recommended reading

Smartphone ‘Kill Switch’ Law: Who Gets to Shut Off Devices?

Flickr user Paul Cross

California passed a law this week that, depending on who you believe, will bring about either a drastic drop in violent crime or an increased risk of terrorism—apparently with the possibility of little in between. The law mandates that all California-sold smartphones include a “kill switch,” an anti-theft measure that allows someone to deactivate his or her phone, rendering it useless to a thief who hopes to sell it. Why is such a straightforward technology producing such extreme statements?

“It’s the phrase ‘kill switch’ that everyone has gotten excited about,” says Marc Rogers, a researcher at the mobile security company Lookout. “It’s not a technology that allows you to make magic smoke come out of your phone so it stops working.”

Even though the California law only requires a "kill switch"—which from now on I'll refer to, less threateningly, as "remote lock"—for phones sold in-state, California is a big enough market that manufacturers will probably start including it in all phones sold nationwide.

3.1 million phones were stolen in the U.S. in 2013 (many of them violently), and remote lock works in fighting this: After Apple introduced it last fall, iPhone robberies in New York dropped 19 percent, and during the same period thefts of Samsung products went up 51 percent. Larger declines in iPhone thefts have been reported in other cities.

Despite this, many telecoms opposed the mandate of remote lock until earlier this year. There was a theory as to why—wouldn’t a phone company wantyour phone to get stolen so that you have to buy a new one?—but it doesn't hold up to close inspection. A carrier gets a lot more money from you through a contract than when you buy a device. And the explanation that telecoms are loath to cede any of their mobile-insurance revenues might not tell the full story either.

The industry’s resistance was probably more due to a preference for the status quo. “The cellphone industry has always been pretty lightly regulated, and tends to resist almost all new forms of regulation almost as reflex,” says Jan Dawson, chief analyst at Jackdaw Research. Once companies saw that the law wasn’t too demanding, most of them embraced it, even if building an effective remote-lock system can be resource-intensive.

Though most carriers and manufacturers are onboard, CTIA, the industry groupthat represents just about all of them, curiously is not. CTIA has, for its part, taken steps to decrease theft, educating consumers about mobile-security apps and the use of PIN codes. In a statement distributed to the press, it called the California law “unnecessary given the breadth of action the industry has taken.” But in a less measured bit of criticism, the CTIA has suggested that remote lock might be giving hackers a way to shut down the cellphones of Defense Department officials.

Another vocal opponent of remote lock, the non-profit Electronic Frontier Foundation, has at times taken a similar tack. In an open letter to a California legislator, the EFF cited concerns that people other than a phone’s owner would remotely lock it. Hanni Fakhoury, a staff attorney at EFF, told Wired, “You can imagine a domestic violence situation...where someone kills [a victim’s] phone and prevents them from calling the police…It will not be a surprise when you see it being used this way.” The article was headlined “How Cops and Hackers Could Abuse California’s New Phone Kill-Switch Law,” and when it’s put like that—"hackers," "abuse," "kill"—it indeed sounds scary.

To make their point, the EFF and other critics havebrought up an incident in 2011 when San Francisco’s transit system, BART, shut down cell service in its tunnels to prevent a protest. The anecdote stands as an example of how the government could shut down the communications of its own citizens, and the EFF points to the fact that the government could use remote lock if a court found it had probable cause.

The EFF is right that this is worrisome, but they might be exaggerating its applicability to the remote-lock debate. “If government wanted to do something as invasive as switching off cell coverage for an area, they’re not going to do it through handsets,” says Lookout’s Marc Rogers. It’s already been demonstrated that the government can shut down communications—that’s exactly what they did in 2011—and remote-lock isn’t going to change that.

Lee Tien, a staff attorney at the EFF, told me that the danger posed by the remote-lock law is actually that it allows the government to selectively shut down individuals' phones. "If you only look at the mass [shutdown] model, this would not seem like a technology that is likely to be abused…If, on the other hand, there are other threat models that are more surgical, more targeted, then you can start to see how it might be much more relevant," he says. 

A remote-lock system isn't perfect, of course. Rogers, who has been working on anti-theft cellphone technologies for over a decade, does think it’s possible that remote lock could be hacked. “However, we live in an age when there are a lot of white-hat hackers who’ll be trying this technology for good,” he says. Of course, he advocates for the sort of caution that should accompany the rollout of any new technology.

But, more generally, it’s problematic that the arguments against remote lock have widened the scope of the conversation to the extremes, invoking horror stories about the Defense Department and domestic violence. Sure, these are possibilities, but it’s already the case that millions of people are having their phones stolen, and many of these encounters are violent. If legislation hadn’t been introduced, the industry likely would’ve continued dragging its heels in solving a well-documented problem. That solution shouldn’t be resisted in the face of far more speculative concerns.

Threatwatch Alert

Software vulnerability

Google Discloses Another Unpatched Microsoft Bug

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    Download
  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download

When you download a report, your information may be shared with the underwriters of that document.