Kill Switches for Weapons

Jonathan Zittrain argues that our military weapons should be built with a kill switch, so they become useless when they fall into enemy hands.

Posted on September 23, 2014 at 8:22 AM • 63 Comments

Comments

ramriotSeptember 23, 2014 10:43 AM

Would that be a 'kill switch' or a switch that kills?

Like all kill switch suggestions it sounds like a great idea on paper, but imagine the implementation. An enemy or an talkative well meaning friend discovering one tiny error and then a weapon about to be used becomes so much useless slag and not just in the wrong hands.

It reminds me of the cat-and-mouse games the allied bomb disposal teams had during WWII, defusing Axis ordinance. Sometimes dropped bombs would be set to explode up to 36 hours after impact to kill those returning to clean up wreckage. These often had fuses that could sense multiple forms of tampering and even had some dummy fuses designed to only trigger the bomb when an attempt is made to defuse it.

It was still in many cases possible (using the intel gained from those who went before and sometime failed) to defuse many of these by use of unorthodox techniques or even discovering later upon disassembly what the designated defusal method was.

edgeSeptember 23, 2014 10:48 AM

Concerns:
1 - How do you prevent the switch from being utilized by the bad guys while they are in your hands?

2 - This sounds like a way for weapon manufacturers to make more money - they can tack on a subscription fee to prevent your weapons from being de-activated. Or they could use it to control legitimate used market sales.

tedSeptember 23, 2014 10:49 AM

"For those who believe the United Nations Security Council might have a meaningful role to play in advancing world security".

Thanks for that morning laugh.

CommSeptember 23, 2014 10:50 AM

Equipment should be permanently destroyed unserviceable if capture is imminent. That is the policy. Putting in a potential hack vector is a greater risk than equipment being captured and used.

john schillingSeptember 23, 2014 11:05 AM

I can remember the days when one could expect basic scientific literacy in the pages of Scientific American; this is just science-as-magic wishful thinking.

GPS-based kill switches that only allow the weapons to be used in Syria? GPS jammers are now commercially available for as little as a couple hundred dollars. Make the system fail-safe, the Assad regime can certainly and ISIS probably render all of our high-tech assistance useless with a stand-off GPS jammer. Make the system fail-deadly, and a terrorist can use the missile in Newark so long as he buys a local GPS jammer at the nearest truck stop.

The timer-based concept is little better; what powers the clock when the battery is removed? Missile guidance systems aren't built like PCs, with CMOS batteries keeping the BIOS warm even when the system is nominally powered down. Ordnance is designed to sit in bunkers for twenty years and then be used on short notice; when the things are turned off they are well and truly OFF.

And let's not even mention the idea that anyone is going to let the UN security council have the keys to their ordnance. Psychology and political science are way out on the soft edge of the scientific spectrum, but even they are capable of enough rigor to say that some things just plain aren't going to happen.

So, is there anyone out there who is offering an informed discussion of how kill switches might realistically be incorporated into weapons?

Clive RobinsonSeptember 23, 2014 11:22 AM

As far as I'm aware all our "Kinetic" weapons use energy stored in the form of chemicsl bonds. Mostly the energy is released by a chain / train of less stable explosives that triger the main charge to go high order. The train is usually started by a mechanical action of the "pistol" or by the likes of a fetzler electrical fuse/ detonator.

In either case, replacing the "kill switch" that prevents the initial mechanical or electrical initiator would not be beyond most adults with the likes of hand tools...

Thus just how reliable is a kill switch going to be against somebody who takes the time to inform themselves of the operation of the weapon and develop a quick replacment / override.

Then there is the "PAL issue" to consider, which is why some estimates said less than a third of US nukes would actually work.

tzSeptember 23, 2014 11:29 AM

Or like the Afghan soldiers we are training who occasionally shoot at us when we give them live guns.

Adds new meaning to "Denial of service Attack".

Another problem is we want our soldiers to pick up someone else's weapon if needed. So the authentication has to be universal for "friend".

We can detect metal, but not evil.

T!MSeptember 23, 2014 11:29 AM

I think this is a great idea, but I am pessimistic enough not to believe that the implementation would be good. I think that war is the only game both sides always loose, so this shouldn't be played anymore.

