In a public key encryption system, there may be instances where someone other than the communicating parties needs access to encrypted data. A key escrow system permits individual access to encryption but requires users to store their private keys with the government or a trusted third party.
Such a system could be maintained by a private organization or the government, and anyone seeking access to an encrypted transmission would have to demonstrate their need for the key through a process, such as obtaining a search warrant, that ensures the legitimate privacy and security needs of users of encrypted transmissions.
"Key escrows, however, have substantial vulnerabilities. For instance, the key escrow system depends on the integrity of the person, department or system charged with safeguarding the private keys, and the key database itself could be vulnerable to attack, undermining any user's communication security and privacy."
- ↑ Report of the Special Rapporteur on the Promotion and Protection of the Right to Freedom of Opinion and Expression, at 15.