California Bill Would Require Phone Crypto Backdoors 251
Trailrunner7 writes with this except from On The Wire: A week after a New York legislator introduced a bill that would require smartphone vendors to be able to decrypt users' phones on demand from law enforcement, a California bill with the same intent has been introduced in that state's assembly. On Wednesday, California Assemblyman Jim Cooper submitted a bill that has remarkably similar language to the New York measure and would require that device manufacturers and operating system vendors such as Apple, Samsung, and Google be able to decrypt users' devices. The law would apply to phones sold in California beginning Jan. 1, 2017.
Of course, "smartphone vendors" wouldn't be able to decrypt voice calls sent using VoIP software that was encrypted outside their domain of influence.
Only needs to be *sold* without encryption (Score:5, Informative)
During initial set up, flip on encryption... there you go, you can have that one for free Apple...
Re:Only needs to be *sold* without encryption (Score:4, Insightful)
Also, the vendor could encrypt something of no consequence with reversible encryption. Then, when the phone gets back to them, they can say truthfully that they decrypted it. Oh wait, you wanted the user's data? Oh, that is encrypted with their own system... we don't have access to that...
Re: (Score:3)
Heh, reversibly encrypt the call log data. They already have access to the call log through the mobile service provider.
Re: (Score:3)
What would stop third-party encryption? I mean other than warranty support and so on.
Doesn't matter (Score:2)
None of it matters when you have no idea what the SIM card is doing or the GSM radio. Both run operating systems we have no clues about the capabilities of.
Re:Doesn't matter (Score:4, Insightful)
'Operating System' is giving it a bit more credit.
And the protocol between the SIM and the phone is public, well known and very simple.
You can see exactly what it's doing.
Re:Only needs to be *sold* without encryption (Score:4, Interesting)
During initial set up, flip on encryption... there you go, you can have that one for free Apple...
Even if they close that loophole (which it looks like the current proposals do) an even simpler way is to just not carry them in stores in those states. So you just take online orders and ship from states without these laws. And if that's not practical, (i.e. they need foot traffic in the stores) just have two separate SKUs: One for NY/CA, and another for everywhere else. If those people want an uncompromised device, they can just order from elsewhere, and electronics stores would operate kind of like Tesla showrooms when it comes to smartphones.
Re: (Score:3)
Even if they close that loophole (which it looks like the current proposals do) an even simpler way is to just not carry them in stores in those states.
That's not going to happen. I admit it would be effective, though.
Not for sale in the state of California. (Score:4, Funny)
Wouldn't be the first time you couldn't buy something in CA.
Re:Not for sale in the state of California. (Score:4, Informative)
Re:Not for sale in the state of California. (Score:5, Insightful)
By the same token, California would also be a good spot to have a 'hold the line moment'. Warn all the consumers that new phones won't be available there after Jan 1, 2017. Watch the state explode when people realize they can't get the latest and greatest phones. The bill would be yanked so quickly...
Re: (Score:2)
I'm sure the cell phone co's would be happy air commercials and to post ad's in their windows.
It's just like any time the gov't says anything about guns. Sales are boosted.
Re: (Score:3)
It would. Unfortunately, I have little faith in Apple having the cojones to make that move, and unfortunately, they're the only ones who could. Google might try, but I don't think they have the ability to stop all the other Android manufacturers from selling weakened phones in California, so anything they could do would have minimal impact.
Re: (Score:2)
No one seems to care about truth in advertising especially online? Have you seen the ads? "goverment wants to ban this flashlight" "get your flamethrowers now before they are banned" "new bill introduced to ban assult weapons buy your 1,000 round drums now!" "3d printers used to manufacture guns get them now before they are banned"
"Unlimited data, talk and text on the 4g lte t-mobile network"
"Unlimted data on att's 4g lte network"
"Hulu now ad free"
I trust the companies to do what is most profitable and this
Playing the game again (Score:5, Insightful)
Don't see a (R) after a politician's name? Must be a Democrat. Want to see if I'm right?
DING! Winner winner chicken dinner.
Not that both big parties aren't corrupt as hell, but this is such a petty affectation...
Re: (Score:2, Insightful)
Re: (Score:3)
Re: (Score:3)
Re: Playing the game again (Score:2, Troll)
The difference is that Democrats want the federal government to have the power. Republicans want big business to have that much power.
Re: (Score:2)
And what's the difference? Want to be successful in the US? Buy a couple of politicians.
