To weaken encryption procedures in common sw is a bad idea over so many aspects, mainly because technology is agnostic wrt who uses it or tries to break it.
Worse than that, I'd argue, would be having one government purposely weakening encryption of one or more sw products produced by third party companies that, of course, sell that product worldwide. The market gap that would originate from that would probably screw up the tech balance quite badly - either by imposing additional costs over these sw houses (that may therefore stop licensing the sw in the UK entirely), or by externalities toward other users of the technology (that even without being in the UK would find themselves affected by that decision).
It's a tough matter and it should not be treated lightly - as modifying the current state would not only affect on government actions/policies and security, but also market, technological, and international issues, with a dangerous snowball effect.
It's been drafted by morons, like all tech laws.
I can't see how this could possibly work. Strong encryption methods are public knowledge. There's nothing to prevent independent implementations of strong encryption. The only people affected will be those that use off the shelf software - who'd be using weaker 'legal' encryption. That'd be the majority of users - who would then be more at risk of malicious software doing bad things. The only winners here are the bad guys.
this policy is obviously not oriented toward preventing secure technology to be developed and distributed. Rather, its effect is that it makes its use illegale, hence providing a way for law enforcement to act over its usage upon necessity. In the UK it already is illegal to not provide a password/encryption key upon request; my understanding is that in this case, the law enforcement need some ground to make the request (e.g. threat to national security) which may be hard to prove (being the content encrypted). If you make the use of encryption itself illegal, you don't need the "national security" pretext anymore to demand access to the data.
With the UK trying to ban encryption, are they not just trying to get people to share keys for their encrypted data? If they make it illegal to not provide an encryption key, does the UK not have an equivalent of a right to remain silent/not incriminate yourself? Also, would the argument of "I forgot the key/password" immediately be seen as a sign of guilt? I don't understand what they could accomplish if this is the case, at least for individuals.
Luckily, steganography is still perfectly legal in modern Britain. So we can all still hide our secret messages in cat pictures on reddit.
Like was mentioned above, encryption is already used in so many places on consumers' devices that it's unlikely many of them even know they're using it. If the development and distribution of secure technology is not attacked, there would need to be a massive educational campaign to inform consumers of what technology is being made illegal. I can't imagine that this is practical—I don't think Apple, Google, banking sites, or many of the other providers of encryption will change their practices to enable back doors, and without much broader knowledge by consumers of what software devices use encryption, there won't be a shift in user behavior to avoid cryptography.
Distribution is not exactly my point - the key element is that the bad guys win both ways - they get to use strong cryptography (because they are the bad guys who don't follow the law) AND they get to attack weak legal crypto to defraud legitimate citizens.
They are going to regret it, but it might be late and a lot of damage will done. After private information will be leaked it will be to late.
I've been thinking a lot about the issue of cryptography/strong encryption. I place great value on privacy of communication, which is something that cryptographic methods can provide. I like the guarantee (more or less) that someone isn't eavesdropping on anything from conversations with family to online banking sessions. However, I've started to worry a bit as I come across stories of it being used for direct antagonism, for example, as in ransomware. If your files are affected, there is literally nothing that you can do to recover the originals short of paying the ransom. Sure, there is a slew of preventative measures that can be taken to prevent infection, and you can probably restore from a backup that you made (you did make one recently, yes?), but ultimately, there is nothing that you can do to reverse the damage to the files themselves. You are helpless. Brute-forcing the key will take forever and a day, and tracking down whoever is responsible through, say, the Tor network is just as infeasible. In short, someone has gone through (comparatively) minimal effort to make some quick cash by thoroughly ruining your day. Perhaps it is not so different in the end from other forms of property damage, wherein the only form of compensation that you will receive will be from an insurance company (roughly equatable to restoring files from backup), but the lack of any way out is absolutely awful. Forbidding strong encryption is stupid, though, I think; as said by just about every cryptographer ever, if there's a weakness in the algorithm meant for one party, it will inevitably be exploited by others.