> In May, Minnesota became the first state to require a kill switch on all smartphones sold there. But the California bill is unusual in that it requires manufacturers... to ship smartphones with the anti-theft technology turned on by default.
I wasn't aware that an opt-in version of this was already on the books. I'm curious to see exactly how much the user is in control of this "technology" in practice. If the user can (a) disable the feature, and (b) is the only person who can initiate a remote shutdown, then it's probably to the consumer's advantage. But I suspect it's only a matter of time before the FBI/CIA/NSA (or local PD) will be able to unilaterally decide it's in the "public interest" to suddenly shut off every phone in a particular geofence.
Cars are also stolen every day, and society manages to get by, through insurance and opt-in theft deterrence tools (both manufacturers and consumers already have plenty of incentive to deter theft). I have a hard time believing that stolen phones are a big enough social problem to warrant a mandate of this scope. Regardless of intent, this power will be abused.
I can't really think of any feasible way for the user to be only person who can initiate a remote shutdown.
(Sure, you can probably come up with some hypothetical scheme involving public key crypto, but we know they're not doing that, and if they did most users wouldn't be able to figure out how to kill their own phones either).
So, yeah, the technology is clearly going to be able to be used so the government (or really, the cell provider or anyone that can convince/force the provider company to do something) can shut down any cell phone, or even all cell phones in a given specified area (that is, currently in contact with specified access points). Of course, they could just shut down the towers too, maybe more likely to be used against selected numbers or lists of numbers.
Anyhow, that was my first thought too. On seeing the headline, I even first thought that was the _point_ of the legislation, you know for 'national security'.
Ooh, ooh, and how long until someone hacks into the cell phone network in order to have the power to 'kill' others phones. Chinese army hackers? Sounds like something that would appeal to them. And lots of other people.
But maybe there could be a succesful campaign against this on 'national security' grounds, it makes our communications network less secure, chinese army hackers are gonna get into it and kill peoples phones! Meh, probably would not work.
I can't really think of any feasible way for the user to be only person who can initiate a remote shutdown.
(Sure, you can probably come up with some hypothetical scheme involving public key crypto, but we know they're not doing that, and if they did most users wouldn't be able to figure out how to kill their own phones either).
You don't need any crypto. The user sets a killswitch password in her phone, then the command must provide the same password. If the user hasn't setup any password, the command works without one.
No, it's nothing like a kill-switch. It's simply a key that that actually works. It simply ensures that the key that came with your car is present for the engine to run. The truest definition of a key. There is no remote kill capability.
> But I suspect it's only a matter of time before the FBI/CIA/NSA (or local PD) will be able to unilaterally decide it's in the "public interest" to suddenly shut off every phone in a particular geofence.
This would be an ineffective way to accomplish that. They'd first have to make a list of all the phones in the target area, and then they'd have to send the lock commands to them, one by one.
Furthermore, even if they went through all that trouble, it only would work on smartphones. The bill does not apply to feature phones, other non-smartphone phones, laptops, or tablets. The bill defines a "smartphone" as a cellular radio telephone or other mobile voice communications handset that includes ALL of the following features:
• Utilizes a mobile operating system.
• Possess the capability to utilize mobile software applications, access and browse the Internet, utilize text messaging, utilize digital voice service, and send and receive email.
• Has wireless network connectivity.
• Is capable of operating on a long-term evolution network or successor wireless data network communications standards.
The bill explicitly says that "smartphone" does not "include a radio cellular telephone commonly referred to as a 'feature' or 'messaging' telephone, a laptop, a tablet device, or a device that only has electronic reading capability".
(Added in edit) Also, while the bill requires that smartphones be equipped with this and that it be on by default, the bill does NOT require that it stay on. Apple's iOS 7 kill switch lets the user turn it off, and I believe that is what Samsung plans to do. People going to protests or other events where they think authorities may try to disrupt communications can simply turn off the kill switch before arriving at the protest.
