from the you’re-not-helping dept
February 21, 2014
Last Spring, wireless carriers and the government jointly announced that they’d be collaborating on building a new nationwide database to track stolen phones (specifically the IMEI number). The goal was to reduce the time that stolen phones remain useful, thereby drying up the market for stolen phones and reducing the ability of criminals to use the devices to dodge surveillance. The move came after AT&T was sued for not doing enough to thwart cellphone theft, the lawsuit alleging AT&T was intentionally lax on anti-theft practices because stolen phone re-activations were too profitable. After regulator pressure, AT&T launched new stolen device blocking tools and re-vamped their website with security tips.
Law enforcement has complained that none of these efforts have done much to stop cell theft and resale, in large part because phones stolen here are simply taken overseas and used there. This in turn prompted a push for new “kill switch” legislation in both New York and most recently San Francisco, in addition to a new bill proposed by Senator Amy Klobuchar we discussed last month. While perhaps well-intentioned, all of the bills have one thing in common: they forget that if you can kill your phone remotely, so then can governments, hackers, and anybody else.
Those concerns are part of the reason cell carriers oppose kill switch legislation (again, that and they profit off of re-activations and new plans), and the worries shouldn’t be taken lightly. There’s a long, long list of examples where remote or artificial termination technology (Monsanto’s wonderful scientific advancements are the first to come to mind) isn’t a particularly great idea. Information Week tries to hash through some of these to illustrate the dangers of the concept and its contribution to a broader surveillance state, where the control over your personal devices could become an illusion and institutionalized control becomes a threat:
“Mandatory phone kill switches will hasten the arrival of the Surveillance of Everything, an unavoidable consequence of the so-called Internet of Things. Using technology to extend the reach of property rights make as much sense for other objects as it does for phones. But in so doing, individual property rights mingle with social mores and government prerogatives. Nothing is truly yours on someone else’s network….Consider a recent Google patent application, “System and Method for Controlling Mobile Device Operation,” which describes research to help in “correcting occasional human error,” such as when phones have not been silenced in a movie theater.
The thing about kill switches is that they’re a manifestation of digital rights management. In the hands of individuals, perhaps they’re a good idea. But they won’t remain in the hands of individuals. They will be used by companies, organizations, and governments, too. And even when people believe they have control of their kill switches, authorities and hackers can be expected to prove otherwise.”
Granted governments could still shut down the BART network on protesters (one of the first examples the author gives) or kill Internet access in Egypt without necessarily needing a kill switch. A gifted hacker might also be able to remotely brick your current phone. But why would you want to make it any easier? There’s countless other ways to combat cell phone theft that doesn’t involve making an entire industry considerably less secure.