Its five years with no limitations, so when you are due to be released; Whats your password? Another five years... Its such a poorly worded law you could literally spend your life in prison for forgetting your password. And Its mostly used against peaceful protesters.

Are we damning the UK with faint praise now?

I'm not even sure how much practical difference there is between 5 and indefinite in practice, 5 years is a long time. I imagine it is pretty life-destroying. Especially for the crime of having something on your phone that you want to keep private.

> If it’s not about nation security or CSAM, it’s two.

I am sure we all get what you mean, but there is a comic interpretation in vaguely-Soviet style here where if someone hasn't done anything wrong they only get 2 years. I'm going to spend some time this weekend making sure my encryption is plausibly deniable where possible.

Oh just 5 years, that's OK then.