There are two reasons which are given as to why someone might want to have GAK installed for company use.
1. to allow access to important material lost in the mail system in the event that an employee is hit by a bus
2. to allow management to spot check the emails being sent and received
Argument 1 seems pretty flimsy to me. I reiterate my comment in an earlier post: who in their right mind keeps their _only_ copy of ultra valuable company information bouncing around in the email system? Did those arguing for this position not notice that sometimes email gets lost in transit?
Regardless, if PGP claims to be catering to those who use this argument, and to not want to try that hard to make it impossible to by-pass, the more secure, and less GAK friendly way to do it is to have the mail client software archive the email sent and received.
Two problems. First, not all mail clients let you archive the mail in a different form than how it arrived. Netscape 3 worked like this, maybe 4 too. If the mail comes in encrypted just to an employee key, that is how it will be stored, and no business access is possible. Second, what if an employee doesn't come back from vacation? You've got messages sitting in his inbox which go back three weeks. All encrypted to his personal key, which is gone. It's been long enough that the senders may not have backups any more. It's all lost, and at best the company is going to put its partners and customers to a great deal of inconvenience by making them re-send everything they've sent in the last three weeks, not to mention making the company look incompetent.