Mobile // Mobile Devices
News
2/8/2014
09:06 AM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

California Kill Switch Bill Targets Phone Thieves

California bill directs mobile hardware makers to include a way to disable stolen communications devices. Will privacy concerns be addressed?

Lost Smartphone? 6 Free Tracking Apps
Lost Smartphone? 6 Free Tracking Apps
(click image for larger view)

California State Senator Mark Leno on Friday introduced a bill that, if passed, will require makers of mobile communications devices sold in the state after Jan. 1, 2015 to include technology that can render such devices inoperable when lost or stolen.

The mandated technology, commonly referred to as a "kill switch," may be implemented in software or hardware, but must be able to survive a factory reset. To comply, companies might have to do additional engineering work on their mobile devices -- factory resets typically erase all data by reformatting storage media and might not be set up to handle exceptions. The specified fine for the absence of a kill switch ranges from $500 to $2,500 per violation.

The bill stipulates that the physical action necessary to disable the kill switch may only be taken by the rightful owner of the device or a person designated by the owner; the mobile carrier may not do so, but presumably could with the owner's permission. The mobile carrier also may not encourage the disabling of the kill switch.

The kill switch must "render inoperable" the following features: "the ability to use the device for voice communications and the ability to connect to the Internet, including the ability to access and use mobile software applications commonly known as 'apps.'"

[Protect yourself against phone thieves. Read 10 Defenses Against Smartphone Theft.]

This wording leaves some ambiguity: A PIN-protected lock screen appears to meet the bill's requirements because the bill limits access and use but does not call for the shutdown of software (the termination of processes). Many apps continue to run in the background and access the Internet even when they're not being used by the device owner.

At the same time, the bill's unqualified voice communications cutoff requirement appears to conflict with the Federal Communications Commission's rule that wireless phones must be capable of making 911 calls regardless of whether the caller has a mobile service plan.

Photo courtesy of West Midlands Police (Flickr).

Leno and San Francisco district attorney George Gascón announced their intent to propose a kill switch requirement last December, citing an "alarming rate" of mobile phone thefts nationwide. They cite FCC figures indicating that smartphone thefts account for 30% to 40% of all robberies nationwide. In San Francisco, that figure is said to be more than 50%.

Smartphone theft and the public safety issues that accompany it have galvanized lawmakers and law enforcement officials around the country. Last summer, Gascón joined New York State attorney general Eric Schneiderman to launch Secure Our Smartphones (SOS), a nationwide initiative to encourage phone makers to integrate anti-theft technology. And last month US Senator Amy Klobuchar (D-Minn.) said she intends to introduce similar federal legislation in the coming weeks.

Mobile carriers have rejected calls for a kill switch. CTIA, a trade group for the wireless industry, says it would be too easy for hackers to forge kill switch commands, thereby shutting down mobile communication services for authorities, emergency responders, or other officials. Gascon, however, reportedly has email evidence that mobile carriers are resisting the call for kill switches to preserve the billions of dollars they make annually from selling theft insurance to their customers.

Leno's bill states that, according to industry publications, "the four largest providers of commercial mobile radio services made an estimated $7.8 billion dollars from theft and loss insurance products in 2013."

Carrier motives aside, a government-mandated anti-theft regime raises provocative questions about the limits of property ownership and privacy. In order to be effective, this kill switch could not be easily disabled by switching a device off or into airplane mode. As a consequence, any person carrying an always-on device becomes always trackable.

In addition, the rationale for putting kill switches in phones also applies to cars, the theft of which, according to the FBI, cost $4.3 billion in losses nationwide in 2011. Though that's far less than the $30 billion in estimated US mobile phone losses during 2012, this particular form of digital restriction management (DRM) seems destined to spread as more devices get connected to the Internet.

Too many companies treat digital and mobile strategies as pet projects. Here are four ideas to shake up your company. Also in the Digital Disruption issue of InformationWeek: Six enduring truths about selecting enterprise software. (Free registration required.)

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
<<   <   Page 2 / 3   >   >>
YosarianT073
50%
50%
YosarianT073,
User Rank: Apprentice
2/8/2014 | 3:13:40 PM
Bad BAD idea
Do what I did, spam Mark Leno's inbox with how you feel about this Orwellian BS. Just put the address for his office lol it passes the filter. 50% of robberies? LOL that's because when you call and tell them your phone was stolen (because "I lost it" "isn't covered") it gets reported as a robbery. Good freaking lord people are dumb.
JohnM818
50%
50%
JohnM818,
User Rank: Apprentice
2/8/2014 | 3:50:21 PM
Don't trade Real security for "phoney" security
We're talking about a centrally programmable means to disable private communications not to mention the backdoor such technology may create to listen even if bulk collection is thwarted.
 
I think it's terribly naive to think technology won't become the means to stifle unwanted political speech (it is already that).
This programming will require a means to makea a low level change to the device's hardware layer, and that will require a secure means to ensure the only person who can authorize the change is the device owner. But in technology today there's no truly secure means to do anything. Any such technology that you try to set up will potentially be used for nefarious purposes, possibly on a grand scale and possibly be misused by goivernment authorities as well. I pray that this bill is stopped as it may open a flood gate to security breeaches. You're better off to lose the device than to open that door.  
 
