AB-1681 is a controversial change and an undeniably bad one. However a recent modification to the bill has mad it worse. Originally Section 2-b (now Section 2-c) of the bill specified that just the manufacturer of a phone would be required to unencypt a phone. Putting big names like Apple, Google (with the Nexus) or Samsung on the hook for unencrypting it’s phones. That’s undeniably bad. However this new change is worse (Emphasis Mine):
(c) The sale or lease inability of a smartphone manufactured on or after January 1, 2017, that is not capable of being decrypted and unlocked by its manufacturer or its operating system provider to decrypt the contents of the smartphone pursuant to this section shall not result in liability to the seller or lessor.
The key change here is that any operating system provider is now liable for unencrypting a device. So if you make a phone OS mod like Cyanogenmod, or if you’re an alternative phone manufacturer trying to break into the market like Canonical; even if you’ve never attempted to sell a phone in California, just by making your phone available to Californian’s you can be compelled to decrypt your phone. This makes a bad law worse.
If you think this law is stupid please go and sign the EFF’s petition about this bill.