BILL NUMBER: SB 962 AMENDED
BILL TEXT
AMENDED IN ASSEMBLY JUNE 12, 2014
AMENDED IN ASSEMBLY JUNE 2, 2014
AMENDED IN SENATE MAY 5, 2014
AMENDED IN SENATE APRIL 9, 2014
AMENDED IN SENATE MARCH 24, 2014
INTRODUCED BY Senator Leno
(Principal coauthor: Assembly Member Skinner)
(Coauthors: Senators DeSaulnier, Hancock, Pavley, and
Wolk)
FEBRUARY 6, 2014
An act to add Section 22761 to the Business and Professions Code,
relating to mobile communications devices.
LEGISLATIVE COUNSEL'S DIGEST
SB 962, as amended, Leno. Smart phones.
Existing law regulates various business activities and practices,
including the sale of telephones.
This bill would require that any smartphone, as defined, that is
manufactured on or after July 1, 2015, and sold in California after
that date, include a technological solution,
solution at the time of sale, which may consist of software,
hardware, or both software and hardware, that , once initiated
and successfully communicated to the smartphone, can render
inoperable the essential features, as defined, of the smartphone to
an unauthorized user when the smartphone is not in the possession of
the rightful owner. an authorized user.
The bill would require that the technological solution , when
enabled, be able to withstand a hard reset, as defined, and
when enabled, prevent reactivation of the
smartphone on a wireless network except by the rightful
owner or his or her an authorized
designee. user. The bill would make these
requirements inapplicable when the smartphone is resold in California
on the secondhand market or is consigned and held as collateral on a
loan. The bill would prohibit the sale of a smartphone that
is manufactured on or after July 1, 2015, and sold in California
after that date, unless, during the initial device set-up process,
the smartphone's default setting is to prompt the user to enable the
technological solution. The bill would authorize
the rightful owner an authorized user to
affirmatively elect to opt-out of the
technological solution during the initial device set-up process and
to disable the technological solution at anytime.
any time. The bill would make a
the knowing retail sale in violation
of the bill's requirements by a retail entity
subject to a civil penalty of not less than $500, nor more than
$2,500, for each violation. The bill would limit an enforcement
action to being brought by the Attorney General, a district attorney,
or city attorney, and would prohibit any private right of action to
enforce the bill's requirements.
Vote: majority. Appropriation: no. Fiscal committee: no.
State-mandated local program: no.
THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS:
SECTION 1. The Legislature finds and declares all of the
following:
(a) According to the Federal Communications Commission, smartphone
thefts now account for 30 to 40 percent of robberies in many major
cities across the country. Many of these robberies often turn violent
with some resulting in the loss of life.
(b) Consumer Reports projects that 1.6 million Americans were
victimized for their smartphones in 2012.
(c) According to the New York Times, 113 smartphones are lost or
stolen every minute in the United States.
(d) According to the Office of the District Attorney for the City
and County of San Francisco, in 2012, more than 50 percent of all
robberies in San Francisco involved the theft of a mobile
communications device.
(e) Thefts of smartphones in Los Angeles increased 12 percent in
2012, according to the Los Angeles Police Department.
(f) According to press reports, the international trafficking of
stolen smartphones by organized criminal organizations has grown
exponentially in recent years because of how profitable the trade has
become.
(g) In order to be effective, antitheft technological solutions
need to be ubiquitous, as thieves cannot distinguish between those
mobile communications devices that have the solutions enabled and
those that do not. As a result, the technological solution should be
able to withstand a hard reset or operating system downgrade, come
preequipped, and the default setting of the solution shall be to
prompt the user consumer to enable the
solution during the initial device setup. Consumers should have the
option to affirmatively elect to disable this protection.
protection, but it must be clear to the consumer that
the function the consumer is electing to disable is intended to
prevent the unauthorized use of the device.
SEC. 2. Section 22761 is added to the Business and Professions
Code, to read:
22761. (a) For purposes of this section, the following terms have
the following meanings:
(1) (A) "Smartphone" means a cellular radio telephone or other
mobile voice communications handset device that includes all of the
following features:
(i) Utilizes a mobile operating system.
(ii) Possesses advanced computing capability.
the capability to utilize mobile software applications, access
and browse the Internet, utilize text messaging, utilize
digital voice service, and send and receive email.
(iii) Has wireless network connectivity.
(iv) Is capable of operating on a long-term evolution network
and or successor wireless data network
communication standards.
(B) A smartphone may possess, but is not limited to, the following
capabilities:
(i) Built-in mobile software applications.
(ii) Internet access.
(iii) Digital voice service.
(iv) Text messaging.
(v) The ability to send and receive electronic mail.
(vi) Internet Web site browsing.
(C)
(B) A "smartphone" does not include a radio
cellular telephone commonly referred to as a "feature" or "messaging"
telephone, a laptop, a tablet device, or a device that
only has electronic reading capability.
