Hacker News new | past | comments | ask | show | jobs | submit login

> In May, Minnesota became the first state to require a kill switch on all smartphones sold there. But the California bill is unusual in that it requires manufacturers... to ship smartphones with the anti-theft technology turned on by default.

I wasn't aware that an opt-in version of this was already on the books. I'm curious to see exactly how much the user is in control of this "technology" in practice. If the user can (a) disable the feature, and (b) is the only person who can initiate a remote shutdown, then it's probably to the consumer's advantage. But I suspect it's only a matter of time before the FBI/CIA/NSA (or local PD) will be able to unilaterally decide it's in the "public interest" to suddenly shut off every phone in a particular geofence.

Cars are also stolen every day, and society manages to get by, through insurance and opt-in theft deterrence tools (both manufacturers and consumers already have plenty of incentive to deter theft). I have a hard time believing that stolen phones are a big enough social problem to warrant a mandate of this scope. Regardless of intent, this power will be abused.




I can't really think of any feasible way for the user to be only person who can initiate a remote shutdown.

(Sure, you can probably come up with some hypothetical scheme involving public key crypto, but we know they're not doing that, and if they did most users wouldn't be able to figure out how to kill their own phones either).

So, yeah, the technology is clearly going to be able to be used so the government (or really, the cell provider or anyone that can convince/force the provider company to do something) can shut down any cell phone, or even all cell phones in a given specified area (that is, currently in contact with specified access points). Of course, they could just shut down the towers too, maybe more likely to be used against selected numbers or lists of numbers.

Anyhow, that was my first thought too. On seeing the headline, I even first thought that was the _point_ of the legislation, you know for 'national security'.


Ooh, ooh, and how long until someone hacks into the cell phone network in order to have the power to 'kill' others phones. Chinese army hackers? Sounds like something that would appeal to them. And lots of other people.

But maybe there could be a succesful campaign against this on 'national security' grounds, it makes our communications network less secure, chinese army hackers are gonna get into it and kill peoples phones! Meh, probably would not work.


I can't really think of any feasible way for the user to be only person who can initiate a remote shutdown.

(Sure, you can probably come up with some hypothetical scheme involving public key crypto, but we know they're not doing that, and if they did most users wouldn't be able to figure out how to kill their own phones either).

You don't need any crypto. The user sets a killswitch password in her phone, then the command must provide the same password. If the user hasn't setup any password, the command works without one.


Okay, how much do you wanna bet there's no way they're going to do this?


Actually the "immobilizer" (basically a kill-switch) is cited as one of the main reason that cars are less stolen today ... https://news.ycombinator.com/item?id=8166698


No, it's nothing like a kill-switch. It's simply a key that that actually works. It simply ensures that the key that came with your car is present for the engine to run. The truest definition of a key. There is no remote kill capability.


  No, it's nothing like a kill-switch.
It's alike in the manner "stolen item does not work, reducing its stolen goods value"


So the actual equivalent is locking the phone?


> But I suspect it's only a matter of time before the FBI/CIA/NSA (or local PD) will be able to unilaterally decide it's in the "public interest" to suddenly shut off every phone in a particular geofence.

This would be an ineffective way to accomplish that. They'd first have to make a list of all the phones in the target area, and then they'd have to send the lock commands to them, one by one.

Furthermore, even if they went through all that trouble, it only would work on smartphones. The bill does not apply to feature phones, other non-smartphone phones, laptops, or tablets. The bill defines a "smartphone" as a cellular radio telephone or other mobile voice communications handset that includes ALL of the following features:

• Utilizes a mobile operating system.

• Possess the capability to utilize mobile software applications, access and browse the Internet, utilize text messaging, utilize digital voice service, and send and receive email.

• Has wireless network connectivity.

• Is capable of operating on a long-term evolution network or successor wireless data network communications standards.

The bill explicitly says that "smartphone" does not "include a radio cellular telephone commonly referred to as a 'feature' or 'messaging' telephone, a laptop, a tablet device, or a device that only has electronic reading capability".

(Added in edit) Also, while the bill requires that smartphones be equipped with this and that it be on by default, the bill does NOT require that it stay on. Apple's iOS 7 kill switch lets the user turn it off, and I believe that is what Samsung plans to do. People going to protests or other events where they think authorities may try to disrupt communications can simply turn off the kill switch before arriving at the protest.

It would be much more effective to silence a particular area by doing something at the cell tower layer or higher.

> I have a hard time believing that stolen phones are a big enough social problem to warrant a mandate of this scope

Stolen phones account for half of all robberies in San Francisco. In New York, they are 20% and rapidly rising. It's the #1 property crime nationwide, accounting for 1/3 of all property crime. In half of the San Francisco incidents the victims are punched, kicked, or physically intimidated, and in a quarter of them they are threatened with a gun or knife.

