Two opposing attitudes about encryption have been at war in courtrooms and in the public eye for some time now. Security and privacy buffs, as well as most of the tech world, believe that users have a right to encrypt their devices and the sensitive data thereon. That way, should the data or the device fall into the wrong hands, users can rest assured knowing their data is secure so long as would-be data thieves can’t crack their device’s encryption. Many lawmakers and members of law enforcement, on the other hand, feel that this right should not infringe on the ability of law enforcement and investigators to access user data, such as text messages and app usage, for investigative purposes. This debate couldn’t be hotter with wounds still raw from events like terrorists using social media, mass surveillance of Americans by the National Security Agency and a rash of data breaches in major companies.
A very straightforward bill is making its way through legislature in New York right now. The text of the bill is, quite simply, “Any smartphone that is manufactured on or after January First, Two Thousand Sixteen, and sold or leased in New York, shall be capable of being decrypted and unlocked by its manufacturer or its operating system provider,”. With this backdoor, however, anybody who could breach a manufacturer’s data cache could easily get at any user data gleaned under these terms. The cause for concern here is very legitimate. The other side’s argument, however, is also very legitimate. With nigh-unbreakable device encryption that lacks backdoors, valuable evidence that could prove to be the difference between guilty or innocent, or the difference between life and death for a would-be crime victim, could be left on the table if the user who encrypted it is indisposed or unwilling to input their credentials. James Comey, the director of the Federal Bureau of Investigation, put the Feds’ side quite succinctly; “Encryption threatens to lead us all to a very, very dark place. The place that this is leading us is one that I would suggest we shouldn’t go without careful thought and public debate,”.
The bill, introduced by Assemblyman Matthew Titone, lays out a penalty of $2,500 for every noncompliant device. A penalty of this magnitude means it would take one popular device being out of compliance to bankrupt some smaller OEMs. One million sales would equal $2.5 billion in fines. Should this bill pass, it could very well set a national precedent. The bill is still in preliminary review and no timeline is set thus far for further hearings.