Here a few ideas:
- dna-scanners in the weapon to identify the soldier
- rfid chip with unique signature implanted in the soldiers body connected to his bio-functions (death of the soldier or removing the implant would make it inoperable)
- a switch at the weapon to make leave it inoperable
- code entry to activate the weapon and if a switch isn't pressed all n-seconds or used to shoot instead, the weapon would be deactived again

[/serious]
If the weapon shall be secure, trustworthy, etc. the soldier has to put the magazine of iLets in the iPon and iCtivate it with his fingerprints (using his smartphone, but iDont say what brand;)

DBSeptember 23, 2014 11:38 AM

How about if they build in kill switches into every newborn too so that if they are about to commit criminal acts we can just terminate them?

I am only illustrating how ridiculous such switches are, no matter where they be, whether in weapons, humans, or cell phones.

IlyaSeptember 23, 2014 11:50 AM

I always thought, that kill switch on a weapon is something used to kill enemies when switched on.

guy's words looks kinda strange.

IlyaSeptember 23, 2014 11:50 AM

I always thought, that kill switch on a weapon is something used to kill enemies when switched on.

That guy's words looks kinda strange.

AppeosSeptember 23, 2014 12:08 PM

AFAIK, the military already have protocols to destroy weapons and ammo to prevent it falling into enemy hands, even if that sometimes means blow the sh*t out of it with C4.

Having a kill switch can only lead to bad things happening at bad times.

Doctor FunkensteinSeptember 23, 2014 12:13 PM

So how long until the first zero day exploit is found with the switch? Or some poor sod dragging a ruck in the back of beyond gets into deep doodoo because of a bad patch and suddenly nothing goes bang anymore?

Gerard van VoorenSeptember 23, 2014 1:05 PM

This would only work in weapons that require a massive amount of software to operate so that bypassing the kill switch is useless. The JSF/F-35 comes to mind. Although I think the kill switch could be made secure up to a certain level, wouldn't it have consequences for the export? Which country would want to buy weapons that the US can disarm whenever they want?

name.withheld.for.obvious.reasonsSeptember 23, 2014 1:36 PM

Can we get kill switches for all the ignorant and arrogant political, military, and corporate fascists?

bcsSeptember 23, 2014 1:37 PM

A robust way to prevent a potential advisory from using a weapon (any weapon) against you is to convince them that even a successful attack will be fatal, not just to them, but there side in general.

This is sort of the inverse of the premise of "The Mouse that Roared".

MrCSeptember 23, 2014 1:38 PM

That has to be the dumbest idea I've heard in a long time.

1. Virtually impossible to prevent someone with prolonged physical access to the weapon from modifying it to bypass the kill switch. So, the kill switch only works once as a surprise, after which your foes (or at least the ones who survived the surprise) will adapt.

2. Virtual certainty that, between implementation flaws, bribing/blackmailing/converting someone with access, and/or hacking the weapons contractor, sooner or later a foe will figure out how to spoof the kill instruction. That's going to be one hell of an unpleasant surprise. (Again, only works once, then our own troops (or at least the ones who survived the surprise) will modify their weapons to disable the kill switch.)

DaveKSeptember 23, 2014 2:01 PM

@DB: Your logic escapes me. Are you against the power buttons on iPhones? After all, it would be wrong to install an off switch on a human. By your analogy that means it must be wrong to have one on an iPhone, too, right?

FuturiSeptember 23, 2014 2:02 PM

Yes, it's a really bad idea: a built-in digital kill switch. But it's also inevitable. Everything is becoming computerized: phones, cameras, cars, light bulbs, watches, clothing, rifle scopes, and eventually rifles. And once a weapon is computerized, the process continues until it is highly computerized and networked. This allows for either a kill-switch feature or a kill-switch hack. You can't stop progress. Even when it's a bad idea.

JimSeptember 23, 2014 3:05 PM

I suppose a kill-switch could be implemented that permanently/physically disables most weapons (e.g. damages the chamber of a firearm, etc.)

How to prevent it from being hacked by an opponent (making it useless for the authorized user) would be a clear issue.

"I had the enemy in my sights and pulled the trigger - heard a small 'pop' and realized my weapon was now a chunk of useless metal."

