California Bill Proposes Mandatory Kill-Switch On Phones and Tablets

alphadogg writes "Politicians and law enforcement officials in California will introduce a bill on Friday that requires all smartphones and tablet PCs sold in the state be equipped with a digital 'kill-switch' that would make the devices useless if stolen. The bill is a response to a rise in thefts of portable electronics devices, often at knife or gunpoint, being seen across the state. Already half of all robberies in San Francisco and 75 percent of those in Oakland involve a mobile device and the number is rising in Los Angeles, according to police figures. The trend is the same in major cities across the U.S. and the California bill, if it passes, could usher in kill-switch technology nationwide if phone makers choose not to produce custom devices for California. California Senate bill 962 says all smartphones and tablet PCs sold from Jan. 1, 2015, should have 'a technological solution that can render the essential features of the device inoperable when the device is not in possession of the rightful owner.'"

in other news

[rr_at_slashdot]

dice trying out kill-switch on /. Boycott!

Re:in other news

[DickBreath]

Calling us the Audience is like the Bee Keeper calling the Bees the audience.

Bees make honey. You can set up bee boxes and have bees live in the boxes and make honey that you can harvest. But the bees are free to leave at any time. The only reason the bees stay is because the boxes are less trouble than building a beehive. Try making the bee box unusable and the bees will just go build a beehive elsewhere. Don't believe it? They've been building beehives for a lot longer (*cough* Usenet *cough*) than bee boxes (*cough* Slashdot *cough*) have been around.

Re: in other news

[easyTree]

Stop whining about beta :P

Re: in other news

[pellik]

The comment system.

They've got it wrong

[DougOtto]

Already half of all robberies in San Francisco and 75 percent of those in Oakland involve a mobile device and the number is rising in Los Angeles, according to police figures.

Really, what we need, is a kill switch for Oakland, San Francisco and LA.

Re:They've got it wrong

[fuzzyfuzzyfungus]

Already half of all robberies in San Francisco and 75 percent of those in Oakland involve a mobile device and the number is rising in Los Angeles, according to police figures. Really, what we need, is a kill switch for Oakland, San Francisco and LA.

We also need some insight into whether those robberies were for the mobile device, or whether they were somebody pulling a knife and saying 'gimme your shit', combined with the fact that cellphones are at least as common as wallets at this point.

Re:They've got it wrong

[gnick]

I'd suspect the latter. And instead of a kill switch, wouldn't a switch forcibly enabling GPS tracking be more effective? Of course, misuse could be an issue.

Re:They've got it wrong

[Beorytis]

...cellphones are at least as common as wallets at this point.

For comparison, we should see the statistic for how many robberies involved a wallet, and then perhaps some legislation to require mandatory kill switches on our money.

Re:They've got it wrong

[mbone]

Yes, "involve" is a favorite police weasel word, as it means more or less whatever they want it to mean.

Re:They've got it wrong

[ConceptJunkie]

I rarely carry money these days already. I remember having a conversation in the barber shop around 1987 and someone suggested that money would become uncommon in 4 years or so. I said that I agreed, but that it would be more like 40 years. By 2027, I'd bet that physical currency will be either completely gone or rare... assuming civilization doesn't collapse and we're all using only barter.

Re:They've got it wrong

[dkman]

I agree, taking the phone was just as likely to:

• * stop the victim from calling the cops right away
• * stop the victim from taking photos of the perp as they run away

Part of it might be resale value, but I kind of think the robber understands those 2 points as well.

Re:They've got it wrong

[fatphil]

Yet many I know are having a bit of a pro-anonymity backlash, and are preferring to pay for everything with cash now. As someone who buys almost all his food fresh from the local open-air market (yes, even when it's -15C, that's what hats and coats are for), anything apart from cash simply isn't even an option.

Re:They've got it wrong

[AlphaWolf_HK]

Trouble is, stolen phones are being exported. Not a whole lot of use being able to forcibly track your phone when it now resides in China (literally, that's where they often go) especially considering that China doesn't extradite their own citizens or particularly even gives a shit when one of them breaks another country's laws.

Re:They've got it wrong

[greenbird]

There are various proposals around to eliminate cash. Eliminating cash would eliminate lots of crime

There are various proposals around to eliminate cash. Eliminating cash would allow the government to better track everything you do.

