SSL private keys
'SSL privates (sic) can easily be swiped by asking the CA root to hand it over.'
What if the bad guys create their own CA? Even I've created my own CA for test purposes.
If the bad guys use their own CA then the feds need to find them before asking for the private keys.