Re: Maths v the Law
"Following on from the spirit of this Bill, I think they should declare Pi=3. It would save all the hassle of trying to work out all the other digits."
Yes it was tried once, but not with much success...
However it is a symptom of the problems that crop up when we ask politicians to do their job. They have to pass laws and enact them to keep our civilisation going, to keep the chaos and barbarism at bay; that's their job and the reason we elect and pay them. They've become so good at it (apart from Pi=3) that we settled and contented life pretty much for granted. Everyone should be made to go and live somewhere 'unpleasant' so that they get a full sense of how privileged they are to lead settled and contented lives.
The problem is that we've gone and invented whole new ways by which we can be nasty to each other. Hacking, digital piracy, etc. It's all stuff that hurts people. And if there's one thing a politician is supposed to sensitive to it's situations where people may get hurt. Why? Because we sack them when it happens and they haven't done anything to prevent it.
So what we're seeing here is politicians responding to what they see as a threat to our well being. And they're right - all these modern things like encrypted communications, etc. can just as easily be used against us (ransome-ware, mobiles used to coordinate terrorist attacks, etc) as well as for our benefit (keeping out Apple, Google, bad guys and others with no right to intrude out of our stuff). It's utterly unsurprising that politicians will respond to that in the way we are paying them to do so.
So the problems start when the politicians (who are merely trying to do their job) are faced with something they don't understand well enough to be able to act effectively. Encryption is one such thing.
However, the reaction of experts generally is not to get involved in helping politicians formulate something workable. This is absurd. Politicians will generally do something, anything, if they perceive the need for it. Doing nothing is quite often worse. It is in all our interests that, instead of bleating about it from the sidelines and refusing to engage, various experts accept that something has to be done and offer to help, and hopefully make sure that whatever we end up with isn't unworkable, unenforceable, and fails to achieve the result that we need.
Difficulty With the Technology
One common objection to encryption back doors, magic keys, etc. is that no one should be trusted to hold such things for fear that they'd leak.
However such objections are bollocks. We already do trust various parties with such things. Apple have their signing keys for their firmware. Google have their keys. Verisign have who knows what, RSA have their magic keys too. Everyone has keys, and they're all critical to the security of the products they sell to us.
And we're already apparently quite content with such organisations losing these. At least one of the companies listed lost their crown jewels to an internet hack, and hardly anyone cared.
Lets not pretend that having these things looked after by these companies is any kind of guarantee; any single one of them could fall victim to a disgruntled employee, a hack, carelessness, etc. If Apple leaked their firmware signing key and source code then the FBI wouldn't need to get the Courts to unlock iPhones for them; they'd be able to do it themselves. And so, with a little effort, could you and I.
So if encryption, signing, etc are already no guarantee of privacy right now, why would having a law explicitly stating that there is no such guarantee make any difference? Is it because too many people are sticking their heads in the sand pretending that such a guarantee exists and don't like being told they're wrong?
What the Companies Should Do
Whether they like it or not something will eventually change in legislation. Left to their own devices the politicians could easily pass something that makes no sense and does no good. Whatever that is will require some oversight. In a country as paranoid about its own administration as the US appears to be, it might be better if that oversight role was partly (or wholly) fulfilled by companies like Apple and Google. If they choose not to do that then they can't rightfully complain about the end result.
Ransomeware is different. Ransomeware is rapidly becoming the scourge of the modern era. It's pretty difficult to pass an effective law about it. These things only exist because, ultimately, the Internet makes it too easy for miscreants to hide out there somewhere in the world raking in the money. Short of banning the use of encryption entirely across the whole Internet (and thus removing the means by which the flow of money can be anonymous), we're simply going to have to be on our guard. Or make the Internet more 'curated' than it is at the moment, but then we'd be copying the Chinese...