The legislatures of New York and California have recently introduced bills with language that would ban the sale of encrypted smartphones in their states. The bills are strikingly similar in that each would require devices manufactured on or after January 1, 2017 and sold in the respective state to be capable of being decrypted by the manufacturer or “operating system provider”. Failure to comply with the bill would impose a penalty of $2,500.00 per device.
Though the architects of these bills assure us this would affect only a very small minority of the population, this is alarming to me as an individual for both ideological, privacy-based reasons and for the inherent folly of insecurity as a feature. As a layman (read: not an attorney) I can only guess where the legal system will come down on this issue. The area in which I do feel slightly more qualified to weigh in are the potential second- and third-order effects of the passage of a law to ban smartphone encyrption. There are several possible outcomes of a law like this, but all of them hinge on the actions of the “operating system provider[s]”. The three possible outcomes that I imagine are listed below, but I cannot assign a reliable likelihood, either relatively or absolutely, to any of them.
- The first possible outcome that occurs to me is that manufacturers support the spirit of the law totally and either build backdoors into devices (probably more likely) or remove smartphone encryption entirely (probably less likely). Smartphones would no longer be available with unbreakable encryption, generally speaking. Privacy conscious individuals would have to purchase phones like the Blackphone and have them shipped to states where such laws are not passed. I see total capitulation as unlikely for Apple who, as of late, has staked a portion of its reputation on security and protecting consumer privacy. However, the impact of losing the ability to sell flagship devices in two of the four most populous states in the U.S could quickly change anyone’s mind. This is perhaps the worst possible outcome; lawmakers would achieve a decisive victory over encryption that would impact consumers nationally, not just in their state(s).
- The second possible outcome is that manufacturers create “CA and NY Compliant” models of their devices. This option would be almost as bad. Anti-privacy lawmakers in other states would be emboldened and, to borrow some Red Scare lingo, the dominoes would begin to fall. Doubtlessly a few states would hold out (one imagines Wyoming and Montana, and perhaps New Hampshire becoming the last bastions of digital freedom) but the damage would be done. The message that customers in these states would send to Apple and Google is “we don’t really care about encryption”. Eventually manufacturers would probably simply revert to selling a single, backdoored or unencrypted version of these devices.
- The third option, and the one that I hope occurs is that Apple and Google simply refuse to sell their products in these states (assuming this is a possibility, i.e. not in violation of contracts with cellular service providers or other legal impediments). The reason I hope for this outcome should these laws passed and be deemed constitutional is the reaction I imagine. This result would impact consumers directly, and hit them where it hurts: right in the smartphone. Their outcry would be immediate and overwhelming. Customers on the edges of these states would flock to Arizona, Nevada, and Oregon, New Jersey, Connecticut, Massachusetts (and maybe Canada?), to buy the new iPhone 7s and the latest Samsung Galaxy. AT&T, Sprint, T-Mobile, and Verizon would lobby hard for the right to sell smartphones again in these states where their businesses would take a major economic hit. Sales and management jobs at these locations would be lost, as would tax revenue in the affected states. New AT&T, Sprint, T-Mobile, and Verizon stores would spring up, ringing the terrestrial borders of these states almost overnight. As much as I enjoy imagining shuttered Verizon stores from San Diego to San Francisco, that level of business impact would probably never be felt before the law was repealed (though it might; alcohol prohibition did last thirteen years).
If these laws pass and the manufacturers stick to their proverbial guns, it will likely become another failed experiment in prohibition. Tell people they can’t have encryption? You’re likely to be met with sighs, yawns, and indifference. Tell people they can’t have smartphones? You’re much more likely to be met with torches and pitchforks. One hopes the latter impediments are of the metaphorical variety.