[spdustin]

It covers anything that's been licensed into the software, which would include encryption libraries. It covers hard drive manufacturers (provides a product or method of to facilitate a communication or the processing or storage of data).

Communication, by their definition btw, includes electronic and ORAL communication. As others have mentioned, it literally covers whispering if someone or something amplifies or transmits your whisper thus facilitating a communication.

[ewindisch]

Absolutely, but the bill does nothing to prevent users from installing hardware or software that has been built without a backdoor. You will still be able to use Veracrypt, if you'd like, without backdoors. I do not see in this bill provisions which prevent vendors building equipment that can run arbitrary code, use arbitrary devices, or arbitrary mechanisms. (However, I'll look again)

The assumption of liability is on vendors. Vendors are expected to sell you broken goods. Developers of VeraCrypt in the above example would be expected to provide a backdoor. If they're foreign, then it will be largely unenforceable, although those developers will likely face difficulties visiting the USA.

Where users are restricted is wherein they become vendors or providers of software or services. Running a Tor server may require being prepared to provide keys or offer a backdoor, for instance. I think the bill as written could have trouble with distributing VM and container images as well, although a case may be made that they are not operating as "software manufacturers" and are simply distributors, with the liabilities reaching back to Canonical, RedHat, Microsoft, etc.