Over the last few months, we’ve seen a stream of anti-encryption rhetoric from various voices in New York State. Now, a formal bill has been put before the New York State Assembly, which would mandate that Apple, Google, Microsoft, and any other phone vendor create backdoor devices that would allow them to decrypt devices.
The actual text of the bill reads:
Any smartphone that is manufactured on or before January 1, 2016, and sold or leased in New York, shall be capable of being decrypted and unlocked by its manufacturer or its operating system provider. (Reformatted from original to remove caps lock)
While the bill was introduced last summer (hence the “2016” label), it’s recently been sent to committee for polishing, where the 2016 date would presumably be changed to 2017 or 2018. Either way, the justification for the bill, is pretty much what you’d expect. Because some criminals may use smartphones some of the time, Google and Apple are “announcing to criminals, ‘use this device.'”
The summary notes continue: “The safety of the citizenry calls for a legislative solution, and a solution is easily at hand. Enacting this bill would penalize those who would sell smart-phones that are beyond the reach of law enforcement.”
This is the second time the bill has been sent to committee, and there’s currently no vote scheduled — but political bills like this are a stark reminder of how determined certain areas of government are to prevent citizens from using encryption tools and securing their own hardware. In and of itself, the main effect of New York’s bill would be to send NYS citizens scurrying to find Apple stores in Pennsylvania and Ohio.
The longer-term consequences could be more serious. If the New York law survived constitutional challenge, it would embolden other states to embrace similar measures — assuming Apple and Google didn’t automatically fall into line. Selling a “New York” version of a device would be a significant burden, and the obvious goal of the legislation is to force manufacturers to stop offering encryption at all.
To hear the government tell it, noble investigators and directors need these abilities to safeguard victims and protect them from evil criminals. No doubt there are, at least on occasion, instances where this is true. But in the 2.5 years since the Snowden leaks, we’ve seen repeated instances of misconduct by the NSA, the misrepresentation of stingrays as simple devices analogous to pen registers, and a deliberate attempt to veil the use and nature of these products. In some cases, the police lied to judges, claiming that they’d consulted “informants” when they were actually using stingrays.
Seen in this light, the push to encrypt devices from Apple and Google isn’t about protecting criminals — it’s about protecting citizens, to the extent they can, from rampant government overreach and criminal fraud.