That said - I suppose the concept of not arming every rebel group that (for the moment) promises to be our friend and help us defend our (whatever we happen to want at the moment) - is too complicated???


vas pupSeptember 23, 2014 3:05 PM

name.withheld.for.obvious.reasons • September 23, 2014 1:36 PM
Yes, it is possible I guess. At least there were rumors (when Soviet Union collapsed) that you could program somebody to commit suicide when particular signal (audio) was sent to you over the phone. That is mind control possibility. 25 years later it may become more sophisticated but utilizing the same the same core concept.

albertSeptember 23, 2014 3:09 PM

LOL
.
Zittrain should stick to 'internet law' and 'computer science', since he clearly knows nothing about the military and politics. This kind of idiocy makes me wonder what, if anything, he knows about his own specialties. It was well within US capabilities to prevent ISIS from acquiring US weapons, by not giving them to ISIS in the first place. That point is moot.
.
Zittrain is a douchebag, and so are many who think kill switches are a good idea. Is a 'serious' discussion on this even necessary?
.
This is the real joke: "SA Forum is an invited essay from experts on topical issues in science and technology." That such a discussion is even taking place speaks volumes about the mentality of current 'experts', and the level to which SA has fallen.
.
I gotta go...

Random AlSeptember 23, 2014 3:22 PM

An alternative to the kill switch, as a means to keep weapons from enemy hands, is the concept of "transient electronics".

This is from a DARPA announcement for their Vanishing Programmable Resources (VAPR) program, posted on January 28, 2013

This Web Feature Will Disappear in 5 Seconds
http://www.darpa.mil/NewsEvents/Releases/2013/01/28.aspx


New DARPA program seeks performers for transient electronics demonstration

The sophisticated electronics used by warfighters in everything from radios, remote sensors and even phones can now be made at such a low cost that they are pervasive throughout the battlefield. These electronics have become necessary for operations, but it is almost impossible to track and recover every device. At the end of operations, these electronics are often found scattered across the battlefield and might be captured by the enemy and repurposed or studied to compromise DoD’s strategic technological advantage.

What if these electronics simply disappeared when no longer needed? DARPA announces the Vanishing Programmable Resources (VAPR) program with the aim of revolutionizing the state of the art in transient electronics or electronics capable of dissolving into the environment around them. Transient electronics developed under VAPR should maintain the current functionality and ruggedness of conventional electronics, but, when triggered, be able to degrade partially or completely into their surroundings. Once triggered to dissolve, these electronics would be useless to any enemy who might come across them.

name.withheld.for.obvious.reasonsSeptember 23, 2014 3:31 PM

@ Random AI

This is from a DARPA announcement for their Vanishing Programmable Resources (VAPR) program, posted on January 28, 2013

When will they announce the Vanishing Idiot Protocol (VIP) that automatically makes irrelevant stupid and asinine ideas and persons?

AlanSeptember 23, 2014 3:43 PM

They (NATO and Russia) have been doing it (building kill switches) into some weapons since I remember (prior to 1980s).

Ben ThayerSeptember 23, 2014 4:34 PM

...and an enable switch to allow the legitimate owner to use it in the first place. (That does not include setting the enable codes to all zeros by the way.)

MartinSeptember 23, 2014 4:34 PM

I would go a step further and let the kill switch destroy the weapon before it falls into anybodys hands.

JaimeSeptember 23, 2014 4:46 PM

This is one of those topics that should probably never be debated in the abstract. The usefulness of a kill switch is that it's use (saving friendlies) outweighs it's costs (acquisition and management costs as well as costs due to malfunctioning weapons not being useful).

So, any evaluation of technology of this type boils down to a cost/benefit analysis of a particular implementation. Without an implementation, we're just guessing how well it would work.

DBSeptember 23, 2014 5:04 PM

@DaveK

I am referring to the new California law that all phones get remote kill switches bricking them if they are stolen. That is similar to remote switches that render weapons useless if they fall into the wrong hands or are misused, as well as remote kill switches that police could use to "deactivate" badly behaving humans.

LillionSeptember 23, 2014 6:35 PM

Even ignoring the possibility that someone could bypass this system, it could simply prove impractical for the military to manage. GPS was famously designed with civilian and military modes, but according to Wikipedia, "During the 1990–91 Gulf War, the shortage of military GPS units caused many troops and their families to buy readily available civilian units. Selective Availability significantly impeded the U.S. military's own battlefield use of these GPS, so the military made the decision to turn it off for the duration of the war."

Wesley ParishSeptember 23, 2014 7:11 PM

One phrase springs to mind: "Every time someone invents something foolproof, the universe upgrades the fools."

