SB 962, as amended, Leno. Smart phones.
Existing law regulates various business activities and practices, including the sale of telephones.
This bill would require that any smartphone, as defined, that is manufactured on or after July 1, 2015, and sold in California after that date, include a technologicalbegin delete solution,end deletebegin insert solution at the time of sale,end insert which may consist of software, hardware, or both software and hardware, thatbegin insert, once initiated and successfully communicated to the smartphone,end insert can render inoperable the essential features, as defined, of the smartphone to an unauthorized user when the
smartphone is not in the possession ofbegin delete the rightful owner.end deletebegin insert an authorized user.end insert The bill would require that the technological solutionbegin insert, when enabled,end insert be able to withstand a hard reset, as defined, andbegin delete when enabled,end delete prevent reactivation of the smartphone on a wireless network except bybegin delete the rightful owner or his or herend deletebegin insert anend insert authorizedbegin delete designee.end deletebegin insert
user.end insert The bill would make these requirements inapplicable when the smartphone is resold in California on the secondhand market or is consigned and held as collateral on a loan.begin delete The bill would prohibit the sale of a smartphone that is manufactured on or after July 1, 2015, and sold in California after that date, unless, during the initial device set-up process, the smartphone’s default setting is to prompt the user to enable the technological solution.end delete The bill would authorizebegin delete the rightful ownerend deletebegin insert an authorized userend insert tobegin delete affirmatively elect toend deletebegin insert
opt-out of the technological solution during the initial device set-up process and toend insert disable the technological solution atbegin delete anytime.end deletebegin insert any time.end insert The bill would makebegin delete aend deletebegin insert theend insert knowingbegin insert retail sale inend insert violation of the bill’s requirementsbegin delete by a retail entityend delete subject to a civil penalty of not less than $500, nor more than $2,500, for each violation. The bill would limit an enforcement action to being brought by the Attorney
General, a district attorney, or city attorney, and would prohibit any private right of action to enforce the bill’s requirements.
Vote: majority. Appropriation: no. Fiscal committee: no. State-mandated local program: no.
The people of the State of California do enact as follows:
The Legislature finds and declares all of the
2following:
3(a) According to the Federal Communications Commission,
4smartphone thefts now account for 30 to 40 percent of robberies
5in many major cities across the country. Many of these robberies
6often turn violent with some resulting in the loss of life.
7(b) Consumer Reports projects that 1.6 million Americans were
8victimized for their smartphones in 2012.
9(c) According to the New York Times, 113 smartphones are
10lost or stolen every minute in the United States.
11(d) According to the Office of the
District Attorney for the City
12and County of San Francisco, in 2012, more than 50 percent of all
13robberies in San Francisco involved the theft of a mobile
14communications device.
15(e) Thefts of smartphones in Los Angeles increased 12 percent
16in 2012, according to the Los Angeles Police Department.
17(f) According to press reports, the international trafficking of
18stolen smartphones by organized criminal organizations has grown
P3 1exponentially in recent years because of how profitable the trade
2has become.
3(g) In order to be effective, antitheft technological solutions
4need to be ubiquitous, as thieves cannot distinguish between those
5mobile communications devices that have the solutions enabled
6and those that do not. As a result, the technological solution should
7be able to withstand a hard reset or operating system
downgrade,
8come preequipped, and the default setting of the solution shall be
9to prompt thebegin delete userend deletebegin insert consumerend insert to enable the solution during the
10initial device setup. Consumers should have the option to
11affirmatively elect to disable thisbegin delete protection.end deletebegin insert protection, but it must
12be clear to the consumer that the function the consumer is electing
13to disable is intended to prevent the unauthorized use of the device.end insert
Section 22761 is added to the Business and Professions
15Code, to read:
(a) For purposes of this section, the following terms
17have the following meanings:
18(1) (A) “Smartphone” means a cellular radio telephone or other
19mobile voice communications handset device that includes all of
20the following features:
21(i) Utilizes a mobile operating system.
22(ii) Possessesbegin delete advanced computing capability.end deletebegin insert the capability to
23utilize mobile software applications, access and browse the
24Internet, utilize text messaging,
utilize digital voice service, and
25send and receive email.end insert
26(iii) Has wireless network connectivity.
27(iv) Is capable of operating on a long-term evolution network
28begin deleteandend deletebegin insert orend insert successor wireless data network communication standards.
29(B) A smartphone may possess, but is not limited to, the
30following capabilities:
31(i) Built-in mobile software applications.
end delete32(ii) Internet access.
end delete33(iii) Digital voice service.
end delete34(iv) Text messaging.
end delete35(v) The ability to send and receive electronic mail.
end delete36(vi) Internet Web site browsing.
end delete37(C)
end delete
38begin insert(B)end insert A “smartphone” does not includebegin delete a radio cellular telephone a
39commonly referred to as a “feature” or “messaging” telephone,end delete
P4 1laptop, a tablet device, or a device that only has electronic reading
2capability.
3(2) “Essential features” of a smartphonebegin delete includeend deletebegin insert areend insert the ability
4to use the device for voice communicationsbegin insert, text messaging,end insert and
5the ability to browse the Internet, including the ability to
access
6and use mobile software begin deleteapplications commonly known as “apps.”end delete
7begin insert applications.end insert “Essential features”begin delete doesend deletebegin insert doend insert
not include any
8functionality needed for the operation of the technological begin deletesolution.end delete
9begin insert solution, nor does it include the ability of the smartphone to access
10emergency services by a voice call or text to the numerals “911,”
11the ability of a device to receive wireless emergency alerts and
12warnings, or the ability to call an emergency number predesignated
13by the owner.end insert
14(3) “Hard reset” means the restoration of a smartphone to the
15state it was in when it left the factory, and refers to any act of
16returning a smartphone to that state, including processes commonly
17termed a factory reset or master reset.
