California Bill Would Ban Encrypted Smartphone Sales
Jan 25, 2016 10:58 AM PT
California State Assemblyman Jim Cooper last week introduced a bill seeking to ban the sale of smartphones that include unbreakable encryption.
The bill would require smartphones made on or after Jan. 1, 2017, and sold in California to be capable of being decrypted and unlocked by their manufacturers or OS providers.
Knowingly failing to comply would subject a seller or lessor -- meaning a carrier or other company such as Walmart, which supplies smartphones to end users -- to a fine of $2,500 for each device sold or leased.
The seller or lessor would not be able to pass on any portion of the penalty to purchasers.
The bill would authorize only the California attorney general or a district attorney to bring a civil suit to enforce these provisions.
The legislation "fails to recognize the broad, tangible benefits of encryption, and rather than making anyone safer, will only succeed in making most smartphone owners more vulnerable while doing nothing to limit the ability of criminals to operate outside the purview of law enforcement," Amie Stepanovich, U.S. policy manager at Access Now, told TechNewsWorld.
The bill would help fight human traffickers, who use smartphones as a tool, argued Cooper, a former sheriff's captain.
"There are many convincing emotional appeals that can be made to justify enabling violations of people's Fourth Amendment right to be secure in their persons, houses, papers and effects, against unreasonable searches," said John Gunn, VP of communications at Vasco Data Security.
"This is just one more," he told the E-Commerce Times.
Law Enforcement Efforts
The California bill and another in New York State reflect sentiment among law enforcement for such a move.
Last year, the International Association of Chiefs of Police and the National District Attorneys Association held a summit on what they called "Going Dark" -- the inability of law enforcement to address the problem encrypted communications pose to public safety.
The organizations want to ensure that it's possible to collect evidence by court order, not expand government's surveillance authority, according to a report on the summit.
The report includes the following recommendations:
- Provide guidance and recommended strategies to address the issue of Going Dark;
- Prepare an analysis of current legislation that relates to evidentiary collection of electronic data;
- Work with domestic and international partners to continue dialogue about the effects; and
- Focus on educating congressional and other policy leaders on the issue.
Senior federal officials met with Silicon Valley executives recently in what's been viewed as a bid to get high-tech firms to cooperate with government requests for data and, possibly, introduce encryption backdoors.
Apple CEO Tim Cook has rejected calls to weaken encryption, sparking a rejoinder from AT&T CEO Randall Stephenson that decision-making on encryption policy is Congress' call. AT&T cooperated with the Bush administration in turning over details of calls made on its networks.
The Downside of Cooper's Bill
"The encryption genie is out of the bottle, and recent proposals to outlaw it won't stop criminals," said Dwayne Melancon, CTO of Tripwire.
"Encryption protects electronic financial transactions, private Internet communication, and much of our national critical infrastructure," he told TechNewsWorld.
It "is a fundamental requirement in a wide range of government regulations designed to protect sensitive data from hackers, nation-state attackers and others with malicious intentions," Melancon continued. "Anything we do to restrict or weaken [it] would weaken the mechanisms we use to secure the Internet."
The Cooper bill "will not remove readily available applications that do strong encryption," Christian Lees, CISO at InfoArmor, pointed out.
It "would likely also drive government organizations to embrace secondary applications that support strong encryption," he told the E-Commerce Times.