Not as far as the security of the system is concerned. If you can comply with one then you can technically comply with the other, and the users are at the mercy of your decision on that matter.

But that's just it. Some users would not mind a service that can be ordered to comply with a particularized and specific warrant. Not everyone's threat model includes what your threat model includes, so as long as users are aware of that going into it then let the user decide.

How do you design a service that can comply with a specific warrant but which cannot:

1. Allow a hacker to read your messages by attacking the mail server?

2. Allow a spy to read your messages by gaining employment with the service provider?

3. Comply with a broad, non-specific warrant?

1. This is a different issue. You can't design a service that doesn't comply with a specific warrant and guarantee this.

2. N-part keys go along way for this. No one employee has the ability to do the things for warrant compliance. Yes still gamable, but so is any system. See 1.

3. Shut down when a non specific warrant is received. Have a big red button that kills everything. Make the system so that it deletes everything if more than N warrant accesses occur in M time units. In the worse case, passive agressive compliance that causes big outages, unintentional security leaks, and so on (while implementing the removal of BRB and N/M scheme) would go a long way in making the paranoid move on before following the world.

The issue of malicious hackers is not separate from the issue of warrant compliance. Whatever system you use to comply with warrants is a system that can and will be attacked. This was widely discussed in the 90s during the push for key escrow and key recovery systems.

Secret sharing makes sense, but not in the context of a system like Lavabit. Where secret sharing makes sense is in identity based encryption, which is similar to Lavabit in that keys are generated by a trusted authority, but is different in that the authority does not store keys or decrypt messages. Threshold IBE is useful in settings where there are multiple key generation authorities, which must jointly compute secret keys from their shares of the master secret.

Finally, I would not rely on anyone to shut their service down in the name of fighting an overly broad warrant. First, whether or not a warrant is too broad is a matter of opinion, and the service operator's opinion may differ from my own. Second and more disturbing, there is no guarantee that the service operator can legally shut the service down when such a warrant is received. As I said elsewhere, Lavabit's users are lucky that the founder was willing to take a stand like this; it is not something I would expect.

You are blatantly point missing for my response to 1. I merely stated that designing a system that cannot be used to comply with warrants in no way stops the ability of hackers to be malicious with the system. Period. End of assertion. They are different considerations from each other, just they have some overlap. I presume the rest of your post is more of the same, therefore won't read.

You can't. That's why trust comes into play. Even if you can design such a system, you must still trust the implementer to get it right, and in the case of email, trust the receiver not to do anything stupid with the cleartext.