California Proposes Smartphone Encryption Ban

Ray Walsh

Ray Walsh

March 17, 2016

A new piece of legislation that has been proposed in the state of California is drawing attention from leading privacy activists. Assembly Bill 1681 is a law that would make it illegal for companies to sell smartphone devices with full disk encryption (like the iPhone causing a hoopla in the San Bernardino case).

The bill was introduced by Assemblymember Jim Cooper back in January and has now come to the attention of Electronic Frontier Foundation (EFF), which has launched a campaign to encourage people to ‘Take action and tell lawmakers not to support this misguided bill’.

The reason that EFF has taken offence to the proposed bill is because of provisions in the bill to stop smartphone manufacturers from selling devices with full disk encryption as a preset feature. Specifying that any smartphone sold in California would have “to be capable of being decrypted and unlocked by its manufacturer or its operating system provider.”

At the moment, both Apple and Google sell smartphones that have full disk encryption enabled on them – meaning that people are secure right out of the box – by just setting a passcode for their phone. Sadly, despite the fact that unencrypted smartphones can be an incredible resource for criminals when stolen, law enforcement is more worried about being able to pry into the contents of phones themselves, rather than in safety measures that protect people.

In 2014, the US Supreme Court recognized that smartphones are ‘the sum of an individual’s private life.’ Who could disagree? Considering the amount of revealing information about bank accounts, online accounts or other private data that can be retrieved from stolen phones by criminals. EFF points out that phones being stolen is no small reason to be in favour of full disk encryption,

‘[In 2014] 10 percent of individuals whose phones were stolen were then victims of further identity or data theft, and 12 percent had fraudulent charges on banking or credit card accounts. And according to Consumer Reports, more than 3 million smartphones were stolen in 2013 in the United States.’

EFF also points out that the law would be largely useless even if enforced because people would still be able to cross the border into other states to purchase full disk encryption, and then simply bring them into California. What it does not mention, however, is the fact that many Californians who are unaware of the importance of phone encryption would just continue to purchase their phones within California.

The digital privacy activists rightly explain that another way that the law could be bypassed would be by installing third-party full disk encryption on to smartphones after they have been purchased; also rendering the law useless. Sadly, however, this too relies on consumers being aware that the software is something they need (and want) to make their phones safe; and not everyone is aware.

Firms like Apple and Google know this, and that is why in recent years full disk encryption was introduced as a standard feature on their smartphone devices. By doing so, those firms bring the safety benefits of encryption to their whole consumer base –  improving those people’s privacy – at times unbeknown to the consumers themselves.

With this in mind, EFF is right to be concerned about any laws in any US states that seek to deny people of the added security of purchasing phones with built-in encryption. Here at, we firmly encourage people to support EFF in their campaign to stop AB1681 being made into law.  We hope to see the general trend for smartphones continue to go in the direction of added safety for consumer privacy and security; a trend that Google and Apple should be applauded for setting, not criticized.

Sadly, focusing on the needs of law enforcement and surveillance agencies is a trend amongst politicians. A recent survey made by tech policy activists at the Free Press Action Fund (FPAF) concludes that of all the candidates currently battling to be the next US president, Bernie Sanders should be the favourite amongst digital privacy enthusiasts.

FPAF analyzed all of the responses during network debates between the presidential candidates. They also studied their websites and attended stump speeches, rallies and other public events to see where the possible future president’s stand on important issues like strong encryption and net neutrality.

Sadly, the organisation found that none of the candidates actively supports strong encryption. Sanders, in fact, was only the best of the bad bunch; only coming in first position because he did oppose PIPA (on the grounds that the internet should not be censored).

Even Sanders (the activists’ favourite) however, has not made any attempt to show public support for strong encryption during the presidential race so far. With many of the candidates revealing a total lack of knowledge on important digital issues. Demonstrative of modern politician’s weakness when it comes to understanding significant new technologies and the consequences they have on the society that they run.

Despite the bad news for US digital privacy enthusiasts when it comes to voting for the next president, this week was not all doom and gloom. Legislation proposed by Tom Wheeler, the chairman of the Federal Communications Commission, would actually be the best privacy law passed in the US since the Snowden’s revelations about government snooping.

That law would put control parameters on how the data that ISPs collect from consumers can be used. Banning them, for example, from selling it on to third parties without the consumer’s express permission.  Gaurav Laroia, an attorney with Free Press explains,

‘Internet providers have to collect some data to provide you Internet service. They need to know the IP address of the sites you’re visiting in order to route that traffic. The rule that the FCC is proposing is going to be on the scope of the use of that data.’

Unfortunately, even though there are the positive connotations behind the law (which is a rare good sign for digital privacy in the US), without knowing exactly how the opt-in process would work it is not easy to judge how effective the law would actually be. If, for example, consent could be granted by merely accepting it in an updated terms of service – then because they are typically accepted without being read – the law would likely achieve very little.

Anybody that wants to join the EFF campaign to help stop Californian lawmakers from making a huge mistake can join their campaign here. Here at, we wish EFF the best of luck in its attempts to prevent the bill from ever getting ratified into law.

Exclusive Offer
Get NordVPN for only