And an image sticks out in my mind: a woman in Wewak, PNG, using the tail fins of an unexploded WWII bomb buried in topsoil as a stand to cook a meal, and it exploding. A kill switch ain't gonna stop this sort of mischance.

That for the ordnance. Now for the weaponry.

The issue with North Iraq and Islamic State was actually one of (lack of) morale on the part of the Iraqi Army, and (plenty of) morale on the part of Islamic State irregulars. PEBKAC for the kill switch.

Besides, as is well known, anything can be hacked, and probably will. In a supposedly hardened US Military network, but which still relies on the broader background of network hardware, which has been (allegedly) cracked by the NSA to the extent it is not as fit for purpose as it used to be, I expect the kill switches to be (artfully) disconnected when and where they are expected to be connected.

It's like expecting (full) Artificial Intelligence to be a willing servant. Stanislaw Lem had some choice things to say on that matter. If it's still available, take a read of Golem XIV in the short story collection Imaginary Magnitude.

BananaSeptember 23, 2014 8:57 PM

The issue with North Iraq and Islamic State was actually that USA created another nightmare.

TogethernessSeptember 23, 2014 9:47 PM

Weapons already have a kill switch that makes enemy hands fall useless. I'm not understanding the problem.

milkshakenSeptember 23, 2014 9:54 PM

Kill switch is not practical - it really becomes a fatal flaw if compromised. An autonomous blocking mechanism that turns on maybe once a month (and it can be reset only by a provisional key that is provided online, after the owners identity reconfirmation) would be a more secure, user-friendly alternative, and probably easier to implement.

GnuradioSeptember 23, 2014 11:17 PM

Have soldiers enter a code x(time) and if they don't a covert tracking signal emits to call for surprise drone attack recycling.

tyrSeptember 24, 2014 2:03 AM


This whole discussion takes things to a new level of genius in speculation.
How about if we test this on the police guns first. Obviously we don't want
them in the wrong hands. Then we publish the hack so any citizen can shut
them off if they see one about to be misused. Solves two problems at once.

Here's a news flash the military wants equipment that works every time, the
only part of it that doesn't are political asshats and junior officer control
freaks. The M16 has gone through enormous work to make it into a reasonable
weapon because the DOD tampered with the original design and buggered it up.
So how many dead troops will it take to get the bugs out of the "kill switch"?

mishehuSeptember 24, 2014 2:55 AM

So I see that Scientific American has their own version of Slashdot's Bennett Hasselton... somebody who overly thinks about a problem he does not fully understand. The fact is that you can put in any sort of "kill switches" you want into any sort of heavy military gear, but rest assured that it will not be 100% effective and once the "enemy" has discovered the existence of a kill switch, he'll be fast to move on defeating it - especially if the gear is heavy enough. (I'm not talking small arms here even.)

As for small arms, as somebody who has experience with this issue, I want a gun that shoots when I pull the trigger. Yes this weapon can be captured by the enemy if I were to fall, but when it comes to the most basic weapons used, KISS (keep it simple, stupid).

Comparing military equipment to a kill switch on an iPhone? Calling upon the UN Security Council to act as the governing body with authority to determine when to disable military equipment? Does this guy even have a clue about the makeup of the UN Security Council? What planet is he on?

riokiSeptember 24, 2014 2:58 AM

Nukes have Permissive Action Links (PAL) for quite some time and they work. The idea is that the actual nuke needs only to be loosely protected, but actual codes remain with the commander in chief (the football). The logistical problem with nukes, is that you need a relative large number of people to service them and it is hard to ensure you can trust all of them. In addition a PAL protects form a rogue general firing a nuke.

It is not totally inconceivable that other large armaments can have a PAL. The codes would then be shared with commanders. The advantage is that, should the weapons fall into the hands of the enemy only the codes need to be destroyed. To simplify operation weapons can be unlocked before a mission. Even though the enemy may get these hot weapons, a PAL limits the damage when a stockpile is taken over.

On the other hand adding a PAL to small arms seems like a stupid idea. The overhead managing the system would not outweigh the benefit.

Clive RobinsonSeptember 24, 2014 4:05 AM

@ rioki,

As I mentioned above PALs make the weapons very unreliable in use (some reports suggest a third or less of deployed nukes would work).

Whilst the cost/value of a nuke makes putting PALs in a consideration they are reliant on certain peculiarities of nukes to work, which just don't exist in other weapons.

