![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
calimacSo the Supremes have ruled that police need a warrant to search a smartphone. Or any cell phone, I guess. I don't have a smartphone; I have a dumb phone: all it has on it are my phone calls. Part of the reason I don't have a smartphone is I don't want to entrust so much of my life to one little gadget easily stolen or lost. I still use a physical datebook/address book, and it's tough enough keeping track of that. Apparently cops could search that, but not if I entrusted it all to a smart phone. But what about a tablet computer, like my Nook Color? I use that for e-mail and web browsing when I'm on a trip, but I leave the e-mail on the server and I don't store the password.
Recently there's been much talk of installing kill switches on smartphones. Perhaps through ignorance of smartphones, I have some questions about how this works, some matters I find baffling. I brought one of these up on an online comments section, and was told the question was stupid. It may be stupid, but I still don't know the answer.
1) The purpose of the kill switch is to discourage theft of smartphones. So how is the thief supposed to know, before trying to steal the phone, whether it's equipped with a kill switch or not? This is essentially the same question I once asked of someone who said her uncle's store kept getting robbed until he bought a gun, after which he was left in peace. How did the robbers know he had a gun? Did he brandish it all the time? Did he put a sign in the window reading, "These premises protected by nut with gun"? What? I never got an answer.
2) How does the kill switch work, exactly? I looked up "kill switch" on Wikipedia, and found photos and descriptions of big red emergency stop buttons on train engines, that sort of thing. I doubt that smartphone kill switches work that way, but there's no description of how they do work. OK, so let's say you have a smartphone with a kill switch, and someone steals it. You want to activate the kill switch. You can't use anything on the smartphone itself; it's been stolen. So what do you use?
3) Does activating the kill switch involve using a password of any kind? If so, that opens up vast new fields of worms. How do you remember a password you hope never to have to use? If you write it down on a piece of paper in your wallet, what happens if you're mugged of your smartphone and the mugger takes your wallet as well? If the smartphone comes with the kill switch default enabled, does it have a preset password? Do you have any idea how much trouble has been caused already by software with default passwords? Operating systems with a preset password of PASSWORD or something like that, which the sysops neglected to change. If sysops can't be bothered to change these, why would phone users be likely to? I foresee vast hackage.
4) Is there an "undo" command of any kind for the kill switch? If not, even if you recover your phone you've lost your data, unless you've backed it up somewhere. (Can smartphones do that? On my home computer, I can backup my documents, but not always programs I've downloaded; they need more than the .exe file to work. What about smartphone apps?) If there is one, I foresee more hackage and the crumbling of the whole reason for creating the kill switch in the first place.
Recently there's been much talk of installing kill switches on smartphones. Perhaps through ignorance of smartphones, I have some questions about how this works, some matters I find baffling. I brought one of these up on an online comments section, and was told the question was stupid. It may be stupid, but I still don't know the answer.
1) The purpose of the kill switch is to discourage theft of smartphones. So how is the thief supposed to know, before trying to steal the phone, whether it's equipped with a kill switch or not? This is essentially the same question I once asked of someone who said her uncle's store kept getting robbed until he bought a gun, after which he was left in peace. How did the robbers know he had a gun? Did he brandish it all the time? Did he put a sign in the window reading, "These premises protected by nut with gun"? What? I never got an answer.
2) How does the kill switch work, exactly? I looked up "kill switch" on Wikipedia, and found photos and descriptions of big red emergency stop buttons on train engines, that sort of thing. I doubt that smartphone kill switches work that way, but there's no description of how they do work. OK, so let's say you have a smartphone with a kill switch, and someone steals it. You want to activate the kill switch. You can't use anything on the smartphone itself; it's been stolen. So what do you use?
3) Does activating the kill switch involve using a password of any kind? If so, that opens up vast new fields of worms. How do you remember a password you hope never to have to use? If you write it down on a piece of paper in your wallet, what happens if you're mugged of your smartphone and the mugger takes your wallet as well? If the smartphone comes with the kill switch default enabled, does it have a preset password? Do you have any idea how much trouble has been caused already by software with default passwords? Operating systems with a preset password of PASSWORD or something like that, which the sysops neglected to change. If sysops can't be bothered to change these, why would phone users be likely to? I foresee vast hackage.
