Should gadget makers "brick" your phone--refusing to let a new use register it--if it's stolen?
The biggest worry most people have with a lost device is that someone will call Guam on their phone and talk for 9 hours, so gadget makers say their priority is shutting down the account to prevent fraudulent charges. And the New York Times wrongly implies with its headline that gadget makers can always find your phone; in the cases where I've had something stolen, the thieves usually tried to use it a few times, then tossed it.
Still, no one should be able to use a stolen phone, Kindle, or other gadget. The manufacturers have an easy way to make the black market in used electronics much less profitable, and it's just obvious common sense that they should disable the device immediately, and seize any stolen phones that are activated on their network. If you're using a Kindle or an iPhone, the company has quite a lot of information on you, and they should use that information to reunite owners with their lost property.
But apparently they don't, because they'd rather sell content to the thief, or the person who purchased the device from the thief. This seems like an obvious place for some basic regulation.
Copyright © 2010 by The Atlantic Monthly Group. All rights reserved.
Well, I'm a pretty pro-regulation guy, but I have to disagree on this. Carriers should not have any right to alter your device beyond pushing updates to it. And they definitely should not be required (or allowed!) to disclose your personal information to any random crackpot who calls in claiming you stole their phone.
Manufacturers shouldn't have the ability to do anything to a device you've purchased without your explicit consent. There should be no fail-safe way around that. I'm just as skeezed about the idea of some moron (or unhinged employee) bricking random laptops and phones because they're about to be laid off as I am about the idea that a thief might somehow be able to guess the passwords I use on my devices.
Hint though: most electronic devices come with locks you can install on them (codes on phones, passwords on smartphones/laptops/pdas, etc). That people don't lock their iPhone is their own problem. Not one that requires government or even corporate intervention.
Surely the carriers are happy to cancel your account, so they are able to confirm that they are talking to the real you, why not cancel the 'phone as well?
Over here in the UK, the providers do "brick" all lost 'phones, there was no need for a law, they just felt it a worthwhile service to offer users.
Because they don't own the phone and should have no right to render it inoperable?
Don't we already have a law for this? If it can be shown that the device manufacturer can readily determine that the device they are giving service to is stolen - isn't that some form of "aiding and abetting?"
I don't put the onus on the gadget makers as much as the service providers. It shouldn't be Apple's job to hunt down whoever stole your iPhone, but AT&T should be considered aiding and abetting if the allow a known stolen product to be used on their network. By doing so, they're creating an environment where it's profitable to steal devices, whereas by bricking it, the value of stolen device is drastically diminished.
I agree. Better choice.
And I'm sure there are several laws, or category of laws, that could be applied. Accomplice of some kind, or trafficing in stolen property. Etc.
The biggest worry most people have with a lost device is that someone will call Guam on their phone and talk for 9 hours, so gadget makers say their priority is shutting down the account to prevent fraudulent charges.
.
Really? I, uh, I tend to worry about the fact that my phone links up to my Gmail account, where my bill payment notifications go, along with occasional notifications about my bank account and all my investments. Not sure how easy it would be for a thief to get full access to my savings and investments through that information, but access to my assets was my first worry the last time I lost a phone. First thing I did, before I even notified the phone company, was change my mail password. Spent a month afterwards, checking for unauthorised transfers regularly too. For people who are losing iPhones, I think this specific worry is potentially a lot more severe.
Why regulation? Why use force?
If this is such an issue - and it will be - then the people - the ones who make up the market - will determine which way they want the companies to go with it.
Well, for one thing, you might use regulation to get around existing privacy regulations that I assume play a role in the carriers' unwillingness to disclose account information to non-LEO third parties.
That's a great reason:
Use regulation B to negate regulation A...
And this sounds wise to you? Or anyone?
The reason the company I work for has to spend millions of dollars a year on regulatory compliance instead of real and meaningful areas like research and development, or expansion, or hell *pay raises* for crying out loud, is BECAUSE of things like that.
Year in and year out regulations are added on top of layers of other regulations because some exception needs to be created and soon, you need a whole team of lawyers and employees, and and outside auditing firm, to navigate the mess and sort out what you can and can't do, or have and have not done.
