New York state is the latest jurisdiction to enter the battle between manufacturers and authorities over encryption. A bill currently going through the N.Y. State Assembly is proposing that smartphone manufacturers be required to decrypt or unlock their devices when requested by law enforcement. Failure to comply could result in a $2,500 fine for each device sold.
The bill, which would have immediate effect if passed in its current form, was first introduced by Assemblyman Matthew Titone last summer. Its attached notes explain, as is often the argument for these types of laws, that the measure is to ensure public safety against the threat of crime.
“The fact is that, although the new software may enhance privacy for some users, it severely hampers law enforcement’s ability to aid victims. All of the evidence contained in smartphones and similar devices will be lost to law enforcement, so long as the criminals take the precaution of protecting their devices with passcodes." – Excerpt from the bill's explanatory notes.
The U.K. recently introduced a similar draft law, the 'Investigatory Powers Bill', which also requires manufacturers to provide an encryption backdoor to government departments.
Apple, other device manufacturers, and privacy advocates have been battling such laws across the world. From a technical perspective, they argue that by creating encryption backdoors the security of devices would be inherently undermined. Criminals and hackers would be able to access those backdoors themselves, potentially putting a great number of personal devices and data at risk of being compromised.
In Apple's case, they would have to rework their current device encryption method to comply with the New York law. At present, encryption keys held by a user's device, not held by the company's servers.
The New York bill awaits scheduling for a vote in the state assembly and senate.