> Why is "hard-drive cannot be read because hardware is broken" acceptable in a company while "hard-drive cannot be read because the passphrase is unknown" unacceptable ? The consequences of the two situations are after all pretty close to identical.
the impact is about the same, but the probability that people will forget their passphrase is higher, so the resulting risk (probability * impact) is significantly higher.
It also turns the 'hit by a bus' scenario into the equivalent of a failed drive, and at that point you cannot ask the person to recreate the data from memory.
Plus you can blame the failed disk on the hardware manufacturer and everyone accepts that such things happen. Having the hardware in perfect shape, but you just can't get at the data is clearly the fault of either the user or the IT staff, and what users are willing to accept the blame for loosing their non-backed up data (local spreadsheets, etc), especially among higher level management.
So higher risk + social aspects make the key escrow option very attractive.
On top of this, in many fields where there are security concerns, one of the concerns is the rogue insider 'doing bad things'. It's very hard to investigate this if you can't access the drive