The report from the Joint Committee is not as good as it could be - many recommendations to get issues clarified but still basically agreeing with what the bill is trying to do, even the data retention.
One key comment is :-
Government still needs to make explicit on the face of the Bill that CSPs offering
end-to-end encrypted communication or other un-decryptable communication
services will not be expected to provide decrypted copies of those communications
if it is not practicable for them to do so.
That sounds good, and I would agree, but sadly it still does not go far enough. It is still unclear if an order to maintain a capability could require CSPs to engineer things so that they are not offering end-to-end encryption or so that it is somehow practicable for them to decrypt it.
CSPs still do not know. The bill needs to be clear that offering communications services, where the content cannot be accessed, is permitted. It also needs to make clear that continuing to offer such services, in that way, even with an intercept warrant, or a "maintenance of capabilities" order, is permitted.
As I say, criminals can send encrypted messages - we need this to be clear for everyone else. It is possible to do the end-to-end encryption yourself, so why should companies not be able to offer such services to customers freely and therefore help all of the non-criminals be safe on the internet as well as the criminals.
So, we are still not clear even if they follow that recommendation.
Do sign my petition:-