Kill Switches Will Save Your Smartphone
With smartphone theft on the rise, we need remote-wipe features more than ever
On an otherwise ordinary Saturday, someone grabbed Kristine Swartz’s iPhone from her gym locker. At first she was annoyed—phones are expensive and filing a police report takes time, with little hope of recovery—but then she considered other implications. “There are a lot of details that I didn’t think were revealing until my phone was in someone else’s hands,” she says. Fortunately for her, she could use a new iOS 7 feature, activation lock, to remotely disable her phone. Unfortunately for those without iPhones, activation lock isn’t an option.
Activation lock is a type of kill switch, a piece of software that allows a phone’s owner to remotely deactivate and wipe a lost device, effectively turning it into a fancy paperweight. Until now, it’s been up to individual smartphone makers to add kill switches to phones. But with smartphone theft on the rise—one estimate puts the spike in New York City at 40 percent since 2012—so is the need for kill switches. In February, U.S. Senators proposed a law that would require manufacturers to include a kill switch on all new phones (California and New York legislators have also proposed similar laws). By destroying the worth of a stolen phone, the law would also destroy any incentive to steal one in the first place. It’s a good idea, but the lawmakers have a fight on their hands.
The mobile-phone industry doesn’t see things the same way. The Cellular Telecommunications & Internet Association (CTIA) insists that kill switches aren’t necessary. They assert that users should instead password-protect their handsets and install third-party apps, such as Prey or Cerberus, that offer kill-switch-like functionality. In reality, most people aren’t that careful. According to a Consumer Reports survey, less than half of users set a passcode on their device. For those that do, some of the most-popular PINs are still “1234,” “1111,” and “0000.” Also, two thirds of users prefer to remain logged into any accounts. A lost phone can be a goldmine.
Less than half of users set a passcode. For those that do, some of the most-popular pins are “1234” and “1111.”
Rather than get behind kill switches, the CTIA, in partnership with the FCC, recently developed its own theft-protection system. The association compiles the unique ID numbers of phones reported as stolen, and the carriers agree to not reactivate phones on the blacklist. That’s certainly better than nothing, but the database only applies to the U.S. and Europe, and a lot of stolen phones end up outside those regions. An iPhone on the black market in Hong Kong, for instance, can fetch $2,000.
So, why does the CTIA—and by extension carriers—oppose a kill switch? Some suggest that it’s a conspiracy to sell insurance. For a nominal monthly fee, users can insure phones against damage or loss; it’s a $7.8 billion business. Discourage theft, and insurance becomes less necessary. The CTIA isn’t commenting on that, but the association does warn that kill switches could open up security threats, in which hackers start killing phones at will. What that argument is missing, though, is a clear incentive for the presumed hackers—you know, like the one that thieves have to target phones right now.
Update: On April 15, after the publication of this article, the CTIA announced that key players in the mobile phone industry, including major manufacturers and service providers, had made a voluntary commitment to include anti-theft features on handsets.