It would be much more effective to silence a particular area by doing something at the cell tower layer or higher.
> I have a hard time believing that stolen phones are a big enough social problem to warrant a mandate of this scope
Stolen phones account for half of all robberies in San Francisco. In New York, they are 20% and rapidly rising. It's the #1 property crime nationwide, accounting for 1/3 of all property crime. In half of the San Francisco incidents the victims are punched, kicked, or physically intimidated, and in a quarter of them they are threatened with a gun or knife.
That sure seems like a big enough problem to me to try to do something about. We also know that kill switches are effective. In the first five months after Apple put in a kill switch, iPhone thefts dropped 38% in San Francisco, 24% in London, and 19% in New York. We know this wasn't just due to a general lowing of crime rates, because in the same time period overall New York theft went down 10%, and Samsung phone theft went up 40%.
>>This would be an ineffective way to accomplish that. They'd
first have to make a list of all the phones in the target area, and then they'd have to send the lock commands to them, one by one.
You need to determine how to send the message to the phone. Flipping the kill switch on an iPhone will require talking to Apple, for instance, whereas I'm pretty sure you would not talk to Apple to flip the kill switch on a Samsung phone. There will be at a minimum three different mechanisms you'd have to deal with (Apple, Google if they build this into Android and all Android phone makers and carriers leave it in place instead of replacing it with their own version, and Microsoft). There could be dozens if Android phone makers go their own way, or if the phone carriers customize the firmware to replace the kill switch from the hardware maker or Google with their own.
There is no requirement that an API be provided to law enforcement. That "sendmessage" method could come down to someone on the law enforcement side getting on the phone with Apple or Google or Microsoft or a service provider and telling them the numbers to kill.
This is assuming that Apple or Google or whoever even can flip the kill switch without the assistance of the phone's authorized user. They could easily design the kill switch system so that the person flipping the switch has to know the authorized user's password [1]. There is nothing in the bill that I see that says they have to design the kill mechanism to allow law enforcement or the manufacturer or the carrier to be able to use it.
[1] For instance, the phone could ask for your iCloud or Google account information when you set up the kill switch for the first time, and then it could store on the phone a hash of the concatenation of your password and the phone serial number. The kill switch mechanism could require that the kill command include that hash, thus proving to the phone that the sender had access to your password.
EDIT: yes, please, go ahead and explain how you're going to get phone's location geographically. Hint: not everybody has data turned on always. Or GPS.
> … We also know that kill switches are effective…
Do you have a source to back up the stats in this section?
> This would be an ineffective way to accomplish that. They'd first have to make a list of all the phones in the target area, and then they'd have to send the lock commands to them, one by one.
This doesn't seem to hard, if you have all of the phones connecting to one or two towers (Or you set up your own "Stingray" tower).
Now the standard line before a protest speech will be, "Please turn your phones to silent, and turn off the kill switch please..."
If a government authority wants to shut down the phone system, why on earth wouldn't the FBI/NSA/CIA just instruct the Telcos to shut down their signal to the area? Seem to be a much more straightforward and simple solution - particularly as there are only 4 or 5 carriers in the bay area.
I seem to recall the BART authority doing something similar with their infrastructure during recent protests - it was quite effective.
The idea wouldn't just be the phone system but removing most people's ability to record photos or video. Point-and-shoot cameras are rapidly disappearing now that phones are good enough for most people.
The kill switch is only required to take out 'essential services' of the phone. There's no real reason I could see why the phone's camera couldn't still function even if the kill switch was used.
That said, the bill requires that the kill-switch have an option to be disabled, so there's no reason you couldn't just disable it before hand.
But I suspect it's only a matter of time before the FBI/CIA/NSA (or local PD) will be able to unilaterally decide it's in the "public interest" to suddenly shut off every phone in a particular geofence.
They can do that already just by shutting off the cell tower or blocking specific users from it.
Could someone with relevant industry insight comment as to why we're not just using IMEI blacklists?
