California bill directs mobile hardware makers to include a way to disable stolen communications devices. Will privacy concerns be addressed?
Lost Smartphone? 6 Free Tracking Apps
(click image for larger view)
California State Senator Mark Leno on Friday introduced a bill that, if passed, will require makers of mobile communications devices sold in the state after Jan. 1, 2015 to include technology that can render such devices inoperable when lost or stolen.
The mandated technology, commonly referred to as a "kill switch," may be implemented in software or hardware, but must be able to survive a factory reset. To comply, companies might have to do additional engineering work on their mobile devices -- factory resets typically erase all data by reformatting storage media and might not be set up to handle exceptions. The specified fine for the absence of a kill switch ranges from $500 to $2,500 per violation.
The bill stipulates that the physical action necessary to disable the kill switch may only be taken by the rightful owner of the device or a person designated by the owner; the mobile carrier may not do so, but presumably could with the owner's permission. The mobile carrier also may not encourage the disabling of the kill switch.
The kill switch must "render inoperable" the following features: "the ability to use the device for voice communications and the ability to connect to the Internet, including the ability to access and use mobile software applications commonly known as 'apps.'"
This wording leaves some ambiguity: A PIN-protected lock screen appears to meet the bill's requirements because the bill limits access and use but does not call for the shutdown of software (the termination of processes). Many apps continue to run in the background and access the Internet even when they're not being used by the device owner.
At the same time, the bill's unqualified voice communications cutoff requirement appears to conflict with the Federal Communications Commission's rule that wireless phones must be capable of making 911 calls regardless of whether the caller has a mobile service plan.
Leno and San Francisco district attorney George Gascón announced their intent to propose a kill switch requirement last December, citing an "alarming rate" of mobile phone thefts nationwide. They cite FCC figures indicating that smartphone thefts account for 30% to 40% of all robberies nationwide. In San Francisco, that figure is said to be more than 50%.
Smartphone theft and the public safety issues that accompany it have galvanized lawmakers and law enforcement officials around the country. Last summer, Gascón joined New York State attorney general Eric Schneiderman to launch Secure Our Smartphones (SOS), a nationwide initiative to encourage phone makers to integrate anti-theft technology. And last month US Senator Amy Klobuchar (D-Minn.) said she intends to introduce similar federal legislation in the coming weeks.
Mobile carriers have rejected calls for a kill switch. CTIA, a trade group for the wireless industry, says it would be too easy for hackers to forge kill switch commands, thereby shutting down mobile communication services for authorities, emergency responders, or other officials. Gascon, however, reportedly has email evidence that mobile carriers are resisting the call for kill switches to preserve the billions of dollars they make annually from selling theft insurance to their customers.
Leno's bill states that, according to industry publications, "the four largest providers of commercial mobile radio services made an estimated $7.8 billion dollars from theft and loss insurance products in 2013."
Carrier motives aside, a government-mandated anti-theft regime raises provocative questions about the limits of property ownership and privacy. In order to be effective, this kill switch could not be easily disabled by switching a device off or into airplane mode. As a consequence, any person carrying an always-on device becomes always trackable.
In addition, the rationale for putting kill switches in phones also applies to cars, the theft of which, according to the FBI, cost $4.3 billion in losses nationwide in 2011. Though that's far less than the $30 billion in estimated US mobile phone losses during 2012, this particular form of digital restriction management (DRM) seems destined to spread as more devices get connected to the Internet.
Too many companies treat digital and mobile strategies as pet projects. Here are four ideas to shake up your company. Also in the Digital Disruption issue of InformationWeek: Six enduring truths about selecting enterprise software. (Free registration required.)
Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.