The only other offensive weapons where cost/value and peculiarities exist where PALs might be viable are Smart Weapons. However as the gulf and subsiquent wars have shown smart weapons have their own reliability issues.

Current wars suggest that PALs would also not be effective because those --civilians-- attacked have no defence against improvised or old 1950s or earlier weapons. Such as the likes of an oil drum filled with explosives and nails etc dropped out of a helicopter into a crowded area, or dug into the road side, then there are snippers or old fashioned artillery and mortars etc. The devices don't even need conventional high explosives, "oxygen robbing" or "hyperbarric" roadside IEDs can be made with simple fuels, designs of which were tested during WWII for "home defense forces".

Further, students are now doing "drone" type projects in universities using the guts of mobile phones and other cheap consumer electronics, with a little extra thought weaponising such designs would not be difficult.

Remember back in WWII JFK's elder brother was killed in a bomber aircraft filled with explosives and a primative converted auto pilot such that it was a flying bomb. The pilot would bail out of the aircraft as it got within sight of the target and the auto pilot would then fly it into the target detonating ten tonnes of explosives.

How would a PAL or other weapon kill switch stop the quick development and deployment of such systems?...

Such things are only for high tech symetric warefare that few nation states can afored, not the low tech low cost asymmetric warefare that has become the norm in the last quater of a century.

TJ WilliamsSeptember 24, 2014 5:51 AM

Well, some real life "protection" examples:
- some weapons are equiped with a Flight Termination System (FTS) during testing. The idea is you can destroy the device if something goes wrong and this is done with a kit installed on the test weapon (e.g., a missile) that can be remotely detonated (or detonated by the missile if some flight parameters are out of bounds for instance) and a ground station using spread spectrum transmissions (that is were the crypto stands) to send the termination order if need be. ICBMs and SLBMs are tested this way and every NASA rocket has in principle a FTS.
- some weapons also have an activation procedure and physical "restreints" so that they cannot be detonated "accidentally", e.g., if you don't fly over mach 3, you can't arm the device. And if you try a bypass, then good luck with what's left.

On the "NATO has done it since whatever", most exported weapons have, say, "limitations" so that they are not exactly like the ones used at home.

TJW

Andrew_KSeptember 24, 2014 6:28 AM

Military equipment should be designed following two simple requirements:
a) Precision and intuitive usability.
b) Reliability and enduability.

...which is a reason for me to seek for military equipment, even when I need something such as a flashlight or a backpack at home. I know, it will not fail in a crucial moment.

The soldier trusts his weapon with his life. He can dissemble, reassemble, and check its working condition blindly. Adding a bricking box will put it into a constant "maybe" state. Sorry, but I wouldn't want such a thing on my life insurance, period.

Everyone who weakens above principles should be forced to use weakened equipment in combat. And remember: When enemy is in shooting distance, so are you. Enemy has AK47's trigger at his finger. You have to authenticate to your gun.

Please don't get this wrong: This comment covers rifles used by legitimate combatants, not all weapons. Weapons "in the wild" are a real problem deserving not to be ignored any longer. I highly appreciate any activity trying to solve this problem and deeply wish for an applicable solution.

riokiSeptember 24, 2014 6:40 AM

@Clive Robinson

The reason why PALs "work" on nukes is because the failure state "no deploy" is preferable to "accidental/unauthorized deploy". But on the other hand I doubt that the one third number is due to the actual PAL, since PALs tend to be quite simple and coupled with the actual firing mechanism. (e.g. led balls in the cavity between the two plutonium halves) It probably has more to do with the age of the weapons and deployment systems. In many cases the latest iteration currently deployed comes from the early 80s.

I very clearly see how such PALs can be used with things like missiles. There is a certain benefit when such weapons are basically unusable while in storage. This could be something as simple as a missing / encrypted guidance program.

On the other hand I don't get your rambling about improvised weapons. There will always be improvised weapons, no matter of securing stockpiles will do anything about that. The basic idea is that you want to restrict access to military grade medium to long range weapons.

I agree with everybody that is makes no sense to add a PAL to small arms. These are just to simple and the PAL is a huge failure point. But a Tank for example, is so complex to start off with, the PAL is just a small component, like an anti-theft system on a modern car.

vas pupSeptember 24, 2014 8:50 AM

@Incredulous:"Put a kill switch in every weapon... And turn them all off." I share your dream. I'll put the same switch into the brain of psychopath: when thought of committing violent act against other human being popped up in the sick brain, kill switch will send pulse into the brain and put the person into deep sleep for an hour. That is the wet dream of any police state as well because technology is neutral, but application is not.

