Or whomever has hacked the source control / build environment to replace the "5 magic HSM public keys" with one or more of their own public keys -- See Juniper Incident with Dual-EC DRBG (https://eprint.iacr.org/2016/376.pdf)
This story should be repeated whenever anyone brings up 'solutions' involved with key escrow. Bruce warned us in 2006 this was a backdoor, ten years later, we find that not only was it implemented by Juniper, the backdoor was backdoored by unknown (and potentially malicious) actors. Really, this should be the last word on why this key escrow and general cryptographic backdoors are a terrible terrible idea.
This story should be repeated whenever anyone brings up 'solutions' involved with key escrow. Bruce warned us in 2006 this was a backdoor, ten years later, we find that not only was it implemented by Juniper, the backdoor was backdoored by unknown (and potentially malicious) actors. Really, this should be the last word on why this key escrow and general cryptographic backdoors are a terrible terrible idea.