Amended in Assembly July 1, 2014

Amended in Assembly June 12, 2014

Amended in Assembly June 2, 2014

Amended in Senate May 5, 2014

Amended in Senate April 9, 2014

Amended in Senate March 24, 2014

Senate BillNo. 962


Introduced by Senator Leno

(Coauthors: Senators DeSaulnier, Hancock, Pavley, and Wolk)

(Principal coauthor: Assembly Member Skinner)

February 6, 2014


An act to add Section 22761 to the Business and Professions Code, relating to mobile communications devices.

LEGISLATIVE COUNSEL’S DIGEST

SB 962, as amended, Leno. begin deleteSmart phones. end deletebegin insertSmartphones.end insert

Existing law regulates various business activities and practices, including the sale of telephones.

This bill would require that any smartphone, as defined, that is manufactured on or after July 1, 2015, and sold in California after that date, include a technological solution at the time of sale, which may consist of software, hardware, or both software and hardware, that, once initiated and successfully communicated to the smartphone, can render inoperable the essential features, as defined, of the smartphone to an unauthorized user when the smartphone is not in the possession of an authorized user. The bill would require that the technological solution, when enabled, be able to withstand a hard reset, as defined, and prevent reactivation of the smartphone on a wireless network except by an authorized user. The bill would make these requirements inapplicable when the smartphone is resold in California on the secondhand market or is consigned and held as collateral on a loan. The bill would authorize an authorized user tobegin insert affirmatively elect to disable orend insert opt-out of the technological solutionbegin delete during the initial device set-up process and to disable the technological solutionend delete at any time. The bill would make the knowing retail sale in violation of the bill’s requirements subject to a civil penalty of not less than $500, nor more than $2,500, for each violation. The bill would limit an enforcement actionbegin insert to collect the civil penaltyend insert to being brought by the Attorney General, a district attorney, or city attorney, and would prohibit any private right of action tobegin delete enforce the bill’s requirementsend deletebegin insert collect the civil penaltyend insert.

Vote: majority. Appropriation: no. Fiscal committee: no. State-mandated local program: no.

The people of the State of California do enact as follows:

P2    1

SECTION 1.  

The Legislature finds and declares all of the
2following:

3(a) According to the Federal Communications Commission,
4smartphone thefts now account for 30 to 40 percent of robberies
5in many major cities across the country. Many of these robberies
6often turn violent with some resulting in the loss of life.

7(b) Consumer Reports projects that 1.6 million Americans were
8victimized for their smartphones in 2012.

9(c) According to the New York Times, 113 smartphones are
10lost or stolen every minute in the United States.

11(d) According to the Office of the District Attorney for the City
12and County of San Francisco, in 2012, more than 50 percent of all
13robberies in San Francisco involved the theft of a mobile
14communications device.

15(e) Thefts of smartphones in Los Angeles increased 12 percent
16in 2012, according to the Los Angeles Police Department.

17(f) According to press reports, the international trafficking of
18stolen smartphones by organized criminal organizations has grown
19exponentially in recent years because of how profitable the trade
20has become.

P3    1(g) In order to be effective, antitheft technological solutions
2need to be ubiquitous, as thieves cannot distinguish between those
3begin delete mobile communications devicesend deletebegin insert smartphonesend insert that have the
4solutions enabled and those that do not. As a result, the
5technological solution should be able to withstand a hard reset or
6operating system downgrade, come preequipped, and the default
7setting of the solution shall be to prompt the consumer to enable
8the solution during the initial device setup. Consumers should have
9the option to affirmatively elect to disable this protection, but it
10must be clear to the consumer that the function the consumer is
11electing to disable is intended to prevent the unauthorized use of
12the device.

13

SEC. 2.  

Section 22761 is added to the Business and Professions
14Code
, to read:

15

22761.  

(a) For purposes of this section, the following terms
16have the following meanings:

17(1) (A) “Smartphone” means a cellular radio telephone or other
18mobile voice communications handset device that includes all of
19the following features:

20(i) Utilizes a mobile operating system.

21(ii) Possesses the capability to utilize mobile software
22applications, access and browse the Internet, utilize text messaging,
23utilize digital voice service, and send and receive email.

24(iii) Has wireless network connectivity.

25(iv) Is capable of operating on a long-term evolution network
26or successor wireless data network communication standards.

27(B) A “smartphone” does not includebegin insert a radio cellular telephone
28commonly referred to as a “feature” or “messaging” telephone,end insert

29 a laptop, a tablet device, or a device that only has electronic reading
30capability.

