California Bill Proposes Mandatory Kill-Switch On Phones and Tablets 341
alphadogg writes "Politicians and law enforcement officials in California will introduce a bill on Friday that requires all smartphones and tablet PCs sold in the state be equipped with a digital 'kill-switch' that would make the devices useless if stolen. The bill is a response to a rise in thefts of portable electronics devices, often at knife or gunpoint, being seen across the state. Already half of all robberies in San Francisco and 75 percent of those in Oakland involve a mobile device and the number is rising in Los Angeles, according to police figures. The trend is the same in major cities across the U.S. and the California bill, if it passes, could usher in kill-switch technology nationwide if phone makers choose not to produce custom devices for California. California Senate bill 962 says all smartphones and tablet PCs sold from Jan. 1, 2015, should have 'a technological solution that can render the essential features of the device inoperable when the device is not in possession of the rightful owner.'"
Re:Slashdot Beta: Day Three (Score:0, Informative)
Please post this to new articles if it hasn't been posted yet.
On February 5, 2014, Slashdot announced through a javascript popup that they are starting to "move in to" the new Slashdot Beta design.
Slashdot Beta is a trend-following attempt to give Slashdot a fresh look, an approach that has led to less space for text and an abandonment of the traditional Slashdot look. Much worse than that, Slashdot Beta fundamentally breaks [reddit.com] the classic Slashdot discussion and moderation system. If you haven't seen Slashdot Beta already, open this [slashdot.org] in a new tab. After seeing that, click here [slashdot.org] to return to classic Slashdot.
We should boycott stories and only discuss the abomination that is Slashdot Beta until Dice abandons the project.
We should boycott slashdot entirely during the week of Feb 10 to Feb 17 as part of the wider slashcott [slashdot.org]
Moderators - only spend mod points on comments that discuss Beta
Commentors - only discuss Beta
http://slashdot.org/recent [slashdot.org] - Vote up the Fuck Beta stories
Keep this up for a few days and we may finally get the PHBs attention. Links of note:
Discussion of Beta: http://slashdot.org/firehose.pl?op=view&id=56395415 [slashdot.org]
Discussion of where to go if Beta goes live: http://slashdot.org/firehose.pl?op=view&type=submission&id=3321441 [slashdot.org]
Alternative Slashdot: altslashdot.org [altslashdot.org]
IRC Discussion: freenode #slashdot-refugees
IRC Discussion: slashnet.org #slashdot
Re:What could go wrong? (Score:5, Informative)
Even if a phone can be killed, it likely won't drop crime that much. Unlike car radios which were pretty much made useless by the fact that OEMs have decent audio from the factory, smartphones will still make money when parted out. In fact, if an iPhone is just stripped and just the screen sold, that is at least a couple C-notes right there, which is good money.
An iPad or tablet is even more cash for parts.
So, with this in mind, yes, killing the device might stop it from being sent to Mexico and used there, but for the most past, IMEI blacklists have similar functionality.
To boot, we already have that functionality in place. Any device running iOS 7.x will require the user's AppleID and password before it will activate, so stealing an iPhone in order to resell the unit is an exercise in futility.
PS: Insert beta rant here.
Re:Kill-switch? (Score:3, Informative)
That would be fine, except Dice has stated its clear intention to eliminate classic mode. If classic mode weren't going away, most people wouldn't care.
Beta delenda est.
Re:What could go wrong? (Score:5, Informative)
Ah, but if your phone is wrecked and you have to go in to get it fixed, they'll be able to identify if you were one of the people in the demonstration, and therefore be able to prove you were there and charge you.
It's one thing to just shut down all comms, it's another thing to be able to have some persistent evidence you were one of the people who they targeted.
Now, if you'll excuse me, I need to add another layer of tinfoil to my hat.
There are literally countless ways that are far more effective and accurate than that...
Put control in CONSUMER hands not Law Enforcement (Score:5, Informative)
If the government were REALLY concerned for the public good, they would put the kill switch under the control of the CONSUMER. We already have it for credit cards - we call up a phone number, report it stolen, and wala credit card becomes an instant brick. There is no reason this couldn't be done for mobile devices.
Re:What could go wrong? (Score:5, Informative)
You are correct that cryptography is not a cure-all to all problems, however, your post goes irrevocably wrong immediately after that. HSM and TPM chips are quite secure and well established. The example problems you suggest are in no way relevant to the conversation at hand since they deal with an entirely different use case of security. As dmbasso was kind enough to point out, I am referring to the use of asymmetric cryptography to allow secure validation of a private key being held remotely. Such cryptography is used all the time (any time you use an HTTPS page) to prove the exact same thing.
The device merely has to hold the a public key for which the legitimate owner (or the vendor) has the private key. If the device is stolen and locked, it is trivial for an HSM to prevent unlock without the private key. It may be possible to circumvent the kill switch by yanking the HSM, but such an operation would likely exceed the black market cost of the majority of phones as it involves painstaking processes such as removing the silicon one layer at a time with a very carefully applied acid bath, and even then, the write once public key address space would be just as secure as any write once kill switch flag that could be implemented.
To prevent re-activation of the kill switch itself (rather than the recovery mechanism) the switch could be tied in hardware to a similar challenge response against a private key held in the device's HSM. To "kill" the device, this private key would be wiped, preventing the device from starting. To re-initialize it, the private device key would be restored by looking for a key signed by the owner's private key.
This is a simple to implement and highly secure system that would be cost prohibitive to work around and also could use available, near off the shelf components to implement.