From Wikipedia: "For example, if a mobile phone is stolen, the owner can call his or her network provider and instruct them to "blacklist" the phone using its IMEI number."
Is it because it's actually mutable/not properly authenticated? Or because global blacklist synchronization isn't good enough and not all operators respect them?
The IMEI blacklists don't work across borders. My sister in law's Blackberry was stolen from her at a mall in South Africa. It was reported and added to the IMEI blacklist. A few months later I accidentally added her old PIN as a BBM contact and ended up chatting to a chap in Nigeria.
It isn't farfetched to assume that network providers don't really care about stolen phones in the third world. Until they do, IMEI blacklists won't mean much.
> It isn't farfetched to assume that network providers don't really care about stolen phones in the third world.
Network providers probably don't care about stolen phones in the first world. If they could find a way to ignore domestic IMEI blacklists without too much public outcry, they probably would.
In the US, the top four carriers make almost $8 billion per year selling theft insurance to their customers [1]. I don't have a cite handy, but I recall reading that they also make a huge amount selling replacement phones to people whose phones were stolen.
Samsung planned to do a kill switch on its phones to fight theft a while ago, and the carriers blocked it. Many believe they blocked it to protect those insurance and replacement phone profits.
Sometimes IMEI blacklists mean too much. There was a batch of cheap Chinese counterfeit phones in Bangladesh (IIRC) that all had the same IMEI. One got stolen, the IMEI got blocked, and all of that make of phone was unusable.
As far as I can tell, it is because they are either lazy or the systems are not exposed to the underlings you can actually call most of the time.
I worked closely with carriers and they would resist any attempt for you to do anything in their system and insist it wasnt possible unless you had the cops or the legal system behind you.
At some stage smartphones will become as cheap and ubiquitous as Nokia feature phones were before the iphone took hold. Sure they will have some secondhand/stolen goods value - $10 - but buyers might be hard to find as, by then, it might cost $30 to buy a new one. When this point happens (and it will), it will be hard to sell $$$ mega-bucks phones as new or into the second hand/stolen market.
People used to burgle houses for VCR's once, and for DVD players. Nowadays a DVD player is a giveaway item, nobody gets them stolen anymore.
I think the data that is stored on phones will still make them a target. A better reference would be stolen laptops... I wonder how much they get stolen nowadays. (The TSA seems to have tons of them left a check points, so who knows what that means. http://www.americanownews.com/story/22046003/12000-laptops-l...)
I've adopted JWZ's mindset on cellphones [1] for more than a decade now. Once it became impossible to not have one, I finally relented a bit and purchased a 7" chinese tablet that can do encrypted VoIP over wifi. I have no E911 GPS override (mandatory since '97), and I won't ever have a kill switch either.
I had my tablet stolen a few weeks back, and got it back a week later by allowing the thief access to my email and promising a reward (sent messages to myself, so they'd pop up on the main screen). the email server logged all the IP addresses that the thief used to reply to me, and with the help of the local ISP here, tracked the IP to a house, knocked on the door, and asked for my tablet back. they gave it back once caught, and I promised not to press charges. I find this resolution superior to a mandatory kill switch that gives a phone company (that I don't like/trust/respect) control over my property. I seem to be in the minority, though.
because they could have made a decent case that they were merely concerned for their own safety, which led to the subterfuge. And they might have been able to claim that I left it on the bus (the video of the bus ride was not conclusive). If he had not given me the tablet, I had people staked at the location, and we would have placed him under citizen's arrest. Fearing his freedom, he phoned his girlfriend who had the tablet, and I let them both go, but kept the video of the conversation with him. We use it for contract class now. :)
I think that at the moment the kill switch is more for protecting the data on the phone, rather than protecting the phone from being reused. For the common thief, this will be an inconvenience in probably reselling the phone, but there will always be hackers out there who will be able to reinstall the OS.
Also as far as I know Carries can blacklist Phones based on IMEI. So the kill switch could also trigger the Carrier blacklisting. I think that iPhones already have something built in for this.