4) Is there an "undo" command of any kind for the kill switch? If not, even if you recover your phone you've lost your data, unless you've backed it up somewhere. (Can smartphones do that? On my home computer, I can backup my documents, but not always programs I've downloaded; they need more than the .exe file to work. What about smartphone apps?) If there is one, I foresee more hackage and the crumbling of the whole reason for creating the kill switch in the first place.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2014-06-26 03:14 pm (UTC)no subject
Date: 2014-06-26 03:28 pm (UTC)no subject
Date: 2014-06-26 04:00 pm (UTC)Regarding 1, I think there are claims that there have already been drops in smartphone thefts in jurisdictions that require kill switches in phones, but I do not have a citation.
Here's the answer to 3, in three parts. I know Android phones reasonably well and am assuming that iPhones have similar features. I know almost nothing about Windows, any remaining WebOS phones, and other outliers, but presume they also work in similar ways.
1. Any smartphone can be password protected, and in my opinion it's wise to do so. I could lose my phone, entirely innocently, and I don't want random people to be able to get access to the information on it. On Android phones, you have a choice of using a numeric password of at least four numbers or a lock pattern, which you swipe on the phone's screen. I assume there is a similar feature on iPhones.
2. How you keep track of that password is up to you. Since my phone has a password and I lock and unlock my phone multiple times every day, I have had lots of opportunities to memorize it. Bruce Schneier actually does recommend writing down passwords and storing them in a safe place. My own take on that is that one comparatively secure way to handle that is to take a piece of paper, put passwords in a column and what they're passwords for in another column (and somewhat disguised), tear the paper in half, and store them in two physical distinct locations (at home and at work, for example).
3. i have a kill switch on my phone, which can be used to access confidential work information. To activate the kill switch, I log on to my work account from a computer, go to a particular internal web page, and tell it which device to wipe. (There are several devices that have access to that account.) So the password needed for wiping is my work account, which is not the password for the phone. I assume that the consumer version of a kill switch works in some similar way: you have to log on to a site that issues the "wipe the phone" command. One would presumably choose a unique password for that account.
4. Preset default passwords: I doubt it. My best guess is that you have to create an account to use a kill switch (or run it from an existing account such as I describe above).
Here's the answer to 4, in several parts.
1. There isn't an undo command for wiping an Android phone, which is the technical equivalent of throwing the kill switch. (I have done this, deliberately, on a couple of occasions.) The equivalent of "undo" is setting up the phone for your account again if you get the phone back. (Android phones work best if you set them up with a Google account. I have never tried using one without a Google account. No idea how this works on iPhones.)
2. Yes, you can back up the data in a smartphone, in one of three ways. (Basically a smartphone is just a very small computer; it has data stored on permanent or removable cards (SD cards, cards) inside the case. The cards are the equivalent of hard disks.)
- Applications that are synched to the cloud (Gmail, various iPhone apps, Google Calendar, photo apps, etc.) can automatically restore data from the cloud to the phone after the phone is wiped. You would have to go through the standard phone setup procedure.
- Some data can be backed up by connecting the phone to a computer using a USB cable and manually copying the data from phone to computer.
- I am pretty sure there are apps that will automate synching certain data stored on a phone to a computer, but I've never personally investigated this.
3. Smartphone apps: you reinstall the app after the wipe. As for the data, some apps back up their data remotely (in the cloud), others don't and you need to be making your own backups.
no subject
Date: 2014-06-26 04:55 pm (UTC)I have an iPhone, and the rest of what she said applies to it as well: logging on to a website to remotely wipe the phone, backing up data to the cloud so it could be restored.
no subject
Date: 2014-06-26 04:59 pm (UTC)> i have a kill switch on my phone, which can be used to access confidential work information.
My phone can be used to access confidential work information, and therefore it has wipe-the-phone software installed. (A work requirement, but a good idea in any event.)
no subject
Date: 2014-06-26 05:10 pm (UTC)See the article linked to by
3.1-2. I'm not talking about the regular phone password, which presumably you'd have memorized. The kill switch, being operated from a different device, should have its own unique password. However, if the phone is stolen, either you need to get to the kill switch right away, in which you need to have the password on you, or else, if you trust the phone's regular password protection to keep your data safe, then you don't need to activate the kill switch at all; its only function was as a deterrent, rather like the H-bomb.
3.4. If you have to create an account to use the kill switch, then it's not opt-out but opt-in, and the mass deterrence effect hoped for is lost.
no subject
Date: 2014-06-26 05:14 pm (UTC)no subject
Date: 2014-06-26 05:16 pm (UTC)3.4 Thieves don't know whether you have the kill switch installed or not, so there may be some deterrent effect from the uncertainty.
no subject
Date: 2014-06-26 07:16 pm (UTC)Or not. What the thieves presumably know is what's standard or common, and if opt-in is standard or common, they know many people won't use it and therefore not be much deterred.