Saying "We don't want to outlaw encryption, we only want to outlaw strong encryption," is a bit like saying "We don't want to outlaw pregnancy, we only want to outlaw being more than 90% pregnant."

This law is extremely concerning but I don't see a way for it to be used against communications that are encrypted by a VPN, where that VPN is based outside Australia (most if not all VPN providers are). The Australian government has no power to compel a foreign company to do anything.

Don't worry, they'll just block access to the VPN providers without any requiring any further legislation because they can. They literally have no idea of the security implications of pursuing this, they just want to be "tough on crime" and protect us from all the terrorists. They say not to worry, they'll only use it for crimes that can carry a penalty of 2+ years, but that's most of them, and you only have to be suspected in order to be targetted. What can anyone do? Say you're not a suspect? Hmmm, that sounds suspicious, better give me all your devices and credentials just to be safe.