[Terr_]

Throwing this on the "brainstorm if we had an ideal legislative world" pile: Stealing a user's private key should be a felony, even if it hasn't (yet) been abused for anything.

The tricky part is keeping it from being "permitted" by a crappy contract of adhesion. Banning it entirely would make it very difficult to buy/sell backup services...

[mrexcess]

Legal solutions to technical problems are always dubious, especially when privacy against government surveillance is the problem.

[Terr_]

Ah, but not nearly as dubious as technical solutions to legal problems...

[mrexcess]

lol honestly, I think a little on the contrary. If we can make a thing impossible technically, the law defers to that. One thing the government really can’t do easily in Western countries is forcing a company to add features or change core functionality.

[Terr_]

I'd say those are legal barriers, rather than technical barriers.

For example, suppose the government demands constant access to your core database. You don't need to invent any new algorithms for that, you might just make an SQL user and a firewall exception and call it a day.

Similarly, If you have a messaging client, you don't need complex R&D to steal the "end-to-end" keys.