BILL ANALYSIS ��
SB 962
Page 1
Date of Hearing: June 17, 2014
ASSEMBLY COMMITTEE ON BUSINESS, PROFESSIONS AND CONSUMER
PROTECTION
Susan A. Bonilla, Chair
SB 962 (Leno) - As Amended: June 12, 2014
SENATE VOTE : 26-8
SUBJECT : Smart phones.
SUMMARY : Requires smartphones manufactured after July 1, 2015
and sold in California to contain a technological solution at
the time of sale that will render the essential features of the
smartphone inoperable when not in the possession of the
authorized user, and also provides a civil penalty for
violations and limits retail liability if the solution is
circumvented. Specifically, this bill :
1)Requires any smartphone manufactured on or after July 1, 2015
and sold in California after that date to include a
technological solution at the time of sale, to be provided by
the manufacturer or operating system provider, that, once
initiated and successfully communicated to the smartphone, can
render the essential features, as defined, of the smartphone
inoperable to an unauthorized user when the smartphone is not
in the possession of an authorized user.
2)Requires the smartphone, during the initial device set-up
process, to prompt an authorized user to enable the
technological solution.
3)Requires the technological solution to be reversible, so that
if an authorized user obtains possession of the smartphone
after the essential features of the smartphone have been
rendered inoperable, the operation of those essential features
can be restored by an authorized user.
4)Provides that the technological solution may consist of
software, hardware, or a combination of both software and
hardware.
5)Requires that the technological solution be able to withstand
a hard reset or operating system downgrade.
�
SB 962
Page 2
6)Requires that the technological solution prevent reactivation
of the smartphone on a wireless network except by an
authorized user.
7)Requires that an authorized user of a smartphone be able to
opt-out of the technological solution during the initial
device set-up process.
8)Requires that the authorized user be able to disable the
technological solution at any time, although the physical acts
necessary to disable it may only be performed by the end-use
consumer or a person specifically selected by the end-use
consumer to disable the technological solution.
9)Provides that the knowing retail sale of a smartphone in
California in violation of these requirements may be subject
to a civil penalty of not less than five hundred dollars
($500), nor more than two thousand five hundred dollars
($2,500), per device sold in California.
10)Requires any suit to enforce these provisions to be brought
by the Attorney General, a district attorney, or a city
attorney.
11)Provides that a failure of the technological solution due to
hacking or other third-party circumvention may be considered a
violation for purposes of the civil penalty if, at the time of
sale, the seller had received notification from the
manufacturer or operating system provider that the
vulnerability cannot be remedied by a software patch or other
solution.
12)Specifies that there is no private right of action to enforce
these provisions.
13)Provides that the retail sale in California of a smartphone
shall not result in any private civil liability to the seller
from that retail sale alone if the liability results from or
is caused by failure of a technological solution, including
any hacking or other third-party circumvention, unless at the
time of sale the seller had received notification from the
manufacturer or operating system provider that the
vulnerability cannot be remedied by a software patch or other
solution.
�
SB 962
Page 3
14)Provides that nothing in these provisions preclude a suit for
civil damages on any other basis outside of the retail sale
transaction, including, but not limited to, a claim of false
advertising.
15)Provides that any request by a government agency to interrupt
communications service utilizing a technological solution
required by these provisions is subject to Section 7908 of the
Public Utilities Code.
16)States that nothing in these provisions prohibit a network
operator, device manufacturer, or operating system provider
from offering a technological solution or other service in
addition to the technological solution required to be provided
by the device manufacturer or operating system provider.
17)States that nothing in these provisions require a
technological solution that is incompatible with, or renders
it impossible to comply with, obligations under state and
federal law and regulation related to any of the following:
a) The provision of emergency services through the 911
system, including text to 911, bounce-back messages, and
location accuracy requirements;
b) Participation in the wireless emergency alert
system; and,
c) Participation in state and local emergency alert and
public safety warning systems.
18)Defines the term "smartphone" to mean "a cellular radio
telephone or other mobile voice communications handset device,
but not a laptop, a tablet device, or a device that only has
electronic reading capability, that includes all of the
following features:
a) Utilizes a mobile operating system;
b) Possesses the capability to utilize mobile software
applications, access and browse the Internet, utilize
text messaging, utilize digital voice service, and send
and receive email;
c) Has wireless network connectivity; and,
�
SB 962
Page 4
d) Is capable of operating on a long-term evolution
network or successor wireless data network communication
standards.
