California may soon require kill-switch for smartphones
It was just two weeks ago that California's smartphone kill switch initiative seemed sure to fail. Senate Bill 962, which would have mandated the ability for users to remotely disable their stolen phone, lost a vote in California's state senate.
But it's back. Last Thursday, the state unexpectedly approved the bill, and it now proceeds to the state Assembly, where the Democratic majority is likely to pass it into law.
The legislation had some help from some last minute compromises. The bill's focus was narrowed to just smartphones, not tablets, and manufacturers will have until July of 2015 to implement kill-switch technology.
This might seem like a win for consumers, but not everyone agrees. The CTIA, a smartphone trade association, argues that maintaining a database of stolen phones is a better way to deter theft.
Security advisor Sean Sullivan from Internet security firm F-Secure thinks the bill is problematic in a number of ways. "This is a law that only the over-privileged could love," he said. "As if it would actually reduce mobile thefts? It will take years for the tech to circulate, and by the time it's in everybody's hands... there will be some workaround. That's always what happens."
Sullivan is concerned that a smartphone kill-switch would not only be ineffective as a theft deterrent, but also could be abused to stifle free speech or play havoc with the public: "I'm really stunned that a representative from San Francisco can push this, especially after the BART [administrator] shut down cell phone coverage during the protests of the recent past. I would have thought that libertarians would be in an uproar about this. Do they think such a standard won't have a 'backdoor?' "
Sullivan is far from alone in such concerns. Phone manufacturers have advanced the idea that the kill-switch would be an irresistible target for hackers and that embedding it in all handsets could be more dangerous than not having one at all. In a recent statement by the CTIA, they suggest that hackers could permanently disable individual or large numbers of phones with specially formatted SMS messages -- the phones would be unable to even make emergency calls, the group claims.
Indeed, both Sullivan and the CTIA agree on a significant point -- that such a kill feature is best made optional, so consumers could choose whether or not to enable it, much like the activation lock found in the latest version of the Apple iPhone, and the LoJack theft recovery tool in Samsung smartphones. Kill-switch proponents disagree, saying that an optional kill switch would not broadly deter theft.
This much is true: Whatever happens in California will have far-reaching implications. If the bill passes, manufacturers may move to implement kill switches in all handsets sold in the U.S., or even worldwide.
