Amended in Assembly March 8, 2016

California Legislature—2015–16 Regular Session

Assembly BillNo. 1681


Introduced by Assembly Member Cooper

begin insert

(Coauthor: Assembly Member Gallagher)

end insert
begin insert

(Coauthors: Senators Bates and Hall)

end insert

January 20, 2016


An act to add Section 22762 to the Business and Professions Code, relating to smartphones.

LEGISLATIVE COUNSEL’S DIGEST

AB 1681, as amended, Cooper. Smartphones.

Existing law requires that a smartphone that is manufactured on or after July 1, 2015, and sold in California after that date, include a technological solution at the time of sale, which may consist of software, hardware, or both software and hardware, that, once initiated and successfully communicated to the smartphone, can render inoperable the essential features, as defined, of the smartphone to an unauthorized user when the smartphone is not in the possession of an authorized user.

This bill would require a smartphone that is manufactured on or after January 1, 2017, and sold in California, to be capable of being decrypted and unlocked by its manufacturer or its operating system provider. The billbegin delete would, except as provided, subject a seller or lessorend deletebegin insert would subject a manufacturer or operating system providerend insert that knowingly failed to comply with that requirement to a civil penalty of $2,500 for each smartphone sold or leased. The bill would prohibit abegin delete seller or lessorend deletebegin insert manufacturer or operating system providerend insert who has paid this civil penalty from passing any portion of the penalty on to purchasers of smartphones. The bill would authorize only the Attorney General or a district attorney to bring a civil suit to enforce these provisions.begin insert This bill would make findings and declarations related to smartphones and criminal activity.end insert

Vote: majority. Appropriation: no. Fiscal committee: yes. State-mandated local program: no.

The people of the State of California do enact as follows:

P2    1begin insert

begin insertSECTION 1.end insert  

end insert
begin insert

The Legislature finds and declares all of the
2following:

end insert
begin insert

3(a) Worldwide, human trafficking is a $32 billion per year
4industry.

end insert
begin insert

5(b) After drug trafficking and counterfeiting, human trafficking
6is the world’s most profitable criminal activity.

end insert
begin insert

7(c) Although previously believed to be an international problem,
8current statistics show that human trafficking is increasingly a
9domestic issue.

end insert
begin insert

10(d) According to estimates by the Federal Bureau of
11Investigation (FBI), human trafficking or the commercial sexual
12exploitation of children in the United States currently involves
13over 100,000 children. The San Francisco Bay area, Los Angeles,
14and San Diego metropolitan areas comprise three of the nation’s
1513 areas of “high intensity” child exploitation in this country, as
16described by the FBI.

end insert
begin insert

17(e) Studies have estimated that anywhere from 50 to 80 percent
18of victims of commercial sexual exploitation are, or were formerly,
19involved with the child welfare system.

end insert
begin insert

20(f) Smartphones are increasingly becoming a weapon of choice
21for criminals and criminal organizations involved in human
22trafficking and sexual exploitation of children.

end insert
begin insert

23(g) In 2014, smartphones with full-disk encryption (FDE)
24became available on the market.

end insert
begin insert

25(h) On smartphones with FDE, when a user creates a password,
26that phrase generates a key that is used in combination with a
27hardware key on a chip inside the phone, which blocks access to
28all “data at rest” stored in the device.

end insert
begin insert

29(i) “Data at rest” on a smartphone is data that is parked, stored,
30and no longer in motion, such as pictures and text messages.

end insert
begin insert

31(j) Only the password holder can unlock the FDE-equipped
32smartphone and provide access to all “data at rest.”

end insert
begin insert

P3    1(k) Before 2014, when smartphones without FDE were used in
2crimes, law enforcement obtained and served a court order on the
3phone manufacturer and was able to have access to “data at rest”
4on the device, to aid in an investigation.

end insert
begin insert

5(l) In order to successfully access “data at rest” on smartphones
6in a criminal investigation, law enforcement must have physical
7possession of the phone.

end insert
begin insert

8(m) Since the introduction of FDE on smartphones in 2014,
9“data at rest” on FDE-equipped smartphones has become virtually
10impossible to access.

end insert
begin insert

11(n) A smartphone belonging to one of the shooters in the County
12of San Bernardino mass shooting, which left 14 people dead and
13many more injured, is equipped with FDE and has prevented law
14enforcement from accessing the phone’s content for evidence.