Re: (Score:2)
Is that why they keep on trying to make sure women can't control their own bodies?
Is this in reference to that Sandra Fluke thing? Because she made it sound as though birth control pills just have way too much of a cost burden, therefore the government MUST give away other people's money NOW, which was stupid considering that even planned parenthood sells them for about $10-$15 for a month supply, which is about a typical copay that most people pay for generic drugs anyways. (Not only that, but Fluke herself was retarded for going for a law degree, because there's some 4 times as many la
Re:Playing the game again (Score:5, Insightful)
It's cute how you imply that there's a difference between (D) and (R).
Re:Playing the game again (Score:5, Insightful)
He's not. He's implying that when stories come down that involve (R) doing something shitty, it's next to their name, and when (D) do something shitty, it's usually not. You don't have to believe that the parties are different- just that the reporting / summary / writing / whatever is slanted when you see that shit.
Re: (Score:2)
Was this determined statistically, or is it confirmation bias?
Re: (Score:2)
I don't have a dog in the fight so don't blame me. I just find it utterly strange, among other things, that an icon of crony capitalism
Re: (Score:2)
So. (Score:2)
Re: (Score:2)
The new phones must come equipped with the California admissions package.
What will their owners be forced to admit?
I can't wait... (Score:2)
for the decryption keys to get stolen. Saying, "I told you so, you fucking retard," never gets old.
Re: I can't wait... (Score:2)
Republicans are even more adamant about this than Democrats. They just know that in California, if they want a bill to actually pass, a Democrat must put it up for vote as almost anything they put up is shot down on principal.
Re: (Score:2)
I can think of at least on prominent Republican who is against it. [washingtontimes.com]
The story is about NY and CA. You don't get more Democrat than that. It's not like they'll pass anything without the Dems.
If the Republicans are worse, we'd see similar bills across the GOP-controlled states, yet we don't. Republicans aren't perfect, for sure, but wake up a bit to the Dems, eh?
Re: (Score:2)
Yes you do. Massachusetts is WAY more Democrat than either.
The California state senate is currently 26 D and 14 R, and the assembly is 52 D and 28 R. The New York state senate is 29 D and 31 R, and the assembly is 104 D and 49 R.
The Massachusetts state senate is currently 34 D and 6 R, and the house is 125 D and 35 R. It's been completely farcical for a long time. And what that doesn't even tell you is that the R's are completely whipped. T
I wish they all could be ... (Score:2)
I'm disappointed.
I thought those California girls were supposed to be DD.
Trying hard is not success (Score:2)
It's stating problems to be popular but never offering solutions that will be carried out - an old political trick.
It's easy to make sense when you say something is wrong and it genuinely is a problem. But that's not a solution. All he's done lately is make a lot of noise, get attention and delay bill
Re: (Score:2)
The land of the free? (Score:5, Insightful)
Land of the free? Home of the brave? How's that working out for you?
Oh, wait, is it brave to cower in the corner jumping at shadows in case the bogeyman comes along? I've lost track?
Now cue a bunch of people telling us how they're still free. Go ahead, I love a good laugh.
Papers please, comrade. If you have nothing to hide you have nothing to fear.
Re: (Score:2)
Let's pull out the old "if it'll save one child's life, it will be worth it".
Re: (Score:2)
Except we have substantial oil resources (and our no-so-liberal governor has had no interest in killing fracking), some of the largest agricultural exports of high value crops in the world, a budget surplus and a growing rainy day fund, silicon valley, world leading genetic engineering companies, a huge aerospace and defense industry, and universities like Stanford, Cal Tech, the whole UC system etc.
Not so much like Italy or Greece ...
Re: (Score:2)
You may now have large exports of agricultural crops but to get those you're pumping so much water out of the ground that it's subsiding so much that bridges and roads need to be replaced. Exactly how sustainable in the long term do you think that is?
Re: (Score:2)
Don't worry, the Saudis are killing that off by pushing the price down far enough to drive out anybody doing anything more expensive than drilling a hole in the sand.
Re: (Score:2)
Sure thing, you keep telling yourself it's only California, and that these things are unique to them and their wacky ways.
And then look at how much the rest of America will happily bend over and take it as other governments do the same thing.
Blah blah blah ... I stand by my point ... land of the free is becoming a bad joke.
Re: (Score:2)
We have one of the largest economies in the world, but we also have $450 billion in debt.
