[noobie]

This is hilariously absurd.

So let's say Microsoft provides me with a computer.

I go make some cool encryption program on the computer. Now I can use the computer to encrypt data.

One court order later and Microsoft is now required to decrypt the data I encrypted using their computer.

All Microsoft did was provide a programmable computer. Now they must do the impossible. This bill is ungodly horrible.

[mnglkhn2]

What if the follow-on bill will require Microsoft and the rest NOT to provide/allow you with programmable computers?

Or maybe MS decides it is untenable for them to reverse engineer whatever the end user is doing, so it makes business sense to them to simply build tablets good only for consuming content and not producing stuff?!

[ewindisch]

This is not true. The bill would only apply to encryption mechanisms provided by Microsoft or a third-party application installed by Microsoft as part of the operating system.

Interestingly, this bill covers vendors and presumably US persons that "provide a product or method". You'll still be able to legally use foreign-developed tools. The US would have grounds to ask those foreign agents to decrypt data, but would have limited means of enforcement.

[spdustin]

It covers anything that's been licensed into the software, which would include encryption libraries. It covers hard drive manufacturers (provides a product or method of to facilitate a communication or the processing or storage of data).

Communication, by their definition btw, includes electronic and ORAL communication. As others have mentioned, it literally covers whispering if someone or something amplifies or transmits your whisper thus facilitating a communication.

[ewindisch]

Absolutely, but the bill does nothing to prevent users from installing hardware or software that has been built without a backdoor. You will still be able to use Veracrypt, if you'd like, without backdoors. I do not see in this bill provisions which prevent vendors building equipment that can run arbitrary code, use arbitrary devices, or arbitrary mechanisms. (However, I'll look again)

The assumption of liability is on vendors. Vendors are expected to sell you broken goods. Developers of VeraCrypt in the above example would be expected to provide a backdoor. If they're foreign, then it will be largely unenforceable, although those developers will likely face difficulties visiting the USA.

Where users are restricted is wherein they become vendors or providers of software or services. Running a Tor server may require being prepared to provide keys or offer a backdoor, for instance. I think the bill as written could have trouble with distributing VM and container images as well, although a case may be made that they are not operating as "software manufacturers" and are simply distributors, with the liabilities reaching back to Canonical, RedHat, Microsoft, etc.