Nick PSeptember 24, 2014 11:53 AM

@ rioki

" But on the other hand I doubt that the one third number is due to the actual PAL, since PALs tend to be quite simple and coupled with the actual firing mechanism."

PAL is a combination of tamper-sensing circuitry, kill switch, and activation system. The tamper-sensing circuitry has to guess if an opponent is trying to break into the nuke in a number of different ways. Anything about the [harsh] environment during launch might register a false alarm that activates the kill switch. I'm not sure if it's what Clive's study referred to. However, it's a common problem* with such technologies.

* Even IBM's famed crypto co-processor had to be in a carefully controlled environment to prevent a false alarm deleting all the secrets.

Nick PSeptember 24, 2014 11:56 AM

@ Emeric

+1 for MGS reference. It's forward looking enough that even the new Call of Duty Advanced Warfare's looks like it just ripped some nice chunks from MGS4. Although Kevin Spacey's face & voice delivering the monologues might be hard to beat. ;)

MattSeptember 24, 2014 8:56 PM

The article is in reference to heavy weapons already dependant on software (tanks, aircraft, missle systems). We partly do this already with spare parts. But we could up the ante with chemistry. Reactive armor that degrades after a certain time exposed to air...Specialized consumables (oils, hydraulic fluids) that if not used render a system inoperable.

DuhSeptember 24, 2014 9:07 PM

The real problem is that too many weapons are passed out to irresponsible people. I could give any number of examples.

Aside from all the cogent arguments made above why kill switches won't really work, there is the point that even if they work they won't really solve the problem. In fact, countries will be even more likely to pass weapons out to irresponsible people because "now they have kill switches."

FigureitoutSeptember 24, 2014 10:47 PM

I feel like Zittrain is in a way just trying to make a point to people considering "kill-switches" for internet and smartphones (and cars, and other PC's, etc.). When hackable kill-switches are proposed for their systems, look how they react; even on this thread lol. Someone will always out-hack you; don't give them easier ways to do it.

Thomas_HSeptember 25, 2014 7:47 AM

So how long until someone suggests 'Shoot-by-wire' hand weapons? And how long until someone builds and commercializes one, and the first mishap where a virus, hack, or botched software update makes it fire when it's not supposed to (preferably in a loaded school bus) and not fire when it's supposed to?

fajensenSeptember 25, 2014 8:45 AM

Hahahah - My super-duper PAL/killswitch is secured with SSL

Whoops!

http://seclists.org/oss-sec/2014/q3/651


I've just confirmed that the issue can be exploited via OpenSSH setting
SSH_ORIGINAL_COMMAND:

$ ssh -o 'rsaauthentication yes' 0 '() { ignored; }; /usr/bin/id'
uid=500(sandbox) gid=500(sandbox) groups=500(sandbox)
Received disconnect from 127.0.0.1: Command terminated on signal 11.

This is with command="set" in .ssh/authorized_keys for the key being
used. (Without the "; /usr/bin/id" portion, the command prints the
environment variables, including SSH_ORIGINAL_COMMAND being the function
with just "ignored" in its body.) As we can see, the command runs, and
moreover in this case bash happened to segfault after having run "id".

Joker_vDSeptember 25, 2014 9:01 AM

The reason nobody ever installs self-destruction mechanisms in his weapons and vehicles in real life is because it will go off on itself accidentaly due to poor environment conditions (aka "being in combat/under fire").

And this is why you don't want "kill switches". Your weapons already need extensive maintenance to keep them functioning, guns jam just like this, and the last thing you need is an easy, sure-to-fire way to render it inoperable. Because it will misfire and happen on you. When you want it the least (for example, when being in combat/under fire).

DilbertSeptember 25, 2014 9:36 AM

@T!M

There are some problems with your ideas:

dna-scanners in the weapon to identify the soldier

So we take the soldiers hand along with his weapon


rfid chip with unique signature implanted in the soldiers body connected to his bio-functions (death of the soldier or removing the implant would make it inoperable)

How do we prevent replay attacks and spoofing?


a switch at the weapon to make leave it inoperable

An off switch? And how do you prevent it from being switched back on?

