[nine_k]

Obviously, either encryption works flawlessly for both legal and criminal purposes, or it works for neither.

What the proposal seems to concentrate is endpoints, where plaintext inevitably exists, and legal protocols for accessing it.

OTOH any sane implementation would only generate plaintext for display purposes, and would clear the RAM as soon as display (or input) is done, so finding the plaintext anywhere may be honestly impossible. At least, without tampering with the software on either end.

[drdaeman]

For the phones, that can be pulled regardless of the app's security.

If the legal framework is laid out, government can tell Google or Apple (or phone vendor) to push a system-level update. It is trivial for both to push code that can run without any restrictions, have full access to screen, audio, camera and network.

Not sure why they bother, though. Wasn't it said many times almost every baseband module is already a black box with possibility of undetectable access to the main CPU/memory?