And oh, by the way, here's why backdoors are a bad idea

Some editions of Microsoft Windows include a full-disk encryption scheme called BitLocker. In order to enable a Windows user to recover the encryption key required to unlock their hard drive if they lose it, that key is kept in escrow by Microsoft on their Azure cloud platform. there are obviously good reasons to do something like this. In order for an attacker to retrieve a copy of that key, he can browse a user's social network profiles to troll for information which he can use to impersonate the target to Microsoft support. They call Microsoft, use the information to impersonate the target, Microsoft will send them the key. It's that simple. A glorified crank call. It is known that the NSA can access information on the Azure cloud both surreptitiously and by court order.

There is an easy way to avoid this. Don't escrow keys in systems which can be viewed by the person administering the server. Instead, use double-blind ways of storing the data, which leave the only usable, unencrypted copy of the key with the account holder and never hold an unencrypted key on the server. This has been implemented in Tahoe-LAFS and is now being implemented in many consumer grade clouds(Yay!). This is called Zero-Knowledge encryption.

This is essentially a password-reset vulnerability used to privelege-escalate into an encrypted storage device. A similar password-reset vulnerability exists on Facebook, Amazon.com, Linkedin, Netflix, World-of-Warcraft, a ton of other sites and in all Two-Factor Authentication schemes that rely on text-messaging a transient key to an account holder.

Additionally, the recent iCloud breaches somewhat ignominously dubbed "The Fappening" utilized a well-known backdoor used by law-enforcement agents in the U.S.