Cell Phone Kill Switches Mandatory in California

California passed a kill-switch law, meaning that all cell phones sold in California must have the capability to be remotely turned off. It was sold as an antitheft measure. If the phone company could remotely render a cell phone inoperative, there would be less incentive to steal one.

I worry more about the side effects: once the feature is in place, it can be used by all sorts of people for all sorts of reasons.

The law raises concerns about how the switch might be used or abused, because it also provides law enforcement with the authority to use the feature to kill phones. And any feature accessible to consumers and law enforcement could be accessible to hackers, who might use it to randomly kill phones for kicks or revenge, or to perpetrators of crimes who might—depending on how the kill switch is implemented—be able to use it to prevent someone from calling for help.

“It’s great for the consumer, but it invites a lot of mischief,” says Hanni Fakhoury, staff attorney for the Electronic Frontier Foundation, which opposes the law. “You can imagine a domestic violence situation or a stalking context where someone kills [a victim’s] phone and prevents them from calling the police or reporting abuse. It will not be a surprise when you see it being used this way.”

I wrote about this in 2008, more generally:

The possibilities are endless, and very dangerous. Making this work involves building a nearly flawless hierarchical system of authority. That’s a difficult security problem even in its simplest form. Distributing that system among a variety of different devices—computers, phones, PDAs, cameras, recorders—with different firmware and manufacturers, is even more difficult. Not to mention delegating different levels of authority to various agencies, enterprises, industries and individuals, and then enforcing the necessary safeguards.

Once we go down this path—giving one device authority over other devices—the security problems start piling up. Who has the authority to limit functionality of my devices, and how do they get that authority? What prevents them from abusing that power? Do I get the ability to override their limitations? In what circumstances, and how? Can they override my override?

The law only affects California, but phone manufacturers won’t sell two different phones. So this means that all cell phones will eventually have this capability. And, of course, the procedural controls and limitations written into the California law don’t apply elsewhere

EDITED TO ADD (9/12): Users can opt out, at least for now: “The bill would authorize an authorized user to affirmatively elect to
disable or opt-out of the technological solution at any time.”

How the bill can be used to disrupt protests.

Tags: , , , ,

Posted on August 29, 2014 at 12:31 PM59 Comments

Comments

Robert Brown August 29, 2014 12:41 PM

At least on Android phones, wouldn’t it be possible for a person to implement ipfilters to block the kill command? Other phones are not so open in their architecture, but Androids are basicly Linux, so good luck with making this impossible to bypass.

vas pup August 29, 2014 12:51 PM

@Bruce:”Who has the authority to limit functionality of my devices, and how do they get that authority?”
E.g. in Europe, the owner of the private restaurant may do that by jamming signal on your cell phone within if owner post a warning sign for you. It is up to you go or not to this private restaurant. You get information upfront and make your own choice. Not the case in US where similar jamming is illegal except (of course) for LEAs.

Chelloveck August 29, 2014 12:58 PM

@Robert Brown: What makes you think it would be implemented via IP? I think it’s much more likely to be implemented on the telephony side over the carrier’s network. In fact, if I were designing it I’d want to make it a function of the radio controller, which AFAIK is a proprietary part even on Android phones.

David August 29, 2014 1:10 PM

It is not an anti-crime measure. It is a crime shifting measure. Phone thieves won’t suddenly become honest, they’ll just steal other stuff.

Ralf Muschall August 29, 2014 1:16 PM

Would it be possible to implement an user-controlled kill switch safely, i.e. using end-to-end-encryption with user-chosen keys (preferably a combination of a pre-shared key entered at installation time on both devices and a password to be entered at kill-time on the sending device). Then only the user’s own other device would have to authority to kill the stolen device, and only with the password (to avoid the mentioned problems like in domestic violence situations).

Gerard van Vooren August 29, 2014 1:17 PM

What if the NSA accidentally bricks all the phones in a certain area? This is not a theoretical issue anymore.

ice09 August 29, 2014 1:19 PM

Is the implementation hardware or software based? If it is the latter, couldn’t it be circumvented by simply flashing the device and installing a custom ROM?

