Smartphone users in California take notice: a new CA State Assembly bill would ban default encryption features on all smartphones. Assembly Bill 1681, introduced in January by Assemblymember Jim Cooper, would require any smartphone sold in California “to be capable of being decrypted and unlocked by its manufacturer or its operating system provider.” This is perhaps even more drastic than the legal precedent at stake in Apple’s ongoing showdown with the Justice Department, in which the government is trying to force a private company to write code undermining key security features in specific cases.
Both Apple and Google currently encrypt smartphones running their iOS and Android operating systems by default. A.B. 1681 would undo this default, penalizing manufacturers and providers of operating systems $2,500 per device that cannot be decrypted at the time of sale.
Similar proposals have been made by Manhattan district attorney Cyrus Vance Jr., who published a white paper [pdf] in November 2015 arguing that law enforcement needs to access the contents of smartphones to solve a range of crimes. A nearly identical bill is also pending in the New York State Assembly.
EFF opposes A.B. 1681 and all other state proposals to regulate smartphone encryption because they are terrible policy. If passed, A.B. 1681 would leave law-abiding Californians at risk for identity theft, data breach, stalking, and other invasions of privacy, with little benefit to law enforcement. It would be both ineffective and impossible to enforce. And, if that weren’t enough, it suffers from serious constitutional infirmities.
Meanwhile, in the U.S. Congress, Representative Ted Lieu has introduced H.R. 4528, the ENCRYPT Act, which would definitively preempt state bills like A.B. 1681. EFF agrees this is the right approach to state legislation in this area, although we’d like H.R. 4528 to go further and also prevent Congress and the rest of the federal government from undermining encryption.
The Benefits of Smartphone Encryption
Smartphones carry an astounding amount of personal information; it’s what makes them so useful. As the Supreme Court recognized in 2014, they hold nothing less than “the sum of an individual’s private life.” This makes smartphones ripe for theft, hacking and other unwanted access to personal data. Anyone following the Office of Personnel Management hack knows breaches are a problem. Theft is also a serious concern: A 2014 survey found that fully 10 percent of individuals whose phones were stolen were then victims of further identity or data theft, and 12 percent had fraudulent charges on banking or credit card accounts. And according to Consumer Reports, more than 3 million smartphones were stolen in 2013 in the United States.
Additionally, some smartphone users’ physical safety is at risk when others get access to their personal data. Domestic violence victims and political activists both domestically and in authoritarian regimes abroad all depend on data security to protect themselves.
The best way to secure phones against these dangers is to encrypt all of the contents, so-called full disk encryption (FDE), using a key held solely by the user. Apple moved to FDE by default in 2014, followed by Google. On iPhones, this key is generated by combining a user-selected passcode with a unique identifier associated with the phone and unknown to Apple. Unless the user unlocks the phone, no one—not hackers, thieves, or abusive exes, nor even Apple or the police —can access its contents. (That’s putting aside the kind of serious reengineering the FBI wants in the San Bernardino case, of course). Experts in cryptography and computer science are unanimous that this is the only feasible way to keep data on phones secure. That’s because “key escrow” or otherwise “backdoor” encryption schemes—in which third parties like Apple hold a copy of the key—introduce profound vulnerabilities into the system. In other words, if you create a way for someone else to access the data, malicious hackers or others can discover and abuse that access as well. So Apple’s inability to unlock a phone even pursuant to a warrant is a necessary side effect to FDE’s security.
What’s Wrong with A.B. 1681 and Why States Should Stay Out of Encryption
The California bill does not specify how a phone’s data would be decrypted — whether through backdoors or by simply turning FDE off by default.
In either case, the bill could not possibly achieve its goals.
First, and most obvious, it would stop at the California border. Apple could still sell encrypted phones in the rest of the country. California buyers could simply cross into the next state.
Second, even if Apple and Google removed FDE, numerous third-party applications provide the same functionality. These applications are also beyond California’s reach. In fact, over two-thirds of encryption software projects are created at least partially outside the U.S., and many are open-source, meaning they are not controlled by any single entity. Sophisticated criminals would certainly avail themselves of these options.
And finally, if compliance with A.B. 1681 required only turning off default FDE, evading the police would be as simple as flipping the switch after buying a new phone. The boost to law enforcement would be minimal at best.
The costs, however, of this woefully ineffective law would be unacceptably high. Depriving the rest of us of easy-to-use FDE puts the sensitive information we all carry in our pockets at serious risk.
Further, there is very good reason to think A.B. 1681 and similar state bills would be unconstitutional. The Supreme Court has explained that states cannot enact laws that burden interstate commerce when “the burden imposed on such commerce is clearly excessive in relation to the putative local benefits.” In light of the bill’s lopsided cost-benefit tradeoff, it seems unlikely to survive this analysis. Also, to the extent developers would be prohibited from offering FDE as part of their code, the law raises First Amendment concerns. Under the Bernstein case and its progeny, computer code is protected speech, and a government ban on this speech based on its content is subject to First Amendment scrutiny. Once again, it’s hard to see such a law surviving this test.
In sum, while it’s imperative that law enforcement investigates serious crimes, A.B. 1681 is hopelessly flawed. Take action and tell lawmakers not to support this misguided bill.