Throwing this on the "brainstorm if we had an ideal legislative world" pile: Stealing a user's private key should be a felony, even if it hasn't (yet) been abused for anything.
The tricky part is keeping it from being "permitted" by a crappy contract of adhesion. Banning it entirely would make it very difficult to buy/sell backup services...
lol honestly, I think a little on the contrary. If we can make a thing impossible technically, the law defers to that. One thing the government really can’t do easily in Western countries is forcing a company to add features or change core functionality.
I'd say those are legal barriers, rather than technical barriers.
For example, suppose the government demands constant access to your core database. You don't need to invent any new algorithms for that, you might just make an SQL user and a firewall exception and call it a day.
Similarly, If you have a messaging client, you don't need complex R&D to steal the "end-to-end" keys.
I’m not sure why you think so? If the service provider claims E2E but intentionally provides a defective version of this, it’s a pretty clear cut violation of the federal statute, which afaik based on the statute’s language contains no exceptions for defects cajoled into being inserted by government pressure short of a clear statute mandating it, which does not exist afaik.
The tricky part is keeping it from being "permitted" by a crappy contract of adhesion. Banning it entirely would make it very difficult to buy/sell backup services...