Jackson August 29, 2014 1:19 PM

Everytime I’ve read or talked about this, my biggest concerns are:
– How it’s implemented (technical details, out-of-band? in-band? IP?)
– The features/capabilities of the “kill switch”
– Who can use it? Users? Service Providers? Law Enforcement?

** I’ll be reviewing Minnesota’s law next, as they were actually the first state to pass a “cellphone ‘kill switch’ law”.

boog August 29, 2014 1:21 PM

Now older, kill-switch-disabled phones will become suddenly more valuable since nobody will make them anymore, and the incentive to steal them goes up.

Thanks a lot California.

Jackson August 29, 2014 1:26 PM

UPDATE on the California implementation/requirements (based on the law I just read through):

Summary:
Essentially it’s a software enabled feature that can include hardware. It should prompt the user to enable it by default, although you can opt-out of it.

Quote:
Requirement of manufacturers or operating system vendors or service providers to provide “…a technological solution at the time of sale, which may consist of software, hardware, or both software and hardware, that, once initiated and successfully communicated to the smartphone, can render inoperable the essential features, as defined, of the smartphone to an unauthorized user when the smartphone is not in the possession of an authorized user”

  • The bill is short, a little redundant in places.
    ** It does not imply or mentions anything about law enforcement access.

*** That’s rather comforting, but I wouldn’t trust it blindly. This really could be a slipper slope.

RobertMRP August 29, 2014 1:31 PM

So now if you cell phone company wants to, for any reason they deam fit, they can kill your phone, charge you for a new one and that’s supposed to be good?

This certainly won’t stop or reduce cell phone theft. It supposes that 1) the thief knows the phone will have the kill switch activated 2) the phone can’t be used before its killed 3) if the phone doesn’t work it so has no value and 4) it can’t be repaired or used for parts.

Jackson August 29, 2014 1:32 PM

Oh yeah, and the law makes it quite clear that wiping / restoring cannot reset the kill-switch, which I take to mean that it will be run through an IP based system (like Apple’s already existing feature).

It also makes clear that this is a user-feature, giving them the ability to kill or resuscitate according to their own desires. However I think the law is vague enough with regards to implementation (software/hardware options for carriers, etc) that this could be turned into a general purpose kill-switch someday, which could certainly be abused and used secretly by law enforcement…requiring lawsuits to address the problems/over-reaching. It may specifically grant the end-user/owner permission to use the feature, but nowhere does it specify that it’s only a feature that can be used by the owner (and no other parties).

FFY August 29, 2014 1:32 PM

I think some clarifications are required:

  • Nowhere in the bill does it say that the phone company or law enforcement should be allowed to engage the “kill switch”. In fact, using the most well-known implementation today (Apple’s Iphone activation lock) only the user (and potentially Apple) can set it.
  • Emergency calls are still possible even if the kill switch is engaged (again take a look at Apple’s implementation for an example).
  • The kill switch does not immediately disable the phone. It only prevents activation of the device by unauthorized persons after a hard reset. The goal is to prevent thiefs from removing passcodes and other security measures from stolen phones by hard-resetting them.

Also note that the CA bill explicitly states that the user can opt out:

http://www.leginfo.ca.gov/pub/13-14/bill/sen/sb_0951-1000/sb_962_bill_20140812_enrolled.pdf

Quote:
“The bill would authorize an authorized user to affirmatively elect to
disable or opt-out of the technological solution at any time.”

Jackson August 29, 2014 1:44 PM

Regarding remote wipe and security features (like Apple currently has) this certainly won’t stop someone from using a faraday bag/pouch like the series 2 pouches with windows (so you can use them while they’re shielded) from here: http://disklabs.com/products/faraday-bags and plenty of other vendors.

Of course they could building some kind of self-destructing count down measure, but that would screw a user that’s out of signal zone for a while (intentionally), so it’s unlikely to be implemented.

FFY August 29, 2014 1:52 PM

@Jackson:

Thiefs can simply remove the SIM from the phone to prevent a “wipe” command from reaching the phone. Of course, if the phone has a passcode or biometric lock set, it won’t help them unlock it to gain access to the phone. The “kill switch” feature will prevent them from removing the lock by hard-resetting the device.