FTFY

It will be used against you

It will be used against you. Next "bigger" protest they will kill switch the entire area. Record away ...

Re:It will be used against you

[ConceptJunkie]

What people fail to consider is what happens when any particular bit of power given to the government is misused, because it _will_ be misused. There are plenty of things I think it would be great for the government to be able to do, but would never support it because it could be abused. That's why we need as little government as we can get away with and still maintain order.

What could go wrong?

[gstoddart]

If you start making phones with kill switches, that is going to be a very attractive target for hackers.

Imagine if you could wholesale destroy thousands of phones in one go?

And since legislators only barely understand their intended outcomes, and not the unintended consequences, they won't be mandating any proper security with this -- and it will be badly implemented.

But, really, what black hat isn't going to be giddy with glee at the prospect of wiping out a whole bunch of phones in an area?

Yeah, yeah, offtopic because I didn't say 'fuck beta' ... I'm just tired of the nerd rage, it gets old after a while.

Re:What could go wrong?

[AJH16]

I have less of a problem if they make it a kill switch that can be cryptographically turned off by the manufacturer after verifying the purchaser or even with some kind of a special key that you get with the purchase and keep at home. It should also be something that can be turned off by the end user.

If you can ensure that it can be reverted securely when triggered and can be prevented from triggering by the legit user (possibly using the same mechanism as unlocking a locked device) then I don't see a problem with it, but without those two caveats, there are so, so many thing that could go wrong.

Re:What could go wrong?

[iguana]

Better yet, imagine how useful a phone kill switch would be during widespread citizen protests?

"For public safety, we have to shut off everyone's phone. And because terrorism."

Re:What could go wrong?

[Iamthecheese]

Crackers are just the beginning of the danger. Imagine a government with the power to shut off any phone (any portable data transfer device?) at any time using the T word as an excuse and not having to even justify it for several months. The laws that allow the latter are already in place, enacted, and only awaiting the ability.

This is one of the most dangerous laws imaginable.

Re:What could go wrong?

[gstoddart]

*sigh* Yeah, you're probably right.

This will be both misused by malicious entities, and misused by the malicious entities we call governments.

It seems like every time people try to legislate solutions to these kinds of problems they just create more problems due to their stunning lack of understanding of the technology.

Re:What could go wrong?

[Shoten]

I have less of a problem if they make it a kill switch that can be cryptographically turned off by the manufacturer after verifying the purchaser or even with some kind of a special key that you get with the purchase and keep at home. It should also be something that can be turned off by the end user.

If you can ensure that it can be reverted securely when triggered and can be prevented from triggering by the legit user (possibly using the same mechanism as unlocking a locked device) then I don't see a problem with it, but without those two caveats, there are so, so many thing that could go wrong.

I love this..."crypto," the magic "c" word that makes everything secure just by talking about it. In reality, it's not quite that simple. Authentication in Windows, for example, works like what you just described...and yet look at the flaws in NTLM and NTLMv2 authentication that turned up. That covers over a decade of time, before MS adopted Kerberos. Then, to that, add all the vulnerabilities in the software that governs authentication...I've lost track of how many times LSASS has been patched.

And yes, I hear it now...the retort: "But that's Microsoft! They suck at security!" Maybe, maybe not, but the fact that they also dominate the desktop space should be a warning that you have to consider: functionality to be placed in ubiquitous consumer devices may not have the world's best security controlling them. And that is just a simple empirical fact as demonstrated by the recent past and current reality.

Re:What could go wrong?

[dmbasso]

You're talking about system authentication, which uses symmetric crypto. The GP was talking about asymmetric / a.k.a. public key crypto, which is an entirely different beast. If you could break it, your targets would be much more valuable than mere cell phones.

Re:What could go wrong?

[AmiMoJo]

Many phones already have this capability. Google and Apple can be remotely delete apps from user's phones, and many carriers can lock out SIM cards. We know Apple can perform remote wipes too, as a few people have already fallen victim to hackers doing just that after gaining access to their accounts.

Most PCs have a similar vulnerability. If an app gains root it could set a random ATA password for hard drive, making the machine unbootable and unrecoverable even by trying to do a full format. You would need a special tool capable of issuing a low level ATA wipe command to un-brick it, and of course you data would be gone.

Re:What could go wrong?

