California Bill Proposes Mandatory Kill-Switch On Phones and Tablets

alphadogg writes "Politicians and law enforcement officials in California will introduce a bill on Friday that requires all smartphones and tablet PCs sold in the state be equipped with a digital 'kill-switch' that would make the devices useless if stolen. The bill is a response to a rise in thefts of portable electronics devices, often at knife or gunpoint, being seen across the state. Already half of all robberies in San Francisco and 75 percent of those in Oakland involve a mobile device and the number is rising in Los Angeles, according to police figures. The trend is the same in major cities across the U.S. and the California bill, if it passes, could usher in kill-switch technology nationwide if phone makers choose not to produce custom devices for California. California Senate bill 962 says all smartphones and tablet PCs sold from Jan. 1, 2015, should have 'a technological solution that can render the essential features of the device inoperable when the device is not in possession of the rightful owner.'"

Now with Oppression Inside; Do Not Want!

[VortexCortex]

I'm sorry. A remote kill-switch is unacceptable. The big time thieves already put your cellphone in a Faraday cage when they swipe it. The real purpose of this device remote kill switch is to allow a more target approach to the Internet kill-switch -- Which as we've recently seen is what oppressive governments do to silence public opposition. Keep in mind that the USA has a long history of silencing public activism, [wikipedia.org] and they are actively planning to ensure their capability to silence activists. [theguardian.com]

It's quite telling indeed that this would be made mandatory, and not present at the user's option. Why not let the market decide whether this feature is wanted? This mandatory oppressive non-feature creep is anti-capitalism, anti-freedom, and anti-American.

Yeah, No.

[fuzzyfuzzyfungus]

This would be a disaster. Even if the objective is noble, there's an ugly architectural fact: as with any other DRM scheme, you can't have effective control unless the 'owner' of the device is no longer the most privileged user of the device. Whether you bake it into the OS, some sort of hypervisor, the firmware, or whatever, there has to be an agent one level higher to enforce restrictions on the user.

The only exception (in this bill's case, not in that of DRM generally) would be if the control mechanism were cryptographically keyfilled by the user, leaving them as the root of control but still providing for strong lockout of third parties. I'm just guessing that that concept won't be a big hit in consumer electronics, though...

In practice, this would make it illegal to sell a tablet or smartphone that isn't tivoized and locked down, since anything that lets you reflash the firmware would be overwhelmingly likely to allow a modestly competent attacker to neutralize a killswitch. Fan-fucking-tastic.

In a different context

[ExXter]

This perfectly covers the need of police and secret agencies for a simple "switch off method" for mobil phones and devices in particular areas of interest in which officials, independant of reason, want to shut down public spread of information at all cost. Censorship at its best, Orwell would have jumped of joy ^^.

The device list for such a maneuver is easily obtained through the telecommunication companies which already give free acess to NSA & Co.

Spawning from riots which have to be covered up.
To civilian killings + shut down of areas.
Etcetc ... you can all count. If you want information to leave an area in which you are active, just switch off any device thats not yours. (Good I still can make photos with my analog camera).

The idea is good but the use for others is terrifying.

Re:What could go wrong?

[gstoddart]

*sigh* Yeah, you're probably right.

This will be both misused by malicious entities, and misused by the malicious entities we call governments.

It seems like every time people try to legislate solutions to these kinds of problems they just create more problems due to their stunning lack of understanding of the technology.

It's just DRM. Doomed to fail.

[wvmarle]

It sounds very much like some kind of DRM to me.

It's a digital lock - which can be activated remotely, so certainly can be activated (and deactivated) locally. It may be hard to unlock, but it will be possible.

Like DRM, it'll inconvenience the casual offender, who has limited technical ability. And sooner or later people will get accidentally locked out of their genuinely owned devices. Indeed maybe due to a ransomware type malware, maybe due to a simple error at the manufacturer's server, whatever. It can happen, so it will happen.

Re:They've got it wrong

[gnick]

I'd suspect the latter. And instead of a kill switch, wouldn't a switch forcibly enabling GPS tracking be more effective? Of course, misuse could be an issue.

Imagine this + Lucy Koh

[kav2k]

Suppose this is implemented. Then imagine a new escalation in the patent wars: say, a phone model is found infringing, and judge mandates not only to stop sales, but to remotely destroy all devices sold in the US.

It already exists

[dirk]

This already exists and the rest of the world uses it. It's called the IMEI number. Simply report the phone stolen and the carriers can kill the IMEI and put it on a list so that it can't work on any of their networks. Yes, thieves could still use the phone offline, but it puts a HUGE dent into reasons for stealing a phone. But carriers continue to fight against this, IMO, because stolen phones means they get to sell the customer another phone (and at non-subsidized prices). We don't need a new kill switch for the phones, we just need to legislate that the cell companies uses what is at their disposal.

BART Protest Cell Service blocking

[dozr]

Because they didn't learn from that....