Jackson August 29, 2014 2:37 PM

@FFY:

True, but without the Faraday bag, the phone could still be locked/killed via WiFi. Apple’s implementation is all software/IP. I suspect that will be the case with every mobile os/vendor.

Side-note: There’s actually still a market for phones that are killed (aside from using them for parts). In some areas authorizing/configuring the phone through apple isn’t practical/possible. As Apple’s implementation relies on iCloud, if iCloud is avoided (and possible

Locke August 29, 2014 3:43 PM

Dictating a mandatory kill switch is a violation of the rights of cell phone makers to build cell phones the way they want to.

And it is a violation of the rights of customers to buy the kind of cell phones they want to buy.

In this way it is a taking of property rights.

In other words, it is a theft of property in the form of a law.

Jason August 29, 2014 4:35 PM

You can’t make a blanket statement like, “…phone manufacturers won’t sell two different phones. So this means that all cell phones will eventually have this capability.” That’s not true, and as an example you can look at lawn mowers or cars (California is way more strict with air polution) or guns (many guns have a CA-specific model to comply with all the rules and to pass the “safety” tests – and then they cannot modify the gun without getting it retested, so they modify the non-CA version to fix/improve stuff, but never the CA model).

Adjuvant August 29, 2014 4:42 PM

Nobody has yet explicitly aired what I consider to be the primary reason this has been enacted: How California’s “Kill Switch” Law on Cell Phones Could Be Used to Disrupt Protests

This means that police could use the kill switch to shut down all phones in a situation they unilaterally perceive as presenting an imminent risk of danger. It’s not hard to imagine law enforcement putting such a label on a protest: Managers of the BART subway system shut down cell service in four stations just prior to planned anti-police demonstrations in 2011, claiming the disruptive measure was justified by public safety concerns.

This week’s events in Ferguson, Missouri highlight the risks of abuse all too clearly. Police have repeatedly attempted to disrupt protests and ordered both demonstrators and press to turn off recording devices. If the California bill were in place in Missouri, these officers might deploy the government kill switch alongside tear gas and rubber bullets, using the mandated technology to stop coordination between protesters, cut off access to outside information, and shut down video recordings that can deter police misconduct.

NB: For the benefit of foreign folks, let me explicitly highlight that for practical purposes, the California bill does not need to be in place in Missouri. Because California is such a huge market (1/8 of the US population), its regulations in practice dictate the direction for entire industries nationwide, its strict automobile emissions standards being a celebrated example. As California goes, so goes the nation.

Adjuvant August 29, 2014 4:45 PM

Apologies for the missing blockquote tag on the middle two paragraphs above. Also, I now see that Bruce did already address my final point in his closing paragraph.

MattNY August 29, 2014 6:20 PM

Other governments like China and Russia and maybe the lesser ones are going to get the procedures/codes to do this. Are we really going to potentially give the ability to turn off pretty much the entire cell phone network to any group good enough to hack the control servers?

If there was any type of real internet conflict, this is handing them another weapon against the USA along with the power grids, flood control, industrial automation, and other poorly secured systems.

Buck August 29, 2014 6:37 PM

@MattNY

Are we really going to potentially give the ability to turn off pretty much the entire cell phone network

We already have… The question here is more about targeted disabling than the widespread disruption. 😉

FFY August 29, 2014 7:01 PM

@Adjuvant:

If, as you say, the primary purpose of the feature was for the government to disrupt protests:

  • Why would the government need a “kill switch”, when they can simply ask the phone company to suspend cell service in a certain area or block certain customers from accessing the network?
  • Why does the CA law mandate an opt-out for the user?
  • Why does the law not have a provision to make the “kill switch” accessible to law enforcement? None of the existing implementations can be readily used by law enforcement; the only way would be to subpoena Apple, Samsung etc. to provide access to the users’ online accounts (but then it would be much easier to just go through the phone company again rather than trying to identify all the phone models in a crowd and going through the respective manufacturers).

I normally agree with most of what Bruce writes, but this seems to be a case of slight paranoia. 😉 Most likely the purpose of the law is simply what it states. Note that the feature has in fact reduced phone robberies significantly. See the section “plummeting thefts” in this article:

http://www.bloomberg.com/news/2014-06-19/android-windows-phone-will-have-kill-switches-n-y-says.html

Adjuvant August 29, 2014 7:50 PM

@FFY I’ll play ball.