CallMeLateForSupperSeptember 26, 2014 8:26 AM

I would agree that this idea merits consideration but only to the extent that there exists a weapon or weapons appropriate for it. I can't think of any but that doesn't mean there aren't any. That said, we need to stop 1) throwing money at every problem and 2) expecting technology to provide the best solutions for all problems.

In the case of viable military equipment lying around where the bad guys can pick it up, how 'bout not giving it to troops who, on first contact with an enemy, will abandon it and run away like scared little girls? (cough... Viet Nam Iraq).

VašekSeptember 27, 2014 10:12 AM

Kill switch is not a desirable trade off. It creates more risk than it solves. More precisly, it gives the initiative to someone/something else, enemy or chance. Weapon falling into hands of your enemies is something YOUR mistake allowed, YOU can prevent and YOU can be prepared for. You can do relativly safe kill switch, but it will be chance or enemy who will have the final word.

Clive RobinsonSeptember 27, 2014 5:27 PM

@ Rioki,

On the other hand I don't get your rambling about improvised weapons. There will always be improvised weapons, no matter of securing stockpiles will do anything about that. The basic idea is that you want to restrict access to military grade medium to long range weapons

My ramblings as you so engagingly put it are about the weapons in current usage in active war zones.

For the past quater of a century or so the majority of active war zones have not been of high level / super power combatant v another high level / super power but technologically inferior forces often in what are or have quickly become the equivalent of third world nations.

For such asymmetric warfare kill switches are not a consideration for the supposedly --technologically-- inferior forces, they fight ambush style attacks with IED and other similar devices I described, some of which do not even require high explosives or the accompanying "explosive trains" to be detonated. The technology is on a "scrap heap scavenge" level so there cannot be kill switches for such things. If the enemy is fighting in this manner then the discusion is moot.

On a higher level "non single shot" weapons cannot realisticaly have kill switches or PALs either, because bypassing is likely to be technologicaly simple, otherwise the weapons would be unreliable in use which is highly undesirable ( look up the term "dead mans click").

It's only on high tech "munitions" not their delivery system that PALs etc even remotely have a chance of working. That is the munition such as an anti-aircraft rocket is technically sophisticated due to it's guidence systems etc, that cannot be realisticaly bypassed.

What is not realy being said hear is it's all about the "IS / ISIS / ISIL issue" of how can you give such people weapons to successful attack the likes of Russian weapons supplied to the Syrian Regime but then not turn around and use them against what we would consider "friendly forces" in adjacent areas either currently or in the near future.

The simple answer is you cannot with weapons but you might be able to with the ammunition they use (using say rapidly aging chemicals for propellants or explosives or even batteries).

Howver as I further indicated the ready availability of cheap consumer electronics like smart phones with inbuilt cameras, GPS and gravity sensors can with just the addition of software and simple electronics become "auto-pilots" of sufficient accuracy, that expensive technical systems from high level / super power type suppliers is nolonger a requirment. Thus light aircraft can be turned into UAV "flying bombs" and large scale model aircraft into "intel drones" etc. Designs for simple expanded foam model aircraft with 1metre wing spans and electric motors can be fairly easily found on the Internet or copied from those making them available to buy from the Internet.

The simple fact is that those who wish to can make their own --semi-- Smart Weapons, Drones and Unmand Delivery Systems easily and at considerably less cost than current Western MIC suppliers.

Think how relativly simple it would be to take a "bouncing betty", "T-Mine" or Claymore-mine" and modify it slightly to be electricaly detonated, and built into an ultra cheap disposable model aircraft drone with a range of twenty or thirty miles. Such a design is well within the abilities of a second or third year undergraduate as a project... It's lethality can be low, but like a lone sniper it's fear factor can be totaly debilitating to division sized military units or entire villages, towns or cities (remember the Washington Sniper).

John CampbellSeptember 30, 2014 11:20 AM

Now for a laugh...

Consider the ZF-1 from "The Fifth Element" and the little red button...

Frankly, the premise, I think, was an effort in irony.

Clive RobinsonSeptember 30, 2014 11:54 AM

@ John Campbell,

I must admit that when I think of the "Fifth Element" the "little red button" is not the first thing that springs to mind ;-)

The "dial to kill" the failed minion with the exploding space port phone strikes me as more in the line of US TLA notions of a "kill switch"...

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.