[mlts]

Even if a phone can be killed, it likely won't drop crime that much. Unlike car radios which were pretty much made useless by the fact that OEMs have decent audio from the factory, smartphones will still make money when parted out. In fact, if an iPhone is just stripped and just the screen sold, that is at least a couple C-notes right there, which is good money.

An iPad or tablet is even more cash for parts.

So, with this in mind, yes, killing the device might stop it from being sent to Mexico and used there, but for the most past, IMEI blacklists have similar functionality.

To boot, we already have that functionality in place. Any device running iOS 7.x will require the user's AppleID and password before it will activate, so stealing an iPhone in order to resell the unit is an exercise in futility.

PS: Insert beta rant here.

Re:What could go wrong?

[DickBreath]

Your concerns about hackers can be addressed by using proper security.

Make the kill switch feature only work by visiting a secret URL. Remember, it is secret, therefore totally secure.

The tail end of the URL is the phone number digits. But not in plaintext -- those digits would be protected by ROT13 applied an ODD number of times to ensure security.

Re:What could go wrong?

[Karl+Cocknozzle]

Better yet, imagine how useful a phone kill switch would be during widespread citizen protests?

"For public safety, we have to shut off everyone's phone. And because terrorism."

Actually, they don't need a kill switch for the phones to do this--there are a lot fewer devices to shut off if you simply shutdown the cell-towers in the area to cutoff communication.

Re:What could go wrong?

[east+coast]

an iPhone is just stripped and just the screen sold, that is at least a couple C-notes right there

What? You can get good ones with a warranty from Amazon for 60-90 USD.

Not to say that people won't steal them to part them out but I think you need to go and see what the parts are really worth. Samsung Galaxy screens are worth a bit more but they're OEM whereas the Apple replacements seem to be knock offs. Either way, you're still getting a warranty out of either purchase but you still need to do the job yourself.

Re:What could go wrong?

[Karl+Cocknozzle]

Ah, but if your phone is wrecked and you have to go in to get it fixed, they'll be able to identify if you were one of the people in the demonstration, and therefore be able to prove you were there and charge you.

It's one thing to just shut down all comms, it's another thing to be able to have some persistent evidence you were one of the people who they targeted.

Now, if you'll excuse me, I need to add another layer of tinfoil to my hat.

There are literally countless ways that are far more effective and accurate than that...

Re:What could go wrong?

[ConceptJunkie]

It seems like every time people try to legislate solutions to these kinds of problems they just create more problems due to their stunning lack of understanding of human nature.

Re:What could go wrong?

[AJH16]

You are correct that cryptography is not a cure-all to all problems, however, your post goes irrevocably wrong immediately after that. HSM and TPM chips are quite secure and well established. The example problems you suggest are in no way relevant to the conversation at hand since they deal with an entirely different use case of security. As dmbasso was kind enough to point out, I am referring to the use of asymmetric cryptography to allow secure validation of a private key being held remotely. Such cryptography is used all the time (any time you use an HTTPS page) to prove the exact same thing.

The device merely has to hold the a public key for which the legitimate owner (or the vendor) has the private key. If the device is stolen and locked, it is trivial for an HSM to prevent unlock without the private key. It may be possible to circumvent the kill switch by yanking the HSM, but such an operation would likely exceed the black market cost of the majority of phones as it involves painstaking processes such as removing the silicon one layer at a time with a very carefully applied acid bath, and even then, the write once public key address space would be just as secure as any write once kill switch flag that could be implemented.

To prevent re-activation of the kill switch itself (rather than the recovery mechanism) the switch could be tied in hardware to a similar challenge response against a private key held in the device's HSM. To "kill" the device, this private key would be wiped, preventing the device from starting. To re-initialize it, the private device key would be restored by looking for a key signed by the owner's private key.

This is a simple to implement and highly secure system that would be cost prohibitive to work around and also could use available, near off the shelf components to implement.

IMEI blocking

Isn't this what IMEI blocking is supposed to do?

Re:IMEI blocking

[CastrTroy]

Not all tablets have IMEIs. Other than that, it's a pretty good solution. The one problem with IMEI blocking is that you can't enforce a worldwide block, so devices can still be shipped out of the country. Also, many of the devices are still useful even without cellular service. Turn off the cellular radio, and you still can use wifi connectivity. You can still listen to music, play your apps, and do a lot of other fun things with it.

Now with Oppression Inside; Do Not Want!

