PINDROP BLOG

New York Wants to Force Vendors to Decrypt Users’ Phones

A bill that is making its way through the New York state assembly would require that smartphone manufacturers build mechanisms into the devices that would allow the companies to decrypt or unlock them on demand from law enforcement.

The New York bill is the latest entry in a long-running debate between privacy advocates and security experts on one side and law enforcement agencies and many politicians on the other. The revelations of the last few years about widespread government surveillance, especially that involving cell phones and email systems, has spurred device manufacturers to increase the use of encryption. New Apple iPhones now are encrypted by default, as are some Android devices.

The FBI, Justice Department and other agencies have been pushing back against this trend, talking with manufacturers about potential ways around default or user-enabled encryption.

“Encryption threatens to lead us all to a very, very dark place. The place that this is leading us is one that I would suggest we shouldn’t go without careful thought and public debate,” FBI Director James Comey said of the encryption of mobile devices in 2014.

“The safety of the citizenry calls for a legislative solution, and a solution is easily at hand.”

Apple, Google, and the other major manufacturers have been resistant to those advances and have said that user privacy and security is their main concern. The bill that is now in committee in the New York State Assembly makes no equivocation about what it is designed to do.

“Any smartphone that is manufactured on or after January First, Two Thousand Sixteen, and sold or leased in New York, shall be capable of being decrypted and unlocked by its manufacturer or its operating system provider,” the bill says.

Introduced by Assemblyman Matthew Titone last summer and referred to committee on Jan. 6, the bill would introduce a penalty of $2,500 to the vendor for every device that doesn’t comply with the requirement. The justification for the decryption requirement in the bill, as has become the norm, is the threat of criminals or terrorists using encrypted devices for nefarious deeds.

“The safety of the citizenry calls for a legislative solution, and a solution is easily at hand. Enacting this bill would penalize those who would sell smart- phones that are beyond the reach of law enforcement,” the notes on the bill say.

“The fact is that, although the new software may enhance privacy for some users, it severely hampers law enforcement’s ability to aid victims. All of the evidence contained in smartphones and similar devices will be lost to law enforcement, so long as the criminals take the precaution of protecting their devices with passcodes. Of course they will do so. Simply stated, passcode-protected devices render lawful court orders meaningless and encourage criminals to act with impunity.”

The next step for the New York bill would be a move to the floor calendar and then votes in the assembly and the senate.

Image from Flickr stream of Andrew Mager.

Webinar: TACKLING THE 113% FRAUD INCREASE IN CALL CENTERS