Friday, 22 January 2016 07:16

California Lawmakers push to ban the sale of encrypted smartphones

Written by

Reading time is around minutes.

You would think that in 2016 the people in power would either understand technology, or would have been replaced by someone that does. Sadly, this is not the case in… well just about every place there is an elected official. Over the past few years we have seen some very stupid bit of technical legislation come over the wire. Everything from kill switches in smartphones to backdoors in software and encryption standards. All of the legislation proposed read like they were written by someone that has no clue about technology, but might watch a lot of TV… and bad TV at that.

Now California wants to prevent the sale of smartphones that cannot be decrypted on demand by a carrier, or operating system provider. Bill AB1681 adds onto the kill switch law that already exists in California. It is forcing a level of control over personal devices that is very, very Orwellian in context and in execution. This knee jerk reaction is fueled by fear and ignorance of the way technology, law enforcement and the legal system work.

Anyone working in digital forensics knows that you can break into a smartphone with the right (and registered) tools. They are intended to be used by professionals when a warrant is put in place. Having a massive back door in a device opens them up to malware and compromise on an epic scale. We have already seen this happen with existing encryption standards. In 2015 we lost SSL v3.0 along with TLS 1.0, 1.1 and 1.2. These fell because of flaws in the standards that were linked to NSA input. Having these built-in flaws or backdoors at the OS level is just plain stupid.

We sincerely hope that this bill backfires so badly that the people responsible end up without a job come next election. The time really is here to get some truly tech savvy people in legislative branches of government before they hurt someone.

Read 2949 times

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.