Not giving out information on the person who has the phone unless they get a subpoena is a good policy. Could you imagine the liability if AT&T gave out the address of someone who has a stolen phone, and then someone was injured/killed in a confrontation? There are a ton of other malicious ways that info could be used - stalking comes to mind.
We already have a law.
Providers are required to give police information once the police present a search warrant.
It's the police who aren't doing their job. We need a law that punishes police for refusing to investigate crimes that occur in their jurisdiction.
I'm sure the police will get right on investigating violations of the law that says they are in trouble for not investigating violations of the law.
Well, movertyperguy just said what I was going to. So, what he said.
I had that conversation with Microsoft when my Xbox 360 got stolen. I called them to change the password on my live account and then asked them if they flagged the Xbox 360 serial number as stolen so the thief could never use it online. The customer service person said that they won't do that. He didn't know why. But I can guess. Any Xbox online is a profit center for Microsoft whether it is stolen or legit. Also my guess is Microsoft doesn't want to deal with irate customers that buy used Xboxs via Ebay or craigslist only to find out they are stolen. The mobile carriers probably think along the same lines - a bricked phone is a loss of future revenue.
Well, they also don't want to referee disputes about who owns what. It's like asking parking attendants to seize stolen cars.
no, they just want the money. If you play a cracked game online that they can detect, the whole console gets banned.
so they can do it in an instant if they feel there's no more profit from that customer - indeed, by banning it, they might then buy another one to play online.
it's purely profit.
That's still a little weird, isn't it? Wouldn't it be is Microsoft's interest to close down the Ebay market for used Xboxs?
Probably not, since I think the XBox is a loss leader anyway.
The two situations aren't really analogous though. MS can pretty easily detect whether you're using a cracked version of a game and take action accordingly. But they cannot, on the other hand, easily determine whether you are the legal owner of the console you're playing that game on.
Your X-Box live account is tied to your e-mail address, and Gold accounts are usually purchased with a credit card. Pretty easy to verify that information.
Consoles are usually sold at or slightly below cost.
They make their money from game licensing fees from 3rd party studios. Microsoft also makes lots of money from the X-Box Live Marketplace, where they sell HD movies, full video games, as well as downloadable content.
So, yeah, MS stands to make plenty of money off a stolen X-Box.....unless they block it from X-Box Live.
Your X-Box live account is tied to your e-mail address, and Gold accounts are usually purchased with a credit card. Pretty easy to verify that information.
Okay. But what does any of that have to do with legal ownership of the console?
Maybe we should arrange one of those fabulously successful boycotts.
I hear Van Jones is available.
If you keep all your devices in your underpants while out, there is little chance of losing them. For my part I have found this to work wonderfully, although I did have to switch from boxers to briefs.
The only thing you have to get used to is a certain discomfort when sitting, walking, standing, or moving in any way, and the inevitable stares when you retrieve your cell phone to answer, or make, a call.
I have not had any device stolen in years - since I discovered the underpants thing.
Plus, no one ever asks to borrow your phone. Win/win!
Actually, one time a lady asked me if I had a phone she could borrow. When I went to retrieve it, she ran away, and then came back with a cop. Can't understand some people. Here I was, trying to help her and she tried to get me arrested.
libertarianism: no laws or regulations unless they benefit me personally.
Megan's not a libertarian. After reading this blog I have become convinced she's actually a socialist/progressive/liberal/whatever-you-want-to-call-it who lies about it to try to get mushy-headed urban libertarians to vote Democratic.
Hmmm. Beware journalists bearing calls for regulation.
I see a potential problem here: say you sell your phone to someone. They sell it to someone else. Now you report your phone "stolen" and demand the company shut it down or seize it. I think you would also need a title scheme, which creates so much red tape it may not be worth doing.
This is probably why Amazon has this policy. As a company, you just don't want the headache of dealing with aftermarket, so you demand a subpoena before you do anything.
I completely understand the companies lack of desire to become an arbitrator in complicated property disputes (Forget theft, think about the havoc a divorce/breakup can cause, especially in the age of family plans). On the other hand, my wife's ipod touch was recently stolen, and it was very frustrating to hear that it is now registered to a new name, and yes they knew it was stolen, and let the new owner register it anyway.
That said, if bricking is the sort of feature customers want, then manufacturers and service providers will find a way to offer it (they already offer remote wipes). I don't think regulation is necessary.