Sam_Debater
IW Pick
100%
0%
Sam_Debater,
User Rank: Apprentice
2/8/2014 | 5:14:37 PM
Innocent Victims
Just yesterday, I read an account of a man whose Twitter account was hijacked by someone who managed to gain control over the man's domain name and email. None of the services would help him. In order to regain control of his domain name, he had to give up his Twitter name. What is to ensure that only the rightful owner of a cell phone could disable it? How do you know who is the rightful owner? How secure is this system? 
Michael Endler
50%
50%
Michael Endler,
User Rank: Author
2/8/2014 | 5:33:09 PM
Re: a step in the right direction...
"Point being, often, people (especially women) say their phone was 'stolen' so they can be a victim of circumstance, instead of being empowered to make a decision."

I'm not so sure about that. It sounds awfully generalized and anecdotal. The article cites some compelling crime statistics. Living in San Francisco, where crime stories involving mobile devices are pretty common, I don't doubt that legitimate thefts result in billions of dollars in losses. Perhaps "lost" devices inflate figures a bit, and perhaps a kill switch isn't the answer, but more and more people are wandering around densely populated areas with no sense of their surroundings, totally absorbed in a tweet or text or whatever. It's not surprising that street robberies, generally a crime of opportunity, have ballooned.
Michael Endler
50%
50%
Michael Endler,
User Rank: Author
2/8/2014 | 5:36:35 PM
Re: Bad Idea
Yeah, this seems difficult to safely implement. I need to see a lot more to be convinced this isn't yet another good intention primed to run amok.
Li Tan
50%
50%
Li Tan,
User Rank: Ninja
2/10/2014 | 4:03:03 AM
Re: Bad Idea
The initial idea seems to be great but the implementation details are of concern - how such kind of functionality can be done in real life is a question mark. How realiable it will be? How can we locate the stolen phone properly? Will the functionality be mis-used somehow?
RobPreston
100%
0%
RobPreston,
User Rank: Author
2/10/2014 | 9:23:59 AM
Re: I'm not at all sure I'm in favor of this
Why is this a regulatory issue and not a market issue? If consumers really want a kill swtich, some company in the industry will provide it to those who want it, at a cost to the consumer and profit to the provider. It needn't be a forced option.  
Ariella
50%
50%
Ariella,
User Rank: Ninja
2/10/2014 | 10:18:53 AM
Re: I'm not at all sure I'm in favor of this
@Rob intersting argument. The invisile hand will assure that whatever feature consumers demand will be included without government intervention.  
Petar Zivovic
50%
50%
Petar Zivovic,
User Rank: Strategist
2/10/2014 | 1:32:20 PM
Law needs to be thought through
Lots of good commentary here.

I have several thoughts on this.

First, in reply to the user who stated below, "...phones could be set to automatically cease operation in the proximity of a car's driver seat, making it impossible to text or call while driving..." Ok, despite best intentions, an accident occurs anyway for an unrelated reason. I go to call 911 and/or family for help...oh wait, I CAN'T. My phone's disabled. For this reason, in my opinion, this is a well-intentioned idea that isn't a good one when set to an absolute like that.

Second, in reply to the article, where the third paragraph starts: "The bill stipulates that the physical action necessary to disable the kill switch may only be taken by the rightful owner of the device or a person designated by the owner..." The problem with this also well-intentioned approach is, if the technology exists in the phone so the owner can disable it, chances are the thieves will figure out how to work that function to disable it. This puts us right back where we started. That alone makes this law likely an exercise in futility, in addition to the points made later in the article.

Finally, I'm with Mr. Preston on this. Businesses can make an offering and people will pay if they really want it. In general, consumers want more choice, not more mandatory features shoved down their throat (and the associated costs).

I do pay for tracking software to find my phone in case it's lost/stolen. A PIN is required to unlock it. Encryption software protects my sensitive data. If a thief is savvy enough to wipe my phone and/or strip it for spare parts before I can remote find/kill it, so be it. But if all I did is misplace my phone, I can at least find it again. Case in point: I wish this feature was available on my wife's older phone last week. She dropped it in the snow just outside the garage but didn't realize it was missing until she had gone to half a dozen places. This feature would have eliminated all places to search except home, narrowing the search tremendously, and we probably would have found it within the hour instead of half a day later.

Based on the above, the proposed law is not only unnecessary, it creates a burden that will help few (if any) and harm many. Therefore it would not make a good law & should not be passed.
Kristin Burnham
50%
50%
Kristin Burnham,
User Rank: Author
2/10/2014 | 3:46:04 PM
Re: Kill Switch could be a very good idea
But what about the instances in which you're involved in an accident? While I understand your arguement for it doing some good, I'm still not sure this would be a good move. Be wary of your surroundings and resist operating your phone while driving. As a reader above mentioned, a "kill switch" is protecting people from their mistakes.
<<   <   Page 2 / 3   >   >>
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - September 10, 2014
A high-scale relational database? NoSQL database? Hadoop? Event-processing technology? When it comes to big data, one size doesn't fit all. Here's how to decide.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.