Why break encryption
Given that the main issue the 5 eyes seem to have is with default on encryption for things like imessage and android messages as well as whats app and facebook if there were a system like the one describe below which was built in to client device (laptop desktop and mobile) OS's and made available to developers maybe mainstream comms and software providers could still have some security and allow "lawful" access but mainstream software isn't the problem for the real threats like terrorists they use telegram and ricochet and custom onion router code to communicate and even if they could find a way to incorporate this in to the those technologies without making them completely useless no one would use them after that as another open source app without this would appear in a day a fork of the predecessor from the last commit before it was added most likely with a shiny new name an no oversight. It's not the people who generate keys and share messages in the light you need to worry about.
With Shamir's Secret Sharing surely a key could be assigned with 4 or 5 factor authentication to allow authorise organisations with a warrant (i.e. anyone who can get a software or hardware token activated and a valid smart card for an approved organisation and a password for an ldap account on a trusted directory (with audited access so that anyone doing without a warrant gets caught) plus 2fa secured passphrase based on the device info from an approved manufacturer employee or something similar to de-crypt a built in key which is random and unique generated at manufacture. This key would never be stored on the device or anywhere else un-encrypted (other than volatile memory on the device creating it) but in encrypted form on a worm chip plus a manufacturer whilst this back door is still a potential attack vector it is cumbersome enough to achieve that traditional blackhat hacking would be easier. The only problem with something like this is that 5 eyes may not like it as the manufacturer 2fa would mean that in circumstances where they would rather no one knew how many communications were being encrypted by agencies who have blanket warrants or who "don't need them" the manufacture would know and could insist that agencies provide authorisation or a aren't every time would report it to other agencies and the media if anyone ever fraudulent claimed to have a warrant but didn't...
Biting the hand that feeds IT
