for most public service use cases (where all endpoints are connecting to an approved server) they don't even need any backdoor in the encryption; just suitable "bossware" on the server so they can intercept/monitor/log any messages going through it (the current voice-based AIrwave system used in UK has this functionality, and before that they often had recorders with huge spools of tape connected to the VHF/UHF repeaters)