He said the changes would be made as soon as the bill was heard in committee. He said he wasn’t sure which committee that would be, but thought it might be the Assembly Committee on Privacy and Consumer Protection.
He was following up on an earlier e-mailed statement from Cooper’s Communications Director, Skyler Wonnacott, who wrote to Etopia News saying, “(d) (2) will be removed to eliminate the liability completely from the seller or lessor. Instead the bill will limit liability to the manufacturer of the operating system of the smartphone.”
These manufacturers of operating systems, Sianez said, would, under AB 1681, be prohibited from providing software that generates encrypted data that they cannot make “accessible by law enforcement with a search warrant.”
He said that before Apple released iOS 8, law enforcement could and would ship a smartphone with encrypted data along with the appropriate warrant to Apple and get back the cleartext they had been authorized to access. Since the advent of iOS 8, however, only the end users of devices running that operating system can access their data, not Apple, even with a warrant.
Here’s what Apple says about security on its page touting the virtues of iOS 9:
“Keeping your devices and Apple ID secure is essential to protecting your personal information — like photos, documents, messages, email, and so much more. iOS 9 advances security by strengthening the passcode that protects your devices, and by making it harder for others to get unauthorized access to your Apple ID account. These new security features are easy for you to use. But they make it much harder for anyone else to access your personal information.”
Sianez said that the purpose of AB 1681 was to make Apple “change it back” to the days when data on pre-iOS 8 devices could be retrieved by Apple itself. When told that iOS8-based systems cannot be decrypted by Apple, but only by the end user, warrant or no warrant, he said he wanted to “restore the ability” that Apple phones once had to have their data decrypted by the manufacturer.
He said this was “a public safety issue.” Asked if the bill’s passage would mean that Apple “can’t offer an operating system that leaves control in the hands of the user,” Sianez said that Apple could still sell such devices, but that there would be a financial penalty of $2,500 for each such device they make and sell.
“Nobody goes to jail for this,” he said. “Fined, but no time” served is how he put it.
“We’ve seen and read” that there is opposition to the bill, he added, saying that what was involved with AB 1681 was a national and indeed global issue. “California is the world’s eighth largest economy; we have 38 million people, as well as Apple and Google.” He thought California would therefore be a good place to address this issue.
Asked who would be liable for modified versions of Android capable of “full disk encryption” running on specific OEM devices, Sianez said that if the OEM “changed it to be inaccessible,” then they would be liable.
Despite the inability of the manufacturer of the operating system, be it Google, Apple, or another party, to decrypt data stored under a passcode solely controlled by the user, the legislative director responsible for the bill re-iterated that the goal of the legislation was to make user data “accessible by law enforcement with a search warrant.”