BILL NUMBER: SB 962 AMENDED BILL TEXT AMENDED IN ASSEMBLY AUGUST 4, 2014 AMENDED IN ASSEMBLY JULY 1, 2014 AMENDED IN ASSEMBLY JUNE 12, 2014 AMENDED IN ASSEMBLY JUNE 2, 2014 AMENDED IN SENATE MAY 5, 2014 AMENDED IN SENATE APRIL 9, 2014 AMENDED IN SENATE MARCH 24, 2014 INTRODUCED BY Senator Leno (Principal coauthor: Assembly Member Skinner) (Coauthors: Senators DeSaulnier, Hancock, Pavley, and Wolk) FEBRUARY 6, 2014 An act to add Section 22761 to the Business and Professions Code, relating to mobile communications devices. LEGISLATIVE COUNSEL'S DIGEST SB 962, as amended, Leno. Smartphones. Existing law regulates various business activities and practices, including the sale of telephones. This bill would require that any smartphone, as defined, that is manufactured on or after July 1, 2015, and sold in California after that date, include a technological solution at the time of sale, which may consist of software, hardware, or both software and hardware, that, once initiated and successfully communicated to the smartphone, can render inoperable the essential features, as defined, of the smartphone to an unauthorized user when the smartphone is not in the possession of an authorized user. The bill would require that the technological solution, when enabled, be able to withstand a hard reset, as defined, and prevent reactivation of the smartphone on a wireless network except by an authorized user. The bill would make these requirements inapplicable when the smartphone is resold in California on the secondhand market or is consigned and held as collateral on a loan. The bill would additionally except from these requirements a smartphone model that was first introduced prior to January 1, 2015, that cannot reasonably be reengineered to support the manufacturer's or operating system provider's technological solution, including if the hardware or software cannot support a retroactive update. The bill would authorize an authorized user to affirmatively elect to disable or opt-out of the technological solution at any time. The bill would make the knowing retail sale in violation of the bill's requirements subject to a civil penalty of not less than $500, nor more than $2,500, for each violation. The bill would limit an enforcement action to collect the civil penalty to being brought by the Attorney General, a district attorney, or city attorney, and would prohibit any private right of action to collect the civil penalty. The bill would prohibit any city, county, or city and county from imposing requirements on manufacturers, operating system providers, wireless carriers, or retailers relating to technological solutions for smartphones. Vote: majority. Appropriation: no. Fiscal committee: no. State-mandated local program: no. THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS: SECTION 1. The Legislature finds and declares all of the following: (a) According to the Federal Communications Commission, smartphone thefts now account for 30 to 40 percent of robberies in many major cities across the country. Many of these robberies often turn violent with some resulting in the loss of life. (b) Consumer Reports projects that 1.6 million Americans were victimized for their smartphones in 2012. (c) According to the New York Times, 113 smartphones are lost or stolen every minute in the United States. (d) According to the Office of the District Attorney for the City and County of San Francisco, in 2012, more than 50 percent of all robberies in San Francisco involved the theft of a mobile communications device. (e) Thefts of smartphones in Los Angeles increased 12 percent in 2012, according to the Los Angeles Police Department. (f) According to press reports, the international trafficking of stolen smartphones by organized criminal organizations has grown exponentially in recent years because of how profitable the trade has become. (g) In order to be effective, antitheft technological solutions need to be ubiquitous, as thieves cannot distinguish between those smartphones that have the solutions enabled and those that do not. As a result, the technological solution should be able to withstand a hard reset or operating system downgrade, come preequipped, and the default setting of the solution shall be to prompt the consumer to enable the solution during the initial device setup. Consumers should have the option to affirmatively elect to disable this protection, but it must be clear to the consumer that the function the consumer is electing to disable is intended to prevent the unauthorized use of the device. SEC. 2. Section 22761 is added to the Business and Professions Code, to read: 22761. (a) For purposes of this section, the following terms have the following meanings: (1) (A) "Smartphone" means a cellular radio telephone or other mobile voice communications handset device that includes all of the following features: (i) Utilizes a mobile operating system. (ii) Possesses the capability to utilize mobile software applications, access and browse the Internet, utilize text messaging, utilize digital voice service, and send and receive email. (iii) Has wireless network connectivity. (iv) Is capable of operating on a long-term evolution network or successor wireless data network communication standards. (B) A "smartphone" does not include a radio cellular telephone commonly referred to as a "feature" or "messaging" telephone, a laptop, a tablet device, or a device that only has electronic reading capability. (2) "Essential features" of a smartphone are the ability to use the smartphone for voice communications, text messaging, and the ability to browse the Internet, including the ability to access and use mobile software applications. "Essential features" do not include any functionality needed for the operation of the technological solution, nor does it include the ability of the smartphone to access emergency services by a voice call or text to the numerals "911," the ability of a smartphone to receive wireless emergency alerts and warnings, or the ability to call an emergency number predesignated by the owner. (3) "Hard reset" means the restoration of a smartphone to the state it was in when it left the factory through processes commonly termed a factory reset or master reset. (4) "Sold in California," or any variation thereof, means that the smartphone is sold at retail from a location within the state, or the smartphone is sold and shipped to an end-use consumer at an address within the state. "Sold in California" does not include a smartphone that is resold in the state on the secondhand market or that is consigned and held as collateral on a loan. (b) (1)