Aren't calls to Guam domestic?
Megan, it's not as simple as you or that software engineer in the article imply. Since I'm not being paid to write here, I'll just suggest that you hop over to Amazon's Kindle forum, where this has been dissected in detail, in numerous forum threads.
FWIW, someone stole an XM satellite radio from my car. I reported it to XM who found the radio ID and identified it as a stolen item. It can never be reactivated again. Sirius does the same thing which makes theft of a satellite radio device completely pointless.
Aren't Sirius and XM the same company now? I thought I read something about that a few months back..
Now that you mention it, my Garmin GPS has an interesting security feature in it: When it's turned on, it checks to see if the GPS is currently at my house. If it is, OK then, it will turn on.
If it detects that it is not at my house when I turn it on, it asks me for a password. If I failed to supply the correct password, it will not show me the maps or otherwise operate. If I forget the password, there is a procedure for me to get it from Garmin, but it's not easy to do.
Fairly dead-simple. If someone steals it, they can't use it.
Megan,
Sorry to laugh at your expense, but the idea that you - an NYC, Philly, Chicago and DC resident - have enough experience with stolen gadgets to have a reasonable sample size kind of cracks me up.
There ought to be a law against Sullivan putting pics of jr's dork in mid-circumcision above the jump.
Every phone has the multiple options for the setting of passwords. Power on, time out, vmail, call history, etc. These protections are typically not utilized because they are less than convenient to employ, given the way phones are used. Having provided a mechanism to prevent use by unauthorized persons, neither the manufacturer nor the service provider are under any obligation to take additional steps to ameliorate the user's, less than attentive handling. Most service providers have an online presence that will permit you to request changes to your acount, or even shut it down should your phone, laptop or whatever, be stolen with none of the security enabled. That being said, they are not interested in stopping ultra high profit calls from being made, no matter who makes them. Caveat emptor
That being said, they are not interested in stopping ultra high profit calls from being made, no matter who makes them.
In my experience, they're usually pretty good about waiving those charges if you actually have lost the phone.
Also I know AT&T and I think TMobile at least offer international call blocking as a no-charge option, so even if your phone is stolen, it'll only be able to make domestic calls.
Some US cell phone carriers do this already. It is advisable for purchasers of cell phones for Sprint or Verizon to check to see I'd the ESN (or nowadays the MEID) is "clear". A phone reported stolen can be blacklisted. There are other reasons as well, Sprint will blacklist devices associated with unpaid bills, I believe.
Microsoft is supposedly building remote wipe into their current mobile phone OS for enterprise users, and RIM has he capability as well.
Calling Guam for 9 hours would be really expensive....yeah about as expensive as calling to Hoboken.... guess you didn't know that Guam was part of the U.S.
Seems like a missed profit opportunity to me.
$1/month for "Enhanced LocationTracking" on any device that networks. Just for Apple: multiply that times 50 million iPhones and iTouch devices, (or some other equivalent) and you have (1) about $300MM/year (@ 50% adoption) of revenue, versus a couple dozen engineers and service types (it'd be mostly web-based and they already have your credit card+interface); (2) a bunch of happy success stories in the local papers & blogs; (3) a comfort factor about your kid's getting one of these overpriced gizmos that sells more of 'em; and (4) devices going back into the hands of somebody who will actually buy more ringtones, movies, books, games and music, rather than somebody who'll jailbreak it & fill it with pirate movies & music.
Paying $1 is a pretty good clue that you WANT the service, “privacy” against the risk of somebody finding out a serial number + email combination be damned.
The problem is that only the manufacturer can credibly do this, and they are too busy making these things desirable enough that somebody would WANT to steal them.
Awesome way to destroy someone's life. Once they start doing this, all you have to do is call up report it stolen, and BAM their phone is turned off. This is really pretty incredible.
If you can authenticate yourself to the satisfaction of the service provider, you can already cut off their service. Just change which device is the one on the account. Or, you know, cancel service. Raymond Chennai calls this an airlock problem. You can do a Bad Thing, but the requirements to do so already allow you to do worse.
When I lost my Kindle (only temporarily, thank goodness) I immediately called Amazon. They told me that there had been no recent purchasing activity on the Kindle, and then they walked me through the steps on their website to disconnect it from my account.