California Lawmakers Manage To Turn Encrypted Phone Ban Legislation Into Encryption Backdoor Legislation
from the your-tax-dollars-malfunctioning dept
As part of our funding campaign for our coverage of encryption, we reached out to some companies that care about these issues to ask them to show their support. This post is sponsored by Golden Frog, a company dedicated to online privacy, security and freedom.
The California Assembly has been tinkering with Assemblyman Jim Cooper’s smartphone encryption ban… and for the worse. First noticed by EFF Staff Attorney Andrew Crocker, legislators have turned the proposed ban into something that accomplishes the same goals without actually “banning” anything.
Rather than forbid the sale of smartphones that can’t be decrypted by their manufacturers, the new wording will direct fines at manufacturers who can’t decrypt phones upon receipt of a warrant or other court order. (added/altered wording in bold)
smartphone manufactured on or after January 1, 2017, that is not capable of being decrypted and unlocked by its manufacturer or its operating system provider shall subject themanufacturer or operating system provider of a smartphone sold or leased in California on or after January 1, 2017, shall be subject to a civil penalty of two thousand five hundred dollars ($2,500) for each smartphone sold or leased in California ifinstance in which the manufacturer or operating system provider of the smartphone knew at the time of the sale or lease that the smartphone was not capable of being decrypted and unlocked by the manufacturer or its operating system provider.is unable to decrypt the contents of the smartphone pursuant to a state court order. A manufacturer or operating system provider who pays a civil penalty imposed pursuant to this subdivision shall not pass on any portion of that penalty to purchasers of smartphones. This civil penalty shall not preclude the imposition of any other penalty pursuant to law.
So, rather than an encrypted smartphone ban, it’s an encryption backdoor mandate. In order to sell phones in California, manufacturers will have to make less secure versions specifically for that market — ones where they hold the keys and are subject to law enforcement demands for a spare set.
This is bad for Californians looking for more secure phone options and bad for cellphone manufacturers, who have zero interest in acting as encryption key repositories. And the altered wording would allow the state to pursue manufacturers that have never sold a phone directly to Californians. Third-party retailers can still offer encrypted phones to customers without fear of reprisal as doing so would not run afoul of the proposed law. Instead, it would be the manufacturers’ fault if phones without encryption backdoors were sold in the state.
The only way for phone manufacturers to ensure they comply with this law would be to stop offering encryption they can’t crack, as it’s inevitable that California-based retailers will still be able to find customers interested in devices without manufacturer/operating system backdoors.
This is stupid, reactionary lawmaking somehow managing to become even more stupid and reactionary after receiving input from other legislators. If this level of stupidity remains in full force, the end result could be Californians buying their cell phones directly from the state — much in the way some states handle alcohol sales.
Privacy & Security on the Golden Frog Blog:
VyprVPN from Golden Frog is the world’s fastest highly-secure VPN.
Learn more about VyprVPN »