[andrewfong]

Cross-posting from the other discussion on this topic (https://news.ycombinator.com/item?id=7197416):

Actual draft of the bill is here: http://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?...

Relevant portions:

(1) Any advanced mobile communications device that is sold in California on or after January 1, 2015, shall include a technological solution that can render the essential features of the device inoperable when the device is not in the possession of the rightful owner. A technological solution may consist of software, hardware, or a combination of both software and hardware, but shall be able to withstand a hard reset. No advanced mobile communications device may be sold in California without the technological solution enabled.

(2) The rightful owner of an advanced mobile communications device may affirmatively elect to disable the technological solution after sale. However, the physical acts necessary to disable the technological solution may only be performed by the end-use consumer or a person specifically selected by the end-use consumer to disable the technological solution and shall not be physically performed by any retail seller of the advanced mobile communications device.

Hard reset is defined as "the restoration of an advanced mobile communications device to the state it was in when it left the factory, and refers to any act of returning a device to that state, including processes commonly termed a factory reset or master reset."

Some thoughts:

* There doesn't appear to be any requirement that the phone can be remotely disabled. One interpretation of this is that the only change from the status quo where practically every phone has a PIN is that the PIN withstand a hard reset.

* The hard reset definition is sort of dumb. When a device leaves the factory, it obviously doesn't have any knowledge of whom its proper owner is. A hard reset, by definition, has to nullify any owner-verification system and no technological solution can withstand it.

* The fact that the kill switch can be disabled is encouraging.

* A lot would also depend on how determination of the "rightful owner" goes. That is, is it sufficient for someone who knows the PIN to be considered a "rightful owner"? This is fine 99% of the time, but there are obviously scenarios where that isn't true. If we wanted to take this to the other extreme, we might say this would require every seller and re-seller of mobile phones to check the ID of anyone buying a phone and to record this in some sort of master ownership index. Note that this would effectively outlaw burner phones.

[ballard]

Activation of the OS requiring network check-in similar to Apple's iOS would potentially be able to disable devices by blacklisting serial number / imei / meid.

It's worth noting that most carriers DO NOT blacklist all types of serial numbers burned into a device with a single serial number. There should be a requirement for a blacklist of one to also blacklist all others and that a carrier should be able to search by any of the serial type number.

Further if a device is legitimately recovered by the original owner, they should be able to unblacklist it.

Finally, carriers should cover return shipping and reactivate found blacklisted devices. There are many worthless blacklisted iOS devices on eBay, but neither Apple nor carriers will activate them nor return them to their owners.

[pessimizer]

>* The hard reset definition is sort of dumb. When a device leaves the factory, it obviously doesn't have any knowledge of whom its proper owner is. A hard reset, by definition, has to nullify any owner-verification system and no technological solution can withstand it.

The way that I'm reading this, a limit to what a "hard reset" can be is being set by (1). It's saying: Any process that you have in order to return a phone to factory condition must not remove the ability for it to be remotely bricked by the State of California.

It's labeling whatever that process is as a "hard reset" but they only care about the we can still brick the phone part.

That is the diametric opposite of (2), though. Unless the "disabling of the technological solution" is expected to be through software.

In order to enforce (1) and (2), California is going to have to:

a) Start certifying operating systems, and approving of their solutions for the remote bricking disabler.

and

b) Implement the remote bricker in hardware.

This is actually a really scary bill.

edit: The "rightful owner" requirement could be interpreted as really hard to satisfy, especially combined with an inability for the "retail seller" to do it. That may mean that you have to get a code, connect to the manufacturer's server, etc. to get the app to disable the bricking chip unlocked or downloaded, and the additional security theater that would entail - and the bitrot that would happen for older model phones when you had to download it (after a "hard reset") and the manufacturer is either defunct or doesn't care anymore.

This bill has too many goodies for too many entrenched interests not to pass.

edit2: "Rightful owner" is really creeping me out. That might be seen as insuring that the State must be the one with the killswitch. Who can determine a rightful owner? It could be that you are the one who knows the PIN, or it could be that you file a police report, and they kill the phone from the station.

[anigbrowl]

Rightful owner is the person with title, a concept well established in law in other contexts. I think this is a terrible bill, but the notion that the kill switch is going to be operated by the state seems like a complete misreading of the bill's text to me.

[nitrogen]

First, create the kill switch. Second, create the ability to use it.

[madeofpalk]

> * The hard reset definition is sort of dumb. When a device leaves the factory, it obviously doesn't have any knowledge of whom its proper owner is. A hard reset, by definition, has to nullify any owner-verification system and no technological solution can withstand it.

Not really. This is, more or less, a fairly easy problem to solve: Upon first use and any subsequent hard resets, the device phones home to ask to be activated. On first use, the activation server replies with an unconditional 'YES'. Upon activation after a hard reset, the server goes 'Before I answer, can solve this challange' (PIN or username/password).

This is how Apple implemented Activation Lock on it's iOS devices and it's more or less uncrackable.