Why would the government need a “kill switch”, when they can simply ask the phone company to suspend cell service in a certain area or block certain customers from accessing the network?
One reason might be maximization of long-term organizational disruption. Why did the NYPD destroy OWC protestors’ laptops?

Why does the CA law mandate an opt-out for the user?
Perhaps because half a loaf is better than no loaf.

“[T]he fact remains that the presence of such a mechanism in every phone by default would not be available but for the existence of the kill switch bill,” EFF wrote in its letter. “Within two years, we would have legitimized a process that was seen to be quite extreme. While users have the ability to opt-out of such a tool, it is widely known that default settings are rarely changed.”

None of the existing implementations can be readily used by law enforcement We’ll have to watch what comes down the pike and see empirically whether law enforcement/intelligence turn out to have access in practice.

Most likely the purpose of the law is simply what it states. Of course it is, otherwise there’d be no reason for the legislation to be passed. The interesting question is whether that is its only intended purpose or, if we hypothetically grant that it is, whether it will nonetheless be a subsequent vector for opportunistic abuses.

Karl Koscher August 29, 2014 8:08 PM

This raises two questions in my mind:

  1. Will this have any effect on the ability for consumers to “jailbreak” their phone? After all, on Android Nexus devices you can unlock the bootloader from the recovery menu and load whatever firmware you want on to the device. I suppose if the “kill switch” is engaged it could update the phone’s configuration to prevent reflashing/unlocking/resetting from recovery modes.

  2. IIRC, Europe has required “kill switch” functionality for years now, but that’s implemented used IMEI blacklisting. Can carriers do the same thing in California? It seems like this would be easy for networks to implement and would work for any phone, although it would only prevent the phone from being used as, well, a phone.

dieAntwoord August 29, 2014 8:29 PM

Pretty obvious what this is really for, otherwise the device owner would have full control over their own kill switch. I would imagine this will be baseband firmware that bricks the device whenever it receives a type-0 silent SMS kill command. Also now that this is mandatory, I’m sure “features” will be added, like additional tracking/spying.

FFY August 29, 2014 9:26 PM

@Karl Koscher:

1: Depends on the device. On existing Iphones and Samsung Androids with “kill switch” functionality it doesn’t prevent jailbreaking.

2: Of course the phone company can technically block any phone it wants from accessing its cellular network. They can do it by IMEI, IMSI, or various other criteria. That’s the main reason why I think the conspiracy theories regarding the unfortunately named “kill switch” don’t hold water. Government agencies simply have no need for it.

Adjuvant August 30, 2014 12:09 AM

@FFY Near the top of my wishlist as a “law and order” type enforcer would be the ability to erase/destroy remotely media (perhaps showing misconduct or contradicting media reports) that has already been recorded, rather than simply to prevent its immediate streaming or transmission. Apple’s current “kill-switch” implementation allows for the user to execute a remote wipe. It will be indicative to see whether and how new implementations provide such a capability, and whether it can be and is used along these lines.

Nick P August 30, 2014 12:12 AM

@ FFY

Kill Switch = Traditional Cellular Blacklisting? Not By Far!

On the surface, it appears existing blacklisting techniques make a kill switch redundant to TLA’s. What you’re missing is that the things you identified are actually designed to make the phone work (and profitable), rather than not work. The carriers are in control of them, their use is probably logged (read: a court can get records), only one typically is for blacklisting, and that blacklisting strategy already has workarounds. Existing denial of service methods are weak in both deniability and effectiveness.

The kill switch is quite different. Currently, you might buy a piece of private property with certain functions that can use a 3rd party network. If you put in a request & only if it’s supported, the carrier might blacklist the phone by IMEI. After kill switch legislation, your private property might be rendered totally useless by a number of 3rd parties at any time, for who knows what reason, and possibly with no accountability. Quite the improvement for all kinds of uses from disabling stolen phones to deniable government retaliation against opponents (“those models are so buggy…”).

