California Law to Require Antitheft Technology in Cellphones

Imagine a pawn shop that loans money on cell phones. Now imagine someone comes in and pawns their phone. It still has service and all, but he thinks he will come back next week and redeem it. A few months pass and he never comes back. Now the phone is legally (the pawn contract says one must completely own the collateral, so carrier subsidies etc. shouldn&#x27;t be a problem) the pawn shop&#x27;s property. Mr. Defaulter calls the phone company and has the IMEI blocked. Now the pawn shop is out the money and owns a useless piece of metal and plastic.<p>I&#x27;ve seen this problem with phones, tablets, and even tasers. The company will not activate them if they&#x27;ve been reported lost or stolen. But &quot;finders-keepers&quot; is legal and people can lie about theft. Of course the company also has a second interest not to help create a used market. Just like encrypted firmware schemes, this erodes personal control over our property. The legal owner with physical control should be able to use the device. Period.<p>There are also concerns over government or corporate disablement. Aside from obvious government malice during e.g. protests, does anyone really think either the government or the phone company can run a blacklist without false positives? Obviously not. Nobody can when your population size is &gt;300 million. And the customer service grunt is just following the rules when your device is disabled and he cannot re-enable it.<p>The argument for this law is that it will reduce thefts by making the phones worthless. I understand this. I just don&#x27;t think that is worth losing control over our property and devices.

Sounds like always-on DRM. The rich and the technologically adept will be unaffected, but another hammer will be available for our ambivalent rulers to manipulate normal people.<p>This shitty DRM better be opt-in.<p>Fined $2,500 for every device sold lacking this DRM? Only if there is a $2,500 refund for every device <i>accidentally</i> bricked.<p>I can see media companies loving this. Watching an unlicensed movie? Your phone is now bricked. Mission creep will be inevitable.

There&#x27;s already an easy way to do this (that I remember reading somewhere is already being done in Australia).<p>When a phone is reported stolen the carriers just need to blacklist the IMEI so it doesn&#x27;t work - removes the incentive to steal devices. I don&#x27;t remember where I originally read this (probably here), but the US carriers were not interested in doing this because they don&#x27;t see stolen phones as a problem that hurts them (arguably it gives them more business).

I have an idea, how about the government stay the hell away from my smartphone and let the free market decide what smartphones are theft-safe and which are not?<p>This is why computer science should be a required subject going forward, only individuals good at programming will be able to resist the tendrils, malware, viruses and government backdoor trojans trying to get inside us and instruct us what actions to perform today to fill other mens pockets with wealth whom we don&#x27;t even know or care about.

Serious question, not rhetorical: Is there any precedent for forcing manufacturers to modify their product simply to prevent the product from getting stolen?<p>Cars and houses can have alarms, and customers decide whether they need them or not. We do not require that all cars and houses come equipped with them. Wallets can be attached to a chain or placed in the front pocket. We don&#x27;t require that you can only purchase a wallet with a chain.<p>Unlike childrens&#x27; toys that require battery covers to be screwed shut, or cars that must have seatbelts, the theft of a device does not seem to be a public safety issue. Your decision to own an expensive phone and take it out of your pocket at the train station seems no more necessary of regulation than your decision to wear an expensive necklace.

It seems like every day I&#x27;m reading some new news article on how over bearing and strong handed California laws are. I used to hear people joke about moving out of California to a &quot;free state&quot; and never paid much attention to it but now I get it.

It must be nice to have no valuable skills to offer society yet still find employment as an authoritarian jackass dreaming up product features without doing the actual work or assuming any of the risk. If Leno wants to add features to cell phones, he should go work for those companies instead of using the Ring of Sauron to forcibly add a &quot;kill switch&quot; because he thought it was a good idea. And is reducing theft the real reason or just the ostensible one? Will this become an easy hook for govs to shut off phones?

Nice, a kill switch in every phone. When there’s a big demonstration&#x2F;revolution we’re just gonna kill all the phones out there with a simple data packet.

From what I understand, the mechanisms for this law are already in place and aren&#x27;t much of a problem; any Apple customer already has this with the &quot;Activation Lock&quot; feature, and any carrier can already deny service based on a blacklisted ESN. The proposed law, at least in spirit, would require carriers and phone makers to honor your request to make your device unusable when you report it as stolen. It isn&#x27;t so much that the government is going to be making technology and forcing everyone else to use it -- it&#x27;ll let the private tech industry do whatever it needs to do to comply with the proposed &quot;please brick my stolen phone&quot; law.<p>I can understand how handset vendors other than Apple would have a problem with this. For example, where is the &quot;activation lock&quot; setting stored and who controls it? The handset vendor (Samsung, LG, etc)? Google (since it&#x27;s an Android phone)? The carrier? Who deals with the customer when the device is stolen? That level of coordination would be a mess to deal with if you don&#x27;t already control most of the stack and user experience like Apple does.<p>As a side note, Apple already does this with Mac hardware too: <a href="https://discussions.apple.com/message/19010713" rel="nofollow">https:&#x2F;&#x2F;discussions.apple.com&#x2F;message&#x2F;19010713</a> .

