Cellphone kill switch a no-brainer
Last week, California State Sen. Mark Leno (D-San Francisco) proposed legislation that would require cellphone manufacturers to build in "kill switches" that would allow users to disable their devices if they are lost or stolen. The move was a response to the rapid rise in smartphone thefts. An estimated 1.6 million smartphones were stolen in the United States in 2012.
As it turns out, there are multiple points of view on whether this is a good idea, from legislators, cellphone manufacturers, cellular service providers and end users.
At first glance, the suggestion makes perfect sense. What incentive would there be to steal a smartphone if it could immediately be made useless?
Nevertheless, while some smartphone manufacturers – including Apple and Samsung – have been developing such a capability, the major industry group representing cell service providers is lobbying against such measures.
CTIA – The Wireless Association, in a June 2013 submission to the Federal Communications Commission, argued that kill switches were a bad idea because the kill switches themselves might be hacked. The industry group also warned that if a kill switch permanently disabled a device when it was reported lost or stolen, the owner would not be able to re-enable it if it was recovered.
These arguments don't stand up to scrutiny, however.
Yes, in principle, we have to assume that would be potentially possible for sophisticated hackers to access and maliciously trigger a user's kill switch. Of course, thieves are unlikely to do this since it would make the device unusable or unable to be used as a perch for further mischief on the device or over the network.
So the only scenario for a hacked kill switch would be a targeted attack designed to cripple, say, a large swath of cellphones used by the military or security agencies. Security-conscious organizations are, of course, aware of the vulnerabilities of their devices and are constantly developing countermeasures against wholesale threats such as distributed denial-of-service attacks. Adding a kill switch would not make these devices more vulnerable than they already are or the military less prepared to deal with threats against them.
And, in fact, the Defense Advanced Research Projects Agency is working to develop just such a capability for government devices. The agency awarded a $3.4 million contract to IBM on Jan. 31 to work on developing "vanishing programmable resources," which are described on the DARPA website as "electronic systems capable of physically disappearing in a controlled, triggerable manner."
CTIA's other argument against kill switches – that they would permanently disable devices, resulting in a user's inability to revive a device after it is recovered – also doesn't hold water.
There is no reason to assume that kill switches can't be developed that can be unswitched.
In fact, Apple has already added a new feature to iOS 7 – the operating system for iPhones and iPads – called Activation Lock. When a user reports a device lost or stolen, Activation Lock will prevent anyone from disabling the "Find my iPhone" feature on the device. Activation Lock also prevents a user from erasing and reactivating the device. The only way to remove Activation Lock's protection is by providing the correct Apple ID and password.
So why is CTIA really lobbying against implementing kill switches on smartphones? Some have suggested that the industry is reluctant to see a drop in profits it earns from selling consumers insurance on their smartphones, and that would almost certainly happen if kill switches result in a decrease in smartphone theft.
The technology is available to save consumers – and government agencies – money and to cut crime. It's a shame that legislators have to fight an uphill battle against lobbyists to require the use of that technology.
Posted by Patrick Marshall on Feb 11, 2014 at 1:20 PM