BILL ANALYSIS ��
SB 962
Page 1
SENATE THIRD READING
SB 962 (Leno)
As Amended July 1, 2014
Majority vote
SENATE VOTE :26-8
BUSINESS & PROFESSIONS 11-3 UTILITIES & COMMERCE 9-5
-----------------------------------------------------------------
|Ayes:|Bonilla, Bocanegra, |Ayes:|Bonilla, Buchanan, Fong, |
| |Campos, Dickinson, | |Garcia, Roger Hern�ndez, |
| |Eggman, Gordon, Holden, | |Mullin, Quirk, Rendon, |
| |Maienschein, Mullin, | |Skinner |
| |Skinner, Ting | | |
| | | | |
|-----+--------------------------+-----+--------------------------|
|Nays:|Jones, Hagman, Wilk |Nays:|Patterson, Ch�vez, Dahle, |
| | | | |
| | | |Beth Gaines, Jones |
| | | | |
-----------------------------------------------------------------
SUMMARY : Requires smartphones manufactured after July 1, 2015,
and sold in California to contain a technological solution at
the time of sale that will render the essential features of the
smartphone inoperable when not in the possession of the
authorized user, and also provides a civil penalty for
violations and limits retail liability if the solution is
circumvented. Specifically, this bill :
1)Requires any smartphone manufactured on or after July 1, 2015,
and sold in California after that date to include a
technological solution at the time of sale, to be provided by
the manufacturer or operating system provider, that, once
initiated and successfully communicated to the smartphone, can
render the essential features, as defined, of the smartphone
inoperable to an unauthorized user when the smartphone is not
in the possession of an authorized user.
2)Requires the smartphone, during the initial device set-up
process, to prompt an authorized user to enable the
technological solution.
3)Requires the technological solution to be reversible, so that
�
SB 962
Page 2
if an authorized user obtains possession of the smartphone
after the essential features of the smartphone have been
rendered inoperable, the operation of those essential features
can be restored by an authorized user.
4)Provides that the technological solution may consist of
software, hardware, or a combination of both software and
hardware.
5)Requires that the technological solution be able to withstand
a hard reset or operating system downgrade.
6)Requires that the technological solution prevent reactivation
of the smartphone on a wireless network except by an
authorized user.
7)Requires that an authorized user of a smartphone be able to
affirmatively elect to disable or opt-out of enabling the
technological solution at any time.
8)Requires that the physical acts necessary to disable or
opt-out of enabling the technological solution may only be
performed by the authorized user or a person specifically
selected by the authorized user to disable or opt out of
enabling the technological solution.
9)Provides that the knowing retail sale of a smartphone in
California in violation of these requirements may be subject
to a civil penalty of not less than $500, nor more than
$2,500, per smartphone sold in California in violation of
these provisions.
10)Requires any suit to impose a civil penalty to be brought by
the Attorney General, a district attorney, or a city attorney.
11)Provides that a failure of the technological solution due to
hacking or other third-party circumvention may be considered a
violation for purposes of the civil penalty if, at the time of
sale, the seller had received notification from the
manufacturer or operating system provider that the
vulnerability cannot be remedied by a software patch or other
solution.
12)Specifies that there is no private right of action to enforce
�
SB 962
Page 3
these provisions.
13)Provides that the retail sale in California of a smartphone
shall not result in any private civil liability to the seller
from that retail sale alone if the liability results from or
is caused by failure of a technological solution, including
any hacking or other third-party circumvention, unless at the
time of sale the seller had received notification from the
manufacturer or operating system provider that the
vulnerability cannot be remedied by a software patch or other
solution.
14)Provides that nothing in these provisions preclude a suit for
civil damages on any other basis outside of the retail sale
transaction, including, but not limited to, a claim of false
advertising.
15)Provides that any request by a government agency to interrupt
communications service utilizing a technological solution
required by these provisions is subject to Public Utilities
Code Section 7908.
16)States that nothing in these provisions prohibit a network
operator, device manufacturer, or operating system provider
from offering a technological solution or other service in
addition to the technological solution required to be provided
by the device manufacturer or operating system provider.
