California Anti-Encryption Bill Targets Smartphones
Like a recent New York State bill, the law seeks to ban the sale of mobile devices that can’t be decrypted for the use of law-enforcement agencies
A California lawmaker has introduced the US’ second state bill aimed at imposing back doors that would allow law enforcement authorities to access encrypted devices such as smartphones.
The bill, AB 1681, introduced by California state assembly member Jim Cooper last week, is similar to a bill re-introduced in New York State earlier this month,
The main difference is that the New York bill is aimed at fighting terrorism, the California bill was presented as a means to help fight human trafficking.
Encryption battle
The state efforts reflect a wider tension between governments, many of which are pushing for limitations on encrypted communications, and mobile device makers such as Apple and Google, which say such limitations risk creating security vulnerabilities.
AB 1681 “would require a smartphone that is manufactured on or after January 1, 2017, and sold in California, to be capable of being decrypted and unlocked by its manufacturer or its operating system provider”, according to the bill’s text.
It would allow a civil penalty of $2,500 (£1,750) per device to be imposed on those breaking the law.
The bill, if passed into law, would make the sale of current iPhones illegal in the state, as well as outlawing some Android smartphones.
Assembly member Cooper, who served with the Sacramento County Sheriff’s Department for 30 years, presented the bill as a law-enforcement issue distinct from the concerns over government surveillance that have helped spur the broader use of encryption in mobile and Internet communications.
Cooper said individuals’ property, bank accounts and other assets are subject to search warrants, and mobile devices should be no exception.
‘Security risk’
Privacy advocates have criticised such legal efforts as technically unworkable, and Apple chief executive Tim Cook has argued that back doors aimed at allowing law enforcement access would inevitably be exploited by malicious actors.
“If you halt or weaken encryption, the people that you hurt are not the folks that want to do bad things,” he said in an interview last November. “It’s the good people. The other people know where to go.”
He said the company remains committed to “end to end encryption and no back doors”.
Google has also promoted secure communications, for instance saying in 2014 it would rank sites with HTTPS encryption higher in search results.
In March of last year Google executive chairman Eric Schmidt predicted at a conference that government efforts to limit encryption would fail, adding, “we don’t know how to build a trap door in these systems which is only available to the good guys.”
In January of last year, prime minister David Cameron said that he wanted British intelligence agencies to be able to monitor the encrypted communications of terror suspects and suggested legislation allowing this would be introduced following the Conservatives’ success in the General Election.
Industry observers have speculated that the California and New York state laws would be illegal under US federal provisions that forbid states from imposing excessive barriers on interstate commerce.
Are you a security pro? Try our quiz!