&gt;<i>On Friday, State Senator Mark Leno of California, a Democrat, is expected to introduce legislation requiring all smartphones and tablets sold in the state to include this kind of feature.</i><p>This should be a required option, even if it&#x27;s opt out. The consumer should be able to turn off this kind of remote authorisation over their device, even if it reduces the &quot;herd immunity&quot;.<p>Killing core functionality goes a step beyond IMEI blacklisting, which can be circumvented by selling the phone outside the blacklisted jurisdictions. An IMEI-blacklisted phone is a phone with a reduced market. An effectively &quot;killed&quot; phone is worth its recycling rebate.

If carriers and oems can&#x27;t prevent rooting or custom roms, why would they be able to prevent unauthorized locking of phones?<p>There are bad ideas, and then there ideas that only a legislator would advocate.

Reminds me of FEMA requiring carriers to install a chip for emergency messages (PLAN = Personal Localized Alerting Network). [1]<p>Governments seem increasingly interested in accessing and controlling our phones.<p>[1] <a href="http://en.wikipedia.org/wiki/Personal_Localized_Alerting_Network" rel="nofollow">http:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Personal_Localized_Alerting_Net...</a>

And in tonight&#x27;s segment of &quot;Shit we didn&#x27;t need or could do ourselves, but the state insists it be mandatory...&quot;

Don&#x27;t forget batteries. They&#x27;re very valuable to thieves too. Maybe the killswitch can make them explode.

If you live in the state of CA and think this bill is a bad idea, you can look up your representative senator and send them an email asking that they vote against the bill. <a href="http://findyourrep.legislature.ca.gov/" rel="nofollow">http:&#x2F;&#x2F;findyourrep.legislature.ca.gov&#x2F;</a>

This is <i>really</i> needed. In New York, there is a problem of punk kids snatching iPhones and running. It is hard for the police to do anything about it, and these kids are fencing the phones for about $150, and they are likely shipped to out of the country where carrier blocks don&#x27;t work.<p>For whatever reason, I have heard of a bunch of people that get their iPhones snatched, but never android phones.<p>The market for bad ESN phones is way too strong. A simple ebay search shows that bad a ESN iPhone 5 still fetches $250. Apple needs to drive down the value of bad ESN phones to near zero for the safety of their own customers.

Every time I read &quot;anti-theft technology&quot; I get chills..<p>You should immediately call your representatives to stop this.

Doesn&#x27;t the IMEI on GSM and the MEID on newer CDMA phones already solve the problem of stolen phones, and we just don&#x27;t use this functionality?

Cross-posting from the other discussion on this topic (<a href="https://news.ycombinator.com/item?id=7197416" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=7197416</a>):<p>Actual draft of the bill is here: <a href="http://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201320140SB962" rel="nofollow">http:&#x2F;&#x2F;leginfo.legislature.ca.gov&#x2F;faces&#x2F;billNavClient.xhtml?...</a><p>Relevant portions:<p>(1) Any advanced mobile communications device that is sold in California on or after January 1, 2015, shall include a technological solution that can render the essential features of the device inoperable when the device is not in the possession of the rightful owner. A technological solution may consist of software, hardware, or a combination of both software and hardware, but shall be able to withstand a hard reset. No advanced mobile communications device may be sold in California without the technological solution enabled.<p>(2) The rightful owner of an advanced mobile communications device may affirmatively elect to disable the technological solution after sale. However, the physical acts necessary to disable the technological solution may only be performed by the end-use consumer or a person specifically selected by the end-use consumer to disable the technological solution and shall not be physically performed by any retail seller of the advanced mobile communications device.<p>Hard reset is defined as &quot;the restoration of an advanced mobile communications device to the state it was in when it left the factory, and refers to any act of returning a device to that state, including processes commonly termed a factory reset or master reset.&quot;<p>Some thoughts:<p>* There doesn&#x27;t appear to be any requirement that the phone can be remotely disabled. One interpretation of this is that the only change from the status quo where practically every phone has a PIN is that the PIN withstand a hard reset.<p>* The hard reset definition is sort of dumb. When a device leaves the factory, it obviously doesn&#x27;t have any knowledge of whom its proper owner is. A hard reset, by definition, has to nullify any owner-verification system and no technological solution can withstand it.<p>* The fact that the kill switch can be disabled is encouraging.<p>* A lot would also depend on how determination of the &quot;rightful owner&quot; goes. That is, is it sufficient for someone who knows the PIN to be considered a &quot;rightful owner&quot;? This is fine 99% of the time, but there are obviously scenarios where that isn&#x27;t true. If we wanted to take this to the other extreme, we might say this would require every seller and re-seller of mobile phones to check the ID of anyone buying a phone and to record this in some sort of master ownership index. Note that this would effectively outlaw burner phones.

This seems like a bad idea.<p>* Why won&#x27;t someone will figure out how to trigger the phone kill switch and start wandering round SF killing people&#x27;s phones at will?<p>* Why won&#x27;t the state&#x2F;NSA&#x2F;whoever kill the phones of its enemies (diplomats, foreign business people, &quot;subversives&quot;)?<p>* and so on.

