Security push could make New York a smartphone-free zone
Have you heard the one about the phone encryption bill in New York that will fine retailers $2,500 for each cell phone they sell that can’t be decrypted?
That set-up is its own punchline. This bill is a terrible idea.
The proposed law has been around since June and is getting another go now that the new legislative session has started, but we’re pretty sure that suggesting the same idiotic thing twice doesn’t magically make it any better. The simple fact that its drafters think that the best targets to ensure law enforcement can issue court orders for phone data are the people who sell them and not the ones who made them uncrackable in the first place only shows how completely misguided this thing is.
The bill, which still treats two weeks ago as some shining point in the distance, proposes that “Any smartphone that is manufactured on or after January first, two thousand sixteen, and sold or leased in New York, shall be capable of being decrypted and unlocked by its manufacturer or its operating-system provider.” While this wording doesn’t force designers at Apple, Samsung, or Google to add backdoors to their codes, it does effectively make every iPhone illegal in the state.
But it doesn’t even do that, explicitly; it just makes it a crime to sell them. And violating the law “shall subject the seller or lessor to a civil penalty of two thousand five hundred dollars for each smartphone sold or leased” if the state can prove that the person doling it out knew full well that the data was locked up tight. It falls to the state’s attorney general and district attorneys to enforce this, but the good news is that they can only drag a retailer to court once for each phone they sell.
We know why this bill targets retailers: That’s the only group it can reach within the Assembly’s jurisdiction. It’s all legislators can realistically do, and it’s a big grasp.
If the assembly passes the law — which it won’t — it could represent a pretty big hit to all cell-phone makers, as retailers would just sooner not sell the devices than face prosecution. But Apple’s iPhones would face the brunt of it, considering that company’s outspoken support and implementation of end-to-end encryption on its devices.
Google faces less fallout, since we already know that everything you type in the company’s Hangouts chat program goes into Google servers. Data is encrypted en route, but once it’s there, Google can grab anything that law enforcement can subpoena.
Again, we don’t expect this law to pass. But it is just another skirmish in the conflict struggling to balance regulators’ love of surveillance with customers privacy.