Business, Hardware, Software Programs, Technology Security

California State Senator Proposes Cellular Kill Switch Bill

Under the guise of preventing smartphone theft, California State Senator Mark Leno has released a proposed bill to the California Legislature that could result in mandatory remote disablement of smartphones. Mark Leno represents San Francisco and the surrounding areas, but he apparently trying to resolve the ‘epidemic’ of phone theft. The proposed bill, Senate Bill 962, would require all smartphones AND tablets (does not address 3G/4G hotspots or 3G/4G modems in laptops, etc.) sold in California to come with, "theft-deterring technological solutions enabled to render the device useless if stolen." The State Senator’s own site goes as far as to say, "Every new device sold in the state on or after January 1, 2015 must have the theft-deterrent solution, also known as a kill switch, installed."

Yeah, they went there. They are actually using the kill switch terminology without actually understanding the implications of doing so. By implementing a kill switch or forcing carriers AND device manufacturers to comply with this law, they will likely have to either make separate devices for California or simply implement this technology in ALL their phones considering California’s size. Even though Apple and Google aren’t actually within his district, they are within his state and it is within their best interest to make sure this bill dies a horrible and brutally painful death.

They justify the creation of this bill, which is supported by San Francisco’s District Attorney George Gascon, they claim that, "The theft of smartphones and other communications devices now accounts for one third of all robberies in the nation, making it the number one property crime in the U.S. The epidemic is even more prevalent in some of California?s largest cities. More than 50 percent of all robberies in San Francisco involve the theft of a mobile device, a number that goes up to 75 percent in the East Bay city of Oakland. Los Angeles also has a significant smartphone robbery problem, with reported thefts increasing 12 percent in 2012." Based on this alone, apparently we need kill switches, rather than alternative solutions that would be network-based, not device based. By simply implementing a kill switch mechanism, the people stealing phones would simply sell them outside of the state, which isn’t really a solution. The criminals will find a way to take the phones and sell them elsewhere if we implement any form of kill switch. There needs to be a dis-incentive to steal them and sell them in another way, rather than putting all users at risk of accidental or malicious kill switch engagements by hackers or the government.

They even quoted a situation where a girl in Illinois had her phone stolen by a few men who ended up killing her for her phone, as if having a kill switch would actually prevent such crimes in the future. Sure, there is clearly a problem with phones getting stolen in America, but implementing a universal kill switch just means that the carriers and government could easily engage this when they want to, wiping the devices of any or all users they wish to. This is a borderline totalitarian move that is easily covered under the guise of trying to prevent crime. If phones getting stolen is our biggest problem, then I think we’re progressing in terms of crime.

They also claim that the carriers and manufacturers don’t have an incentive to implement such a program because they sell more devices as a result of theft and sell insurance policies against theft and such. However, this bill completely ignores the fact that if the kill switch is built into the phone, the manufacturer would be forced to manufacture a separate phone for California or to build such a device for the entire US market, even though only one state has such a law. This would technically put all of the other devices at risk since they also have kill switches, even though there is no official law in their state to regulate it. Additionally, if implemented at a carrier level when a user buys a device, it would not be effective for all of the users that buy their phones outright and it would not necessarily work on all carriers since people switch phones across carriers.

In addition to the creation of a kill switch, Senate Bill 962, major wireless companies and retailers such as AT&T, Verizon, T-Mobile, Sprint and Apple would be prohibited from selling smartphones in the state unless they carry pre-enabled, "theft-deterring technology." While consumers would have the opportunity to opt-out of using this technology, the bill also prohibits service providers from using wireless contracts to encourage consumers to disable the kill switch. Companies that fail to comply with these provisions would be subject to penalty.

So, this technology is opt-out rather than opt-in, which I believe one of the biggest problems, legally and privacy speaking, not technologically, which we’ve already addressed. Network World also claims that the bill will levy a fine of $500-$2,500 on any retailer that sells devices that do not comply with the kill switch technology parameters.

The best solution would be a system that is much like the one we have today that is more effective. One that automatically tags a certain IMEI as stolen and once it joins any network, it immediately reports its location and notifies the user that the device is stolen. This is far less intrusive and utilizes already existent technologies and is only done when necessary rather than as a pre-emptive installed technology that could theoretically create more vulnerabilities in people’s devices. Clearly this law was written without any consideration to the impact to the business of the companies involved nor the implications of building in a kill-switch into any device.