[VortexCortex]

I'm sorry. A remote kill-switch is unacceptable. The big time thieves already put your cellphone in a Faraday cage when they swipe it. The real purpose of this device remote kill switch is to allow a more target approach to the Internet kill-switch -- Which as we've recently seen is what oppressive governments do to silence public opposition. Keep in mind that the USA has a long history of silencing public activism, and they are actively planning to ensure their capability to silence activists.

It's quite telling indeed that this would be made mandatory, and not present at the user's option. Why not let the market decide whether this feature is wanted? This mandatory oppressive non-feature creep is anti-capitalism, anti-freedom, and anti-American.

Re:Now with Oppression Inside; Do Not Want!

[mark-t]

The big time thieves already put your cellphone in a Faraday cage when they swipe it.

This can be mitigated by tying the kill request to the physical device, and not just the sim card it contains, and also a special code that can be set by the user of the device, and which will not be reset just by changing the sim card. A person who is legitimately selling their device would either have to explicitly clear that code from the device or reset it to a default state before transferring it, or tell the person they are selling it to what the code is. Changing the code or clearing it would require that the person enter the current code first... if they have forgotten it, then they cannot change it for that device. Ever.

Yeah, No.

[fuzzyfuzzyfungus]

This would be a disaster. Even if the objective is noble, there's an ugly architectural fact: as with any other DRM scheme, you can't have effective control unless the 'owner' of the device is no longer the most privileged user of the device. Whether you bake it into the OS, some sort of hypervisor, the firmware, or whatever, there has to be an agent one level higher to enforce restrictions on the user.

The only exception (in this bill's case, not in that of DRM generally) would be if the control mechanism were cryptographically keyfilled by the user, leaving them as the root of control but still providing for strong lockout of third parties. I'm just guessing that that concept won't be a big hit in consumer electronics, though...

In practice, this would make it illegal to sell a tablet or smartphone that isn't tivoized and locked down, since anything that lets you reflash the firmware would be overwhelmingly likely to allow a modestly competent attacker to neutralize a killswitch. Fan-fucking-tastic.

In a different context

[ExXter]

This perfectly covers the need of police and secret agencies for a simple "switch off method" for mobil phones and devices in particular areas of interest in which officials, independant of reason, want to shut down public spread of information at all cost. Censorship at its best, Orwell would have jumped of joy ^^.

The device list for such a maneuver is easily obtained through the telecommunication companies which already give free acess to NSA & Co.

Spawning from riots which have to be covered up.
To civilian killings + shut down of areas.
Etcetc ... you can all count. If you want information to leave an area in which you are active, just switch off any device thats not yours. (Good I still can make photos with my analog camera).

The idea is good but the use for others is terrifying.

A More Effective Killswitch

[Akratist]

Someone tries to rob or kill you for your phone, you switch from "Safe" to "Fire."

Re:A More Effective Killswitch

[twotacocombo]

Someone tries to rob or kill you for your phone, you switch from "Safe" to "Fire."

Yeah, not in California. Concealed carry is only for the rich and connected here. They're quickly stripping away what means we have left to defend ourselves. Check out the microstamping bullshit they've pushed through as law. Smith & Wesson and Ruger both recently took their balls and went home because of it...

Missing Stats

[Bob9113]

Already half of all robberies in San Francisco and 75 percent of those in Oakland involve a mobile device and the number is rising in Los Angeles, according to police figures.

Some missing stats here: How many robberies is that, how many were there five years ago, and what percentage of robberies involved a wallet? Is this a sign of increasing crime due to cell phones, or are cell phones just a thing of value that most people carry that is taken along with the victim's wallet and watch? What percentage of these crimes will be prevented if a kill switch is implemented?

Without that information, this is just another case of, "Bad things happen, therefore we need more laws!" Effective laws do an excellent job of reducing crime. Crime stats in the US have been on an impressive and near continual downward trend, and that is an excellent thing to achieve. Ineffectual laws do not solve problems, however, and they weaken the system.

Also: Fuck beta. I am not the audience, I am one of the authors of this site. I am Slashdot. This is a debate community. I will leave if it becomes some bullshit IT News 'zine. And I don't think Dice has the chops to beat the existing competitors in that space.

It's just DRM. Doomed to fail.

[wvmarle]

It sounds very much like some kind of DRM to me.

It's a digital lock - which can be activated remotely, so certainly can be activated (and deactivated) locally. It may be hard to unlock, but it will be possible.

