Either I'm missing something in this legislation or many others are. Can someone point me to the part which means the government will have a "backdoor" to encryption algorithms?
As I read it the legislation basically tells companies encryption end points should be their own servers not end user devices, communications are still fully encrypted by industry standard best practices in such a scenario except in the memory of the companies servers.
Ignoring peoples trust of the government, the only negative is it opens up one additional attack vector for a malicious entity to now target the company to decrypt a users communications as opposed to just the user themselves. But let's not forget that is exactly the case currently for services such as email - the basis of your online identity (very important) and banking ... (Kind of important!)
It seems strange to me that people are quite happy with such security arrangements for banking and email but not when sending their mates a picture of a lolcat over iMessage??
On the topic of trust, at the end of the day if you want to engage in digital services you have to trust someone, and while my trust for the security forces is not complete, it is higher than a private company who is legally mandated to act in its best interests over mine which generally means to monitise me and typically abuse my privacy.