It’s also a 3rd party black box included in your phone which might have other functionality. Both carriers and the government tend to go for feature creep on anything that benefits them. Kill switch today, tomorrow let’s add “monitoring of thieves’ activities.” And now they have a standardized remote access tool and kill switch. We’ve seen precedents for this kind of thing.

It’s much like “Trusted Computing” where it’s really pushing users to make a choice: their device can be under their control or it’s always subject to someone else’s control. Your interests or theirs. Best to push your interests unless you’re profiting off theirs. I’m surely not so a kill switch sounds like a steal rather than a deal to me. And I don’t like getting robbed.

Name (required) August 30, 2014 2:25 AM

can’t they just implement a statewide IMEI blacklist mandatory to all operators? Once in, the phone becomes unusable on cellular networks.

rootsystemupdate August 30, 2014 3:32 AM

Installing fake updates by abusing the C++ Java signing is quite easy on older unpatched codebase on Android and IOS can be jailbroke easily. Once you have the device and implement your own Iptables then only an IMEI block on every single provider could work. Though the killswitch could easily be abused on other users phones. Here install this update to make you secure http://evilupdate.china

itgrrl August 30, 2014 5:53 AM

Why on earth you you implement this client-side? In Australia, this is implemented by carriers by IMEI blocking in response to a service owner reporting a device lost or stolen to their carrier. The block list is shared among carriers so that any device reported is quickly blocked across all networks in Australia (only). Device owners can have the device unblocked if they later find it or the device is recovered for them by LE.

There was a lot of publicity when it was introduced (way back in 2003), with the intention of convincing would-be device thieves that stealing handsets was a pointless exercise (and to encourage phone owners to take advantage of the service). In the first four years after the programme’s introduction, there was a 30% reduction in phone theft, and in recent years the number of phone thefts is said to have ‘stabilised’, although it’s not clear if the intervening years have seen a return to pre-2003 levels [ source: http://www.crimeprevention.nsw.gov.au/agdbasev7wr/_assets/cpd/m660001l2/mobile%20phone%20background%20paper.pdf ].

See http://www.amta.org.au/pages/amta/FAQs.on.mobile.security for more info and history of the programme.

Gerard van Vooren August 30, 2014 7:53 AM

@ pwnie • August 29, 2014 1:31 PM

Actually I meant accidentally, not “accidentally”. In one of the latest Snowden interviews he mentioned that the NSA accidentally bricked an important router in Syria and with that they created an internet blackout.[1]

What worries me in this context is that modern cars can also be stopped remotely.

From here the “accidentally”, juicy and highly fictional Jack Bauer ’24’ part, with terrorists, nukes, black mail, infiltration and that kind of things.

For a computer it makes no difference if you brick one phone or 100 million.

What if there is a villain with unlimited access, funding, motivation and knowhow? One that doesn’t care that he is being spotted after he committed his crime?

If I would want to attack the US with its own technology, I would run a couple of scripts concurrently that would bricks all phones, stops all modern cars, crashes all airplanes, bricks routers, servers, PC’s and laptops, and finally just turn off all electricity, right after a massive power burst.

This is probably impossible. But thanks to Snowden I am not really sure anymore how much impossible and thanks to this kind of legislation I am not really sure how impossible it is after let’s say 20 years from now.

Again, for a computer it makes no difference at all if you brick one phone or 100 million. And if Apple can do it so can the NSA.

[1] http://www.theguardian.com/world/2014/aug/13/snowden-nsa-syria-internet-outage-civil-war

Clive Robinson August 30, 2014 9:50 AM

There are several fundemental problems with this idea, but importantly it will longterm not deliver a lower crime rate, only make everybodies security weaker.

The first thing to realise is that there will always be a “manufacturing override” no matter what the politicos legislate for, because the FMCE industry will not alow one to not be in existance. The reason being that they don’t want phones comming down the production line that are “bricked by default” as the very small profit in the manufacturing process would be gone and landfill would rise significantly as would consumer prices.

The problem is, no matter how secret the company makes this override it will always be worth a criminals while to find out one way or another. There are no ifs no buts no maybes to this such an override is fundemental to such manufacturing and criminals will exist wherever money can be made. These are points the politicos with these less than bright grandiose ideas fail to get their heads around, to everybody elses detriment.

