The New York State Assembly is presently considering a new bill that would require Apple and other smartphone manufacturers to build “back doors” into their devices which would allow them to decrypt data upon request from law enforcement, according to a new report by Onthewire. New York state bill A8093, originally drafted last June, would require that any smartphone manufactured on or after Jan. 1, 2016 that is “sold or leased in New York” must be “capable of being decrypted and unlocked by its manufacturer or its operating system provider.” Should the legislation pass, anybody selling a non-compliant smartphone — that is, one manufactured in 2016 that cannot be unlocked or decrypted — could be subject to a civil penalty of $2,500, and would be prohibited from passing that penalty on in the price of the smartphone.
Introduced by Assemblyman Matthew Titone, the notes on the bill cite the usual threat of criminals or terrorists using encrypted devices, stating that “The safety of the citizenry calls for a legislative solution, and a solution is easily at hand. Enacting this bill would penalize those who would sell smart- phones that are beyond the reach of law enforcement. The fact is that, although the new software may enhance privacy for some users, it severely hampers law enforcement’s ability to aid victims. All of the evidence contained in smartphones and similar devices will be lost to law enforcement, so long as the criminals take the precaution of protecting their devices with passcodes. Of course they will do so. Simply stated, passcode-protected devices render lawful court orders meaningless and encourage criminals to act with impunity.”
Although the bill as it is currently worded requires smartphone manufacturers and operating system providers to build back doors into their own encryption systems, it specifically absolves them of responsibility if data on an iPhone or other smartphone cannot be decrypted due to actions taken by a third-party, provided those actions were “unauthorized” by the manufacturer, operating system provider, seller, or lesser. However, it’s unclear how this would apply to third-party security apps that leverage their own encryption; since Apple “authorizes” these apps for sale on the App Store, it could possibly become Apple’s responsibility to ensure that even these apps had the necessary back doors for accessing data, or be required to ban them from the App Store entirely. The bill still needs to be placed on the floor calendar and then receive discussion and votes in the assembly and the senate.