19)Defines the "essential features" of a smartphone to be "the
ability to use the device for voice communications, text
messaging, and the ability to browse the Internet, including
the ability to access and use mobile software applications.
'Essential features' do not include any functionality needed
for the operation of the technological solution, nor does it
include the ability of the smartphone to access emergency
services by a voice call or text to the numerals '911,' the
ability of a device to receive wireless emergency alerts and
warnings, or the ability to call an emergency number
predesignated by the owner."
20)Defines the term "hard reset" to mean "the restoration of a
smartphone to the state it was in when it left the factory,
and refers to any act of returning a smartphone to that state,
including processes commonly termed a factory reset or master
reset."
21)Defines the term "Sold in California," or any variation
thereof, to mean "that the smartphone is sold at retail from a
location within the state, or the smartphone is sold and
shipped to an end-use consumer at an address within the state.
'Sold in California' does not include a smartphone that is
resold in the state on the secondhand market or that is
consigned and held as collateral on a loan."
22)Makes findings and declarations related to the prevalence and
ramifications of smartphone theft in the United States.
EXISTING LAW
1)Provides that petty theft - the stealing, taking, or driving
away with the personal property of another - is a misdemeanor
when the value of the property does not exceed $950 and is
punishable by fines and up to six months in the county jail.
(Penal Code Sections 484, 487, 488, and 490)
2)Requires all providers of wireless and Internet-based
communications services to enable customers to call 911 for
emergency services, and establishes dates for enabling text to
�
SB 962
Page 5
911 and Next Generation 911. (Government Code Sections
53100-53120)
FISCAL EFFECT : None. This bill is keyed non-fiscal by the
Legislative Counsel.
COMMENTS :
1)Purpose of this bill . This bill would require smartphones
manufactured after July 1, 2015 and sold in California to have
an anti-theft technological solution at the time of sale that
will render the essential features of the phone - voice, text,
Internet and mobile apps - inoperable by an unauthorized user.
SB 962 authorizes civil penalties of $500-$2,500 per phone
against retailers for violations, which only public
prosecutors may seek, and provides limited retail liability
protection if the solution fails or is hacked. This bill is
sponsored by the San Francisco District Attorney's Office.
2)Author's statement . The author states that "California is
experiencing an epidemic of smartphone thefts, many of which
turn violent? There are existing, very serious penalties for
theft and robbery in California, however the epidemic nature
of this particular crime is so widespread that enforcement
agencies are overwhelmed. That is why removing the value of a
stolen device on the black market is the most effective way to
deter would be criminals, and this bill will do just that by
requiring that smartphones sold in California come
pre-equipped with theft deterrent technology?"
"We have seen that stolen device databases, while one piece of
an overall prevention strategy, have not been effective on
their own in other countries such as the U.K. The major
pitfalls to relying solely on a U.S. database system are that
American databases have no use when a device is shipped
overseas? With robberies involving mobile communication
devices at an all-time high, California cannot stand-by when a
solution to the problem is readily available."
3)The stolen smartphone problem . According to the sponsor,
recent years have seen a surge in smartphone theft, with such
thefts now accounting for one-third of all robberies in the
United States. Consumer Reports estimates that 3.1 million
Americans were victims of smartphone theft in 2013 - up from
2.1 million victims in 2012.
�
SB 962
Page 6
Here in California, the sponsor reports that smartphone theft
now accounts for 60% of all robberies in San Francisco and up
to 75% of all robberies in Oakland. The City of Los Angeles
has experienced a 26% increase in smartphone thefts since
2011.
Of course, some traditional approaches to slow the growth of
the problem have had some success. For example, a recent
SFBay.com news article from May 13, 2014 reported that the San
Francisco Municipal Transit Agency reported a 30% overall drop
in crime and a 77% decline in smartphone thefts as a result of
simply hiring more police officers to patrol the transit
system - a strategy made possible by a $1 million federal
grant. Unfortunately, this strategy is resource intensive and
may be hard to replicate broadly.