(2) "Essential features" of a smartphone include
are the ability to use the device for voice
communications , text messaging, and the ability to browse
the Internet, including the ability to access and use mobile
software applications commonly known as "apps."
applications. "Essential features" does
do not include any functionality needed for the operation
of the technological solution. solution, nor
does it include the ability of the smartphone to access emergency
services by a voice call or text to the numerals "911," the ability
of a device to receive wireless emergency alerts and warnings, or the
ability to call an emergency number predesignated by the owner.
(3) "Hard reset" means the restoration of a smartphone to the
state it was in when it left the factory, and refers to any act of
returning a smartphone to that state, including processes commonly
termed a factory reset or master reset.
(4) "Sold in California" California,
" or any variation thereof, means that the smartphone is
sold at retail from a location within the state, or the smartphone is
sold and shipped to an end-use consumer at an address within the
state. "Sold in California" does not include a smartphone that is
resold in the state on the secondhand market or that is consigned and
held as collateral on a loan.
(b) (1) Any smartphone that is manufactured on or after July 1,
2015, and sold in California after that date, shall include a
technological solution, solution at the time
of sale, to be provided by the manufacturer or operating system
provider, that , once initiated and successfully communicated
to the smartphone, can render the essential features of the
smartphone inoperable to an unauthorized user when the smartphone is
not in the possession of the rightful owner.
an authorized user. The smartphone shall, during the initial device
set-up process, prompt an authorized user to enable the technological
solution. The technological solution shall be reversible, so
that if the rightful owner an authorized user
obtains possession of the smartphone after the essential
features of the smartphone have been rendered inoperable, the
operation of those essential features can be restored by the
rightful owner or his or her authorized designee. an
authorized user. A technological solution may consist of
software, hardware, or a combination of both software and hardware,
but shall be able to withstand a hard reset, and
when enabled, shall be able to withstand a hard reset or
operating system downgrade and shall prevent reactivation of
the smartphone on a wireless network except by the rightful
owner or his or her authorized designee. No smartphone that is
manufactured on or after July 1, 2015, may be sold in California
after that date unless, during the initial device setup process, the
smartphone's default setting is to prompt the user to enable the
technological solution. an authorized user.
(2) The "essential features" that are required to be rendered
inoperable pursuant to this subdivision do not include the ability of
the smartphone to access emergency services by a voice call or text
to the numerals "911," the ability of a device to receive wireless
emergency alerts and warnings, and the ability to call an emergency
number predesignated by the owner.
(3)
(2) The rightful owner An
authorized user of a smartphone may affirmatively
elect to opt-out of the technological solution during
the initial device set-up process and may disable the
technological solution at anytime. any time.
However, the physical acts necessary to disable the
technological solution may only be performed by the end-use consumer
or a person specifically selected by the end-use consumer to disable
the technological solution.
(c) A retail entity that knowingly sells
The knowing retail sale of a smartphone in California in
violation of subdivision (b) may be subject to a civil penalty of not
less than five hundred dollars ($500), nor more than two thousand
five hundred dollars ($2,500), per device sold in California. A suit
to enforce this section may only be brought by the Attorney General,
a district attorney, or a city attorney. A f
ailure of the technological solution due to hacking or other
third-party circumvention may be considered a violation for purposes
of this subdivision, only if, at the time of sale, the seller had
received notification from the manufacturer or operating system
provider that the vulnerability cannot be remedied by a software
patch or other solution. There is no private right of action to
enforce this section.
(d) The seller of a smartphone, its employees, and its agents, are
not liable to any person for civil damages resulting from, or caused
by, failure of a technological solution, including any hack or other
third-party circumvention of the technological solution. A failure
due to hacking or other third-party circumvention may be considered a
violation for purposes of subdivision (c), only if, at the time of
sale, the seller had received notification from the manufacturer that
the failure existed and that it cannot be remedied by a patch or
other technological solution.
(d) The retail sale in California of a smartphone shall not result
in any civil liability to the seller and its employees and agents
from that retail sale alone if the liability results from or is
caused by failure of a technological solution required pursuant to
this section, including any hacking or other third-party
circumvention of the technological solution, unless at the time of
sale the seller had received notification from the manufacturer or
operating system provider that the vulnerability cannot be remedied
by a software patch or other solution. Except as provided in
subdivision (c), nothing in this subdivision precludes a suit for
civil damages on any other basis outside of the retail sale
transaction, including, but not limited to, a claim of false
advertising.
(e) Any request by a government agency to interrupt communications
service utilizing a technological solution required by this section
is subject to Section 7908 of the Public Utilities Code.
(f) Nothing in this section prohibits a network operator, device
manufacturer, or operating system provider from offering a
technological solution or other service in addition to the
technological solution required to be provided by the device
manufacturer or operating system provider pursuant subdivision (b).
(g) Nothing in this section requires a technological solution that
is incompatible with, or renders it impossible to comply with,
obligations under state and federal law and regulation related to any
of the following:
(1) The provision of emergency services through the 911 system,
including text to 911, bounce-back messages, and location accuracy
requirements.
(2) Participation in the wireless emergency alert system.
(3) Participation in state and local emergency alert and public
safety warning systems.