Super Cali signs a kill-switch, campaigners say it's atrocious
Remote-death button bad news for crooks, protesters – and great news for hackers?
California's governor Jerry Brown has signed off on a bill that requires any manufacturer selling smartphones in the Golden State to install a kill switch capable of bricking the handset.
Bill SB 962 has been signed into law, mandating all smartphones sold in California to have software in place to brick stolen handsets. The law applies to all handsets sold after July 1, 2015 but is not applicable to handsets produced after January 1, 2015 that aren't capable of running the remote-death code [How intensive can this code really be? – ed]
According to the bill, the kill switch software must "be able to withstand a hard reset or operating system downgrade, come preequipped, and the default setting of the solution shall be to prompt the consumer to enable the solution during the initial device setup."
California is the second US state to demand kill switches, and the law comes after hard lobbying from San Francisco's District Attorney George Gascón. The DA, and New York State Attorney General Eric Schneiderman, have been pressing for a kill switch as a way to halt the epidemic of phone theft in both cities, and the evidence is that such a system could cut crime drastically.
In July the pair released the results of a crime survey showing that after Apple introduced Activation Lock for iOS in September, thefts of iPhones in San Francisco fell by 38 per cent. By contrast, thefts of Samsung devices, which lack the kill switch, rose by 12 per cent.
California's bill is similar to federal legislation requiring a kill switch, which is working its way through the US Senate. But the mobile phone industry has already accepted the inevitable, and will be introducing kill switches next July – but it won’t be turned on by default.
Wireless tech industry body CTIA – which represents Apple, Samsung, Verizon, AT&T, T-Mobile US and others – fought hard against a kill switch, a move Gascón said was an attempt to preserve its sales of lucrative insurance and replacement contracts.
Privacy groups are also concerned about the technology, worrying that while it's useful for thwarting thieves, it may be abused by governments. The riots in Ferguson prompted a lockdown in the city by police, and the area was made a no-fly zone; if mobiles could have been turned off remotely by cops, it looks likely they would have done so.
"Police could use the kill switch to shut down all phones in a situation they unilaterally perceive as presenting an imminent risk of danger," said Jake Laperruque, the Center for Democracy and Technology's fellow on privacy, surveillance, and security.
"It’s not hard to imagine law enforcement putting such a label on a protest: Managers of the [San Francisco] BART subway system shut down cell service in four stations just prior to planned anti-police demonstrations in 2011, claiming the disruptive measure was justified by public safety concerns."
There are also fears hackers will get hold of the kill-switch feature to cause misery for unlucky mobe owners, pretty much along the same lines as the hassle tech hack Mat Honan went through in 2012: a miscreant was able to hijack his iCloud account to remotely erase and lock his iPhone, iPad and MacBook.
In the short term it is expected that the installation of kill switches will help reduce levels of theft after criminals realize they are most likely going to have purloined phones bricked. But in the longer term crime rates are likely to rise again once a way is found to defeat the locking software. ®
Sponsored: Global DDoS threat landscape report