4)The growing black market demand for smartphones. Smartphone
theft has been growing so quickly likely because the robust
black market for stolen phones has made them a highly portable
and profitable commodity. As the author puts it, "it can be
very lucrative to steal a smartphone since they can be wiped
and re-sold quickly for hundreds of dollars. Reports show
that the re-sale of stolen devices is growing ever more
sophisticated, with many devices now being shipped in bulk
overseas and re-sold at even higher premiums, sometimes for
thousands of dollars with the involvement of organized crime."
With demand for stolen phones so high, the author believes that
the best way to reduce the value of stolen devices - and
therefore the incentive to steal them - is to require them to
be equipped with theft-deterrent technology that makes the
phone inoperable or "bricked" if an unauthorized user tries to
use it.
5)Existing anti-theft "technological solutions" . This trend in
thefts has not gone unnoticed among the companies that make
smartphones. Manufacturers and operating system providers
have already put anti-theft technological solutions out into
the market. Some solutions are included with the device, while
others are available as software applications for purchase and
download later.
The telecommunications industry has also taken steps to combat
the problem. According to CTIA - The Wireless Industry, the
�
SB 962
Page 7
industry supports a "Smartphone Anti-Theft Voluntary
Commitment" that requires signatories to agree that all models
of smartphone made for sale in the US after July 1, 2015 must
come with a free, pre-equipped technological solution to
remote wipe a lost phone, render a phone inoperable to an
unauthorized user, prevent reactivation without permission,
and reverse inoperability if recovered. At last count, the
following companies are listed as signatories: Apple, Asurion,
AT&T, Google, HTC America, Huawei Device USA, LG Electronics
MobileComm USA, Motorola Mobility LLC, Microsoft, Nokia,
Samsung Telecommunications America, Sprint, T-Mobile USA, US
Cellular, Verizon Wireless and ZTE USA.
The telecommunications industry has also begun to deploy a
stolen device database in an attempt to prevent stolen
smartphones from being shipped overseas and reactivated.
However, the author and sponsor contend that voluntary measures
place too great a burden on individual consumers to take
action, and that widespread adoption of anti-theft solutions
to the point of ubiquity will be necessary to undercut the
black market by making potential thieves believe that most
stolen phones will be "bricked" and therefore far less
valuable. As a parallel, this is comparable to the theory
behind immunization campaigns to stop a communicable disease,
which can require vaccination rates between 80%-95% in order
to reach a level of "herd immunity" sufficient to stop the
spread of a disease.
6)The operation of this bill in practice . In order to achieve
ubiquity with an anti-theft technological solution, this bill
takes an "opt-out" approach that requires as little action by
the consumer as possible. The technological solution must be
present on the phone at the time of sale; it must become
operational by default during the initial device set-up unless
the user affirmatively opts out; it must function when the
phone is out of the possession of the authorized user; it must
be able to withstand a "hard" or "factory" reset; and it must
prevent reactivation unless by the authorized user. However,
the solution must be reversible by the authorized user, in
case the phone is later recovered. The solution must also
permit the user to disable the solution at any time, in order
to respect the wishes of consumers who may not want the
geolocation tracking that comes with some solutions. It is
also important to note that the bill does not require the
�
SB 962
Page 8
solution to disable certain services required by existing law,
such as access to 911 services, the wireless emergency alert
system or state and local emergency alert and public safety
warning systems.
SB 962 also contains specific provisions for enforcement and
limiting liability for the retail sale of the smartphone. The
bill authorizes a civil penalty of $500 to $2,500 per phone
for knowingly selling a noncompliant smartphone. These
penalties are also available if the technological solution
fails because it was hacked or circumvented by a third party
and the seller had been notified by the manufacturer or
operating system provider that there was a vulnerability which
could not then be remedied (i.e., the seller knew the phone
was compromised at the time of sale and sold it anyway). It
also restricts the right to seek those civil penalties to
public prosecutors only - not private individuals.
This bill also waives civil liability of the retail seller to a
private individual who was damaged by the failure of the
technological solution unless the seller knew of the
vulnerability. It is important to note that these liability
restrictions apply only to the retail transaction itself, as
related actions may still create liability, such as false
advertising.
