Amended in Assembly August 4, 2014

Amended in Assembly July 1, 2014

Amended in Assembly June 12, 2014

Amended in Assembly June 2, 2014

Amended in Senate May 5, 2014

Amended in Senate April 9, 2014

Amended in Senate March 24, 2014

Senate BillNo. 962

Introduced by Senator Leno

(Coauthors: Senators DeSaulnier, Hancock, Pavley, and Wolk)

(Principal coauthor: Assembly Member Skinner)

February 6, 2014

An act to add Section 22761 to the Business and Professions Code, relating to mobile communications devices.

LEGISLATIVE COUNSEL’S DIGEST

SB 962, as amended, Leno. Smartphones.

Existing law regulates various business activities and practices, including the sale of telephones.

This bill would require that any smartphone, as defined, that is manufactured on or after July 1, 2015, and sold in California after that date, include a technological solution at the time of sale, which may consist of software, hardware, or both software and hardware, that, once initiated and successfully communicated to the smartphone, can render inoperable the essential features, as defined, of the smartphone to an unauthorized user when the smartphone is not in the possession of an authorized user. The bill would require that the technological solution, when enabled, be able to withstand a hard reset, as defined, and prevent reactivation of the smartphone on a wireless network except by an authorized user. The bill would make these requirements inapplicable when the smartphone is resold in California on the secondhand market or is consigned and held as collateral on a loan.begin insert The bill would additionally except from these requirements a smartphone model that was first introduced prior to January 1, 2015, that cannot reasonably be reengineered to support the manufacturer’s or operating system provider’s technological solution, including if the hardware or software cannot support a retroactive update.end insert The bill would authorize an authorized user to affirmatively elect to disable or opt-out of the technological solution at any time. The bill would make the knowing retail sale in violation of the bill’s requirements subject to a civil penalty of not less than $500, nor more than $2,500, for each violation. The bill would limit an enforcement action to collect the civil penalty to being brought by the Attorney General, a district attorney, or city attorney, and would prohibit any private right of action to collect the civil penalty.

begin insert

The bill would prohibit any city, county, or city and county from imposing requirements on manufacturers, operating system providers, wireless carriers, or retailers relating to technological solutions for smartphones.

end insert

Vote: majority. Appropriation: no. Fiscal committee: no. State-mandated local program: no.

The people of the State of California do enact as follows:

P2    1

SECTION 1.  

The Legislature finds and declares all of the
2following:

3(a) According to the Federal Communications Commission,
4smartphone thefts now account for 30 to 40 percent of robberies
5in many major cities across the country. Many of these robberies
6often turn violent with some resulting in the loss of life.

7(b) Consumer Reports projects that 1.6 million Americans were
8victimized for their smartphones in 2012.

9(c) According to the New York Times, 113 smartphones are
10lost or stolen every minute in the United States.

11(d) According to the Office of the District Attorney for the City
12and County of San Francisco, in 2012, more than 50 percent of all
P3    1robberies in San Francisco involved the theft of a mobile
2communications device.

3(e) Thefts of smartphones in Los Angeles increased 12 percent
4in 2012, according to the Los Angeles Police Department.

5(f) According to press reports, the international trafficking of
6stolen smartphones by organized criminal organizations has grown
7exponentially in recent years because of how profitable the trade
8has become.

9(g) In order to be effective, antitheft technological solutions
10need to be ubiquitous, as thieves cannot distinguish between those
11 smartphones that have the solutions enabled and those that do not.
12As a result, the technological solution should be able to withstand
13a hard reset or operating system downgrade, come preequipped,
14and the default setting of the solution shall be to prompt the
15consumer to enable the solution during the initial device setup.
16Consumers should have the option to affirmatively elect to disable
17this protection, but it must be clear to the consumer that the
18function the consumer is electing to disable is intended to prevent
19the unauthorized use of the device.

20

SEC. 2.  

Section 22761 is added to the Business and Professions
21Code, to read:

22

22761.  

(a) For purposes of this section, the following terms
23have the following meanings:

24(1) (A) “Smartphone” means a cellular radio telephone or other
25mobile voice communications handset device that includes all of
26the following features:

27(i) Utilizes a mobile operating system.

28(ii) Possesses the capability to utilize mobile software
29applications, access and browse the Internet, utilize text messaging,
30utilize digital voice service, and send and receive email.

31(iii) Has wireless network connectivity.

32(iv) Is capable of operating on a long-term evolution network
33or successor wireless data network communication standards.

34(B) A “smartphone” does not include a radio cellular telephone
35commonly referred to as a “feature” or “messaging” telephone, a
36laptop, a tablet device, or a device that only has electronic reading
37capability.