AnyExcept as provided in paragraph (3), any smartphone that is manufactured on or after July 1, 2015, and sold in California after that date, shall include a technological solution at the time of sale, to be provided by the manufacturer or operating system provider, that, once initiated and successfully communicated to the smartphone, can render the essential features of the smartphone inoperable to an unauthorized user when the smartphone is not in the possession of an authorized user. The smartphone shall, during the initial device setup process, prompt an authorized user to enable the technological solution. The technological solution shall be reversible, so that if an authorized user obtains possession of the smartphone after the essential features of the smartphone have been rendered inoperable, the operation of those essential features can be restored by an authorized user. A technological solution may consist of software, hardware, or a combination of both software and hardware, and when enabled, shall be able to withstand a hard reset or operating system downgrade and shall prevent reactivation of the smartphone on a wireless network except by an authorized user. (2) An authorized user of a smartphone may affirmatively elect to disable or opt-out of enabling the technological solution at any time. However, the physical acts necessary to disable or opt-out of enabling the technological solution may only be performed by the authorized user or a person specifically selected by the authorized user to disable or opt-out of enabling the technological solution. (3) Any smartphone model that was first introduced prior to January 1, 2015, that cannot reasonably be reengineered to support the manufacturer's or operating system provider's technological solution, including if the hardware or software cannot support a retroactive update, is not subject to the requirements of this section. (c) The knowing retail sale of a smartphone in California in violation of subdivision (b) may be subject to a civil penalty of not less than five hundred dollars ($500), nor more than two thousand five hundred dollars ($2,500), per smartphone sold in California in violation of this section. A suit to enforce this subdivision may only be brought by the Attorney General, a district attorney, or a city attorney. A failure of the technological solution due to hacking or other third-party circumvention may be considered a violation for purposes of this subdivision, only if, at the time of sale, the seller had received notification from the manufacturer or operating system provider that the vulnerability cannot be remedied by a software patch or other solution. There is no private right of action to enforce this subdivision. (d) The retail sale in California of a smartphone shall not result in any civil liability to the seller and its employees and agents from that retail sale alone if the liability results from or is caused by failure of a technological solution required pursuant to this section, including any hacking or other third-party circumvention of the technological solution, unless at the time of sale the seller had received notification from the manufacturer or operating system provider that the vulnerability cannot be remedied by a software patch or other solution. Nothing in this subdivision precludes a suit for civil damages on any other basis outside of the retail sale transaction, including, but not limited to, a claim of false advertising. (e) Any request by a government agency to interrupt communications service utilizing a technological solution required by this section is subject to Section 7908 of the Public Utilities Code. (f) Nothing in this section prohibits a network operator, device manufacturer, or operating system provider from offering a technological solution or other service in addition to the technological solution required to be provided by the device manufacturer or operating system provider pursuant subdivision (b). (g) Nothing in this section requires a technological solution that is incompatible with, or renders it impossible to comply with, obligations under state and federal law and regulation related to any of the following: (1) The provision of emergency services through the 911 system, including text to 911, bounce-back messages, and location accuracy requirements. (2) Participation in the wireless emergency alert system. (3) Participation in state and local emergency alert and public safety warning systems. (h) The Legislature finds and declares that the enactment of a uniform policy to deter thefts of smartphones and to protect the privacy of smartphone users if their smartphones are involuntarily acquired by others is a matter of statewide concern and no city, county, or city and county shall impose requirements on manufacturers, operating system providers, wireless carriers, or retailers relating to technological solutions for smartphones.