7)Questions for the Committee . A key question for the Committee
to consider is how easy or difficult it will be for smartphone
providers (manufacturers, operating system providers, wireless
carriers and retailers) to comply with the requirements of
this bill. With an operational date of July 1, 2015, companies
would have only roughly 7-8 months from the potential signing
date of this bill to begin manufacturing compliant phones if
they wish to sell them in California. Manufacturers and
operating system providers that fail to develop and offer a
compliant product within that timeframe will find themselves
shut out of the massive California smartphone market.
As such, the Committee members may wish to inquire of the
individual companies as to which of their products already
being offered, if any, are already SB 962 compliant.
Furthermore, how long will it realistically take them to
reengineer noncompliant models and retool their manufacturing
processes to produce models that will be compliant by the
deadline? And will the length of time required for product
�
SB 962
Page 9
redesign force some companies to reduce their presence in the
California market, and if so, for how long? Such information
may help illuminate the ease or difficulty of the
technological transition demanded by this bill, and provide a
clearer picture of the relative costs and benefits.
8)Technical Amendments. As noted above, this bill contains
multiple provisions relating to legal liability for the retail
sale of phones that are noncompliant or circumvented.
However, the current provisions of this bill restricting the
enforcement of the civil penalty provisions to public
prosecutors contain technical errors that may conflict with a
related provision pertaining to liability for civil damages
that might be pursued by a private individual. The following
amendments would clarify the scope of the explicit restriction
on the private right of action consistent with the author's
stated intent:
Page 5, line 28, replace the word "section" with
"subdivision"
Page 5, line 36, replace the word "section" with
"subdivision"
Page 6, line 14, strike the words "Except as provided in
subdivision (c),"
Page 6, line 15, replace the word "nothing" with "Nothing"
9)Arguments in support . According to the sponsor, the Office of
San Francisco District Attorney George Gasc�n, "this
legislation is an important step towards ending the epidemic
of smartphone theft, thereby ensuring that wireless consumers
are safeguarded from theft and violence. The scope of this
international epidemic is alarming and the need for theft
deterrence features on mobile devices cannot be understated.
The theft of mobile communications devices now accounts for
one third of all robberies in the United States alone, making
it the number one property crime in the country. Consumer
Reports estimates that 1.6 million Americans were victims of
smartphone theft in 2012. News reports indicate that
smartphone theft increased again in 2013 in urban centers
across the country. Similar statistics exist for cities and
countries around the world. This violent wave of theft poses
�
SB 962
Page 10
severe and continual threats to the public while also fueling
the secondhand market. In order to end this surge in crime and
ensure the safety of consumers, it is essential that
government use any and all tools at its disposal.
"Technological solutions able to render stolen devices useless
already exist. Unfortunately, manufacturers and carriers have
been slow to implement these protections in an effective,
widespread manner?Successful passage of Senate Bill 962 will
impress the necessary urgency on the wireless industry to
address this problem immediately."
10)Arguments in opposition . According to a coalition of
opposing companies, "the undersigned companies representing a
broad cross section of California's technology and business
community are very concerned about SB 962?Working with the FCC
and law enforcement, we have taken significant steps to
address the issue of thefts of smartphones through a
multilayered program of databases, technology consumer
education, legislation and international partnerships.
Although well intentioned, your SB 962 (Leno), which would
require all mobile devices sold in California to include a
"kill switch" that renders the device permanently inoperable
if lost or stolen, is not only unnecessary, but will have
negative consequences to consumer security and public safety,
with no proof that it would do more to deter smartphone theft
than the solutions already being advanced by industry.
"Following are major causes of our concern: 1) There have been
and continue to be extensive efforts in collaboration with the
FCC and law enforcement to improve consumer awareness,
technology, existing industry solutions, collaboration among
stakeholders, and enhanced legal tools to help prevent
smartphone thefts and to dry up the aftermarket for stolen
phones; 2) Mandating technology, in this case a preloaded
default-on/opt-out antitheft solution, removes customer
choice, creates an anticompetitive environment, and raises
First Amendment, privacy and safety concerns; 3) Requiring
this to be done on a state by state [basis] will create
significant problems for manufacturers and consumers; 4) There
are many other consumer-friendly options that provide
disincentives for thieves by disabling or deactivating the
phone; and, 5) The bill will have unintended negative
consequences for consumers, public safety and security."