Leave it to an ex-cop (Score:4, Funny)
Leave it to an ex-cop to seek powers for law enforcement at the cost of individuals. I am disappoint. Not the least bit surprised, but disappoint. If this passes, I would be completely in favor of both Apple and Google saying "screw you guys, we're picking a new home".
Re: (Score:2)
Since when has Apple or Google actually been noticeably affected by US law? They certainly don't have to send their money to the US government, why would they have to obey some silly California state law?
I'd love to see the state government threaten them. Sorry, I meant, "try and threaten them".
Re: (Score:2)
They won't... if they sell off their California assets and move out of state.
China would be so proud! (Score:3)
China would be so proud!
Please call or email this idiot? (Score:2)
Re: (Score:2)
Your best bet would be to contact the Assemblyman for your own district [ca.gov], inform them of this odious bill, and instruct them to oppose it.
Re: (Score:2)
Won't Stop TRUE bad guys. (Score:3)
This just catches the low level criminals and normal people. Mafia, KGB & Israeli Mossad will just use older iPhones and other methods.
Re: (Score:2)
Think long term.... what are these people going to be using in 15 to 20 years time? If the kinds of tech that could get around this are outlawed now, then it will become increasingly difficult to acquire as the years go by.... as standards evolve and change, older hardware will probably eventually cease to be interoperable with the more current communication technologies.
Of course, I'm aware that I am probably giving the people who would come up with this kind of bill proposal far more credit than they
In related news... (Score:3)
Rethink your next US cell phone (Score:2)
Re: "ecrypted and unlocked by its manufacturer or operating system vendor" would be covered by laws like the Communications Assistance for Law Enforcement Act (CALEA)...
As for devices been super secure, recall the years of news about "Cops Say They Can Access Encrypted Emails (January 11, 2016 )
https://motherboard.vice.com/r... [vice.com]
Note the access news going back a few years...
Also recall the i
Not necessarily... (Score:2)
Such software would be outlawed, clearly.... it won't stop people who expressly want it from getting it, but it creates a barrier for entry such that most law-abiding and not very technologically competent people will simply not want to be bothered with the inconvenience of bypassing it.
Of course, in the end, the only people that they will be able to spy o
Back door for Criminals (Score:2)
Re: Back door for Criminals (Score:3)
Just wait until they figure out that this enables hackers to ransom/post photos of them with their mistress.
ISIS to the rescue (Score:2)
ISIS has just release a new Android encryption App:
http://www.defenseone.com/tech... [defenseone.com]
There is no prohibition in this law against using encryption applications. ISIS will help you get around California's encryption laws.
Crypto with a backdoor is not crypto (Score:2)
Unless both a mathematician and sociologist working together can show in a hard proof that crypto with a backdoor is as secure as crypto alone I maintain that crypto with a back door is not crypto so the request is impossible to fulfil and simply moot.
Like the lawmakers that tried to make PI = 22/7 the request is simply a violation of reality, proving once again the politicians have no concept of reality.
Works good against average people (Score:5, Interesting)
But fails to penetrate a device used by organized crime, terrorists, a technologically adept pedophile, or a well connected businessman.
Is Joe the Plumber the threat here? because that's about all this regulation will stop.
PS - I usually buy my smartphones on aliexpress and import them to California.
Re: (Score:2)
Is Joe the Plumber the threat here? because that's about all this regulation will stop.
Yes, actually, the police want to be able to decrypt phones from 'average' dumb criminals. They also want terrorist phones, but that is not the only issue.
Bring back (East-Euro) Communism (Score:4, Interesting)
I miss the cold war.
Back in the good old days the "free west", would tout it's political and social freedom as why it was on the side of humanity.
Something for the oppressed behind the iron curtain to dream of attaining and seeing their over lords for the tyrants they were.
Then down came the Berlin Wall.
Today you'd think the history books on the communist era in east Europe were the manuals/manifestos for state control in the West.
The only thing our governments needs to be better than today is IS.
Use their own craziness against them (Score:2)
Use software written in Russia, a VPN service in China and a ISP in the US, by the time they untangle the bureaucratic red tape to decrypt your packets, you'll be safely dead from old age!
