BILL NUMBER: AB 1681AMENDED BILL TEXT AMENDED IN ASSEMBLY MARCH 8, 2016 INTRODUCED BY Assembly Member Cooper ( Coauthor: Assembly Member Gallagher ) ( Coauthors: Senators Bates and Hall ) JANUARY 20, 2016 An act to add Section 22762 to the Business and Profession Code, relating to smartphones. LEGISLATIVE COUNSEL'S DIGEST AB 1681, as amended, Cooper. Smartphones. Existing law requires that a smartphone that is manufactured on or after July 1, 2015, and sold in California after that date, include a technological solution at the time of sale, which may consist of software, hardware, or both software and hardware, that, once initiated and successfully communicated to the smartphone, can render inoperable the essential features, as defined, of the smartphone to an unauthorized user when the smartphone is not in the possession of an authorized user. This bill would require a smartphone that is manufactured on or after January 1, 2017, and sold in California, to be capable of being decrypted and unlocked by its manufacturer or its operating system provider. The billwould, except as provided, subject a seller or lessorwould subject a manufacturer or operating system provider that knowingly failed to comply with that requirement to a civil penalty of $2,500 for each smartphone sold or leased. The bill would prohibit aseller or lessormanufacturer or operating system provider who has paid this civil penalty from passing any portion of the penalty on to purchasers of smartphones. The bill would authorize only the Attorney General or a district attorney to bring a civil suit to enforce these provisions. This bill would make findings and declarations related to smartphones and criminal activity. Vote: majority. Appropriation: no. Fiscal committee: yes. State-mandated local program: no. THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS: SECTION 1. The Legislature finds and declares all of the following: (a) Worldwide, human trafficking is a $32 billion per year industry. (b) After drug trafficking and counterfeiting, human trafficking is the world's most profitable criminal activity. (c) Although previously believed to be an international problem, current statistics show that human trafficking is increasingly a domestic issue. (d) According to estimates by the Federal Bureau of Investigation (FBI), human trafficking or the commercial sexual exploitation of children in the United States currently involves over 100,000 children. The San Francisco Bay area, Los Angeles, and San Diego metropolitan areas comprise three of the nation's 13 areas of "high intensity" child exploitation in this country, as described by the FBI. (e) Studies have estimated that anywhere from 50 to 80 percent of victims of commercial sexual exploitation are, or were formerly, involved with the child welfare system. (f) Smartphones are increasingly becoming a weapon of choice for criminals and criminal organizations involved in human trafficking and sexual exploitation of children. (g) In 2014, smartphones with full-disk encryption (FDE) became available on the market. (h) On smartphones with FDE, when a user creates a password, that phrase generates a key that is used in combination with a hardware key on a chip inside the phone, which blocks access to all "data at rest" stored in the device. (i) "Data at rest" on a smartphone is data that is parked, stored, and no longer in motion, such as pictures and text messages. (j) Only the password holder can unlock the FDE-equipped smartphone and provide access to all "data at rest." (k) Before 2014, when smartphones without FDE were used in crimes, law enforcement obtained and served a court order on the phone manufacturer and was able to have access to "data at rest" on the device, to aid in an investigation. (l) In order to successfully access "data at rest" on smartphones in a criminal investigation, law enforcement must have physical possession of the phone. (m) Since the introduction of FDE on smartphones in 2014, "data at rest" on FDE-equipped smartphones has become virtually impossible to access. (n) A smartphone belonging to one of the shooters in the County of San Bernardino mass shooting, which left 14 people dead and many more injured, is equipped with FDE and has prevented law enforcement from accessing the phone's content for evidence. (o) Since 2014, FDE in smartphones has created a public safety crisis that has armed criminals and criminal organizations with a powerful weapon to conduct illicit activities while simultaneously providing a shield to conceal crimes and remain out of reach of law enforcement. (p) Since 2014, FDE in smartphones has rendered court orders to access critical evidence on smartphones useless. (q) Since 2014, FDE in smartphones has interfered with law enforcement human trafficking investigations and prosecutions. (r) Smartphones play an essential role in facilitating cases of domestic minor sex trafficking. Human traffickers text logistical information, such as time, place, pricing, types of services, and descriptions of exploited minors using smartphones. (s) Human traffickers rely on smartphones to communicate with each other, organize, and advertise their illicit business. (t) Technology-facilitated sex trafficking networks rely upon anonymity of victims and traffickers in order to operate. Fully encrypted smartphones, immune to search warrants, make this possible. (u) Individuals suspected of crimes are, upon the issuance of a court order, subject to search of their homes, vehicles, and even their bodies, but not their smartphones that are equipped with FDE.SECTION 1.SEC. 2. Section 22762 is added to the Business and Professions Code, immediately following Section 22761, to read: 22762. (a) For the purposes of this section, the following terms have the following meanings: (1) "Smartphone" has the same meaning as in Section 22761. (2) "Sold in California" has the same meaning as in Section 22761. (3) "Leased in California," or any variation thereof, means that the smartphone is contracted for a specified period of time to an end-use consumer at an address within the state. (b) A smartphone that is manufactured on or after January 1, 2017, and sold or leased in California, shall be capable of being decrypted and unlocked by its manufacturer or its operating system provider. (c)Except as provided in subdivision (d), a seller or lessor that sells or leases in California aA smartphone manufactured on or after January 1, 2017, that is not capable of being decrypted and unlocked by its manufacturer or its operating system provider shallbesubject the manufacturer or operating system provider to a civil penalty of two thousand five hundred dollars ($2,500) for each smartphone sold or leased in California if theseller or lessormanufacturer or operating system provider of the smartphone knew at the time of the sale or lease that the smartphone was not capable of being decrypted and unlocked byitsthe manufacturer or its operating system provider. Aseller or lessormanufacturer or operating system provider who pays a civil penalty imposed pursuant to this subdivision shall not pass on any portion of that penalty to purchasers ofsmartphones by raising the sales or lease price ofsmartphones. (d)(1)The sale or lease of a smartphone manufactured on or after January 1, 2017, that is not capable of being decrypted and unlocked by its manufacturer or its operating system provider shall not result in liability to the seller orlessor if the inability of the manufacturer and operating system provider to decrypt and unlock the smartphone is the result of actions taken by a person or entity other than the manufacturer, the operating system provider, the seller, or the lessor and those actions were unauthorized by the manufacturer, the operating system provider, the seller, or thelessor.lessor.(2) Paragraph (1) does not apply if at the time of sale or lease, the seller or lessor had been notified that the manufacturer and operating system provider were unable to decrypt and unlock the smartphone due to those unauthorized actions.(e) A civil suit to enforce this section may only be brought by the Attorney General, for the sale or lease of a smartphone in California, or a district attorney for the sale or lease of a smartphone in the county represented by the district attorney. Aseller or lessormanufacturer or operating system provider shall not be subject to more than a single penalty for each sale or lease of a smartphone.