California Bill Proposes Mandatory Kill-Switch On Phones and Tablets

alphadogg writes "Politicians and law enforcement officials in California will introduce a bill on Friday that requires all smartphones and tablet PCs sold in the state be equipped with a digital 'kill-switch' that would make the devices useless if stolen. The bill is a response to a rise in thefts of portable electronics devices, often at knife or gunpoint, being seen across the state. Already half of all robberies in San Francisco and 75 percent of those in Oakland involve a mobile device and the number is rising in Los Angeles, according to police figures. The trend is the same in major cities across the U.S. and the California bill, if it passes, could usher in kill-switch technology nationwide if phone makers choose not to produce custom devices for California. California Senate bill 962 says all smartphones and tablet PCs sold from Jan. 1, 2015, should have 'a technological solution that can render the essential features of the device inoperable when the device is not in possession of the rightful owner.'"

in other news

[rr_at_slashdot]

dice trying out kill-switch on /. Boycott!

They've got it wrong

[DougOtto]

Already half of all robberies in San Francisco and 75 percent of those in Oakland involve a mobile device and the number is rising in Los Angeles, according to police figures.

Really, what we need, is a kill switch for Oakland, San Francisco and LA.

Re:They've got it wrong

[fuzzyfuzzyfungus]

Already half of all robberies in San Francisco and 75 percent of those in Oakland involve a mobile device and the number is rising in Los Angeles, according to police figures. Really, what we need, is a kill switch for Oakland, San Francisco and LA.

We also need some insight into whether those robberies were for the mobile device, or whether they were somebody pulling a knife and saying 'gimme your shit', combined with the fact that cellphones are at least as common as wallets at this point.

Re:They've got it wrong

[Beorytis]

...cellphones are at least as common as wallets at this point.

For comparison, we should see the statistic for how many robberies involved a wallet, and then perhaps some legislation to require mandatory kill switches on our money.

Re:They've got it wrong

[AlphaWolf_HK]

Trouble is, stolen phones are being exported. Not a whole lot of use being able to forcibly track your phone when it now resides in China (literally, that's where they often go) especially considering that China doesn't extradite their own citizens or particularly even gives a shit when one of them breaks another country's laws.

It will be used against you

It will be used against you. Next "bigger" protest they will kill switch the entire area. Record away ...

Re:It will be used against you

[ConceptJunkie]

What people fail to consider is what happens when any particular bit of power given to the government is misused, because it _will_ be misused. There are plenty of things I think it would be great for the government to be able to do, but would never support it because it could be abused. That's why we need as little government as we can get away with and still maintain order.

What could go wrong?

[gstoddart]

If you start making phones with kill switches, that is going to be a very attractive target for hackers.

Imagine if you could wholesale destroy thousands of phones in one go?

And since legislators only barely understand their intended outcomes, and not the unintended consequences, they won't be mandating any proper security with this -- and it will be badly implemented.

But, really, what black hat isn't going to be giddy with glee at the prospect of wiping out a whole bunch of phones in an area?

Yeah, yeah, offtopic because I didn't say 'fuck beta' ... I'm just tired of the nerd rage, it gets old after a while.

Re:What could go wrong?

[iguana]

Better yet, imagine how useful a phone kill switch would be during widespread citizen protests?

"For public safety, we have to shut off everyone's phone. And because terrorism."

Re:What could go wrong?

[Shoten]

I have less of a problem if they make it a kill switch that can be cryptographically turned off by the manufacturer after verifying the purchaser or even with some kind of a special key that you get with the purchase and keep at home. It should also be something that can be turned off by the end user.

If you can ensure that it can be reverted securely when triggered and can be prevented from triggering by the legit user (possibly using the same mechanism as unlocking a locked device) then I don't see a problem with it, but without those two caveats, there are so, so many thing that could go wrong.