18(4) “Sold inbegin delete California”end deletebegin insert
California,end insertbegin insert” or any variation thereof,end insert
19 means that the smartphone is sold at retail from a location within
20the state, or the smartphone is sold and shipped to an end-use
21consumer at an address within the state. “Sold in California” does
22not include a smartphone that is resold in the state on the
23secondhand market or that is consigned and held as collateral on
24a loan.
25(b) (1) Any smartphone that is manufactured on or after July
261, 2015, and sold in California after that date, shall include a
27technological begin deletesolution,end deletebegin insert solution at the time of sale,end insert to be provided
28by the manufacturer or operating system
provider, thatbegin insert, once
29initiated and successfully communicated to the smartphone,end insert
can
30render the essential features of the smartphone inoperable to an
31unauthorized user when the smartphone is not in the possession
32ofbegin delete the rightful owner.end deletebegin insert an authorized user. The smartphone shall,
33during the initial device set-up process, prompt an authorized user
34to enable the technological solution.end insert The technological solution
35shall be reversible, so that ifbegin delete the rightful ownerend deletebegin insert an authorized userend insert
36
obtains possession of the smartphone after the essential features
37of the smartphone have been rendered inoperable, the operation
38of those essential features can be restored by begin deletethe rightful owner or begin insert an authorized user.end insert A technological
39his or her authorized designee.end delete
40solution may consist of software, hardware, or a combination of
P5 1both software and hardware,begin delete but shall be able to withstand a hard and when enabled,begin insert shall be able to withstand a hard reset
2reset,end delete
3or operating system downgrade andend insert shall prevent reactivation of
4the smartphone on a wireless network except bybegin delete the rightful owner
5or his or her authorized designee. No smartphone
that is
6manufactured on or after July 1, 2015, may be sold in California
7after that date
unless, during the initial device setup process, the
8smartphone’s default setting is to prompt the user to enable the
9technological solution.end delete
10(2) The “essential features” that are required to be rendered
11inoperable pursuant to this subdivision do not include the ability
12of the smartphone to access emergency services by a voice call or
13text to the numerals
“911,” the ability of a device to receive
14wireless emergency alerts and warnings, and the ability to call an
15emergency number predesignated by the owner.
16(3)
end delete
17begin insert(2)end insert begin deleteThe rightful owner end deletebegin insertAn authorized user end insertof a smartphone may
18begin delete affirmatively elect toend deletebegin insert
opt-out of the technological solution during
19the initial device set-up process and mayend insert disable the technological
20solution atbegin delete anytime.end deletebegin insert
any time.end insert However, the physical acts necessary
21to disable the technological solution may only be performed by
22the end-use consumer or a person specifically selected by the
23end-use consumer to disable the technological solution.
24(c) begin deleteA retail entity that knowingly sells end deletebegin insertThe knowing retail sale
25of end inserta smartphone in California in violation of subdivision (b) may
26be subject to a civil penalty of not less than five hundred dollars
27($500), nor more than two thousand five hundred dollars ($2,500),
28per device sold in California. A suit to enforce this section may
29only be brought by the Attorney General, a district attorney, or a
30city attorney.begin insert A
failure of the technological solution due to hacking
31or other third-party circumvention may be considered a violation
32for purposes of this subdivision, only if, at the time of sale, the
33seller had received notification from the manufacturer or operating
34system provider that the vulnerability cannot be remedied by a
35software patch or other solution.end insert There is no private right of action
36to enforce this section.
37(d) The seller of a smartphone, its employees, and its agents,
38are not liable to any person for civil damages resulting from, or
39
caused by, failure of a technological solution, including any hack
40or other third-party circumvention of the technological solution.
P6 1A failure due to hacking or other third-party circumvention may
2be considered a violation for purposes of subdivision (c), only if,
3at the time of sale, the seller had received notification from the
4manufacturer that the failure existed and that it cannot be remedied
5by a patch or other technological solution.
6(d) The retail sale in California of a smartphone shall not result
7in any civil liability to the seller and its employees and agents from
8that retail sale alone if the liability results from or is caused by
9failure of a technological solution required pursuant to this section,
10including any hacking or other third-party circumvention of the
11technological solution, unless at the time of sale the seller had
12
received notification from the manufacturer or operating system
13provider that the vulnerability cannot be remedied by a software
14patch or other solution. Except as provided in subdivision (c),
15nothing in this subdivision precludes a suit for civil damages on
16any other basis outside of the retail sale transaction, including,
17but not limited to, a claim of false advertising.
18(e) Any request by a government agency to interrupt
19communications service utilizing a technological solution required
20by this section is subject to Section 7908 of the Public Utilities
21Code.
22(f) Nothing in this section prohibits a network operator, device
23manufacturer, or operating system provider from offering a
24technological solution or other service in addition to the
25technological solution required to be provided by the device
26manufacturer or operating system provider pursuant
subdivision
27(b).
28(g) Nothing in this section requires a technological solution that
29is incompatible with, or renders it impossible to comply with,
30obligations under state and federal law and regulation related to
31any of the following:
32(1) The provision of emergency services through the 911 system,
33including text to 911, bounce-back messages, and location accuracy
34requirements.
35(2) Participation in the wireless emergency alert system.
36(3) Participation in state and local emergency alert and public
37safety warning systems.
O
94