Greetings,
Responding inline;
There is no guarantee that a golden key will work, given the facility in which rogue hackers from all over the world can develop their own encryption tools. In February, a study by the Berkman Klein Center for Internet & Society at Harvard University focused on some 865 encryption products from 55 countries, two-thirds of which were built outside of the United States. Of these, roughly two-thirds are commercial and the others are open source, even though some of the free products are only libraries that contain building blocks rather than whole encryption systems. Given the resources available to ill-intentioned hackers, it would therefore be impossible to stop them from building strong encryption applications of their own.
Might there be other valid definitions of a "golden key"? In my view a golden key is obviously an operating system software update signing key and it is guaranteed to work.
http://arstechnica.com/security/2016/02/most-software-already-has-a-golden-k...
Instead, building encryption software with a golden key for government access would gravely compromise security for law-abiding citizens around the world, as it would encourage criminals and terrorists to build their own illegal software to frustrate the authorities and leave those without the technological skills—most of the world—more vulnerable to attack.
Are you saying that cutting edge security software necessarily gets developed by criminals and terrorists? In that argument lie slippery slopes. I can tell you certainly many computer security researchers have been accused of criminal activity but let's not perpetuate that stereotype.
Again my point above regarding for example Debian's package signing keys, they weren't intended to be a "golden key" but it turns out they are. Yes crypto is used but we need cryptographic group signature schemes to protect against key compromise.
Journalists in the United States are also using strong cryptography, such as an innovative program called SecureDrop, which enables whistleblowers to share information with media organizations securely and anonymously. This is especially important for whistleblowers with information on malfeasance by officials in local, state, or federal government. As in foreign countries, protecting free media requires security against government snooping.
Actually SecureDrop doesn't have any end-to-end crypto unless the source encrypts the document with the journalist's PGP key. I know that SecureDrop uses Tor onion services which does provide end-to-end transport crypto but that's not the same as application level end to end crypto. In the worst case scenario if the SecureDrop server were hacked the attacker could read these documents that were submitted without PGP encryption.
In Ka-Ping Yee's most excellent paper "User Interaction Design for Secure Systems" ( http://zesty.ca/pubs/icics-2002-uidss.pdf ) he describes various principles and properties that secure software systems should have and one of them is called the Principle of the Path of Least Resistance which can be summarized as "the natural way should be the secure way". This means that the user is going to do the easiest thing therefore if there is an extra action that need be taken for additional security then this will be neglected.
sincerely, david