38(2) “Essential features” of a smartphone are the ability to use
39the smartphone for voice communications, text messaging, and
40the ability to browse the Internet, including the ability to access
P4    1and use mobile software applications. “Essential features” do not
2include any functionality needed for the operation of the
3technological solution, nor does it include the ability of the
4smartphone to access emergency services by a voice call or text
5to the numerals “911,” the ability of a smartphone to receive
6wireless emergency alerts and warnings, or the ability to call an
7emergency number predesignated by the owner.

8(3) “Hard reset” means the restoration of a smartphone to the
9state it was in when it left the factory through processes commonly
10termed a factory reset or master reset.

11(4) “Sold in California,” or any variation thereof, means that
12the smartphone is sold at retail from a location within the state, or
13the smartphone is sold and shipped to an end-use consumer at an
14address within the state. “Sold in California” does not include a
15smartphone that is resold in the state on the secondhand market or
16that is consigned and held as collateral on a loan.

17(b) (1) begin deleteAny end deletebegin insertExcept as provided in paragraph (3), any end insert
18smartphone that is manufactured on or after July 1, 2015, and sold
19in California after that date, shall include a technological solution
20at the time of sale, to be provided by the manufacturer or operating
21system provider, that, once initiated and successfully
22communicated to the smartphone, can render the essential features
23of the smartphone inoperable to an unauthorized user when the
24smartphone is not in the possession of an authorized user. The
25smartphone shall, during the initial device setup process, prompt
26an authorized user to enable the technological solution. The
27technological solution shall be reversible, so that if an authorized
28user obtains possession of the smartphone after the essential
29features of the smartphone have been rendered inoperable, the
30operation of those essential features can be restored by an
31authorized user. A technological solution may consist of software,
32hardware, or a combination of both software and hardware, and
33when enabled, shall be able to withstand a hard reset or operating
34system downgrade and shall prevent reactivation of the smartphone
35on a wireless network except by an authorized user.

36(2) An authorized user of a smartphone may affirmatively elect
37to disable or opt-out of enabling the technological solution at any
38time. However, the physical acts necessary to disable or opt-out
39of enabling the technological solution may only be performed by
40the authorized user or a person specifically selected by the
P5    1authorized user to disable or opt-out of enabling the technological
2solution.

begin insert

3(3) Any smartphone model that was first introduced prior to
4January 1, 2015, that cannot reasonably be reengineered to
5support the manufacturer’s or operating system provider’s
6 technological solution, including if the hardware or software
7cannot support a retroactive update, is not subject to the
8requirements of this section.

end insert

9(c) The knowing retail sale of a smartphone in California in
10violation of subdivision (b) may be subject to a civil penalty of
11not less than five hundred dollars ($500), nor more than two
12thousand five hundred dollars ($2,500), per smartphone sold in
13California in violation of this section. A suit to enforce this
14subdivision may only be brought by the Attorney General, a district
15attorney, or a city attorney. A failure of the technological solution
16due to hacking or other third-party circumvention may be
17considered a violation for purposes of this subdivision, only if, at
18the time of sale, the seller had received notification from the
19manufacturer or operating system provider that the vulnerability
20cannot be remedied by a software patch or other solution. There
21is no private right of action to enforce this subdivision.

22(d) The retail sale in California of a smartphone shall not result
23in any civil liability to the seller and its employees and agents from
24that retail sale alone if the liability results from or is caused by
25failure of a technological solution required pursuant to this section,
26including any hacking or other third-party circumvention of the
27technological solution, unless at the time of sale the seller had
28received notification from the manufacturer or operating system
29provider that the vulnerability cannot be remedied by a software
30patch or other solution. Nothing in this subdivision precludes a
31suit for civil damages on any other basis outside of the retail sale
32transaction, including, but not limited to, a claim of false
33advertising.

34(e) Any request by a government agency to interrupt
35communications service utilizing a technological solution required
36by this section is subject to Section 7908 of the Public Utilities
37Code.

38(f) Nothing in this section prohibits a network operator, device
39manufacturer, or operating system provider from offering a
40technological solution or other service in addition to the
P6    1technological solution required to be provided by the device
2manufacturer or operating system provider pursuant subdivision
3(b).

4(g) Nothing in this section requires a technological solution that
5is incompatible with, or renders it impossible to comply with,
6obligations under state and federal law and regulation related to
7any of the following:

8(1) The provision of emergency services through the 911 system,
9including text to 911, bounce-back messages, and location accuracy
10requirements.

11(2) Participation in the wireless emergency alert system.

12(3) Participation in state and local emergency alert and public
13safety warning systems.

begin insert

14(h) The Legislature finds and declares that the enactment of a
15uniform policy to deter thefts of smartphones and to protect the
16privacy of smartphone users if their smartphones are involuntarily
17acquired by others is a matter of statewide concern and no city,
18county, or city and county shall impose requirements on
19manufacturers, operating system providers, wireless carriers, or
20retailers relating to technological solutions for smartphones.

end insert

O

    92