A new Californian bill termed “AB 1681” has been introduced in aims of putting a ban on the sale of smartphones with unbreakable encryption. The bill bids for manufacturers or operating system providers to include a method for unlocking all phones upon request. Any smartphone that could not be decrypted on demand would subject a seller to a $2,500 fine per phone.
The text of the AB 1681 bill states that it would “require a smartphone that is manufactured on or after January 1, 2017, and sold in California, to be capable of being decrypted and unlocked by its manufacturer or its operating system provider.”
The introduction of this legislation follows the controversial New York bill which, in essence, is almost an exact replica in many aspects, whereby the New York bill requires that smartphone manufacturers build mechanisms into the devices that would allow the companies to decrypt or unlock them on demand from law enforcement. The AB 1681 also follows in the footsteps of UK’s Investigatory Powers Bill endorsed by UK’s Prime Minister, David Cameron, which would require Apple to stop encrypting iPhones, iMessage, and FaceTime and hold a key with direct access to user data, again creating a backdoor.
While the New York bill has cited the fight against terrorism as its rationale, the California bill on the other hand states the prevention of human trafficking as its rationale. As the government claims that the existing unbreakable encryptions on phones are being used to prevent them from getting evidence they need against criminals and terrorists, the only way to defeat human trafficking is if the government has unfettered, disk-level access to its citizens’ cell phones (and they do believe this by far outweighs all privacy concerns).
The California bill introduced by Democrat California assembly member from Sacramento County, Jim Cooper, told Ars Technica, “If you’re a bad guy [we] can get a search record for your bank, for your house, you can get a search warrant for just about anything”. He went on to say, “For the industry to say it’s privacy, it really doesn’t hold any water. We’re going after human traffickers and people who are doing bad and evil things. Human trafficking trumps privacy, no ifs, ands, or buts about it.”
Cooper also stated in a press release, “Human traffickers are using encrypted cell phones to run and conceal their criminal activities. Full-disk encrypted operating systems provide criminals an invaluable tool to prey on women, children, and threaten our freedoms while making the legal process of judicial court orders useless.”
As the saying goes, “You can’t build a backdoor that’s only used by good guys”. Technology providers and security advocates argue that any backdoors the government decides to open will be exploited by criminals and not just the government alone. Proposals of encryptions which include backdoors are essentially insecure and would create vulnerabilities that unauthorized parties could exploit. Similarly, Andrew Crocker, an attorney with the Electronic Frontier Foundation, told Ars Technica that the bill had “glaring problems” and that it was “entirely infeasible from a technical perspective”, since there is no way to ensure that phones can be decrypted only by the ‘good guys’ but not the ‘baddies’. Additionally, lawyers speculated that the bill would also likely be illegal under the Dormant Commerce Clause, the federal legal doctrine that forbids states from imposing undue burdens on interstate commerce.
Similar encryption proposals have been made in countries such as the UK and China, which required companies to provide backdoor access to the government. This is the very opposite of the principles Netherland upholds. In fact, the Dutch government is actually against backdoors, and is demanding stronger encryption. The government had released a statement stating their criticision on weakening encryptions for the purposes of law enforcement and intelligence agencies.
The Dutch minister of security and justice, Ard van der Steur, voiced “the importance of strong encryption for Internet security to support the protection of privacy for citizens, companies, the government, and the entire Dutch economy”. He emphasized, “Therefore, the government believes that it is currently not desirable to take legal measures against the development, availability and use of encryption within the Netherlands.”
So far, Apple and Google have been fighting the good fight for the public, and have been adamant that it is a matter of user privacy. In the past year, Apple had added strong encryption to its devices, a move that was soon followed by Google with similar encryption on their Androids.
Way back since September 2014, Apple took a strong pro-encryption stance, saying that under any iOS 8 devices or later, the company would be unable to access customer data. Currently, both iOS and Androids customers have the option to encrypt their devices when setting them up (a default on the iOS). Both companies claim to have decided to hand over the keys to the encryption to the users themselves, which would mean the tech giants would not be able to respond to warrants for data stored on its devices even if asked by law enforcements. Overall, it would affect modern iOS and Android devices, which enable full-disk encryption that neither Apple nor Google can access even if they wanted to.
If the bill became law, iPhones (and many other smartphones) would not be able to be sold in California if their current encryption features remained intact, as well as create a legal ban across the state that would be imposed on many devices that run on Google’s Android software. Although Apple and Google are two dominant smartphone platform builders, if this bill made it into law, both companies who are headquartered in California could be driven off their home turf if they choose not to comply. Currently, the bill still needs to be passed through the Assembly and State Senate and be signed into law by Gov. Jerry Brown (D). As of now, it appears that Apple and Google will still fight to defend encryption rights and it seems that they will both protest against the bill, albeit neither have commented on the new anti-encryption legislation yet.
Read the text of the AB 1681 available here.
 Ars Technica
 Business Insider
 Silicon Valley Business Journal
 The Daily Dot