Starting mid-2015, all cellphones sold in the state of California will need to include a built-in device that will enable a phone’s owner to wipe and disable the phone remotely — also known as a “kill switch”. The new law will be the first of it’s kind in the U.S., having finally passed the state’s Senate in May after a failed first attempt and then signed into law by Governor Jerry Brown this past Monday. The federal government reportedly likes the new law as well, hinting at possible future plans to lobby for a nationwide version. Here’s a run-down of the new law, and what it could mean for our tech.
“Kill Switch”: What it does
California’s new “kill switch” law is intended as an anti-theft measure against the currently lucrative business of cell phone theft, and it’s honestly a brilliant step.
Currently, the most some smartphones can do is geo-locate your stolen or lost phone (iPhone) or remotely wipe your phone back to factory settings (Android), but this still leaves the phone usable and thus valuable to thieves. With little reason to steal phones that can easily be rendered totally useless by their owners, lawmakers hope this will take the incentive out of stealing them in the first place.
Apple is one step ahead on this; they included an “activation lock” for iOS7, released last year, which requires an original user code to make the device usable again after a remote wipe is performed. This reportedly makes iPhones with the latest OS compliant with California’s new law, assuming the feature isn’t easily hacked. iPads, other tablets, and wearables are not affected by this law, however, and are therefore still as vulnerable to theft as ever.
“Kill Switch”: What it could do
Oh yeah, there’s one thing I forgot to mention: the police will be able to use the kill switch feature too. Though obviously intended to aid law enforcement in stopping or preventing crime in which cell phone access played a key role, it leaves the new feature vulnerable to abuse, whether by law enforcement itself or hackers.
Having the ability to remotely wipe any phone sold in California with a kill switch means that somewhere, information for doing so will be stored in a database. This would be a desirable target for hackers and likely not unobtainable, considering the surprising ease with which corporate giants like Target have been hacked in recent years. Some tech analysts also worry that those who are savvy enough will abuse the kill switch to target individuals, such as using it to prevent their victims from calling for help.
Just as troubling are concerns over how law enforcement will use this new ability. What once seemed like the anarchist paranoia became all too real when police pushed out and even arrested credentialed media personnel from covering the events that unfolded in Ferguson earlier this month. Because of this, most of the credible information on Ferguson came through social media from protesters and activists or reporters who were unable to do an official news recording.
Civil liberties groups are now concerned that access to cell phone kill switches opens the door for law enforcement to disrupt protests by cutting off their communication, if not in California then in other states as kill switch laws grow in popularity. Tech and privacy experts are beginning to join them in this concern. In a recent piece from The Hill, privacy and security advocate Jake Laperruque ofthe Center for Democracy and Technology shared his concern. “This could effectively be co-opted to disrupt protests,” said Laperruque. “So much of what’s happening [in Ferguson] is relevant.”
For now, with only one state implementing this law, immediate concern is little. Implementing the law will be slow at first, since it only requires the kill switch feature on phones manufactured after July 1st of 2015. Phones made before that date can still be sold by retailers after the law goes into effect. So, as the saying goes, only time will tell what affect the law will have.