[roenxi]

That doesn't sound secure. What that is describing is that third parties can easily intercept my data. It isn't a huge deal because email is by nature quite insecure; but if I cared about other people reading my emails the law is a bit of a problem. At some point these companies will probably leak data onto the public internet (if the Panama papers can leak, anything can).

Secure by design includes ideas like the pipe forgetting what it transmitted after it finishes transmitting it.

[throwaway9d0291]

It isn't secure and I wasn't saying it was secure. What I was saying is that the law gives you no less technical protection than you had before the law.

Importantly, the law doesn't compel you to have any interception capabilities. If you publish open-source code with verified and reproducible builds, the government can't really ask you to do anything, as doing so would either alert the people they're targeting or compromise the security of people unrelated to the investigation.

And I don't think this is any different to anywhere else. The FBI for example has been able to gain access to encryption keys in the past so I see no reason why signing keys would be any different.