AB 1681, as amended, Cooper. Smartphones.
Existing law requires that a smartphone that is manufactured on or after July 1, 2015, and sold in California after that date, include a technological solution at the time of sale, which may consist of software, hardware, or both software and hardware, that, once initiated and successfully communicated to the smartphone, can render inoperable the essential features, as defined, of the smartphone to an unauthorized user when the smartphone is not in the possession of an authorized user.
This bill would require a smartphone that is manufactured on or after January 1, 2017, and sold in California, to be capable of being decrypted and unlocked by its manufacturer or its operating system provider. The billbegin delete would, except as provided, subject a seller or lessorend deletebegin insert
would subject a manufacturer or operating system providerend insert that knowingly failed to comply with that requirement to a civil penalty of $2,500 for each smartphone sold or leased. The bill would prohibit abegin delete seller or lessorend deletebegin insert manufacturer or operating system providerend insert who has paid this civil penalty from passing any portion of the penalty on to purchasers of smartphones. The bill would authorize only the Attorney General or a district attorney to bring a civil suit to enforce these provisions.begin insert This bill would make findings and declarations related to smartphones and criminal activity.end insert
Vote: majority. Appropriation: no. Fiscal committee: yes. State-mandated local program: no.
The people of the State of California do enact as follows:
The Legislature finds and declares all of the
2following:
3(a) Worldwide, human trafficking is a $32 billion per year
4industry.
5(b) After drug trafficking and counterfeiting, human trafficking
6is the world’s most profitable criminal activity.
7(c) Although previously believed to be an international problem,
8current statistics show that human trafficking is increasingly a
9domestic issue.
10(d) According to estimates by the Federal Bureau of
11Investigation (FBI), human trafficking or the commercial sexual
12exploitation of children in the United States currently involves
13over 100,000 children. The San Francisco Bay area, Los Angeles,
14and San Diego metropolitan areas comprise three of the nation’s
1513 areas of “high intensity” child exploitation in this country, as
16described by the FBI.
17(e) Studies have estimated that anywhere from 50 to 80 percent
18of victims of commercial sexual exploitation are, or were formerly,
19involved with the child welfare system.
20(f) Smartphones are increasingly becoming a weapon of choice
21for criminals and criminal organizations involved in human
22trafficking and sexual exploitation of children.
23(g) In 2014, smartphones with full-disk encryption (FDE)
24became available on the market.
25(h) On smartphones with FDE, when a user creates a password,
26that phrase generates a key that is used in combination with a
27hardware key on a chip inside the phone, which blocks access to
28all “data at rest” stored in the device.
29(i) “Data at rest” on a smartphone is data that is parked, stored,
30and no longer in motion, such as
pictures and text messages.
31(j) Only the password holder can unlock the FDE-equipped
32smartphone and provide access to all “data at rest.”
P3 1(k) Before 2014, when smartphones without FDE were used in
2crimes, law enforcement obtained and served a court order on the
3phone manufacturer and was able to have access to “data at rest”
4on the device, to aid in an investigation.
5(l) In order to successfully access “data at rest” on smartphones
6in a criminal investigation, law enforcement must have physical
7possession of the phone.
8(m) Since the introduction of FDE on smartphones in 2014,
9“data at rest” on FDE-equipped smartphones has become virtually
10impossible to access.
11(n) A smartphone belonging to one of the shooters in the County
12of San Bernardino mass shooting, which left 14 people dead and
13many more injured, is equipped with FDE and has prevented law
14enforcement from accessing the phone’s content for evidence.
15(o) Since 2014, FDE in smartphones has created a public safety
16crisis that has armed criminals and criminal organizations with
17a powerful weapon to conduct illicit activities while simultaneously
18providing a shield to conceal crimes and remain out of reach of
19law enforcement.
20(p) Since 2014, FDE in smartphones has rendered court orders
21to access critical evidence on smartphones useless.
22(q) Since 2014, FDE in smartphones has interfered with law
23enforcement human trafficking investigations and prosecutions.
24(r) Smartphones play an essential role in facilitating cases of
25domestic minor sex trafficking. Human traffickers text logistical
26information, such as time, place, pricing, types of services, and
27descriptions of exploited minors using smartphones.
28(s) Human traffickers rely on smartphones to communicate with
29each other, organize, and advertise their
illicit business.
30(t) Technology-facilitated sex trafficking networks rely upon
31anonymity of victims and traffickers in order to operate. Fully
32encrypted smartphones, immune to search warrants, make this
33possible.
34(u) Individuals suspected of crimes are, upon the issuance of a
35court order, subject to search of their homes, vehicles, and even
36their bodies, but not their smartphones that are equipped with
37FDE.
Section 22762 is added to the Business and Professions
40Code, immediately following Section 22761, to read:
(a) For the purposes of this section, the following terms
2have the following meanings:
3(1) “Smartphone” has the same meaning as in Section 22761.
4(2) “Sold in California” has the same meaning as in Section
522761.
6(3) “Leased in California,” or any variation thereof, means that
7the smartphone is contracted for a specified period of time to an
8end-use consumer at an address within the state.
9(b) A smartphone that is manufactured on or after January 1,
102017, and sold or leased in California, shall be capable of being
11decrypted and unlocked by its
manufacturer or its operating system
12provider.
13(c) begin deleteExcept as provided in subdivision (d), a seller or lessor that begin insertA end insertsmartphone manufactured on or
14sells or leases in California a end delete
15after January 1, 2017, that is not capable of being decrypted and
16unlocked by its manufacturer or its operating system provider shall
17begin delete beend delete subjectbegin insert the manufacturer or operating system providerend insert to a civil
18penalty of two thousand five hundred dollars ($2,500) for each
19smartphone sold or leasedbegin insert in Californiaend insert
if thebegin delete seller or lessorend delete
20begin insert manufacturer or operating system providerend insert of the smartphone
21knew at the time of the sale or lease that the smartphone was not
22capable of being decrypted and unlocked bybegin delete itsend deletebegin insert theend insert manufacturer
23or its operating system provider. Abegin delete seller or lessorend deletebegin insert manufacturer
24or operating system providerend insert who pays a civil penalty imposed
25pursuant to this subdivision shall not pass on any portion of that
26penalty to purchasers ofbegin delete smartphones by raising the sales or lease
smartphones.
27price ofend delete
28(d) begin delete(1)end deletebegin delete end deleteThe sale or lease of a smartphone manufactured on or
29after January 1, 2017, that is not capable of being decrypted and
30unlocked by its manufacturer or its operating system provider shall
31not result in liability to the seller orbegin delete lessor if the inability of the
32manufacturer and operating system provider to decrypt and unlock
33the smartphone is the result of actions taken by a person or entity
34other than the manufacturer, the operating system provider, the
35seller, or the lessor and those actions were unauthorized by the
36manufacturer, the operating system provider, the seller, or thelessor.end delete
37begin insert
lessor.end insert
38(2) Paragraph (1) does not apply if at the time of sale or lease,
39the seller or lessor had been notified that the manufacturer and
P5 1operating system provider were unable to decrypt and unlock the
2smartphone due to those unauthorized actions.
3(e) A civil suit to enforce this section may only be brought by
4the Attorney General, for the sale or lease of a smartphone in
5California, or a district attorney for the sale or lease of a
6smartphone in the county represented by the district attorney. A
7begin delete seller or lessorend deletebegin insert
manufacturer or operating system providerend insert shall
8not be subject to more than a single penalty for each sale or lease
9of a smartphone.
CORRECTIONS:
Title--Line 1.
O
Corrected 3-18-16—See last page. 98