The Future Has a Kill Switch

palegray.net writes "Bruce Schneier brings us his perspective on a future filled with kill switches; from OnStar-equipped automobiles and city buses that can be remotely disabled by police to Microsoft's patent-pending ideas regarding so-called Digital Manners Policies. In Schneier's view, these capabilities aren't exactly high points of our potential future. From the article: 'Once we go down this path — giving one device authority over other devices — the security problems start piling up. Who has the authority to limit functionality of my devices, and how do they get that authority? What prevents them from abusing that power? Do I get the ability to override their limitations? In what circumstances, and how? Can they override my override?' We recently discussed the Pentagon's interest in kill switches for airplanes. At what point does centralizing and/or delegating operational authority over so much of our lives become a dangerous practice of its own?"

OnStar (no thanks)

[Ritz_Just_Ritz]

When I bought a GM vehicle for my wife a couple years ago, the FIRST order of business was to disconnect the antenna to the OnStar box. I don't need big brother being privy to conversations in the car, or tracking my movements. I'm normally not a tin foil fedora kind of guy, but there has already been evidence of police improperly using OnStar to bug vehicles.

What About the Benefits??

I like how this article bring out all the negatives, but never the positives. I can see many useful benefits in having this functionality.

First, if evildoers try to do harm with these devices, it can be stopped before damage is done. Second, one great feature of onstar is the ability to unlock your car if you lock yourself out for some reason. Third, most people like having this override ability.

In Flight

[FurtiveGlancer]

I would much rather have the engines remotely shut down or idled on a plane in flight, offering at least a chance at an emergency landing, than to have the plane summarily blown out of the sky. Most likely the "kill switch" would be engaged only so long as the craft remains on a threatening course. It would also be useful in preventing unauthorized/uncontrolled take-offs.

Lo-jack seems to have been fairly effective in stopping auto thieves. I don't really see an "After the Sunset" remotely hacked limousine scenario developing in real life.

Re:In Flight

[vertinox]

I would much rather have the engines remotely shut down or idled on a plane in flight, offering at least a chance at an emergency landing, than to have the plane summarily blown out of the sky.

I don't know that much about aerodynamics, but I suspect at 30,000FT that might result in an uncontrolled decent.

It would be more logical to just force the plane into autopilot and bring her in on her own power to the nearest secure location. As it passenger planes don't really "need" a pilot these days and most pilots just are there in case something went wrong and to of course set the autopilot.

Re:In Flight

[Richard_at_work]

I would much rather have the engines remotely shut down or idled on a plane in flight, offering at least a chance at an emergency landing, than to have the plane summarily blown out of the sky.

I don't know that much about aerodynamics, but I suspect at 30,000FT that might result in an uncontrolled decent.

I suggest you check out the stories of the 'Gimli Glider' and Air Transat Flight 236 - both well documented cases of aircraft losing all engines at or near cruise height, and resulting in a successful landing of the aircraft.

It would be more logical to just force the plane into autopilot and bring her in on her own power to the nearest secure location. As it passenger planes don't really "need" a pilot these days and most pilots just are there in case something went wrong and to of course set the autopilot.

No, a pilot has to be in control to successfully intercept the ILS signal, the autopilot currently cannot do that on its own - thus there is no way to bring an aircraft down from cruise to land without help from the flight deck.

block on star

[p51d007]

Heck, like you said, just unplug the damn thing. Or if you are paranoid, get a ball of tin foil and cover up the antenna. I love how people give up their freedoms for "safety". Onstar says we can call the police in the event your air bags are deployed. No kidding, gee, golly wow. You and the 3,452 people that see your wreck are going to whip out their cell phones and call the police. Onstar, just getting people use to the idea that big brother is listening. How long until insurance companies get to peak into onstar?

Re:block on star

[syzler]

3) In the event you have a serious accident and are unconscious or hurt in the middle of nowhere, they can still contact help for you (unlikely?)

Very likely for those of us that live:

• In Alaska
• In the Yukon
• In rural Nevada
• In rural Michigan
• and in many non-urban areas

Not every one lives in a city and not every road is in a heavily traveled suburban area. Not convinced, count the number of cars that pass by you during a January night on Alaska-1 (one of the busiest Alaskan highways) near Denali. I bet you will only need one hand.

A simple solution

[MikeRT]

The first time someone launches a mass shutdown order in a metropolitan area during rush hour, will be all it takes to turn the public wildly against this.

Re:Fine, as long as I don't OWN anything

Agree wholeheartedly.

I don't mind DRM as much in the context of the Netflix DVD model. I just don't have the emotional involvement in something that gets returned the day after I watch it. Ownership demands control. Renting permits a carefree attitude.

I'd buy a Kindle in a second if it could tap into the local library system. I don't want to own the books. I just want to read them and move on.

