CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

California Quietly Drops Bill Requiring Phone Decryption

The California Assembly Bill 1681 was quietly dropped this week without a vote. The bill would have authorized $2,500 penalties for phone manufacturers and operating system providers if they do not comply with court orders to decrypt phones. In effect, it would force phone providers to include a backdoor or face repeated fines.

The California Assembly Bill 1681 was quietly dropped this week without a vote. The bill would have authorized $2,500 penalties for phone manufacturers and operating system providers if they do not comply with court orders to decrypt phones. In effect, it would force phone providers to include a backdoor or face repeated fines.

Assemblyman Jim Cooper had claimed it was simply wrong that a search warrant could allow law enforcement agencies to search homes, but not necessarily phones. “I’m not concerned about terrorism. The federal investigators deal with that,” he said, but “local law enforcement deals with cases every day and they cannot access this information.”

The bill had faced opposition from civil liberties organizations such as the EFF, the tech industry including Apple and Google, and business representation including the California Chamber of Commerce and the California Bankers Association.

The original bill introduced in January had specifically required that all phones sold in California should, at the point of sale, have the technical ability to be unlocked and decrypted. This was later amended to a requirement to obey court orders.

“The bill, both before and after it was amended, posed a serious threat to smartphone security,” wrote the EFF in a blog post Wednesday. “It would have forced companies to dedicate resources to finding ways to defeat their own encryption or insert backdoors to facilitate decryption. As a result, the bill would have essentially prohibited companies from offering full disk encryption for their phones.”

This echoed the industry view. “Fundamentally weakening the security of smartphones in the way AB 1681 envisions not only doesn’t make us safer, it actually makes us less safe,” warned Internet Association lobbyist Robert Callahan (reported in the Sacramento Bee), who called encryption “an incredibly important tool in today’s interconnected, Internet-enabled world to keep data secure.”

The practicality of such a bill also needs to be questioned. Phone manufacturers would need to abandon the security of encryption altogether. Manufacturing two versions, one for California and one for the rest of the world, is neither feasible nor effective. Customers would just purchase phones across state lines or via the internet – leaving the manufacturer still open to legal sanctions in California.

For such a requirement to work, it would need to be not merely nationwide, but ultimately worldwide. It is worth remembering that compulsory breach disclosure laws in America started in California and were then copied by other states.

Advertisement. Scroll to continue reading.

However, this defeat in California can be seen as a win for encryption and the tech companies that provide encryption throughout the country.

“The tech industry was very helpful in killing this bill. It would be bad for business and bad for their customers – which is all of us,” EFF’s Rebecca Jeschke told SecurityWeek. “We certainly hope that this will make it easier to protect encryption from misguided efforts to break it.”

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.