I actually think this is a good idea and requires government intervention due to the positive externalities involved.<p>I just wrote a blog post about it: (<a href="https://news.ycombinator.com/item?id=7198054" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=7198054</a>)

Perhaps they can also consider a cap on the price of cell phones sold in California. If no one&#x27;s carrying around a phone that cost over $50, that would also reduce the incentive to steal them.<p>This bill would be a great accompaniment to the next minimum wage increase.

I&#x27;m all for careful legislation to force companies to improve security and protect consumers but I unfortunately most legislators dont have the technology knowledge to know what is wise and what is not. The devil is in the details here - if we mandated that the disable capability could only be enacted by the consumer that owned the device - say with a kill code password that no one else is allowed to store - then its not so bad, but I doubt such protections against misuse are in place. I surely dont want a kill switch that could be invoked by the manufacturer or cell provider.. Given that the market already provides this on tons of devices it seems unnecessary to legislate.

This law is intended to mitigate the escalation in armed robberies for smartphones that is hitting urban areas in California.<p>Armed robbers are aware that many (most?) people of even modest means are carrying around devices that, once stolen by force, can be sold (probably to a fencing operation) for a few hundred bucks.<p>The ability to render smartphones worthless if stolen would go a long way toward reducing the incentive to commit these particular robberies, which constitute a large part of the recent increase in California&#x27;s armed robbery (and by implication violent crime) rate.<p>Recently in the Bay Area, where I live, an armed robber held up several people at once, and took all the phones ... except a feature phone.<p>EDIT: wording.

A bill that requires manufacturers to offer phones that have this feature and phones that don&#x27;t have this feature I could see as being okay, but to require all phones to have it and leave the user no choice (fwiw, being able to disable it after purchase is a false choice) is ridiculous.<p>Kill switches are never the right choice to solve this. Once this technology exists and is widespread (as the article points out, manufacturers are unlikely to maintain two models, with and without this unless legally required), what stops oppressive countries from using this feature from disabling the phones of people legitimately protesting like those in the Ukraine right now?

Or better yet, every time you need to make a phone call, your ownership of the phone will be verified on-site by a blue-gloved agent of the state...<p>...who will then administer a full-body pat-down. You know, for good measure.

&quot;We&#x27;re from the government, and we&#x27;re here to help.&quot;

Once there&#x27;s a device kill switch in place, it will be available for anyone with a court order. Think RIAA, MPAA... organizations that support DRM must love this idea.

Prey project is semi open-source, freemium and works on ios, android and most desktop OSes too.<p><a href="https://preyproject.com/" rel="nofollow">https:&#x2F;&#x2F;preyproject.com&#x2F;</a>

Last phone I bought from Walmart, T-Mobile refused to activate because they claimed it was stolen.<p>I was really taken aback to have purchased a device in a sealed box when someone had already cloned the IMEI. (Or maybe T-Mobile&#x27;s setup is just really buggy...)<p>I was fortunately able to return it and get a new phone, worked fine.<p>But if I could fix that problem, maybe stolen phones will just get laundered through returns that way. (ie, buy a new phone, return the stolen one as defective).

This is not to stop theft. I can wipe my phone remotely right now if my phone is stolen. The goal is to secure the phone so that all the info on it is not accessible if the owner is not there. Especially considering that more and more the phone is the key to everything due to two step authentication (for email accounts, banks, etc. ) If things need to get more secure online then the phone needs to get even more secure.

Have there been any reports on how iOS7 affects thefts?

We all know how this is going to end: Someone is going to hack the method used to disable the phones and massively disable millions of people&#x27;s phones. As always, the road to hell is paved with good intentions. I&#x27;d much rather see technology that temporarily disables access to my phone&#x27;s private contents while turning a permanent GPS [on] switch so my stolen phone can be located.

It&#x27;s a shame the device manufacturers apparently dragged their feet on this and couldn&#x27;t avoid legislation.

This is a cellphone carriers&#x27; lobbyist work at its finest! This law is not about the customers; its about those rare examples where customers are screwing the carriers when the phone is being stolen and the police report is good enough to get out of a lengthy &amp; expensive contracts.

It&#x27;s all very well to say that smartphone thefts are &quot;reaching an all-time high&quot;, but what is smartphone ownership doing? I doubt it&#x27;s reached saturation yet, and one would imagine that thefts would increase in line with units owned...

This is another example of how government tries to simplify its job by creating problems for others. If the anti-theft technology of any use, more companies would introduce them and users would buy such phones.

They are doing this all wrong.<p>Thieves can use different parts of the phone that would not be effected by a kill switch, batteries, screen, ...<p>What they really need is to turn on the GPS find where the phone is and start arresting folk.

I thought this was already being done via IMEI blocking.

How about you just be a bit more careful with your iphone? No law in world can stop people from being stupid.

Ah, the velvet glove. It rises to view again. Shall I buy? Shall I not? &#x27;tis but an upvote away ..

How can California do this? Interstate commerce clause and all that.

No. Too many opportunities for abuse.