Min
Phew! (Score:2)
I have been worried that using encryption will attract attention of law enforcement who will know I something to hide. What a tremendous relief that I will now look just like another law abiding citizen using escrow crypto. While at the same time, I will use this escrow crypto for 99% of my communications, including my embarrassing but legal porn collection. And then, just when I hatch my evil plots, I will encrypt a small amount of data with my own crypto, before stamping escrowed one on top.
Now the govern
This will have about as much chance... (Score:2)
This will have about as much chance of sticking as the "non-California vehicle emissions fees" they used to charge people for bringing in cars from outside California (i.e. want a phone with strong encryption? Take a trip and buy it outside California.).
(1) The car emissions fee was declared unconstitutional (it violated the Interstate Commerce Clause of the U.S. Constitution, just like trying to restrict bringing phones with strong encryption would violate the ICC).
(2) If you bought a phone with strong en
What's in a name? (Score:2)
Re:Corrupt politicians (Score:4, Interesting)
Re: (Score:2)
How fortunate for these candidates opponents who will soon be receiving contributions in response.
Re: (Score:2)
How fortunate for these candidates opponents who will soon be receiving contributions in response.
Yes, especially since he was elected with a staggering 50,188 votes, with his opponent receiving 40,220 votes (source [wikipedia.org]). So, less than 10.000 farmers in California got him his seat. Shouldn't be too difficult to get him out at his next election.
Re: (Score:3)
It's another example of California "me too" politicians attempting to appear that they are bettering society.
Take a look at Leland Yee for similar tactics.
His sentencing is scheduled to occur next month.
(Anti gun dude that was caught by FBI trying to ship in illegal firearms in containers from the Philippines).
He plea bargained to corruption and they dropped the firearms charges.
This fuggin' state is run by a bunch of nuts.
so, no phones sold to Caliphonies then, either (Score:3)
if I was making cellphones, that's what I'd do. cut 'em off like Murderistan. the people would rise up and throw those asshats out of office in two days. probably throw them off a cliff into the sea. pity, some poor shark would die of a tummyache.
Re: (Score:2)
Re: (Score:2)
Naaa, the NSA probably just has some juicy dirt on them. That is how it works in a surveillance-state. No surprises here. Expect full-blown fascism in, say, 20-30 years or so.
Re: (Score:2)
Your statement makes no sense.
Re:First guns, now smartphones. (Score:5, Funny)
Re: (Score:2)
Re: (Score:3)
Yeah.... but if even *one* Californian makes it to the Nevada shore... the cycle will start all over again...
Re: (Score:2)
Never had a need for a gun, anyway so no loss there.
Re: (Score:2)
> Pretty soon you won't be able to buy anything in California.
You'll be able to buy them little stickers that say something is known to cause cancer to the state of california.
Re: First guns, now smartphones. (Score:2)
Oh there will never be a shortage of overpriced real estate. You can always buy some of that :)
Re: (Score:3)
Re: More proof the Republicans rule CA (Score:3, Funny)
I work with about a 120 people at a startup in downtown SF, and we have 4 known Republicans. They've infested everything here.
Re: (Score:2)
You can't Think Different, if you think differently. That would mess up the brand message. Duh.
Re:Hmmm (Score:5, Insightful)
"The law would apply to phones sold in California beginning Jan. 1, 2017"
So, that'd be OK. They don't block possession, use, or carrier registration, just sales by vendors that are located in the state. This may also prevent mail-order purchase from the Apple Store in say, Michigan, because Apple has a "business presence" in California. (collection of sales tax usually works that way) OTOH if you get one off ebay from someone whose store is outside CA, you're fine.
I'd personally like to see Apple very publicly give the finger to the CA legislature and make it extremely clear in very blunt terms that iPhones not being for sale there is the direct and exclusive result of the residents of the state electing retards and shills to make their laws. Losing CA for a year or two won't hurt them much, and will pay off big in the long run for future sales in CA as the voters stomp to the polls to vote with their iphones.
This isn't like most of the "extreme" legislation they pass on things like emissions, product safety, and other consumer protection. The public gets NO direct or clear benefit from this legislation, and results in a noticeable impact to a huge portion of the voters in the state. The legislature will try to justify it of course, but there just isn't enough spin available to keep that top from falling on its face.
I'd give it two weeks, tops (Score:2)
> I'd personally like to see Apple very publicly give the finger to the CA legislature and make it extremely clear in very blunt terms that iPhones not being for sale there is the direct and exclusive result of the residents of the state electing retards and shills to make their laws. Losing CA for a year or two won't hurt them much, and will pay off big in the long run for future sales in CA as the voters stomp to the polls to vote with their iphones.