I believe the idea is that you can't just reinstall the OS to circumvent it.
Apple currently does this with their activation - if the phone gets remotely locked by the user, it can't be unlocked without knowing the password, and no amount of reinstalling, wiping, or praying to your deity will be enough to unlock it.
As far as I'm aware, there aren't any known vulnerabilities with Apple's scheme - I don't know how long this will remain true.
I'm curious how this will be implemented on the Android side (also considering that Google is headquartered in CA - but I don't know if that changes anything). Android phones are known for their open-ness, and on many models, unlocked boot loaders. I wonder how you'd securely lock it down so you couldn't wipe it, like you describe.
Presumably it'd act as an extension of how it works now - the phone is shipped with a locked bootloader, and has to be unlocked by a computer which wipes the phone in the process.
So the bootloader could require a code which is generated by Google to do that unlock, and Google could keep a list of 'killed' phones not to generate unlock codes for. The challenge would be to prevent that expanding into a wider scheme to stop users having control over their devices.
Remember, the revolution will not be televised. And now also not on <your favourite app>. And not on your news channel. No smartphone, no coverage, no action.
You don't take public transportation in a big city, do you?
Cell phone theft is a HUGE problem. Huge.
People don't like carrying things of large, uncontrolled value on their person when they don't have to. The status quo is the equivalent of forcing people to carry a small brick of gold on them everywhere they go, just so they can hail an Uber or play Candy Crush.
People will literally feel safer for this every day - I know I
do already.
My anecdotal evidence is that neither myself nor anyone I know has had a mobile phone stolen while on public transport or anywhere else. That said, I still agree with you 100%. Even if the risk is small, it still can happen and would suck if it does. The remote-wipe feature of Exchange ActiveSync is why I set it up on my phone plus have the data partition encrypted so that even if it is swiped, all I've lost is the data and at least it's useless to anyone else.
Cell phones are taken in 30-40% of robberies in major cities, according to the FCC [1]. In Oakland 75% of robberies and burglaries involve cell phone theft, according to the mayor [2].
There have also been changes in crime rates; [3] identifies a 45% rise in armed robberies, and suggests cell phones are the reason.
I think even the most libertarian among us would agree it's within the state's remit to reduce armed robberies.
Quote from the last link: "About 3.1 million Americans had their phones stolen last year, according to a just-released national survey by Consumer Reports. That's nearly double the magazine's estimate of 1.6 million mobile phones stolen during 2012."
-- but the intent is irrelevant to the problem the bill addresses -- it removes the incentive to try to steal a cell phone, regardless of the specifics.
perhaps I wasn't clear before. I would like to see links showing that the majority of burglaries, where cellphones were stolen, were to take the cellphone itself, and not just burglarize the house.
But I appreciate the individual stories about cellphone theft, whether or not they are really relevant to the point of burglaries and robberies.
> ... perhaps I wasn't clear before. I would like to see links showing that the majority of burglaries, where cellphones were stolen, were to take the cellphone itself, and not just burglarize the house.
Perhaps I wasn't clear before, but my point was that it's not necessary to prove that someone had a specific and sole intent to steal a cell phone, for an anti-theft bill to make sense.
I wasn't aware that an opt-in version of this was already on the books. I'm curious to see exactly how much the user is in control of this "technology" in practice. If the user can (a) disable the feature, and (b) is the only person who can initiate a remote shutdown, then it's probably to the consumer's advantage. But I suspect it's only a matter of time before the FBI/CIA/NSA (or local PD) will be able to unilaterally decide it's in the "public interest" to suddenly shut off every phone in a particular geofence.
Cars are also stolen every day, and society manages to get by, through insurance and opt-in theft deterrence tools (both manufacturers and consumers already have plenty of incentive to deter theft). I have a hard time believing that stolen phones are a big enough social problem to warrant a mandate of this scope. Regardless of intent, this power will be abused.