I love this..."crypto," the magic "c" word that makes everything secure just by talking about it. In reality, it's not quite that simple. Authentication in Windows, for example, works like what you just described...and yet look at the flaws in NTLM and NTLMv2 authentication that turned up. That covers over a decade of time, before MS adopted Kerberos. Then, to that, add all the vulnerabilities in the software that governs authentication...I've lost track of how many times LSASS has been patched.

And yes, I hear it now...the retort: "But that's Microsoft! They suck at security!" Maybe, maybe not, but the fact that they also dominate the desktop space should be a warning that you have to consider: functionality to be placed in ubiquitous consumer devices may not have the world's best security controlling them. And that is just a simple empirical fact as demonstrated by the recent past and current reality.

Re:What could go wrong?

[mlts]

Even if a phone can be killed, it likely won't drop crime that much. Unlike car radios which were pretty much made useless by the fact that OEMs have decent audio from the factory, smartphones will still make money when parted out. In fact, if an iPhone is just stripped and just the screen sold, that is at least a couple C-notes right there, which is good money.

An iPad or tablet is even more cash for parts.

So, with this in mind, yes, killing the device might stop it from being sent to Mexico and used there, but for the most past, IMEI blacklists have similar functionality.

To boot, we already have that functionality in place. Any device running iOS 7.x will require the user's AppleID and password before it will activate, so stealing an iPhone in order to resell the unit is an exercise in futility.

PS: Insert beta rant here.

Re:What could go wrong?

[Karl+Cocknozzle]

Ah, but if your phone is wrecked and you have to go in to get it fixed, they'll be able to identify if you were one of the people in the demonstration, and therefore be able to prove you were there and charge you.

It's one thing to just shut down all comms, it's another thing to be able to have some persistent evidence you were one of the people who they targeted.

Now, if you'll excuse me, I need to add another layer of tinfoil to my hat.

There are literally countless ways that are far more effective and accurate than that...

Re:What could go wrong?

[ConceptJunkie]

It seems like every time people try to legislate solutions to these kinds of problems they just create more problems due to their stunning lack of understanding of human nature.

Re:What could go wrong?

[AJH16]

You are correct that cryptography is not a cure-all to all problems, however, your post goes irrevocably wrong immediately after that. HSM and TPM chips are quite secure and well established. The example problems you suggest are in no way relevant to the conversation at hand since they deal with an entirely different use case of security. As dmbasso was kind enough to point out, I am referring to the use of asymmetric cryptography to allow secure validation of a private key being held remotely. Such cryptography is used all the time (any time you use an HTTPS page) to prove the exact same thing.

The device merely has to hold the a public key for which the legitimate owner (or the vendor) has the private key. If the device is stolen and locked, it is trivial for an HSM to prevent unlock without the private key. It may be possible to circumvent the kill switch by yanking the HSM, but such an operation would likely exceed the black market cost of the majority of phones as it involves painstaking processes such as removing the silicon one layer at a time with a very carefully applied acid bath, and even then, the write once public key address space would be just as secure as any write once kill switch flag that could be implemented.

To prevent re-activation of the kill switch itself (rather than the recovery mechanism) the switch could be tied in hardware to a similar challenge response against a private key held in the device's HSM. To "kill" the device, this private key would be wiped, preventing the device from starting. To re-initialize it, the private device key would be restored by looking for a key signed by the owner's private key.

This is a simple to implement and highly secure system that would be cost prohibitive to work around and also could use available, near off the shelf components to implement.

Now with Oppression Inside; Do Not Want!

[VortexCortex]

I'm sorry. A remote kill-switch is unacceptable. The big time thieves already put your cellphone in a Faraday cage when they swipe it. The real purpose of this device remote kill switch is to allow a more target approach to the Internet kill-switch -- Which as we've recently seen is what oppressive governments do to silence public opposition. Keep in mind that the USA has a long history of silencing public activism, and they are actively planning to ensure their capability to silence activists.

