Escrowed encryption is a system of encryption where the keys are held in escrow so that they can be accessed at need by national security or law enforcement. The best-known example was the US scheme for encrypted-but-tappable telephones based on the escrowed encryption standard. The hardware involved was generally referred to as the Clipper chip.
These systems are intended to be secure except in special circumstances; they use strong cryptography intended to be unbreakable by anyone without the key. Typically, two values are created which can be combined with exclusive OR to recover the key; each is put into escrow with a different agency. An unscrupulous employee at an escrow agency, or an intruder breaking into such an agency, can obtain one value but that does not give him the key, or even help him attack the cipher. However, a law enforcement or national security agency can obtain a warrant, present it to both escrow agencies, get both the secret values, and obtain the key. They can then read anything ever sent with that key.
Advocates of such systems argue that police and national security people have a requirement for such access, and that adequate technical and legal safeguards can be built in.
Critics abound. In particular, escrowed encryption is anathema to cypherpunks. Debate over the desirability of escrowed encryption was a major part of the controversies over cryptography in the 1990s; see politics of cryptography. Among the critics, a common term for escrowed encryption is GAK for government access to keys. The sound of "GAK" summarises their feelings on the matter.
A panel of experts examined the questions and produced a report on the risks.