31(2) “Essential features” of a smartphone are the ability to use
32thebegin delete deviceend deletebegin insert smartphoneend insert for voice communications, text messaging,
33and the ability to browse the Internet, including the ability to access
34and use mobile software applications. “Essential features” do not
35include any functionality needed for the operation of the
36technological solution, nor does it include the ability of the
37smartphone to access emergency services by a voice call or text
38to the numerals “911,” the ability of abegin delete deviceend deletebegin insert smartphoneend insert to receive
39wireless emergency alerts and warnings, or the ability to call an
40emergency number predesignated by the owner.

P4    1(3) “Hard reset” means the restoration of a smartphone to the
2state it was in when it left thebegin delete factory, and refers to any act of
3returning a smartphone to that state, includingend delete
begin insert factory throughend insert
4 processes commonly termed a factory reset or master reset.

5(4) “Sold in California,” or any variation thereof, means that
6the smartphone is sold at retail from a location within the state, or
7the smartphone is sold and shipped to an end-use consumer at an
8address within the state. “Sold in California” does not include a
9smartphone that is resold in the state on the secondhand market or
10that is consigned and held as collateral on a loan.

11(b) (1) Any smartphone that is manufactured on or after July
121, 2015, and sold in California after that date, shall include a
13technological solution at the time of sale, to be provided by the
14manufacturer or operating system provider, that, once initiated and
15successfully communicated to the smartphone, can render the
16essential features of the smartphone inoperable to an unauthorized
17user when the smartphone is not in the possession of an authorized
18user. The smartphone shall, during the initial device setup process,
19prompt an authorized user to enable the technological solution.
20The technological solution shall be reversible, so that if an
21authorized user obtains possession of the smartphone after the
22essential features of the smartphone have been rendered inoperable,
23the operation of those essential features can be restored by an
24authorized user. A technological solution may consist of software,
25hardware, or a combination of both software and hardware, and
26when enabled, shall be able to withstand a hard reset or operating
27system downgrade and shall prevent reactivation of the smartphone
28on a wireless network except by an authorized user.

29(2) An authorized user of a smartphone maybegin insert affirmatively elect
30to disable orend insert
opt-out ofbegin insert enablingend insert the technological solutionbegin delete during
31the initial device setup process and may disable the technological
32solutionend delete
at any time. However, the physical acts necessary to
33disablebegin insert or opt-out of enablingend insert the technological solution may only
34be performed by thebegin delete end-use consumerend deletebegin insert authorized userend insert or a person
35specifically selected by thebegin delete end-use consumerend deletebegin insert authorized userend insert to
36disablebegin insert or opt-out of enablingend insert the technological solution.

37(c) The knowing retail sale of a smartphone in California in
38violation of subdivision (b) may be subject to a civil penalty of
39not less than five hundred dollars ($500), nor more than two
40thousand five hundred dollars ($2,500), perbegin delete deviceend deletebegin insert smartphoneend insert
P5    1 sold inbegin delete California.end deletebegin insert California in violation of this section.end insert A suit to
2enforce thisbegin delete sectionend deletebegin insert subdivisionend insert may only be brought by the
3Attorney General, a district attorney, or a city attorney. A failure
4of the technological solution due to hacking or other third-party
5circumvention may be considered a violation for purposes of this
6subdivision, only if, at the time of sale, the seller had received
7notification from the manufacturer or operating system provider
8that the vulnerability cannot be remedied by a software patch or
9other solution. There is no private right of action to enforce this
10begin delete section.end deletebegin insert subdivision.end insert

11(d) The retail sale in California of a smartphone shall not result
12in any civil liability to the seller and its employees and agents from
13that retail sale alone if the liability results from or is caused by
14failure of a technological solution required pursuant to this section,
15including any hacking or other third-party circumvention of the
16technological solution, unless at the time of sale the seller had
17received notification from the manufacturer or operating system
18provider that the vulnerability cannot be remedied by a software
19patch or other solution.begin delete Except as provided in subdivision (c),
20nothingend delete
begin insert Nothingend insert in this subdivision precludes a suit for civil
21damages on any other basis outside of the retail sale transaction,
22including, but not limited to, a claim of false advertising.

23(e) Any request by a government agency to interrupt
24communications service utilizing a technological solution required
25by this section is subject to Section 7908 of the Public Utilities
26Code.

27(f) Nothing in this section prohibits a network operator, device
28manufacturer, or operating system provider from offering a
29technological solution or other service in addition to the
30technological solution required to be provided by the device
31manufacturer or operating system provider pursuant subdivision
32(b).

33(g) Nothing in this section requires a technological solution that
34is incompatible with, or renders it impossible to comply with,
35obligations under state and federal law and regulation related to
36any of the following:

37(1) The provision of emergency services through the 911 system,
38including text to 911, bounce-back messages, and location accuracy
39requirements.

40(2) Participation in the wireless emergency alert system.

P6    1(3) Participation in state and local emergency alert and public
2safety warning systems.



O

    93