It’s technologically impossible. The IT Security industry RELIES on the defensible nature of technology. It’s why large corporations like Google are getting nervous with the Feds asking for their salt and hash algorithms.
Realize if ANY of the Class A certification authorities gave into the government, the ENTIRE cryptography industry would crumble. There’s a reason certification authorities pride themselves on trust. If any of them are cracked or hacked, they lose everything. Entrust, Thawte, Verisign: they ALL rely on the stability of their encryption algorithms.
I’ve studied cryptography for over a decade. The conspiracy theorists may be partially correct with pre-configured chipsets such as those in Cisco network hardware, but when it comes to certificates, VPN, and things like TPMs, the managers and “key holders” MUST be trustworthy or their entire network of trust collapses.
I understand you can create systems that are unbreakable with current technology. I also understand the Feds lean on manufacturers to add channels to bypass the unbreakable systems.
Call me a conspiracy theorist. I don’t care.
With enough pressure from The Holder, the keyholders are every bit (and byte) as trustworthy and pure as the driven Snowden...
There was also a big bruhaha in europe back in the day. NSA was able to remotely hack a bunch of systems that had 'promis' software installed. I'd have to dig up details, but it was nasty stuff. There were some german companies (not to mention their government) that were mightily hacked off (so to speak)
You're absolutely right about the trust you have to give CAs. Personally, I strongly suspect that trust is massively misplaced.