Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

California Quietly Drops Bill Requiring Phone Decryption

The California Assembly Bill 1681 was quietly dropped this week without a vote. The bill would have authorized $2,500 penalties for phone manufacturers and operating system providers if they do not comply with court orders to decrypt phones. In effect, it would force phone providers to include a backdoor or face repeated fines.

The California Assembly Bill 1681 was quietly dropped this week without a vote. The bill would have authorized $2,500 penalties for phone manufacturers and operating system providers if they do not comply with court orders to decrypt phones. In effect, it would force phone providers to include a backdoor or face repeated fines.

Assemblyman Jim Cooper had claimed it was simply wrong that a search warrant could allow law enforcement agencies to search homes, but not necessarily phones. “I’m not concerned about terrorism. The federal investigators deal with that,” he said, but “local law enforcement deals with cases every day and they cannot access this information.”

The bill had faced opposition from civil liberties organizations such as the EFF, the tech industry including Apple and Google, and business representation including the California Chamber of Commerce and the California Bankers Association.

The original bill introduced in January had specifically required that all phones sold in California should, at the point of sale, have the technical ability to be unlocked and decrypted. This was later amended to a requirement to obey court orders.

“The bill, both before and after it was amended, posed a serious threat to smartphone security,” wrote the EFF in a blog post Wednesday. “It would have forced companies to dedicate resources to finding ways to defeat their own encryption or insert backdoors to facilitate decryption. As a result, the bill would have essentially prohibited companies from offering full disk encryption for their phones.”

This echoed the industry view. “Fundamentally weakening the security of smartphones in the way AB 1681 envisions not only doesn’t make us safer, it actually makes us less safe,” warned Internet Association lobbyist Robert Callahan (reported in the Sacramento Bee), who called encryption “an incredibly important tool in today’s interconnected, Internet-enabled world to keep data secure.”

The practicality of such a bill also needs to be questioned. Phone manufacturers would need to abandon the security of encryption altogether. Manufacturing two versions, one for California and one for the rest of the world, is neither feasible nor effective. Customers would just purchase phones across state lines or via the internet – leaving the manufacturer still open to legal sanctions in California.

For such a requirement to work, it would need to be not merely nationwide, but ultimately worldwide. It is worth remembering that compulsory breach disclosure laws in America started in California and were then copied by other states.

However, this defeat in California can be seen as a win for encryption and the tech companies that provide encryption throughout the country.

“The tech industry was very helpful in killing this bill. It would be bad for business and bad for their customers – which is all of us,” EFF’s Rebecca Jeschke told SecurityWeek. “We certainly hope that this will make it easier to protect encryption from misguided efforts to break it.”

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.