...

Can you imagine that anyone would ever create a program that tries to look like a conforming implementation, but generates invalid "binding" data -- when it is so much easier to simply use PGP, and (if necessary) disguise that fact using the government-approved encryption software? I don't, so in my opinion the verification process is abolutely useless. Can you imagine what would happen if governments would (help to) set up a system that has no safeguards at all, i.e. that could give criminals all the anonimity and confidentiality they need?

Sorry if my formulation was unclear. I ment to point out that it is acutally easier to commit fraud in a way that is undectectable than in a detectable way. So on the assumtion that the concept of binding cryptography is a good thing, this scheme is flawed. But to answer your question: Encryption software has already been available for years. You may argue that PGP is not very user-friendly, but it is secure and every computer user who takes the time to read the manual can use it. So nothing much would happen that will not happen anyway or has already happened.

car, bicycle, house etc.). That is a fact of life; one I hate. So the point is: where is the middle of giving up freedom and stopping criminals?

But since - as you admit - it is not possible to stop criminals, the question is: Do you want to cause a dramatic drawback in privacy and create new potential security hole just in order to force criminals to do a few hour's work of installing a secure encryption system from the Internet, or when that is illegal buy it on the black market?

We have set up the TRPs in such a flexible way that anybody could find one he can trust, one might even set up his own TRP.

Then it is not even necessary to use additional software to circumvent government access. The user can simply configure himself as TRP for the inner layer of encryption and the official one in the outer layer.