The second real problem is the “false dawn of initial implementation” we’ve seen this with CCTV and other security or anticrime ideas. What happens is simple, crime arises because of the demand and supply differential, artificial supply restrictions increase profit for IP holders with little or no effect on other costs. The profit on the differential is, if sufficient, an incentive to crime as well, as the “good” is in effect a luxury item.

With the potential to make easy money the only theft inhibitor is the difficulty of supply. As we know items like phones are incredibly easy to steal by even those with considerably reduced thinking capacity, it’s why it’s often called “snatch and run” crime. The barrier to “easy money” is usually not a concern to the “street punk”, but to the chain of middle men often called fences, and that is finding a market for the stolen goods. In the case of FMCE such as phones the market is not geographically located with the areas where they are stolen by a very long distance (ie phones stolen in the First world are sold into the Third world).

Such a kill switch makes stealing from that geographic area less likely ONLY if it’s less costly overall to steal the phones from else where. Thus the early adopters see a false dawn drop in crime due to an unnatural unleveling of the “playing field” and the crime like water tends to go down hill. However as other jurisdictions adopt the policy then the field tips back and actually over balances slightly (due to lax consumer behaviour caused by the false dawn. Long before the anticrime measure becomes universal, the criminals will have overcome it with a technical solution, provided the market remains.

Thus appart from the early adopter false dawn, such anticrime measures are a failure. The real longterm solution is to kill the market some how. But that is not a benifit to the IP holder, manufacturer, retail chain, LEA’s or politicos, only potential the consumer. However due to “marketing” and the “peer-preasure” it seaks to create there will always be customers who want “status” as opposed to “functionality” and a “status gap” only occurs due to “scarcity of supply” which is what makes the increased profit in the first place, which means the illegal market will exist as long as marketing can create it…

Thus you can also demonstrate that such idiotic behaviour by politicos rather than solve crime longterm actually increases it. Thus is in effect a “job creation” scheme for politicos and LEAs at the expense of the rest of us. Not just by taxation but also by higher consumer prices which actually increase not only the likelyhood of crime, but also making it more likely to be of increased violence…

So yes it’s a shining example of gross stupidity by California’s legisators, and that 1/8th of the US population should remember it come election time, and vote the criminals that realy hurt people out.

01 August 31, 2014 2:36 AM

The devil is in the (implementation) details.

Will it be a baseband feature, or an application processor feature ?

If it is an application processor feature, then on Android it would be trivial to disable or fatally cripple the killswitch by modifying the ROM. Apple things will require a jailbreak, but as long as you don’t have to mess with the baseband processor, disabling the killswitch would be quite straightforward.

P.S.:

Also, wouldn’t it be better to implement the killswitch at service provider level, by using and maintaining a list of “IMEIs non-grata” that aren’t allowed to establish connections? (of course, it is possible to change the imei, but process is usually more complicated than fiddling with a few files on an Android ROM)

P.P.S.:
We need an open-source, modern baseband processor. We really do.

itgrrl August 31, 2014 9:01 AM

@01: IMEI blocking with the block list shared across all carriers is how it’s implemented in Australia (additional details of how it works are in my earlier comment).

jones August 31, 2014 9:37 AM

@Adjuvant

Agreed. This is most likely a streamlined crowd-control measure. As cellphones are increasingly internet appliances, this is a way to “shut off the internet” for select individuals.

albert August 31, 2014 12:37 PM

Why would the police need to block mobiles via the carrier? Wouldn’t be easier to jam cell phone freqs in a certain area, like a protest zone? They use radios on different freqs anyway, and you don’t need to resort to complicated and time consuming procedures, like getting court orders, warrants, etc. Plus, you have some deniability, not that it matters much nowadays, what with the capability of shooting folks in the back, and getting away with it.

I gotta go…

Nick P August 31, 2014 1:26 PM

One benefit of a kill switch vs blacklisting or jammers is bricking the phone. If the kill-switch works at firmware/SOC level & doesn’t have recovery, activating it doesn’t just deny service temporarily: the target has to buy a new phone, looses all data on the one they had, and might not be able to prove why depending on how the kill switch works. This has so many uses by both police, intelligence agencies, politicians, organized crime, and so on. A full on kill switch benefits them more than any phone owners worried about theft.

