California Lawmaker Wants Phones to Be Decryptable

Encryption_CSAlogo_lCalifornia lawmaker Jim Cooper has introduced a bill, AB 1681, requiring smartphone makers to allow law enforcement authorities access to data on encrypted devices like smartphones. Mr Cooper reasoned that individuals’ property, bank accounts and other assets are subject to search warrants, and so mobiles shouldn’t be any different. The bill would allow a civil penalty of $2,500 per device to be imposed on those breaking the law, and smartphone manufacturers could be held responsible.

AB 1681 was presented last week, and is similar to a bill reintroduced in New York earlier in January. The New York legislation is aimed at fighting terrorism, while supporters of the California bill claim it was introduced to counter human trafficking. AB 1681 will “require a smartphone that is manufactured on or after 1 January 2017, and sold in California, to be capable of being decrypted and unlocked by its manufacturer or its operating system provider”, according to the bill’s text.

In 2014, device manufacturers began employing new operating systems that used full-disk encryption (FDE) by default. FDE works by automatically converting data on the hard drive into a form that can’t be understood by anyone without the key to “undo” the conversion. In theory, only the owner of an FDE-enabled smartphone can reach the data by using a password, biometric information or other unique key. It’s nearly impossible to recover scrambled data without proper authentication unless a back door is enabled.

There’s an ongoing battle between governments pushing for limitations on encryption and mobile makers like Apple and Google that view such restrictions as threats to device security. Apple CEO Tim Cook has argued that back doors allowing access to law enforcement would inevitably be exploited, and Alphabet chairmain Eric Schmidt predicted at a 2015 conference that government efforts to limit encryption would fail. Mr Schmidt outlined that “we don’t know how to build a trap door in these systems which is only available to the good guys.”

It’s understandable that technology companies would resist back door policies given the potential for these to be exploited by cyber criminals. Such legislation could weaken overall Internet security, and the fallout could undermine confidence in technology brands.