Seconded. That said, this is laughably doomed for failure. It's still shocking, but this is NY. Their police force is the most militarized in the country and most of the world. Over-stepping their authority and bounds is a daily activity.
Yeah, they often propose legislation that just seems like "How far can we really go?" test. Even if this did pass, it would be virtually impossible to enforce an anti-encryption policy at a large scale. It would only end up effecting the people who are already in custody, further compounding the existing problems with prosecution of the poor here.
In comparison: NY passed the "SAFE Act" which, among other things, banned sale of "assault weapons" and required current owners register. The compliance rate with the registration requirement is about 4% ... out of a half-million owners.
NY is willing to go far, and sweep up violators as they're found.
It would allow them to add a criminal charge of possessing an illegal cell phone to people who have encrypted cell phones, then possibly force them to decrypt it through intimidation.
Although it wouldn't explicitly allow that, it's a short leap to make. That would be even more difficult to enforce though, and would mostly only impact those who are frequently arrested (pretty much the same downsides as the current issue, but on a more exaggerated scale).
The Soda Ban is NYC-only, in response to the city's childhood obesity epidemic. Albany is a long way from the NYC mayor's office, both geographically and politically ;)
Something seems wrong about the dates in this article. The article has a byline for today, but the bill was proposed in June 2015, and would have an effective-of date of the first of this year.
Even if you fully sympathize with their desire to enable law enforcement, the bill would effectively ban iPhones and no one who voted for it would ever hold office again.
Or Apple could offer to pay the fine for an iPhone owner and/or sell fine insurance. Great PR, uses a little of their cash. How are the phone owners going to be caught anyway?
As long as only a few locations pass laws like this, it only kills their local phone shops. Nanning sale locally really is stupid. All it does is remove protection for those that can't afford to get something from outside the state, and everyone really interested in encryption (including bad guys) is only "a bit" inconvenienced.
But it sets a worrying precedent, should it pass...
Also, something passing state-wide in a populous state like New York or California can be regarded as an end-run around the difficulty of passing such a law nationally. Vendors won't be willing to lose sales in large markets, so everyone else will get New York-compliant phones. Compare how Texas controls the market for primary/secondary school textbooks in the US.
Sooo couple of attacks on that - not sure if encryption is considered speech by the Supreme Court - but if you are able to write in code a paper letter or journal without mandatory decryption, you should be able to do it with a device.
Second - unlocked bootloader and cyanogen/AOSP. Or just ship device without the OS and make user install it later - bonus - no carrier crapware.
The reason this bill is stupid/wrong is that it's based on the government being able to secretly look in your phone. A judge could always compel you to open up your iPhone with a warrant; what they want is the ability to do it without your knowledge. It's the equivalent to the government having a literal back door into the safe in your house, with their own key.
That's not really true. For one, there is surprisingly little legal precedent for forcing someone to give up a password. It's a gray area on the edge of a 5th amendment violation. Secondly, consider the case of finding a dead body with a locked iPhone in the pocket. That phone is a brick for all eternity. Thirdly, snooping without someone's knowledge is very frequently supported by court orders. It's not a violation of due process or privacy.
If compelling someone to give up a password is illegal, but secretly breaking into the thing you needed a password for is not illegal, something is wrong.
Let the law go through and watch it have no effect whatsoever.
Perhaps if Apple wanted to make a statement, they could cease selling iPhones in NY and let the populous let them fix it by protesting to their elected officials.
If push comes to shove, the bill is pretty poorly written. At the time of selling the smartphone, the seller sold an unlocked and unencrypted device. It's only after the user logs into the device that any encryption / locking is carried out. Every seller can demonstrate that they can turn on and access any unused phone that they happen to carry. "Here's the default code 0000, go nuts officer!"
Assuming the above doesn't hold water, we can do another little thought experiment. I note that Matthew Titon (the bill's sponsor) is a former Lawyer. My simplistic understanding of the rules of the bar (IANAL) suggest that a lawyer that used such an unlockable / decryptable phone would be potentially breaking the rules of the bar when it comes to confidentiality. Hence no-one in that profession would be advised to buy a new phone in NY State that was used for work purposes if this bill went through.
Another counterpoint to consider, let's say that China decided to legislate that no phone could be manufactured in China without an ability for the Chinese government to unlock / decrypt the device. How willing would US officials be to use such a phone?
This bill really highlights that people that don't understand technology shouldn't attempt legislating against it without consultation with actual professionals.
It's not even requisite to understand the technology, but to understand how people live their lives. People expect a certain amount of privacy. Hell, as you mention even the law already acknowledges the need for confidentiality.
The most obvious one is that the bill fails to provide any definition of the key phrase "decrypt and unlock". I'm pretty certain that the bill wants "unlock" to mean "get past the lockscreen", but an equally common usage of "unlock" is in reference to phones which a carrier has prevented from being used with another carrier. It's not clear what the word "decrypt" refers to, either.
There isn't a technical solution in the world that can prevent end users from writing encrypted text files to their phones using a one time pad. Would all devices that let you store text become illegal under this law?
41 comments
[ 2.7 ms ] story [ 69.0 ms ] threadIn comparison: NY passed the "SAFE Act" which, among other things, banned sale of "assault weapons" and required current owners register. The compliance rate with the registration requirement is about 4% ... out of a half-million owners.
NY is willing to go far, and sweep up violators as they're found.
nysenate.gov indicates that it's still in committee: http://www.nysenate.gov/legislation/bills/2015/a8093 ... hopefully dead there.
edit: from the Ars Technica article, it's been reintroduced -- see: http://assembly.state.ny.us/leg/?default_fld=&bn=A08093&term... . The EFF thinks it'll not get anywhere, though.
https://en.wikipedia.org/wiki/Matthew_Titone
But it sets a worrying precedent, should it pass...
Second - unlocked bootloader and cyanogen/AOSP. Or just ship device without the OS and make user install it later - bonus - no carrier crapware.
Fuck. That.
Perhaps if Apple wanted to make a statement, they could cease selling iPhones in NY and let the populous let them fix it by protesting to their elected officials.
If push comes to shove, the bill is pretty poorly written. At the time of selling the smartphone, the seller sold an unlocked and unencrypted device. It's only after the user logs into the device that any encryption / locking is carried out. Every seller can demonstrate that they can turn on and access any unused phone that they happen to carry. "Here's the default code 0000, go nuts officer!"
Assuming the above doesn't hold water, we can do another little thought experiment. I note that Matthew Titon (the bill's sponsor) is a former Lawyer. My simplistic understanding of the rules of the bar (IANAL) suggest that a lawyer that used such an unlockable / decryptable phone would be potentially breaking the rules of the bar when it comes to confidentiality. Hence no-one in that profession would be advised to buy a new phone in NY State that was used for work purposes if this bill went through.
Another counterpoint to consider, let's say that China decided to legislate that no phone could be manufactured in China without an ability for the Chinese government to unlock / decrypt the device. How willing would US officials be to use such a phone?
This bill really highlights that people that don't understand technology shouldn't attempt legislating against it without consultation with actual professionals.
The text: http://legislation.nysenate.gov/pdf/bills/2015/A8093
The most obvious one is that the bill fails to provide any definition of the key phrase "decrypt and unlock". I'm pretty certain that the bill wants "unlock" to mean "get past the lockscreen", but an equally common usage of "unlock" is in reference to phones which a carrier has prevented from being used with another carrier. It's not clear what the word "decrypt" refers to, either.