You say a year or two, I'm thinking it would take a
Re: (Score:2)
Re: (Score:2)
I agree with you about people calling Apple but the problem is that once the companies comply the first time for any of these laws anywhere then it opens the floodgates and they will have to comply to all of them. Then we're all screwed.
Re: (Score:2)
I figure it would be treated the same as a non carb compliant engine. Perfectly legal to own just not to buy or sell.
Re: (Score:2)
And this won't just affect New York and California. Smartphone manufacturers won't produce separate systems for states that require encryption backdoors and those that don't.
I agree that they probably won't produce separate hardware, or even separate operating systems, but I'd say the jury is still out on whether they'd produce parameterized software with a "pretend encryption" / "real encryption" flag set depending on what state the device is intended to be sold in.
Re: (Score:2)
Feinstein is a senator in D.C.
This is being introduced in the state assembly (essentially the equivalent of the House of Representatives, but at the state level).
Re: FeinSwine (Score:2)
Umm... did you fail civics? She is a member of the US Senate, not the California Senate. This is a California state bill. She has no official say in the matter.
Re: Technically feasible, probably already done. (Score:5, Interesting)
When I take out my SIM card, my phone still boots.
Re: Technically feasible, probably already done. (Score:2)
Same here. I have a few old phones without SIM cards that I let my kids use as Wi-Fi gaming devices. The phones boot up, connect to the Google Play and Amazon app stores, and run apps just fine. One phone displays a missing SIM warning when it boots, but that's the only difference.
Not the physical SIM card itself (Score:2)
It's not the physical SIM-card itself.
See my other answer in this thread [slashdot.org].
And see the Replicant wiki [replicant.us].
On some chipsets by Qualcomm (which are extremely popular) the *modem part* serves as a northbridge to the chipset.
It handles some critical component like RAM, sound hardware, and OS is running on a CPU core that is a client to that.
And for legal reason, the entity responsible for the code running both on the physical SIM card it self and running in the modem firmware is the service provider.
Regard TFA, that
Re: (Score:2)
Is it just me
Yes.
Qualcomm? (MSM, etc.) (Score:2)
I think, the poster might be referring to some recent Qualcom chipset, where the modem is part of the northbridge.
Thus some core critical part of the chipset run a firmware that is *NOT in anyway modifiable or accessible by the end-user* (for legal reason).
Instead that part of the firmware is controlled by the service provider who pushes automatic update over the air (to both the SIM card it self and to the modem).
Due to its critical position in the chipset, that firmware can also have access to some critic
Modem firmware, instead of SIM itself. (Score:2)
It's not the CPU core and memory that is inside the physical SIM.
As I have explained in my other answer in this thread [slashdot.org], it's the modem part.
The modem - which for legal reasons runs a 3rd party closed source firmware provided by your service provider - of several Qualcomm chipset works as "sort of northbridge" to the chipset.
The modem (and its 3rd party firmware) is in charge of several critical parts of the phone, which may include RAM, audio hardware, GPS, etc.
Android runs on a CPU core that function as a
Re: (Score:2)
No nations was going to need to have 2 or 3 production runs. No designer was going to need dual design teams for a US ready or EU ready phone.
No nation was going to get a secure phone while the global public avoided police ready brands from another nation. Trade cost was not going to be a negative with dual
Re: (Score:2)
Apple isn't going to need to worry about doing a run for California and a run for the rest of the country for very long. If they caved in to this law then every other state and/or the federal government would pass a law requiring this (along with every other country seeing that they could get away with it) and there would only be one phone model to worry about very soon. The one with the back door.
Re: (Score:2)
Penal Code 1546 just specifies that they're not allowed to get access without a warrant; the arguments that they'll be fronting for the bill is that, without a backdoor, complying with the provisions of PC1546 won't do them any good, because they still won't be able to decrypt the contents of the device. Never mind that the backdoor is only as safe as the rectitude of the people with access to the backdoor keys; create a backdoor and give its keys to the government, and then you have only the government's a
Re: (Score:2)
that every single employee who would have access to this data has the moral qualities of a Lensman, and that no one outside the government could possibly ever get hold of these keys.
I just had to step in and say: I'm SO GLAD to find someone else who liked that series =)
I also agree completely and believe this scheme is doomed to fail.