�
SB 962
Page 11
11)Double-referral . This bill is double-referred with the
Assembly Utilities and Commerce Committee, and will be heard
there if this bill is passed by this Committee.
REGISTERED SUPPORT / OPPOSITION :
Support (date of letter)
San Francisco District Attorney George Gasc�n (sponsor)
Hayward Chief of Police Diane Urban (3/19/2014)
London (U.K.) Mayor Boris Johnson (3/23/2014)
Los Angeles City Attorney Michael Feuer (5/2/2014)
Los Angeles County District Attorney Jackie Lacey (6/12/2014)
Los Angeles Mayor Eric Garcetti (4/10/2014)
New York Attorney General Eric Schneiderman (3/23/2014)
Oakland Chief of Police Sean C. Whent (2/18/2014)
Oakland Council President Pro Tem Rebecca Kaplan (3/4/2014)
Oakland Mayor Jean Quan (2/10/2014)
San Diego County District Attorney Bonnie Dumanis (6/13/2014)
Santa Clara County District Attorney Jeffrey Rosen (4/30/2014)
Alameda County District Attorney (3/12/2014)
Associated Students of the University of California (Berkeley)
(2/19/2014)
Association for Los Angeles Deputy Sheriffs (6/9/2014)
Association of Orange County Deputy Sheriffs (4/7/2014)
Bay Area Rapid Transit (BART) Police Department (3/24/2014)
California College and University Police Chiefs Association
(6/9/2014)
California District Attorneys Association (6/2/2014)
California Fraternal Order of Police (6/9/2014)
California Pawnbrokers Association (4/29/2014)
California Police Chiefs Association (6/9/2014)
California State Sheriffs' Association (6/2/2014)
California Transit Association (3/25/2014)
Chief Probation Officers of California (6/2/2014)
City and County of San Francisco (2/14/2014)
City of Berkeley (3/28/2014)
City of Los Angeles (2/14/2014)
City of Oakland (3/4/2014)
City of San Diego (2/14/2014)
City of Santa Ana (2/14/2014)
City of Thousand Oaks (4/10/2014)
Consumer Action (3/27/2014)
Consumer Federation of California (3/20/2014)
�
SB 962
Page 12
Consumers Union (5/22/2014)
Crime Victims United of California (6/5/2014)
League of California Cities (4/25/2014)
Long Beach Police Officers Association (6/9/2014)
Los Angeles County Professional Peace Officers Association
(6/9/2014)
Los Angeles Police Protective League (6/9/2014)
Metropolitan Police Service (London, UK) (3/31/2014)
Neighborhood Crime Prevention Councils of Oakland (2/19/2014)
Riverside Sheriffs Association (6/9/2014)
Sacramento County Deputy Sheriffs Association (6/9/2014)
San Francisco Bay Area Rapid Transit District (BART) (3/4/2014)
San Francisco Bay Area Rapid Transit District Police Department
(3/24/2014)
San Francisco Municipal Transportation Agency (2/26/2014)
San Mateo County Police Chiefs and Sheriffs Association
(6/9/2014)
Santa Ana Police Officers Association (6/9/2014)
Temescal Merchants Association (3/6/2014)
The Utility Reform Network (TURN) (3/12/2014)
Theftpass.com LLC (6/4/2014)
Eight private individuals
Opposition
California Chamber of Commerce (5/8/14 coalition letter)
California Retailers Association (5/8/14 coalition letter)
CTIA - The Wireless Association (5/8/14 coalition letter)
Huawei (confirmed 6/13/2014)
Los Angeles Area Chamber of Commerce (5/8/14 coalition letter)
Motorola (5/8/14 coalition letter)
Nokia (5/8/14 coalition letter)
San Jose Silicon Valley Chamber of Commerce (4/3/2014)
Silicon Valley Leadership Group (5/8/14 coalition letter)
Sprint (5/8/14 coalition letter)
TechAmerica (5/8/14 coalition letter)
TechNet (3/26/2014)
T-Mobile (5/8/14 coalition letter)
Analysis Prepared by : Hank Dempsey & Brandon Bjerke / B.,P. &
C.P. / (916) 319-3301
�
SB 962
Page 13