Base requirements for more trustworthy kill switch

If one is to be implemented, it should have these traits:

  1. Be off by default, with each user wanting the feature opting in on a per phone basis.
  2. Be recoverable.
  3. Leverage on-chip mechanisms to prevent most thieves, whether resellers or spies, from bypassing it.
  4. Have a physical, measurable effect on the phone (eg fuse-based storage) so its use is detectable by individuals.

  5. Have append-only, auditable, secure records at the service provider list of what phones were disabled, why, and requested by whom.

This combination would be more reasonable as it reduces risk of a number of concerns while providing the requested feature. Further, it’s can leverage (or provide) building blocks for other security schemes. I list these requirements as I personally think remote disable or wipe schemes are a useful tool for defenders. We just have to make sure it’s something in user’s control or reduce risk if it’s not.

Ted Smathers August 31, 2014 1:46 PM

Most cell phones thefts are crimes of opportunity. Thief spots iPhone sitting on bar counter, owner distracted, cell phone disappears.

Arguing that securing cell phones so thieves aren’t rewarded for stealing them only shifts crimes is right up there with arguing that selling bicycle locks only shifts crime. Fine with me if it shifts crime away from me and to an easier target and even better if it reduces petty theft crimes of opportunity that turn marginally ethical people into crooks because they can’t resist a $500 bill sitting on a counter or an unlocked $500 bicycle.

This technology doesn’t zap your cell phone, it merely makes it so someone can’t hard reset your phone, bypass your security code and use/register the phone with their own provider. I think that’s a great thing and long overdue.

Will it reduce cell phone thefts in California? Over time, yes. Better security in automobiles appears to be a substantial part of the cause of a substantial decline in automobile thefts even though those security measures can be defeated.

Smart devices of all types could be rendered relatively useless to thieves. Smart TVs have a WiFi connection and could detect that they have been disconnected from their usual connection and demand a passcode to continue working. Foolproof? Nope, but better than nothing. Making life harder for thieves drives down the cost/reward ratio and even thieves understand and respond to basic economic laws at some level.

Worrying about misuse is fine but the risk of my phone being stolen is a lot higher than my phone being locked by some nefarious government agency who can probably already hack into my phone and render it useless already.

Bauke Jan Douma August 31, 2014 3:01 PM

Say it ain’t so, EFF.

The EFF, I am deeply sorry to say, is up to its neck in this, if and when they state “It’s great for the consumer”.
They are trying to kiss up while trying to –and failing because of it– bare teeth.
Big Yuck!!

Isn’t the EFF seeing that this all about crowd control next time the banks failed, bailed, nobody jailed.

Stomper98 August 31, 2014 3:11 PM

Police can already shut down communications like BART did in SFO back in 2011 to prevent a protest. This now allows them to do it selectively, which won’t be noticed by the media when organizers devices are all scrambled. It’s also a way to cram in something that can have features added to it later, such as “anti terror” tracking, remote control by FBI to connect to Stingray towers of their choice, whatever they want in the future.

If you steal phones and want to sell them to avoid this “kill switch” turn on airplane mode then reflash the device, keep it off and sell it online to somebody in a foreign country. This will just deter the most basic of crackheads from grabbing phones on the subway and running out the door right before they close to prevent a chase like what happens here. iOS is all centralized so they can lock access permanently but Android is a fractured device free for all

Chief Michael Airic White Sr September 1, 2014 6:37 AM

California law has been known for its shortcomings and its innovations both equally their security Lawley’s back in the that I live there and serve there was top notch but since the Democrats have been on deliver a push and I’m not knocking Democrats they have become very controlling I see your point that this could become a security issue what will come of it who knows I think you’re right now this is #1 hit the nail on the head.I will stay tuned to your post to see if you ever post anything about this again As I am very interested to see the outcome

Chief Michael Airic White Sr September 1, 2014 6:43 AM

P.S.
what is your opinion on photo identification password software or fingerprint software? do you think that a push in the direction of these two softwares could help push the argument in the right direction?

