PINDROP BLOG

EFF Says Bills Requiring Vendor Decryption of Phones Could be Unconstitutional

The Electronic Frontier Foundation has come out in opposition of a proposed California bill that would require Apple and other phone manufacturers to be able to decrypt the contents of any device they sell in the state.

The California bill was introduced in January by Assemblyman Jim Cooper and it is designed to force vendors to include some unspecified capability in their device that would allow them to decrypt the devices on request from law enforcement. Both Apple and Google have included mechanisms in their operating system that enable device encryption by default, and the issue is at the center of the Apple-FBI debate that has been playing out in the courts and the press for the last few weeks, as well.

While that argument drags on, there are bills in both the California and New York state assemblies that would mandate exactly the kind of back door access that the FBI is seeking in the San Bernardino case.

“This bill would require a smartphone that is manufactured on or after January 1, 2017, and sold in California, to be capable of being decrypted and unlocked by its manufacturer or operating system vendor,” the California bill says.

The EFF says that the vagueness in the language of the bill makes it almost certain to fail, as it doesn’t specify what method the vendors are supposed to use to accomplish the decryption. If the requirement is simply that the encryption mechanism be turned off at the time of the sale, consumers would be able to change that setting. Other methods, such as a software backdoor, would be far more complicated and problematic.

The bill would put a serious burden on vendors to comply, the EFF says.

“Further, there is very good reason to think A.B. 1681 and similar state bills would be unconstitutional. The Supreme Court has explained that states cannot enact laws that burden interstate commerce when “the burden imposed on such commerce is clearly excessive in relation to the putative local benefits.” In light of the bill’s lopsided cost-benefit tradeoff, it seems unlikely to survive this analysis,” Andrew Crocker, a staff attorney at the EFF, wrote in an analysis of the California bill.

There is a similar bill in the New York state assembly that would require the same kind of decryption capability. Crocker said that aside from the issue of constitutionality, the bills also have a problem with with the First Amendment.

“Under theBernstein case and its progeny, computer code is protected speech, and a government ban on this speech based on its content is subject to First Amendment scrutiny. Once again, it’s hard to see such a law surviving this test,” Crocker said.

Webinar: TACKLING THE 113% FRAUD INCREASE IN CALL CENTERS