That sure seems like a big enough problem to me to try to do something about. We also know that kill switches are effective. In the first five months after Apple put in a kill switch, iPhone thefts dropped 38% in San Francisco, 24% in London, and 19% in New York. We know this wasn't just due to a general lowing of crime rates, because in the same time period overall New York theft went down 10%, and Samsung phone theft went up 40%.


>>This would be an ineffective way to accomplish that. They'd first have to make a list of all the phones in the target area, and then they'd have to send the lock commands to them, one by one.

Phone[] phones = GetPhonesByGeo(radius=50, lat=102.23412323, lon=-129.4342424);

foreach(Phone p in phones) { p.sendmessage("Lock"); }

func GetPhonesByGeo(){ // your tax dollars at work }


You need to determine how to send the message to the phone. Flipping the kill switch on an iPhone will require talking to Apple, for instance, whereas I'm pretty sure you would not talk to Apple to flip the kill switch on a Samsung phone. There will be at a minimum three different mechanisms you'd have to deal with (Apple, Google if they build this into Android and all Android phone makers and carriers leave it in place instead of replacing it with their own version, and Microsoft). There could be dozens if Android phone makers go their own way, or if the phone carriers customize the firmware to replace the kill switch from the hardware maker or Google with their own.

There is no requirement that an API be provided to law enforcement. That "sendmessage" method could come down to someone on the law enforcement side getting on the phone with Apple or Google or Microsoft or a service provider and telling them the numbers to kill.

This is assuming that Apple or Google or whoever even can flip the kill switch without the assistance of the phone's authorized user. They could easily design the kill switch system so that the person flipping the switch has to know the authorized user's password [1]. There is nothing in the bill that I see that says they have to design the kill mechanism to allow law enforcement or the manufacturer or the carrier to be able to use it.

[1] For instance, the phone could ask for your iCloud or Google account information when you set up the kill switch for the first time, and then it could store on the phone a hash of the concatenation of your password and the phone serial number. The kill switch mechanism could require that the kill command include that hash, thus proving to the phone that the sender had access to your password.


Very funny

You don't know what you are talking about.

EDIT: yes, please, go ahead and explain how you're going to get phone's location geographically. Hint: not everybody has data turned on always. Or GPS.

This is not a Batman movie you know


What about CPS? The towers know where they are, and they know you are communicating with them.

Its not perfect, but they can get your position by just measuring your signal strength to the multiple towers and triangulate the rest.

No, this is not a batman movie. For more, check out http://worldwide.espacenet.com/publicationDetails/biblio?CC=...


> … We also know that kill switches are effective…

Do you have a source to back up the stats in this section?

> This would be an ineffective way to accomplish that. They'd first have to make a list of all the phones in the target area, and then they'd have to send the lock commands to them, one by one.

This doesn't seem to hard, if you have all of the phones connecting to one or two towers (Or you set up your own "Stingray" tower).

Now the standard line before a protest speech will be, "Please turn your phones to silent, and turn off the kill switch please..."



And there's a much simpler, regulation-free way to do this anyway: https://www.youtube.com/watch?v=DU8hg4FTm0g&t=38m43s

So this bill is probably just what it seems - a way to curb cellphone pilferage.


They cant do that already in cases of national emergency's? how quaint the USA's Telco seems to the rest of us in the developed world


The developed world that is known to shut off everyone's cell phones during national emergencies? Are you talking about Iran or Syria?


London has done a selective shut down in the past after 7/7 to stop mobile triggered devices

The way it works is that important people not "subs" have phones with two sims so that the emergency services etc can talk with out.


If a government authority wants to shut down the phone system, why on earth wouldn't the FBI/NSA/CIA just instruct the Telcos to shut down their signal to the area? Seem to be a much more straightforward and simple solution - particularly as there are only 4 or 5 carriers in the bay area.

I seem to recall the BART authority doing something similar with their infrastructure during recent protests - it was quite effective.


The idea wouldn't just be the phone system but removing most people's ability to record photos or video. Point-and-shoot cameras are rapidly disappearing now that phones are good enough for most people.


The kill switch is only required to take out 'essential services' of the phone. There's no real reason I could see why the phone's camera couldn't still function even if the kill switch was used.

That said, the bill requires that the kill-switch have an option to be disabled, so there's no reason you couldn't just disable it before hand.


But I suspect it's only a matter of time before the FBI/CIA/NSA (or local PD) will be able to unilaterally decide it's in the "public interest" to suddenly shut off every phone in a particular geofence.

They can do that already just by shutting off the cell tower or blocking specific users from it.


WiFi




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: