California Bill Proposes Mandatory Kill-Switch On Phones and Tablets

alphadogg writes "Politicians and law enforcement officials in California will introduce a bill on Friday that requires all smartphones and tablet PCs sold in the state be equipped with a digital 'kill-switch' that would make the devices useless if stolen. The bill is a response to a rise in thefts of portable electronics devices, often at knife or gunpoint, being seen across the state. Already half of all robberies in San Francisco and 75 percent of those in Oakland involve a mobile device and the number is rising in Los Angeles, according to police figures. The trend is the same in major cities across the U.S. and the California bill, if it passes, could usher in kill-switch technology nationwide if phone makers choose not to produce custom devices for California. California Senate bill 962 says all smartphones and tablet PCs sold from Jan. 1, 2015, should have 'a technological solution that can render the essential features of the device inoperable when the device is not in possession of the rightful owner.'"

They've got it wrong

[DougOtto]

Already half of all robberies in San Francisco and 75 percent of those in Oakland involve a mobile device and the number is rising in Los Angeles, according to police figures.

Really, what we need, is a kill switch for Oakland, San Francisco and LA.

It will be used against you

It will be used against you. Next "bigger" protest they will kill switch the entire area. Record away ...

What could go wrong?

[gstoddart]

If you start making phones with kill switches, that is going to be a very attractive target for hackers.

Imagine if you could wholesale destroy thousands of phones in one go?

And since legislators only barely understand their intended outcomes, and not the unintended consequences, they won't be mandating any proper security with this -- and it will be badly implemented.

But, really, what black hat isn't going to be giddy with glee at the prospect of wiping out a whole bunch of phones in an area?

Yeah, yeah, offtopic because I didn't say 'fuck beta' ... I'm just tired of the nerd rage, it gets old after a while.

Re:What could go wrong?

[iguana]

Better yet, imagine how useful a phone kill switch would be during widespread citizen protests?

"For public safety, we have to shut off everyone's phone. And because terrorism."

Re:What could go wrong?

[Shoten]

I have less of a problem if they make it a kill switch that can be cryptographically turned off by the manufacturer after verifying the purchaser or even with some kind of a special key that you get with the purchase and keep at home. It should also be something that can be turned off by the end user.

If you can ensure that it can be reverted securely when triggered and can be prevented from triggering by the legit user (possibly using the same mechanism as unlocking a locked device) then I don't see a problem with it, but without those two caveats, there are so, so many thing that could go wrong.

I love this..."crypto," the magic "c" word that makes everything secure just by talking about it. In reality, it's not quite that simple. Authentication in Windows, for example, works like what you just described...and yet look at the flaws in NTLM and NTLMv2 authentication that turned up. That covers over a decade of time, before MS adopted Kerberos. Then, to that, add all the vulnerabilities in the software that governs authentication...I've lost track of how many times LSASS has been patched.

And yes, I hear it now...the retort: "But that's Microsoft! They suck at security!" Maybe, maybe not, but the fact that they also dominate the desktop space should be a warning that you have to consider: functionality to be placed in ubiquitous consumer devices may not have the world's best security controlling them. And that is just a simple empirical fact as demonstrated by the recent past and current reality.

Re:What could go wrong?

[AJH16]

You are correct that cryptography is not a cure-all to all problems, however, your post goes irrevocably wrong immediately after that. HSM and TPM chips are quite secure and well established. The example problems you suggest are in no way relevant to the conversation at hand since they deal with an entirely different use case of security. As dmbasso was kind enough to point out, I am referring to the use of asymmetric cryptography to allow secure validation of a private key being held remotely. Such cryptography is used all the time (any time you use an HTTPS page) to prove the exact same thing.

The device merely has to hold the a public key for which the legitimate owner (or the vendor) has the private key. If the device is stolen and locked, it is trivial for an HSM to prevent unlock without the private key. It may be possible to circumvent the kill switch by yanking the HSM, but such an operation would likely exceed the black market cost of the majority of phones as it involves painstaking processes such as removing the silicon one layer at a time with a very carefully applied acid bath, and even then, the write once public key address space would be just as secure as any write once kill switch flag that could be implemented.

To prevent re-activation of the kill switch itself (rather than the recovery mechanism) the switch could be tied in hardware to a similar challenge response against a private key held in the device's HSM. To "kill" the device, this private key would be wiped, preventing the device from starting. To re-initialize it, the private device key would be restored by looking for a key signed by the owner's private key.

This is a simple to implement and highly secure system that would be cost prohibitive to work around and also could use available, near off the shelf components to implement.

Yeah, No.

[fuzzyfuzzyfungus]

This would be a disaster. Even if the objective is noble, there's an ugly architectural fact: as with any other DRM scheme, you can't have effective control unless the 'owner' of the device is no longer the most privileged user of the device. Whether you bake it into the OS, some sort of hypervisor, the firmware, or whatever, there has to be an agent one level higher to enforce restrictions on the user.

The only exception (in this bill's case, not in that of DRM generally) would be if the control mechanism were cryptographically keyfilled by the user, leaving them as the root of control but still providing for strong lockout of third parties. I'm just guessing that that concept won't be a big hit in consumer electronics, though...

In practice, this would make it illegal to sell a tablet or smartphone that isn't tivoized and locked down, since anything that lets you reflash the firmware would be overwhelmingly likely to allow a modestly competent attacker to neutralize a killswitch. Fan-fucking-tastic.

Missing Stats

[Bob9113]

Already half of all robberies in San Francisco and 75 percent of those in Oakland involve a mobile device and the number is rising in Los Angeles, according to police figures.

Some missing stats here: How many robberies is that, how many were there five years ago, and what percentage of robberies involved a wallet? Is this a sign of increasing crime due to cell phones, or are cell phones just a thing of value that most people carry that is taken along with the victim's wallet and watch? What percentage of these crimes will be prevented if a kill switch is implemented?

Without that information, this is just another case of, "Bad things happen, therefore we need more laws!" Effective laws do an excellent job of reducing crime. Crime stats in the US have been on an impressive and near continual downward trend, and that is an excellent thing to achieve. Ineffectual laws do not solve problems, however, and they weaken the system.

Also: Fuck beta. I am not the audience, I am one of the authors of this site. I am Slashdot. This is a debate community. I will leave if it becomes some bullshit IT News 'zine. And I don't think Dice has the chops to beat the existing competitors in that space.

Imagine this + Lucy Koh

[kav2k]

Suppose this is implemented. Then imagine a new escalation in the patent wars: say, a phone model is found infringing, and judge mandates not only to stop sales, but to remotely destroy all devices sold in the US.