A 3rd key would have to be kept secret forever but still available easily. How long before this gets leaked? One thing everyone can learn from the Snowden leaks is that governments are rubbish at keeping secrets for long periods of time. Bear in mind that the 3rd key would have a serious financial value and could be sold semi-anonymously.
I assumed it would be a unique 3rd key per user/transaction. It increases the burden of the escrow-holder (by vastly increasing the number of keys to manage), but has the benefit of allowing granular access to data, rather than compromising all of one service if a warrant is served for a single user's information.