Jon D September 1, 2014 9:13 AM

@vas pup that’s not true jammers are certainly illegal in the UK and much of Europe. There may be some regional differences in the implementation of rulings but I expect most if not all countries will have banned them explicitly or at least the sale / use will already be illegal under EU directives R&TTE (1999/5/EC) & 89/336/EEC. See this for more details: http://ec.europa.eu/enterprise/sectors/rtte/files/ecc_recommendation_en.pdf

There’s lots of comment on here about how best a kill switch could be implemented but as pointed out already the IMSI is good enough if operators could be bothered. Would the IMSI count as a kill switch that was the case? I think not, this leaves us suspicious of the real motives behind this law.

paul September 1, 2014 10:18 AM

The language quoted sounds incredibly vague to me. Will there be regulations issued clarifying it, or will the details just be subject to litigation? Because it seems to me that simply changing the hard reset to not affect passcodes, or wrapping the hard reset in an assertion that the person requesting it is an authorize user, could be argued to fulfill the strict wording of the law — or at least be a good-faith attempt by the phone to fulfill it. (if you’re going to claim that someone can have the passcode but not be an authorized user, then you’re going to go down a rabbit hole of definitions that will make a lot of money for lawyers. “If you really didn’t want people to use your phone, why didn’t you set a tougher passcode?”)

Jason September 2, 2014 12:07 PM

I once had an alarm system installed that had a cellular backup to the landline. This prevented the alarm from being disabled by cutting phone lines. I wonder if this law will introduce an vulnerability for such alarm systems.

TRX September 2, 2014 5:41 PM

If I can turn my phone off remotely, that’s a security feature.

If the police can turn my phone off remotely, that’s interfering with my communications and the ability to record police malfeasance.

qwerty September 4, 2014 8:51 AM

There is a very big difference between a kill switch and IMEI blacklisting.

If your operator blacklists you, you can still use your phone, just without a cell connection. You can chat with others or take pictures and upload them to the Internet over wifi.

Kill switch would brick the whole device, preventing any kind of use. This is perfect tool for supressing protests: with phones bricked you wouldn’t need to worry of someone recording while you shoot/beat the protesters.

Suddently, ipods or tablets without cell connectivity start to look very attractive. This could be a good opportunity for some Chinese manufacturer: create a “phone” with an antenna, but no baseband. Put a port under the cover for the baseband module, which is sold separetely. Since the phone already has a built-in antenna, baseband module would be much smaller than those bulky 3G/4G USB sticks.

In that case the kill switch would only kill the baseband, and not the whole device. As a bonus you could swap and change basebands when needed, improving the privacy without changing the whole phone (which is a hassle).

Mike the goat September 5, 2014 4:22 AM

TRX: My sentiments exactly. I’m not exactly sure what they are proposing here – are they simply noting down IMEI numbers when the carriers give the customers their phones and when reported stolen just adding the IMEI to an industry wide blacklist ensuring that the cellphones are effectively useless as they won’t register on any network or does this go further than this? I haven’t been following this one, but I did see on CNN talk of remote wipe capability so I am guessing that this is going to be done in software. Heck, I guess that with “Android Device Manager” and Apple’s equivilant this is already being done by the phone OS vendors. Both services can be opted-out of. Does the CA law allow the customer the freedom to disable such a feature? I suspect not.

We are well and truly part way down on a slippery slope to losing our privacy and freedoms both in the electronic world and in meatspace. I guess the powers that be figure that if they paint these things as ‘features’ that are for the good of the people, Adolf style, that the general population will eat it all up. The lack of public outrage over the whole Snowden leaks surprised me and really, it makes me sad and feel that there’s not much of a future for civil libs in this country. Had something like this happened pre-9/11 there would have been thousands marching on DC demanding the gov’t adhere to the Constitution. Since 9/11 the attitudes of the people have changed, and it’s quite pathetic, with the overwhelming majority having this idea that, “well… if it is to make our nation safer, then I’m okay with that”.

I would rather not prevent another 9/11 than prevent another terrorist act but in doing so trample the Constitutional rights of your own citizens. Wasn’t it Franklin that said that those who trade liberty for temporary security deserve neither? I’m with that…

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.