PINDROP BLOG

Bill Requiring Phone Crypto Backdoors Dies in California Assembly

A California bill that would require backdoors in phone encryption has died in the state assembly after failing to gain enough support to move out of committee.

The bill, proposed in January, would have required that device manufacturers have the capability of decrypting and unlocking any phone sold in California after Jan. 1, 2017. A similar bill proposed in New York is still making its way through that state’s legislature.

“You can get a warrant for pretty much anything and everything, but not for an iPhone or an iPad. That’s just mind-boggling,” said Assemblyman Jim Cooper, the author of the California bill.

Both the California and the New York bills were introduced before the battle between the FBI and Apple over the iPhone used by one of the terrorists in the San Bernardino massacre became public. That case brought the debate over strong encryption–especially full-disk encryption on mobile devices–out of the shadows and into the public eye on a national level. But there are a number of smaller, localized fights on the same topic with similar stakes.

The California bill ran aground in the Committee on Privacy and Consumer Protection, where it did not even go to a vote after failing to get a second from a committee member. Privacy advocates hailed the bill’s defeat as a key win for users and tech vendors.

“The bill, both before and after it was amended, posed a serious threat to smartphone security. It would have forced companies to dedicate resources to finding ways to defeat their own encryption or insert backdoors to facilitate decryption. As a result, the bill would have essentially prohibited companies from offering full disk encryption for their phones,” Rainey Reitman, activism director at the EFF, said in a blog post.

“Full disk encryption ensures that technology users can trust that their data is secure. It can help safeguard against identity thieves, malicious hackers, and others. It is particularly important when smartphones are lost or stolen, so that the sensitive data they store won’t be compromised.”

Both Apple and Google have added a feature to their mobile operating systems that enables full-disk encryption by default, something that law enforcement agencies have said is dangerous and makes their job more difficult. While the California bill died, a similarly controversial one is being considered in the United States Senate. The Burr-Feinstein bill would require that vendors and communications providers have the ability to provide “responsive, intelligible information or data, or appropriate technical assistance to a government pursuant to a court order”, a requirement that would effectively ban end-to-end encryption. 

Image from Flickr stream of Jeff Turner.

Webinar: TACKLING THE 113% FRAUD INCREASE IN CALL CENTERS