Assembly Bill 1681, introduced by Assemblyman Jim Cooper, D-Elk Grove, would mandate that phones made “on or after January 1, 2017, and sold in California after that date” must be “capable of being decrypted and unlocked by its manufacturer or its operating system provider,” as CNET reported. “Any smartphone that couldn’t be decrypted on demand would subject a seller to a $2,500 fine. If the bill becomes law, there would be a ban on nearly all iPhones and many devices that run Google’s Android software across the state.”

With California home to both Google and Apple, observers quickly declared a broadening trend toward increased legal pressure on tech companies. But competing justifications for the crackdown have emerged, with lawmakers outside California opting to hang their own legislation on a different peg. As Ars Technica remarked of AB1681:

Despite very similar language to a pending New York bill, the stated rationale is to fight human trafficking, rather than terrorism.

AB1681’s language is nearly identical to another bill re-introduced in New York state earlier this month, but Cooper denied that it was based on any model legislation, saying simply that it was researched by his staff. He also noted that the sale of his own iPhone would be made illegal in California under this bill.

World worry

California policymakers have become an intimate part of the global push to prevent smartphone encryption from helping individuals and groups evade law enforcement monitoring and detection. At the Davos Open Forum, Rep. Darrell Issa, R-Calif., joined an international panel of public and private-sector officials to air concerns about the potential for over- or under-enforcement. “Governments claim the need for greater security and seek to monitor global communications, while citizens, more willing than ever to share, demand greater protection of their digital privacy,” according to Vice News, whose editor in chief moderated the discussion.

In the U.S., meanwhile, top law enforcement officials have sought to coordinate a nationwide effort patterned after California’s and New York’s, each of which drew support from its respective Attorneys General. “The National District Attorney’s Association hasn’t hidden its intention to mobilize its local offices,” according to The Verge. “The association, along with the International Association of Chiefs of Police, announced in November that they planned to partner with state legislators to enact mandatory smartphone decryption bills around the country. The group wrote in a letter that it looked ‘forward to working with lawmakers to strengthen our current laws, and ensure they are representative of today’s technology and the challenge public safety officials face in preventing crime and safeguarding their communities.'”

An uphill battle

But pushback has already begun from within the crypto and tech communities. On the one hand, advocates and activists have long warned against granting governments a so-called “backdoor” to the data and metadata stored on devices and accessible through them. “There have been people that suggest that we should have a backdoor,” Apple CEO Tim Cook recently said on “60 Minutes,” as the Silicon Valley Business Journal noted. “But the reality is if you put a backdoor in, that backdoor’s for everybody, for good guys and bad guys.”

On the other hand, however, going further, “legal and technical experts argue that even if a national ban on fully encrypted smartphones were a reasonable privacy sacrifice for the sake of law enforcement, a state-level ban wouldn’t be,” as Wired observed. “They say, the most likely result of any state banning the sale of encrypted smartphones would be to make the devices of law-abiding residents’ more vulnerable, while still letting criminals obtain an encrypted phone with a quick trip across the state border or even a trivial software update.” For that reason, both the California and New York bills face an uphill climb, despite strong pressure to pass them — or some version of them — into law.

On Wednesday

Bill author Sen. Mark Leno, D-San Francisco, crafted this legislation due to a surge in smartphone theft in recent years, where such thefts account for one-third of all robberies in the county. According to data reported by San Francisco District Attorney George Gascón, “smartphone theft accounted for 60 percent of all robberies in San Francisco and up to 75 percent of all robberies in Oakland.” Los Angeles also “experienced a 26 percent increase in smartphone thefts since 2011.”

Gascón blamed the wireless industry for failing “to safeguard its products,” resulting in victimized consumers.

Both Gascón and Sen. Leno contended that the industry’s previously voluntary measures placed “too great a burden on individual consumers to take action,” whereas mandated adoption of anti-theft solutions could “undercut the black market” since potential thieves would know that most stolen phones could be “bricked” and thus “far less valuable.”

SB962 was opposed by the business community, particularly the high-tech industry. The San Jose Silicon Valley Chamber of Commerce wrote in opposition that “private sector solutions should be sought whenever possible to address public concerns.” SB962, they said, has a well-intentioned goal to decrease theft and increase privacy, but “would not achieve that ultimate outcome.” The chamber also pointed to the fact that most smartphone operating systems developed in Silicon Valley, including Apple’s iOS and Microsoft’s Windows Phone, “already possess the capability to remotely lock, erase or disable … mobile devices.”

The Wireless Association, joined by smartphone manufacturers such as Motorola, Nokia and Huawei, as well as major carriers like AT&T, Sprint, T-Mobile and Verizon, also wrote a letter in opposition warning of “negative consequences to consumer security and public safety.” According to the letter, the risks posed by SB962 included:

• Impractical state laws: “State regulation will never keep pace with innovation in the wireless ecosystem. What state lawmakers mandate as a solution today may not be the solution consumers demand or need tomorrow.”
• Limiting consumer choice: “Any mandated technology standard will quickly become outdated in the fast-moving wireless application world. Requiring a particular technology is also counter to the policies that have made the wireless industry one of the most important and vibrant sectors of our economy.”
• Hacking drawbacks: “If consumers can turn mobile devices into ‘bricks,’ so can hackers. As the L.A. Times has suggested, any technology that is mandated widely across the nation may be at a greater risk of security breaches and attacks.”

The association also addressed specific steps the wireless industry has taken in working with the FCC and law enforcement to actively address the issue.

Sen. Leno said in a prepared statement that smartphone theft is “already on the decline as more new phones come equipped with kill switches.” The release highlighted a Consumer Reports study from June showing that, in 2014, 2.1 million Americans had their phones stolen, down from 3.1 million in 2013. This 30 percent decrease could be attributed to the passage of SB962, but also the natural progression of technology and the industry’s cooperation with the FCC to protect consumers.

Since the passage of the bill, smartphone manufacturers indicated most phones sold in the U.S. would meet the California standard for kill switches, rather than creating a California-specific phone.