“Kill Switch” Legislation Are Essentially Unnecessary Government Mandates
In response to the epidemic of smartphone thefts, a number of state and federal lawmakers are proposing legislation that would mandate that all mobile devices include a “kill switch” that can remotely shut down a device that is stolen or lost. In Congress, Senator Amy Klobuchar recently put forward a kill switch bill (S. 2032), with Representative Jose Serrano introducing companion legislation in the House (H.R. 4065). Similar legislation has been introduced in California (S.B. 962), and lawmakers in states such as New York and Minnesota are considering kill switch requirements as well. The goal of these bills is to discourage theft by allowing owners to deactivate stolen devices, turning them into “bricks” that are worthless on the black market.
However, the ability to deactivate a stolen or lost device is already readily available to consumers, making such legislation unnecessary. Apple includes a Find My Phone feature for all new devices, which allows users to go online to locate a missing or stolen phone, erase all data from it, and lock it down. A number of applications with similar functions are available for Android devices, such as Cerberus, Lookout, Prey Anti Theft, and Android Lost. According to CTIA there are over 30 companies that provide these solutions today, and the number continues to grow. In addition to the anti-theft apps that are available to consumers, the wireless industry, working with law enforcement, recently created a stolen phone database to report and track stolen 4G/LTE phones in the U.S., which enables such devices to be de-activated if stolen and re-activated if recovered by the lawful owner.
With these options available, kill switch legislation offers little to most users. Instead, as is often the case with governmental technology mandates, legislation requiring a specific feature could discourage the development of other innovative solutions.
Kill switch bills could also create substantial privacy problems. Legislation requiring that a mobile provider be able to wipe a phone’s data but later restore it could force companies to maintain an external copy of all data on every person’s phone, creating a data retention mandate that would raise a host of privacy concerns. Senator Klobuchar’s bill avoids this particular problem by requiring the ability to “delete or render inaccessible” all data on a device, meaning that carriers could comply by giving users the ability to lock their phones – the very ability most companies already offer.
A law requiring the presence of a kill switch in all phones also creates security risk, especially when the law mandates a single approach rather than allowing a diversity of systems to evolve in the market. Could the kill switch feature be co-opted by hackers? Could it be co-opted by government and used to “brick” devices in anticipation of demonstrations? San Francisco police did something similar in 2011, shutting down cell service prior to a planned protest at BART subway stations. Senator Klobuchar’s bill explicitly states that the kill switch function “may only be used by the account holder,” but the California bill is silent on the subject.
Cell phone theft is a serious issue, and more widespread use of available anti-theft apps can discourage thieves, but a kill switch mandate in legislation is both unnecessary and risky. Lawmakers should exercise caution before mandating technology solutions when the marketplace is already developing options for consumers.