Law enforcement agents would have to send locked devices to the manufacturer, who could then decrypt it, charging a service fee.
If the manufacturer gets hacked, and the secrets are stolen, the devices would become insecure. But how much additional risk does that really represent? At present, manufacturers have secret keys for code signing, and an attacker with them could make poison updates.
I understand that the backdoor represents an additional risk. But it adds benefits: the manufacturer can perform tech support, such as recovering from a lost password, and also respond meaningfully to law enforcement requests.
Of course, the better manufacturers will do this well, and the sloppier ones will do it poorly and be less secure, but how is that different than the current situation?
I don't think it's unreasonable to discuss this. The Fourth Amendent protects us from unreasonable searches, not from every possible search.
Inspired by this.
Posted 10-10-17 by Sam Bowne