> Think of how that would have affected Linux (Android uses dm-crypt for FDE), open source, Github, etc

A concern of mine is that unlike the others you mention, Apples software isn't open - we have no ability to check there aren't already backdoors resulting from secret court orders.

Perhaps going forward 2015 going "open" will be the only way to build trust with a client is offer an open or reproducible means to replicate any claims made about suitability of encryption and lack of a backdoor both on client and server.

Apple and Microsoft have provided source code reviews to customers of a large enough size. The federal government, for example, reviewed sections of Windows source code before installing it on things like Navy ships, NSA computers, etc. Of course, this does not do us regular schmoes much good.

That said, this problem is a much better problem to manage than the one declan is talking about. Imagine if you wanted to use open source encryption to secure your information but were legally prohibited from doing so. That's what law enforcement is talking about now (and as declan points out: again).

It's un-enforceable as well unless, ultimately you'd end up needing to police the consumer.

This sort of misguided action in today's technology culture will just result in an exodus of hardware manufacturers + technology service providers and shrinking demand & trust for US based technology. This is already happening to some extent, illustrated by the boom in ASPs & Cloud computing occurring in Germany, elsewhere in Europe and to a lesser extent in Switzerland.

You can't really check Android binary distributions either.

Indeed not and there're also other concerns in that sphere (baseband and the underlying network/protocols, SS7 etc).

But there's some movement in the right direction (Cyanogen, F-droid and the various open phone hardware projects)

Also consider the amount of malware as uninformed Android users download god knows what. If they use the Play Store they are safer and Google tries to stress that fact but everybody loves free stuff.

> Think of how that would have affected Linux (Android uses dm-crypt for FDE), open source, Github, etc.

Probably the same way as the old USA cryptography export restrictions. Back then, cryptographic components were distributed in separate "non-US" repositories, which were hosted outside the USA.

>Probably the same way as the old USA cryptography export restrictions.

Actually it would be much worse. Even in the 1990s, you could release any crypto code (or ship any crypto product) you wanted as long as you took some fig-leaf steps to limit it to domestic use. The SAFE Act would have outlawed that.

Put another way, the Feds wanted to but were unable to prosecute Phil Zimmermann for releasing PGP. But if the SAFE Act had been enacted at the time, they would have -- because it outlaws the domestic "distribution" of non-escrowed crypto.

If you wanted to work on crypto, you'd have to move overseas. And you'd also have to hope that you wouldn't be prosecuted upon your return. The SAFE Act probably wouldn't be interpreted as an extraterritorial criminal law, but "probably" is a weak hook to hang your future and your freedom on.

The entities themselves would have to be (and remain) outside the US too, and given their doctrine in the Ireland email disclosure case Microsoft is fighting, even that would be tricky.