It's quite telling indeed that this would be made mandatory, and not present at the user's option. Why not let the market decide whether this feature is wanted? This mandatory oppressive non-feature creep is anti-capitalism, anti-freedom, and anti-American.

Yeah, No.

[fuzzyfuzzyfungus]

This would be a disaster. Even if the objective is noble, there's an ugly architectural fact: as with any other DRM scheme, you can't have effective control unless the 'owner' of the device is no longer the most privileged user of the device. Whether you bake it into the OS, some sort of hypervisor, the firmware, or whatever, there has to be an agent one level higher to enforce restrictions on the user.

The only exception (in this bill's case, not in that of DRM generally) would be if the control mechanism were cryptographically keyfilled by the user, leaving them as the root of control but still providing for strong lockout of third parties. I'm just guessing that that concept won't be a big hit in consumer electronics, though...

In practice, this would make it illegal to sell a tablet or smartphone that isn't tivoized and locked down, since anything that lets you reflash the firmware would be overwhelmingly likely to allow a modestly competent attacker to neutralize a killswitch. Fan-fucking-tastic.

In a different context

[ExXter]

This perfectly covers the need of police and secret agencies for a simple "switch off method" for mobil phones and devices in particular areas of interest in which officials, independant of reason, want to shut down public spread of information at all cost. Censorship at its best, Orwell would have jumped of joy ^^.

The device list for such a maneuver is easily obtained through the telecommunication companies which already give free acess to NSA & Co.

Spawning from riots which have to be covered up.
To civilian killings + shut down of areas.
Etcetc ... you can all count. If you want information to leave an area in which you are active, just switch off any device thats not yours. (Good I still can make photos with my analog camera).

The idea is good but the use for others is terrifying.

A More Effective Killswitch

[Akratist]

Someone tries to rob or kill you for your phone, you switch from "Safe" to "Fire."

Missing Stats

[Bob9113]

Already half of all robberies in San Francisco and 75 percent of those in Oakland involve a mobile device and the number is rising in Los Angeles, according to police figures.

Some missing stats here: How many robberies is that, how many were there five years ago, and what percentage of robberies involved a wallet? Is this a sign of increasing crime due to cell phones, or are cell phones just a thing of value that most people carry that is taken along with the victim's wallet and watch? What percentage of these crimes will be prevented if a kill switch is implemented?

Without that information, this is just another case of, "Bad things happen, therefore we need more laws!" Effective laws do an excellent job of reducing crime. Crime stats in the US have been on an impressive and near continual downward trend, and that is an excellent thing to achieve. Ineffectual laws do not solve problems, however, and they weaken the system.

Also: Fuck beta. I am not the audience, I am one of the authors of this site. I am Slashdot. This is a debate community. I will leave if it becomes some bullshit IT News 'zine. And I don't think Dice has the chops to beat the existing competitors in that space.

Imagine this + Lucy Koh

[kav2k]

Suppose this is implemented. Then imagine a new escalation in the patent wars: say, a phone model is found infringing, and judge mandates not only to stop sales, but to remotely destroy all devices sold in the US.

Re:Imagine this + Lucy Koh

[DickBreath]

Very interesting. I wish I had mod points right now.

Yes, not only "impound and destroy" as Oracle and Apple both wanted against Android, but remotely kill.

Of course, for any company that makes a product, that sword can cut both ways. It's only a matter of time before it does.

Put control in CONSUMER hands not Law Enforcement

[AnalogDiehard]

This bill proposes to put the kill switch under the control of law enforcement officials. That's asking for abuse from an oppressive government. Look how Obama has used IRS, ATF, OSHA, and other agencies as political weapons to intimidate political enemies.

If the government were REALLY concerned for the public good, they would put the kill switch under the control of the CONSUMER. We already have it for credit cards - we call up a phone number, report it stolen, and wala credit card becomes an instant brick. There is no reason this couldn't be done for mobile devices.