Does California’s “Kill Switch” Bill for Smartphones Risk Privacy for Personal Safety?

2014 909 iphone st(Photo: Anthony Sigalas)In 2008, a mobile app developer discovered a feature in Apple’s iPhone operating system (then 2.0) which allowed Apple to identify unauthorized apps on users’ phones. At the time, it was unknown how, or if, Apple used the feature, but it was speculated that Apple could essentially disable unauthorized apps. It would be another five years before Apple would officially introduce the technology as part of its iOS 7 upgrade and call it the “Activation Lock.”

It is properly known as the “kill switch”.

The technology allows users to remotely wipe their iPhone in case of it being lost or stolen. A user can choose to activate the feature, which requires a user ID and password to activate the “find my phone” feature, erase everything on the device, ultimately rendering it useless. As a result, law enforcement around the country – and the world – have seen a dramatic reduction in the number of iPhone thefts.

Now California has made the feature mandatory for all smartphones sold in California starting next year.

Last month, Governor Jerry Brown signed SB 962, which requires all smartphones sold in the state to come preloaded with the kill switch software. The bill was championed by San Francisco State Senator Mark Leno, at San Francisco District Attorney George Gascón. DA Gascón noted that in the first quarter of 2014 alone, nearly two-thirds of the thefts in the city were for smartphones.

Except now, they aren’t targeting iPhones.

The kill switch was a welcomed feature for iPhone users. The high priced mobile devices are a target of thieves around the world. Tourists are particularly vulnerable, with many criminal rings operating with little risk of being apprehended. Often, the robberies would be accompanied by violence and injury to the victim. With the risk of the kill switch feature being activated, however, these same thieves have moved on to other smartphones, particularly Android devices that don’t have the user initiated feature. As thefts of iPhones decreased in New York, for example, the theft of popular Samsung devices rose 51 percent.

However, not everyone is happy with California’s bold move.

While Apple requires users to opt-in to use the feature, once activated the company controls the phone (though as the developer noted in 2008, the feature is technically always on). The California law requires that the feature be on at the time of phone activation, meaning that users would have to opt-out if they didn’t want to use it, giving the company access. Civil and privacy rights activists worry about it being used for nefarious purposes by hackers and law enforcement, and not just in California. It is unlikely that manufacturers will make “California only” devices, thereby making it possible that starting next year, every smartphone will have a kill switch already active, no matter where in the country it is sold.

The fears aren’t unfounded.

In 2010, Google revealed the existence of the technology on its Android devices when it announced that it had removed copies of two illegal apps from users’ devices. According to Google, the “remote application removal feature” is a security feature that allows them to protect users from malicious software downloaded from the downloading service then called the Android Market (which has since been renamed the Play Store). While this is the only known instance of the remote removal system by the company, it highlights the fact that they have the ability to disable the device without users’ request.

Last month, a judge in Brazil ordered Apple and Google to use their remote removal ability to remove copies of a popular app called Secret. According to a Brazilian prosecutor, the app has been found to be a key factor in the proliferation of cyberbullying incidences, which allow users to spread rumors and personal attacks anonymously. In what amounts to a takedown notice, Brazil is the first to require the feature to be activated nationwide for such a purpose.

This has free speech activists worried.

In 2011, the Bay Area Rapid Transit (BART) shut down mobile service in its San Francisco stations amid rumors of planned protests after an unarmed man was shot and killed by a BART transit officer. BART justified the move as a matter of public safety. As a result, California passed a law that would require a court order at least six hours prior to shutting down wireless services by any government agency.

That law is why proponents of California’s kill switch bill say fears of government abuse are unnecessary. The bill is covered by the same limitations when it comes to government use — at least in California. Plus customers will have the option to opt-out of the feature, of course.

In the end, the bill’s proponents argue it’s a matter of public safety. As the CEO of one mobile security company points out, “People are being beaten for their smartphones. If criminals know that smartphones will be useless if they sell them, the number of robberies and physical violence will decrease.”