17)States that nothing in these provisions require a
technological solution that is incompatible with, or renders
it impossible to comply with, obligations under state and
federal law and regulation related to any of the following:
a) The provision of emergency services through the 911
system, including text to 911, bounce-back messages, and
location accuracy requirements;
b) Participation in the wireless emergency alert system;
and,
c) Participation in state and local emergency alert and
public safety warning systems.
18)Defines the term "smartphone" to mean a cellular radio
�
SB 962
Page 4
telephone or other mobile voice communications handset device
(but not a radio cellular telephone commonly referred to as a
"feature" or "messaging" telephone, laptop, a tablet device,
or a device that only has electronic reading capability), that
includes all of the following features:
a) Utilizes a mobile operating system;
b) Possesses the capability to utilize mobile software
applications, access and browse the Internet, utilize text
messaging, utilize digital voice service, and send and
receive email;
c) Has wireless network connectivity; and,
d) Is capable of operating on a long-term evolution network
or successor wireless data network communication standards.
19)Defines the "essential features" of a smartphone to be "the
ability to use the smartphone for voice communications, text
messaging, and the ability to browse the Internet, including
the ability to access and use mobile software applications.
'Essential features' do not include any functionality needed
for the operation of the technological solution, nor does it
include the ability of the smartphone to access emergency
services by a voice call or text to the numerals '911,' the
ability of a smartphone to receive wireless emergency alerts
and warnings, or the ability to call an emergency number
predesignated by the owner."
20)Defines the term "hard reset" to mean "the restoration of a
smartphone to the state it was in when it left the factory
through processes commonly termed a factory reset or master
reset."
21)Defines the term "Sold in California," or any variation
thereof, to mean "that the smartphone is sold at retail from a
location within the state, or the smartphone is sold and
shipped to an end-use consumer at an address within the state.
'Sold in California' does not include a smartphone that is
resold in the state on the secondhand market or that is
consigned and held as collateral on a loan."
22)Makes findings and declarations related to the prevalence and
�
SB 962
Page 5
ramifications of smartphone theft in the United States.
FISCAL EFFECT : None. This bill is keyed non-fiscal by the
Legislative Counsel.
COMMENTS :
1)Purpose of this bill. This bill would require smartphones
manufactured after July 1, 2015, and sold in California to
have an anti-theft technological solution at the time of sale
that will render the essential features of the phone - voice,
text, Internet and mobile apps - inoperable by an unauthorized
user. This bill authorizes civil penalties of $500 to $2,500
per phone against retailers for violations, which only public
prosecutors may seek, and provides limited retail liability
protection from private parties if the solution fails or is
hacked. This bill is sponsored by the San Francisco District
Attorney's Office.
2)Author's statement. The author states that "California is
experiencing an epidemic of smartphone thefts, many of which
turn violent? There are existing, very serious penalties for
theft and robbery in California, however the epidemic nature
of this particular crime is so widespread that enforcement
agencies are overwhelmed. That is why removing the value of a
stolen device on the black market is the most effective way to
deter would be criminals, and this bill will do just that by
requiring that smartphones sold in California come
pre-equipped with theft deterrent technology?
"We have seen that stolen device databases, while one piece of
an overall prevention strategy, have not been effective on
their own in other countries such as the U.K. [United
Kingdom]. The major pitfalls to relying solely on a U.S.
[United States] database system are that American databases
have no use when a device is shipped overseas? With robberies
involving mobile communication devices at an all-time high,
California cannot stand-by when a solution to the problem is
readily available."
3)The stolen smartphone problem. According to the sponsor,
recent years have seen a surge in smartphone theft, with such
thefts now accounting for one-third of all robberies in the
United States. Consumer Reports estimates that 3.1 million
�
SB 962
Page 6
Americans were victims of smartphone theft in 2013 - up from
2.1 million victims in 2012.
Here in California, the sponsor reports that smartphone theft
now accounts for 60% of all robberies in San Francisco and up
to 75% of all robberies in Oakland. The City of Los Angeles
has experienced a 26% increase in smartphone thefts since
2011.
Of course, traditional approaches to slow the growth of the
problem have had some success. For example, a recent
SFBay.com news article from May 13, 2014, reported that the
San Francisco Municipal Transit Agency reported a 30% overall
drop in crime and a 77% decline in smartphone thefts as a
result of simply hiring more police officers to patrol the
transit system - a strategy made possible by a $1 million
federal grant. Unfortunately, this strategy is resource
intensive and may be hard to replicate broadly.
4)The growing black market demand for smartphones. The growth
in smartphone theft is likely due to the robust black market
for stolen phones, which has made them a highly portable and
profitable commodity. As the author puts it, "It can be very
lucrative to steal a smartphone since they can be wiped and
re-sold quickly for hundreds of dollars. Reports show that
the re-sale of stolen devices is growing ever more
sophisticated, with many devices now being shipped in bulk
overseas and re-sold at even higher premiums, sometimes for
thousands of dollars with the involvement of organized crime."
With demand for stolen phones so high, the author believes that
the best way to reduce the value of stolen devices - and
therefore the incentive to steal them - is to require them to
be equipped with theft-deterrent technology that makes the
phone inoperable or "bricked" if an unauthorized user tries to
use it.
5)Existing anti-theft "technological solutions." This trend in
thefts has not gone unnoticed among the companies that make
smartphones. Manufacturers and operating system providers
have already put anti-theft technological solutions out into
the market. Some solutions are included with the device,
while others are available as software applications for
purchase and download later.
�
SB 962
Page 7
The telecommunications industry has also taken steps to combat
the problem. According to CTIA - The Wireless Association,
the industry supports a "Smartphone Anti-Theft Voluntary
Commitment" that requires signatories to agree that all models
of smartphone made for sale in the United States after July 1,
2015, must come with a free, pre-equipped technological
solution to remote wipe a lost phone, render a phone
inoperable to an unauthorized user, prevent reactivation
without permission, and reverse inoperability if recovered.
The telecommunications industry has also begun to deploy a
stolen device database in an attempt to prevent stolen
smartphones from being shipped overseas and reactivated.
However, the author and sponsor contend that voluntary measures
place too great a burden on individual consumers to take
action, and that widespread adoption of anti-theft solutions
to the point of ubiquity will be necessary to undercut the
black market by making potential thieves believe that most
stolen phones will be "bricked" and therefore far less
valuable.
6)The operation of this bill in practice. In order to achieve
ubiquity with an anti-theft technological solution, this bill
takes an "opt-out" approach that is intended to require as
little action by the consumer as possible. The technological
solution must be present on the phone at the time of sale; it
must become operational by default during the initial device
set-up unless the user affirmatively opts out; it must
function when the phone is out of the possession of the
authorized user; it must be able to withstand a "hard" or
"factory" reset; and it must prevent reactivation unless by
the authorized user. However, the solution must be reversible
by the authorized user, in case the phone is later recovered.
The solution must also permit the user to disable the solution
at any time, in order to respect the wishes of consumers who
may not want the geolocation tracking that comes with some
solutions. It is also important to note that the bill does
not require the solution to disable certain services required
by existing law, such as access to 911 services, the wireless
emergency alert system or state and local emergency alert and
public safety warning systems.
This bill also contains specific provisions for enforcement and
�
SB 962
Page 8
limiting liability for the retail sale of the smartphone.
This bill authorizes a civil penalty of $500 to $2,500 per
violation for knowingly selling a noncompliant smartphone.
These penalties are also available if the technological
solution fails because it was hacked or circumvented by a
third party and the seller had been notified by the
manufacturer or operating system provider that there was a
vulnerability which could not then be remedied (i.e., the
seller knew the phone was compromised at the time of sale and
sold it anyway). This bill restricts the right to seek those
civil penalties to public prosecutors only - not private
individuals.
This bill also waives civil liability of the retail seller to a
private individual who was damaged by the failure of the
technological solution unless the seller knew of the
vulnerability. It is important to note that these liability
restrictions apply only to the retail transaction itself, as
related claims for harm may not be protected, such as those
arising from false advertising.
Analysis Prepared by : Hank Dempsey / B., P. & C.P. / (916)
319-3301
FN: 0004220