More than 1 million cellphones are stolen in the US each year, and the FCC is not happy about it. A new agency report says wireless-network operators and law-enforcement agencies can and should do more to help prevent phone thefts. There are some hurdles in the way, to be sure, but the FCC is confident the industry can leap over them, as long as everyone works together.
The FCC believes smartphone theft is a "major issue" facing not only consumers, but law enforcement and the entire mobile ecosystem. Phones are expensive to replace, and often contain vast stores of personal (and often corporate) data. Early this year, the agency commissioned the Mobile Device Theft Prevention (MDTP) working group to research the issue and offer recommendations by the end of the year. The MDTP found significant shortcomings in existing preventative measures.
To start, the statistics covering national and international smartphone thefts aren't up to speed. Though network operators maintain a database of stolen device IDs, not all the carriers participate and law enforcement is barely aware of the database's existence. This means police departments aren't adding the IDs of stolen smartphones to the database. Carriers are supposed to check the database before activating used phones to determine if they are stolen. With neither side consistently participating in the program, it has pretty much failed.
[Should the Feds have access to data on alleged criminals' phones? See Why FBI Is Wrong On Encryption Workaround.]
Data from just 21 police jurisdictions (out of 18,000), covering about 19.7 million people, suggests the US had a phone-theft rate of 368.9 per 100,000 people through 2013. Extrapolated, the FCC says this represents more than 1 million thefts per year, which is far fewer than the 3.1 million yearly thefts claimed by Consumer Reports. The FBI believes smartphone theft accounts for a whopping 10% of all thefts in the country each year. There is, however, a caveat.
"There is considerable concern that the reported theft rate may be under reported, especially in cities that have not established a law enforcement focus on this criminal activity area," wrote the MDTP. "The more troubling issue at this point is that it is challenging to obtain and analyze the data; thus there is insufficient data to determine the extent and trend of criminal activity." Further, the MDTP can't determine where all the stolen phones go. Some are shipped out of the country, but many simply vanish. Clearly, it is a global problem.
In the plus column, the MDTP found that wireless trade group CTIA and other organizations have voluntarily agreed to certain protective measures. Further, smartphone OS makers, including Apple, Google, and Microsoft, all offer device encryption, remote kill switches, and remote wipe. Alone, these measures don't seem to be deterring theft. The FCC thinks when all are used together they will be more effective.
"There is no single technology 'silver bullet' that will eliminate phone theft and therefore a complementary suite of technical and operational mitigation techniques will need to be made available and applied to gain additional impact to this issue," said the working group. The group believes a national framework is needed to make all players more aware of the dangers and take preventative measures. Moreover, carriers and law enforcement need to participate meaningfully to have an impact.
The Working Group recommended: carriers develop a more effective way to block stolen phones from gaining network access; more US operators need to participate in the voluntary stolen phone database; all parties need to collect better data for improved insight; law enforcement needs to be made more aware of the tools at their disposal; and consumers need to be more educated on steps they can take to prevent theft and protect their data.
While the industry works to move these measures forward, smart IT managers have already put best practices into effect. All employees should use passwords to lock their phones; all work data should be encrypted; all devices should be registered with a "Find My Device" service (typically offered for free); and employees should be taught how to prevent phones from being stolen in the first place.
Apply now for the 2015 InformationWeek Elite 100, which recognizes the most innovative users of technology to advance a company's business goals. Winners will be recognized at the InformationWeek Conference, April 27-28, 2015, at the Mandalay Bay in Las Vegas. Application period ends Jan. 16, 2015.