Recently, the California and New York state legislatures introduced bills looking to weaken encryption, specifically as it relates to smartphones. The goal of both bills is to ensure that law enforcement can access the data on the phones of criminals and victims when the devices are seized as evidence and, if passed, would effectively ban the retail sale of smartphones with encryption features. This legislation is just the latest wrinkle in a long-standing debate between privacy and encryption. On one side, we have proponents of “backdoor” access into encrypted devices, albeit at the risk of weakening overall data protection on everyone’s personal devices not just those who are criminally implicated. And on the other hand, we have Silicon Valley giants affirming that they wouldn’t and effectively couldn’t grant backdoor access to our data even if they wanted to. So is a ban on encrypted mobile devices in our future? Would California and New York create a ripple effect across the country? At a fundamental level, a state-level ban is simply impractical. As a Wired article points out:
“Legal and technical experts argue that even if a national ban on fully encrypted smartphones were a reasonable privacy sacrifice for the sake of law enforcement, a state-level ban wouldn’t be. They say, the most likely result of any state banning the sale of encrypted smartphones would be to make the devices of law-abiding residents’ more vulnerable, while still letting criminals obtain an encrypted phone with a quick trip across the border.”
Maybe to Nevada or New Jersey for instance? If this legislation were to pass, companies like Apple, who sells encrypted-by-default iPhones, would have to think long and hard about what its next move would be. And Apple’s customer letter today gives us a glimpse. Whatever the outcome, it doesn’t appear that we will reach a resolution in the immediate future. The latest twist in the debate is a new bill being introduced in the House of Representatives, the Encrypt Act of 2016, short for Ensuring National Constitutional Rights of Your Private Telecommunications Act, which would deny states like California and New York the power to block the sale of encrypted smartphones or require that manufacturers equip their phones with backdoor access to private data. Bottom line: Encryption is a necessity to keep sensitive data safeguarded from any motivated hacker and can provide an additional level of defense when employees are utilizing mobile devices for work. To take it one step further, look for BYOD solutions that keep data off the devices completely.