Like DRM, it'll inconvenience the casual offender, who has limited technical ability. And sooner or later people will get accidentally locked out of their genuinely owned devices. Indeed maybe due to a ransomware type malware, maybe due to a simple error at the manufacturer's server, whatever. It can happen, so it will happen.

Why not just blacklist?

[davidwr]

A "kill switch" will just brick devices the first time they connect to the network in California or a network that transmits "kill switch" orders outside of California. I wouldn't expect it to work if the thief dropped the phone in a metal-lined bag until it was safely outside of the country.

Blacklisting the ESN is just as effective and doesn't require special phones.

Besides, if the phones are being bagged and stripped for parts in a shielded room, neither blacklisting nor a kill switch will do much good.

None of us own our phones.

[Vixe]

"...can render the essential features of the device inoperable when the device is not in possession of the rightful owner."?

Well the rightful owners of our phones are technically still Samsung / Apple / LG /

Does that mean they can arbitrarily decide which phones to disable remotely whenever they'd like?

Imagine this + Lucy Koh

[kav2k]

Suppose this is implemented. Then imagine a new escalation in the patent wars: say, a phone model is found infringing, and judge mandates not only to stop sales, but to remotely destroy all devices sold in the US.

Re:Imagine this + Lucy Koh

[DickBreath]

Very interesting. I wish I had mod points right now.

Yes, not only "impound and destroy" as Oracle and Apple both wanted against Android, but remotely kill.

Of course, for any company that makes a product, that sword can cut both ways. It's only a matter of time before it does.

It already exists

[dirk]

This already exists and the rest of the world uses it. It's called the IMEI number. Simply report the phone stolen and the carriers can kill the IMEI and put it on a list so that it can't work on any of their networks. Yes, thieves could still use the phone offline, but it puts a HUGE dent into reasons for stealing a phone. But carriers continue to fight against this, IMO, because stolen phones means they get to sell the customer another phone (and at non-subsidized prices). We don't need a new kill switch for the phones, we just need to legislate that the cell companies uses what is at their disposal.

"Golly! We can't stop it!"

[Impy+the+Impiuos+Imp]

Stolen phones cannot be used withouy the acquiesence of phone companies in providing service to the phones and their new "owners".

So fine and jail phone CEOs for designing a business model that incorporates, deliberately, the laundering of stolen property.

Re:Kill-switch?

[ConceptJunkie]

That would be fine, except Dice has stated its clear intention to eliminate classic mode. If classic mode weren't going away, most people wouldn't care.

Beta delenda est.

BART Protest Cell Service blocking

[dozr]

Because they didn't learn from that....

Re:Kill-switch?

[Shagg]

According to whose definition of "what is broken" and "is fixed"?

Put control in CONSUMER hands not Law Enforcement

[AnalogDiehard]

This bill proposes to put the kill switch under the control of law enforcement officials. That's asking for abuse from an oppressive government. Look how Obama has used IRS, ATF, OSHA, and other agencies as political weapons to intimidate political enemies.

If the government were REALLY concerned for the public good, they would put the kill switch under the control of the CONSUMER. We already have it for credit cards - we call up a phone number, report it stolen, and wala credit card becomes an instant brick. There is no reason this couldn't be done for mobile devices.

Not sure if it's been said or not..

[kaatochacha]

But it's obligatory:
"What could possibly go wrong with this?"

Will Never Work

[engineereeyore]

This is never going to work. Thieves can just turn off the phone until they can get it into a wireless enclosure, such as the one Ramsey's makes. Then you can jailbreak, root, or whatever, whenever you want while the device is in the enclosure. Until standards require authentication of the user, on a device, to a network, and authenticate the network to the device, you are going to have mobile theft. I have proposed solutions for this to numerous entities in the past and have greater with brick walls every time. And this bill is just going to result is a piss-poor implementation of a kill switch that will quickly be circumvented by hackers and will cause more problems than it fixes.

Re:Put control in CONSUMER hands not Law Enforceme

[CrimsonAvenger]

and wala

Voila.

Never try to write a word you've only heard spoken - you'll look like an idiot if you guess wrong in a spectacular way.

Re:Make Beta Opt-in and Classic the default....

[easyTree]

Nerds; usually so mild-mannered but suggest they shave their necks or other form of heresy and it's digital pitchforks and torches time.