California defeats bill to force companies to decrypt phone data

The California assemblyman said encryption is "risking our national security," but would nevertheless tweet from his encrypted iPhone.

(Image: file photo)

Finally, some good news.

A California bill that aimed at penalizing companies for making smartphones that can't be cracked with a court order has been defeated. According to one report, members of the California state assembly committee charged with scrutinizing the bill were concerned that the bill would undermine data security, and put undue burden on tech companies in the state.

NATIONAL SECURITY

As the Snowden leaks began, there was "fear and panic" in Congress

Just a few minutes after the first NSA leak was published, the phones of US lawmakers began to buzz, hours before most of America would find out over their morning coffee.

Read More

The bill was rejected without a vote.

Assembly member Jim Cooper (D-9th) introduced the bill in January, which originally required every smartphone sold in the state to have the ability to be decrypted at its point of sale. It was later amended to force companies to unlock the phones they make at any time after sale, or face heavy fines.

Critics argued the bill would be ineffective and impossible to enforce.

"The bill, both before and after it was amended, posed a serious threat to smartphone security," said Rainey Reitman, an activism director at the Electronic Frontier Foundation, in a blog post. "It would have forced companies to dedicate resources to finding ways to defeat their own encryption or insert backdoors to facilitate decryption."

The bill would take aim at iPhones, which since iOS 8 have come with full-disk encryption. Not even Apple can unlock modern phones, pushing it out of the surveillance loop.

Cooper argued that full-disk encryption was "risking our national security and the safety of our kids," but yet he would regularly tweet from his iPhone.

But where one bill fails, another rises -- from a California senator, no less.

A similar bill, which would federalize the anti-encryption battle across all 50 states, would compel phone manufacturers and software developers to allow the government access to encrypted data with a court order.

Critics argue that this would be in effect a ban on strong encryption because companies would have to build a backdoor for law enforcement, or use weaker encryption in their products.

The bill is currently in draft, and is expected to go into committee in the coming days.