Simple questions, simple answers

[Dachannien]

• Who has the authority to limit functionality of my devices, and how do they get that authority? In this order: the Content Cabal, Russian hackers, and federal law enforcement. The Content Cabal gets the authority because they pay Congress and/or the FCC for it, the Russian hackers get that authority because our own security-fu is weak, and law enforcement gets it because terrorists scare the shit out of us.
• What prevents them from abusing that power? Content Cabal: Nothing (once their power is ensconced in law, it's too late); Russian hackers: Nothing (the teeming masses of neophyte device users will never learn to make themselves secure); and Law Enforcement: Nothing (you can't complain about what you don't know about).
• Do I get the ability to override their limitations? In what circumstances, and how? I want some of what you're smoking. But seriously, the only guaranteed way to override these limitations is to use devices that are not equipped with such "functionality". (In the case of the Content Cabal and law enforcement, this may eventually not be legally possible.)
• Can they override my override? As with any form of DRM, it will be a war of escalation between those who want control over their own devices and those who have a vested interest in wresting that control away from you. Any security you manage to get for yourself will eventually become obsolete, either because (a) the device itself reaches obsolescence, through format changes, licensing, insufficient processing power, or plain old wear and tear, or (b) the security measures you obtain are eventually counteracted through countersecurity measures. Neither side will win, of course, which is why the Content Cabal and law enforcement will seek criminal penalties against those who try to maintain control over their own devices.

by the numbers

[v1]

Who has the authority to limit functionality of my devices, and how do they get that authority?

The laws will be written in a way that appears to limit their application, but the reality will be that loopholes will be woven into the rules, or that people like the CIA just plain don't care about laws and will do whatever they please. There will be no accountability. If someone does get their balls in a vice someone higher up will swoop in and "grant them immunity". (where have we heard that recently?)

What prevents them from abusing that power?

Given the above legal scene, nothing. That which can be abused, will be abused. We've been down that road so many times my shoes wore out. We're always promised that it's ok to make the laws a little overly broad just to "make sure we get them all", and then as a result the laws are always abused. It's not can be, it's not might be, it's will be. "Can be abused" always ends up "was abused". Unless you write the law without the wiggle room, it will be abused, guaranteed. End of story.

History tends to show that loopholes that crop up in new laws were introduced by those who made the law, for those that made the law. Things like congress passing telemarketing rules, that they are conveniently exempt from. (where was the justification? they didn't even bother trying to justify it) People that are already in a position of power just assume the laws don't (or shouldn't) apply to them. Nixon was a hilarious example. He was totally convinced it was OK for the president to ignore the laws. He just didn't get around to making himself legally exempt from them in time. Modern equivalents exist, they just learned from his experience and make sure they have an "out" and then proceed in the same manner.

Do I get the ability to override their limitations? In what circumstances, and how?

Just like CSS, you can override their limits, but then they'll make it illegal to do so.

Can they override my override?

No (what they tell you) Yes. (the actual practice)

We recently discussed the Pentagon's interest in kill switches for airplanes. At what point does centralizing and/or delegating operational authority over so much of our lives become a dangerous practice of its own?

Take a look where we are now. Wouldn't you say we passed that point looong ago?

Re:Oh, wonderful!

[SuchiRu]

Ok, I can see part of your argument, but think about limiting a device rather than cutting all power to it.

For example, my grandmother was recently on the list for a lung transplant. The transplant team was to notify her via cell phone that they had a lung ready for her. Now, if she went to a movie theater where there was an "Auto-power off device" and some kid making 6 dollars an hour forgot to put up the sign saying that the device was active then she could have missed her chance to get a lung transplant because she was spending the time watching a movie, that could possibly be three hours long. What about a device that puts the phone on vibrate or something. Why is it that the Western world is so drastic?

TL;DR version, how about a "limiting switch" as opposed to "kill switch"?

Case of the entrapment car and the kill switch

[throatmonster]

Program was suspended in early June in Dallas after the bait (I'll call it entrapment) car struck someone before they disabled the car. Months earlier, I watched a youtube vid of a "successful" bait car incident. They let this guy steal the car and drive away, then started chasing him. It turns out the whole time they could have remotely locked the doors and killed the engine. But they had their fun chasing this guy around for a while, and even shooting at him, before disabling the vehicle. When I saw that earlier video, I knew someone would get hurt eventually. That's definitely abuse: they could have disabled the car and locked the guy in for apprehension before he even left the parking lot. Worst outcome? Maybe a little fender bender. Instead, they had all sorts of fun with high speed chases, shooting at the guy, etc. before they bothered to use it. And some old lady got killed because the cops needed their fun with a rigged high-speed chase. Disgusting.

Re:Slippery slope

We already have this.

I just stopped a consulting job at a well known software company in Redmond, WA. - a man has to eat and feed his kids after all - On the day after my last workday, I booted the laptop I had used for the contract - it had company installed operating system software on it from over the network as that was a requirement - expecting it to log in and extract my "hours worked" data before I flattened it and formatted the NTFS partition. I was going to do the right thing. Turns out I did not need to; It had just stopped working. No login worked at all, and my IRS data that had been kept on the laptop per contract requirements had to be extracted via a "INSERT Linux" boot disk and a USB thumdrive so I could flatten/format the NTFS partition like I was going to anyway before I sent the hardware back (INSERT Linux is great for this, btw), minus any sensitive data.

They already have the power to time-bomb and kill switch your computer; It's already happened to me, and most people just don't know its possible yet and wont expect it - as I did not - when it happens to them.

Re:New host of problems?

Yeah you're right but I'd rather have none of the above. Officers shouldn't give chase to criminals if they are going to danger people, just lay tire strips or follow the guy. The problem with a killswitch is plain and simple, it is going to be activated when not appropriate by some company or government at a whim.

Paid your car loan a day late? killswitch. Insurance expired or inspection? Killswitch.

I depend on my car for a living and want no part of this because it is open to abuse.