Encryption Reality Scores Victory in California, But Many More Legislative Challenges Remain

Pro-encryption forces scored a legislative win in California this week—though it might be more appropriate to say anti-privacy and anti-security forces endured a loss—as a bill requiring tech companies to weaken encryption when required by law enforcement failed to make it out of committee.

Assembly Bill 1681 would have imposed a $2,500 fine on tech companies for not obeying court orders—such as when a court ordered Apple to create software that bypassed iOS security features—to decrypt or unlock smartphones. According to The Sacramento Bee, the California Assembly Committee on Privacy and Consumer Protection didn't approve the bill for a full vote in the Assembly.

This is just one of several such bills running around in state legislatures, and Apple, Google, Facebook, Microsoft, and other companies providing secure, encrypted devices, communications, and other services face many more challenges around the country.

There is also a bill in the U.S. Senate that would specifically empower judges to issue such orders, eliminating legislative confusion and wrangling over the issue. There's a bill similar to the one defeated in California being put forth in the New York State Assembly.

In most cases, the bills seem to be being pushed by folks focusing on the need of law enforcement to access smartphones in pursuit of local or national crimes, as well as those worried about terrorism. Such well-meaning folks appear to be blinded by the reality that for the nation as a whole to be secure from hackers, criminals, terrorists, and foreign agents, our devices and services must also be secure from everyone else, including law enforcement.

Lobbying on this front at the national level is complex enough, but a hodgepodge of well-meaning, but uninformed, state politicians add inordinate levels of difficulty to the issue. Such is life in a representative democracy, however, and it's good that at least one of these bills was defeated.