crippled cryptography
There is no requirement to cripple crytography!
In both the draft bill and the final act it is clear that what is being requested is that those ie. CSP's, who perform communication encryption and decryption actions provide the mean's whereby the unencrypted communication is made available to a man-in-the-middle inspection.
So you are free to use 256-bit and double encryption to protect your communications from eavesdroppers; however, if the end-point of the encrypted connection is in the UK, TPTB reserve the right to ask for a tap/intercept to be placed on all (unencrypted communications going into the VPN/encrypted pipe and coming out of that pipe).
It's not difficult really. For example, my WiFi AP operates a full WPA2-PKI service - according to 802.11. However, only the over-the-air communications leg between client device and AP is actually encrypted, all communcations between the AP and my router are subject to separate encryption - currently none. Hence simply placing a network monitor on the AP's LAN port would be sufficient to satisfy the demands of the IB.