can't be mined by big brother with impunity, then there exists no encryption to protect privacy rights.
If encryption exists to protect privacy rights, then the situations where access to information by a hostile attacker such as these governments is not possible won't be "rare", it will be near-universal. That's what encryption does. Don't confuse encryption with reversible scrambling.
If your encryption "service provider" can in any way "access" your data, you have the wrong "service provider." They should be providing tools for your to encrypt your data, and you and only you should be able to then access it with proper electronic decryption using your key available to you and only you.
If a "provider" can access your supposedly encrypted data at will, then they are not providing you encryption; they are providing you with lies. There is no such thing as a competent encryption "service provider" who has any kind of "access" to the data being encrypted. If they have access, they aren't your service provider, they're your attacker and you're exploited already.
This is not as simple as 2+2, granted, but it's not rocket science either, and not that hard to understand (though, dear reader, I am sure that some of you will try).
(Score: 0) by Anonymous Coward on Tuesday September 04 2018, @02:11PM (1 child)
Suppose that every encryption method has a unique master key associated therewith. (Every iPhone chip that holds a device-unique key surrenders that key.)
Suppose then that Apple, or the manufacturer, throws away 50-75% of that key. They then send the remaining _portion_ of that key to the Gov. for "safe" keeping.
The impetus is off Apple for maintaining safety of each key. The desire is off the "public" (organized crime, or probably even foreign governments) to steal _all_ the keys, because it's not a full key. Size the retained portion of the key such that it would take only 1-2 years to crack with current, known supercomputers.
This fixes the public's being able to decrypt any device on leak of a master key. It fixes the gov. being unable to see into any device. It provides for the "mostly" provision. It costs the gov. enough that they would not be willing to crack any but the most important keys (brute-forcing the discarded bits), and likewise for any thieves. The drawbacks are that you as a user still have weekend encryption for any dedicated and _capable_ attacker, and that as time goes on, in ten years any encrypted data may take only a month to crack open.
That last part, actually.. having to change your bank's password every month. Back to timed password expiration. :-/
(Score: 0) by Anonymous Coward on Tuesday September 04 2018, @04:23PM
So lying about key length. If someone has 4095 bits of my 4096 bit key, its no longer a 4096 bit key. You don't need encryption to protect you from the stupid or lazy, it needs to work against the all-knowing prepared opponent, ie the one who broke in and stole this 'partial key'.
Its still a bad idea, equivalent to mandating maximum key lengths.
(Score: 0) by Anonymous Coward on Tuesday September 04 2018, @05:32PM
well, maybe we can agree then, that computers do not make humans smarter or friendlier.
the terrorist have been bombed back into the stone age; what is left, thus, is to "manage" a world population.
with enough "information management" the economy can also be keep so, that there are always enough have-nots willing to do anything for moneys ...
(Score: 3, Insightful) by Azuma Hazuki on Tuesday September 04 2018, @09:37PM (1 child)
That is, if your encryption is breakable on demand, what you have is an encoding, not en encryption. And key escrow is one of the worst, most fragile, most abusable ideas I've heard on the subject yet, the equivalent of "Hey Mr. Government, we've left the key under the at-may, don't tell anyone or let anyone else find it." The fewer keys there are held in escrow, the more valuable each becomes and the more likely *someone* is to steal it, maybe to sell it to some hostile third party. Then what of your encryption? Key escrow relies on humans being angels, and specifically some of the least angelic humans it is possible to find being responsible for said keys.
For N greater than or equal to 3, N people can only keep a secret if (N-1) of them are dead.
I am "that girl" your mother warned you about...
(Score: 3, Informative) by Fnord666 on Monday September 17 2018, @02:55PM
Key escrow also compromises all future conversations encrypted with that key or a key derived from it. Of course the "agencies" involved will not inform you that your escrowed key has been retrieved either.