Kill Switch Vol. 2 . . . Smartphones Still Vulnerable?
There is a caveat to the recent initiative by the coalition “Save Our Smartphones” (“SOS.”)
To recap, smartphone and other mobile device crime is up. According to the FCC, 30-40 percent of all street crime in the U.S. is smartphone-related. Many of these crimes are violent in nature.
Behind these crimes is a global, international black market which pays top dollar for stolen smartphones (often, the marketeer is overseas, as far away as Asia, e.g.). The top dog is Apple’s iPhone (no matter which model). So many have been reported stolen that authorities have (half in jest) dubbed the whole thing “apple picking.” (But, it should be noted, all smartphones are at risk, no matter what make or model.)
Stepping into this fray is “SOS.” A coalition of attorneys general and state officials from six states (including New York and California), district attorneys and high-level police officials from eight major cities (including New York City and San Francisco) and consumer advocacy groups have announced an initiative – “Save Our Smartphones.”
It’s concern and demand: Make manufacturers add a mandatory kill switch feature to each and every mobile device – so that any owner instantly (and permanently) can disable a device if it is lost or stolen. And make that ability as easy as cancelling a credit card. Seemingly a simple solution for a worldwide problem . . . or is it?
Manufacturers have been – and are – resisting. Critics claim it is because they don’t want to jeopardize profits – either through a device’s potential resale (yes, even on the black market) value and use, and the already-lucrative U.S. customer market of people buying placement devices (spending some $30 billion/year).
So far, Apple has offered a lukewarm solution/safeguard (but not the kill switch feature the coalition has been pressing for). Other manufacturers, while agreeing “something” needs to be done, have offered little or no tangible plans.
An important issue immediately arises: It does seem manufacturers are already anticipating hackers will get access to their databases and “force” the kill switch function (to be added, by 2014, to new mobile devices all at once – something manufacturers claim is impossible). In plain language, sticking a kill switch into the guts of the phone means there will be a “backdoor.” (For every software problem, there’s a software solution. Or, to simplify: For every defense, there’s another offense.)
Importantly, this “backdoor” might be exploited for something other than the kill switch function alone. (And what would the victims of a theft have to prove to get the kill switch flipped?)
Currently, remote security software – such as offered by the mobile security firm Lookout and known as “wipes” – are third-party applications. One can only successfully wipe data so long as the criminal element doesn’t know it’s happening – and even then it is contingent upon the missing phone giving the owner “permission” to do it, something easily blocked by a perpetrator.
So, it is a thorny problem, legally and technically. On the one hand, there’s the issue of individual privacy and security; on the other, there’s the question of national security and control. In the middle is technology – a neutral party.
As one pundit remarked, “Either you accept the Internet or you accept privacy – but you can’t have both.”
— Stephen Heath-Jones