end insert
begin insert

15(o) Since 2014, FDE in smartphones has created a public safety
16crisis that has armed criminals and criminal organizations with
17a powerful weapon to conduct illicit activities while simultaneously
18providing a shield to conceal crimes and remain out of reach of
19law enforcement.

end insert
begin insert

20(p) Since 2014, FDE in smartphones has rendered court orders
21to access critical evidence on smartphones useless.

end insert
begin insert

22(q) Since 2014, FDE in smartphones has interfered with law
23enforcement human trafficking investigations and prosecutions.

end insert
begin insert

24(r) Smartphones play an essential role in facilitating cases of
25domestic minor sex trafficking. Human traffickers text logistical
26information, such as time, place, pricing, types of services, and
27descriptions of exploited minors using smartphones.

end insert
begin insert

28(s) Human traffickers rely on smartphones to communicate with
29each other, organize, and advertise their illicit business.

end insert
begin insert

30(t) Technology-facilitated sex trafficking networks rely upon
31anonymity of victims and traffickers in order to operate. Fully
32encrypted smartphones, immune to search warrants, make this
33possible.

end insert
begin insert

34(u) Individuals suspected of crimes are, upon the issuance of a
35court order, subject to search of their homes, vehicles, and even
36their bodies, but not their smartphones that are equipped with
37FDE.

end insert
38

begin deleteSECTION 1.end delete
39begin insertSEC. 2.end insert  

Section 22762 is added to the Business and Professions
40Code
, immediately following Section 22761, to read:

P4    1

22762.  

(a) For the purposes of this section, the following terms
2have the following meanings:

3(1) “Smartphone” has the same meaning as in Section 22761.

4(2) “Sold in California” has the same meaning as in Section
522761.

6(3) “Leased in California,” or any variation thereof, means that
7the smartphone is contracted for a specified period of time to an
8end-use consumer at an address within the state.

9(b) A smartphone that is manufactured on or after January 1,
102017, and sold or leased in California, shall be capable of being
11decrypted and unlocked by its manufacturer or its operating system
12provider.

13(c) begin deleteExcept as provided in subdivision (d), a seller or lessor that
14sells or leases in California a end delete
begin insertA end insertsmartphone manufactured on or
15after January 1, 2017, that is not capable of being decrypted and
16unlocked by its manufacturer or its operating system provider shall
17begin delete beend delete subjectbegin insert the manufacturer or operating system providerend insert to a civil
18penalty of two thousand five hundred dollars ($2,500) for each
19smartphone sold or leasedbegin insert in Californiaend insert if thebegin delete seller or lessorend delete
20begin insert manufacturer or operating system providerend insert of the smartphone
21knew at the time of the sale or lease that the smartphone was not
22capable of being decrypted and unlocked bybegin delete itsend deletebegin insert theend insert manufacturer
23or its operating system provider. Abegin delete seller or lessorend deletebegin insert manufacturer
24or operating system providerend insert
who pays a civil penalty imposed
25pursuant to this subdivision shall not pass on any portion of that
26penalty to purchasers ofbegin delete smartphones by raising the sales or lease
27price ofend delete
smartphones.

28(d) begin delete(1)end deletebegin deleteend deleteThe sale or lease of a smartphone manufactured on or
29after January 1, 2017, that is not capable of being decrypted and
30unlocked by its manufacturer or its operating system provider shall
31not result in liability to the seller orbegin delete lessor if the inability of the
32manufacturer and operating system provider to decrypt and unlock
33the smartphone is the result of actions taken by a person or entity
34other than the manufacturer, the operating system provider, the
35seller, or the lessor and those actions were unauthorized by the
36manufacturer, the operating system provider, the seller, or thelessor.end delete

37begin insert lessor.end insert

begin delete

38(2) Paragraph (1) does not apply if at the time of sale or lease,
39the seller or lessor had been notified that the manufacturer and
P5    1operating system provider were unable to decrypt and unlock the
2smartphone due to those unauthorized actions.

end delete

3(e) A civil suit to enforce this section may only be brought by
4the Attorney General, for the sale or lease of a smartphone in
5California, or a district attorney for the sale or lease of a
6smartphone in the county represented by the district attorney. A
7begin delete seller or lessorend deletebegin insert manufacturer or operating system providerend insert shall
8not be subject to more than a single penalty for each sale or lease
9of a smartphone.


CORRECTIONS:

Title--Line 1.




O

Corrected 3-18-16—See last page.     98