A bill that requires all smartphones manufactured after July 1st, 2015 to include anti-theft measures if sold in the state of California was signed into law today. California governor Jerry Brown signed the bill, which was introduced back in February, and finally cleared the State assembly two weeks ago. Its aim is to make phones a less attractive target for thieves by requiring built-in tools that let consumers remotely lock, wipe, and disable the devices.
The bill, SB 962, was created by California state Senator Mark Leno along with San Francisco District Attorney George Gascón, who's been a staunch advocate of anti-theft measures for phones. Ahead of the bill, Gascón urged cellphone makers — including Apple and Samsung — to make stolen smartphones more of a headache for thieves, going so far as to hire security experts to try and bypass the built-in security measures to illustrate that smartphone makers weren't doing enough. An earlier version of the legislation also included tablets, and any other handheld "advanced mobile communications device," language that was stripped out in favor of targeting only smartphones.
The key text of the bill breaks down what exactly phones need to include:
Any smartphone that is manufactured on or after July 1, 2015, and sold in California after that date, shall include a technological solution at the time of sale, to be provided by the manufacturer or operating system provider, that, once initiated and successfully communicated to the smartphone, can render the essential features of the smartphone inoperable to an unauthorized user when the smartphone is not in the possession of an authorized user. The smartphone shall, during the initial device setup process, prompt an authorized user to enable the technological solution. The technological solution shall be reversible, so that if an authorized user obtains possession of the smartphone after the essential features of the smartphone have been rendered inoperable, the operation of those essential features can be restored by an authorized user. A technological solution may consist of software, hardware, or a combination of both software and hardware, and when enabled, shall be able to withstand a hard reset or operating system downgrade and shall prevent reactivation of the smartphone on a wireless network except by an authorized user.
Ahead of the bill's approval, every major player in the phone industry pledged to make their smartphones harder to steal as part of a voluntary agreement with the CTIA. Apple, Google, HTC, Huawei, Motorola, Microsoft, Nokia and Samsung, along with the five major US cell carriers, agreed on plans to offer customers a way to remotely wipe or make inoperable their devices beginning July 2015. While similar to the kill switch legislation in its end goal, the two main differences are that the CTIA agreement doesn't require the products to ship with the solution, and threatens to keep any handsets that don't abide by the law from being sold.
"California has just put smartphone thieves on notice."
"Today's action was unnecessary given the breadth of action the industry has taken," Jamie Hastings, the vice president of external and state affairs for the CTIA said in a statement. "Uniformity in the wireless industry created tremendous benefits for wireless consumers, including lower costs and phenomenal innovation. State by state technology mandates, such as this one, stifle those benefits and are detrimental to wireless consumers."
In a statement, Senator Leno said simply that "California has just put smartphone thieves on notice."
Preliminary data on reactivation lock tools suggests the feature has already affected crime rates. In June, attorney generals in New York and San Francisco said that year-over-year thefts of Apple devices "plummeted" during the first five months of 2014 thanks to iOS 7's iCloud Activation Lock feature. For San Francisco that amounted to a 38 percent decline in iPhone-related robberies, while New York reported a 19 and 29 percent year-over-year decline on robberies and grand larcenies that involved Apple products. During an identical time period, the same study said there was an increase in robberies involving Samsung devices, which did not have the aforementioned built-in protections until April.
California is not the only state
California joins Minnesota, which passed a similar anti-theft bill in May. However unlike California's bill, it's not asking for a way to remotely disable or wipe a phone, just that the phone needs to come "equipped with preloaded anti-theft functionality," or at least be able to download it later, and free of charge. Under its requirements, it's not just about anti-theft measures on the device, but also deals with devices that are resold. The law criminalizes buying and selling phones between people without documentation, so the state can track where phones are going. It also prohibits used cellphone dealers from paying in cash or selling to people under the age of 18. These are things designed to hinder potential thieves by putting more of the business of selling phones on the record when it too goes into effect next July.