Super Cali signs a kill-switch, campaigners say it's atrocious

Remote-death button bad news for crooks, protesters – and great news for hackers?

Intelligent flash storage arrays

California's governor Jerry Brown has signed off on a bill that requires any manufacturer selling smartphones in the Golden State to install a kill switch capable of bricking the handset.

Bill SB 962 has been signed into law, mandating all smartphones sold in California to have software in place to brick stolen handsets. The law applies to all handsets sold after July 1, 2015 but is not applicable to handsets produced after January 1, 2015 that aren't capable of running the remote-death code [How intensive can this code really be? – ed]

According to the bill, the kill switch software must "be able to withstand a hard reset or operating system downgrade, come preequipped, and the default setting of the solution shall be to prompt the consumer to enable the solution during the initial device setup."

California is the second US state to demand kill switches, and the law comes after hard lobbying from San Francisco's District Attorney George Gascón. The DA, and New York State Attorney General Eric Schneiderman, have been pressing for a kill switch as a way to halt the epidemic of phone theft in both cities, and the evidence is that such a system could cut crime drastically.

In July the pair released the results of a crime survey showing that after Apple introduced Activation Lock for iOS in September, thefts of iPhones in San Francisco fell by 38 per cent. By contrast, thefts of Samsung devices, which lack the kill switch, rose by 12 per cent.

California's bill is similar to federal legislation requiring a kill switch, which is working its way through the US Senate. But the mobile phone industry has already accepted the inevitable, and will be introducing kill switches next July – but it won’t be turned on by default.

Wireless tech industry body CTIA – which represents Apple, Samsung, Verizon, AT&T, T-Mobile US and others – fought hard against a kill switch, a move Gascón said was an attempt to preserve its sales of lucrative insurance and replacement contracts.

Privacy groups are also concerned about the technology, worrying that while it's useful for thwarting thieves, it may be abused by governments. The riots in Ferguson prompted a lockdown in the city by police, and the area was made a no-fly zone; if mobiles could have been turned off remotely by cops, it looks likely they would have done so.

"Police could use the kill switch to shut down all phones in a situation they unilaterally perceive as presenting an imminent risk of danger," said Jake Laperruque, the Center for Democracy and Technology's fellow on privacy, surveillance, and security.

"It’s not hard to imagine law enforcement putting such a label on a protest: Managers of the [San Francisco] BART subway system shut down cell service in four stations just prior to planned anti-police demonstrations in 2011, claiming the disruptive measure was justified by public safety concerns."

There are also fears hackers will get hold of the kill-switch feature to cause misery for unlucky mobe owners, pretty much along the same lines as the hassle tech hack Mat Honan went through in 2012: a miscreant was able to hijack his iCloud account to remotely erase and lock his iPhone, iPad and MacBook.

In the short term it is expected that the installation of kill switches will help reduce levels of theft after criminals realize they are most likely going to have purloined phones bricked. But in the longer term crime rates are likely to rise again once a way is found to defeat the locking software. ®

Remote control for virtualized desktops

More from The Register

next story
I'll be back (and forward): Hollywood's time travel tribulations
Quick, call the Time Cops to sort out this paradox!
Musicians sue UK.gov over 'zero pay' copyright fix
Everyone else in Europe compensates us - why can't you?
Megaupload overlord Kim Dotcom: The US HAS RADICALISED ME!
Now my lawyers have bailed 'cos I'm 'OFFICIALLY' BROKE
MI6 oversight report on Lee Rigby murder: US web giants offer 'safe haven for TERRORISM'
PM urged to 'prioritise issue' after Facebook hindsight find
BT said to have pulled patent-infringing boxes from DSL network
Take your license demand and stick it in your ASSIA
Right to be forgotten should apply to Google.com too: EU
And hey - no need to tell the website you've de-listed. That'll make it easier ...
prev story


Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
The total economic impact of Druva inSync
Examining the ROI enterprises may realize by implementing inSync, as they look to improve backup and recovery of endpoint data in a cost-effective manner.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Business security measures using SSL
Examines the major types of threats to information security that businesses face today and the techniques for mitigating those threats.