May 10, 2013, 5:22 PM —
Image credit: IDG News Service/Martyn Williams
On Feb. 27th in the middle of the afternoon, a 16-year-old girl was walking through San Francisco's Mission district when she was ordered at gun point to hand over her cellphone. The robbery was one of 10 serious crimes in the city that day, and they all involved cellphones. Three were stolen at gun point, three at knife point and four through brute force.
Incidents of cellphone theft have been rising for several years and are fast becoming an epidemic. IDG News Service collected data on serious crimes in San Francisco from November to April and recorded 579 thefts of cellphones or tablets, accounting for 41 percent of all serious crime. On several days, like Feb. 27, the only serious crimes reported in the daily police log were cellphone thefts.
In just over half the incidents, victims were punched, kicked or otherwise physically intimidated for their phones, and in a quarter of robberies, users were threatened with guns or knives.
(An interactive map showing six months of cellphone and tablet thefts in San Francisco can be viewed here)
This isn't just happing in tech-loving San Francisco, either. The picture is similar across the United States.
In Washington, D.C., cellphone thefts account for 40 percent of robberies, while in New York City they make up more than half of all street crime. There are no hard numbers on which phones are most popular, but those most in demand by thieves appear to be those most in demand by users: iPhones.
It's easy to see why the thefts are so rampant. Criminals can quickly turn stolen phones into several hundred dollars in cash, and phone users are often easy targets as they walk down the street engrossed in the screen and oblivious to their surroundings.
It shouldn't be this way. With built-in satellite positioning and reliance on a network connection, it should be easier to track them down. So why is theft still such a problem?
A big reason is that, until recently, there had been little to stop someone using a stolen cellphone. Carriers quickly suspend phone lines to avoid thieves running up high charges, but the handset itself could be resold and reused. It's made easier by modern smartphones that accept SIM cards, which were introduced to allow legitimate users to switch phones easily.
Reacting to pressure from law enforcement and regulators, the U.S.'s largest cellphone carriers agreed early last year to establish a database of stolen cellphones. The database blocks the IMEI (international mobile equipment identity) number, a unique ID in the cellphone akin to a car's VIN (vehicle identification number). The number is transmitted to the cellular network when the phone connects and remains with the phone no matter what SIM card is inserted.
In theory, once added to the list, a phone cannot be activated on any U.S. carrier network. But the system is not perfect. For it to work, phone users must notify their carrier of the theft and in some cases provide the IMEI themselves. There are also limitations to its scope.
"The blacklist is good, but one of the easiest things we can do to make it more effective is more worldwide data sharing," said Kevin Mahaffey, CTO of mobile security company Lookout. "There is some sharing in different parts of the world, but not all operators share their lists."
In the U.S., that's beginning to happen, said Chris Guttman-McCabe, vice president of regulatory affairs at the CTIA. AT&T and T-Mobile, which share a common network technology, have a common database and all U.S. carriers plan to have a single database up and running by November that covers phones based on the new LTE cellular technology.
U.S. carriers have also begun supplying information to an international database that covers 43 countries, and the U.S. Federal Communications Commission (FCC) has been talking to Canada, Mexico and some South American countries about getting on board, said Guttman-McCabe.
So now, the main push is to educate users about the existence of the block list and get them to secure their phones with a password, screen lock and software that can remotely track or wipe a stolen handset. Smartphone makers committed to include this information with new handsets sold from the beginning of this year.
Even if universal, a global blocklist still would have shortcomings. While technically difficult, it's possible in some phones to rewrite the IMEI number, providing them with a new identity and bypassing the network lockout.
In an attempt to combat this, Senator Charles Schumer, a Democrat from New York, introduced a bill into the U.S. Congress last year (S.3186) that sought a five-year jail sentence for anyone who rewrites an IMEI number. The bill was referred to the Judiciary Committee but died when the congressional session came to a close.
"To me, while well-intended, that's not necessarily where the solution is," said George Gascón, San Francisco's district attorney, in an interview. "We already have way too many people in prison, we have enough laws on the books, and the last thing we want to do is continue to take young people and put them in prison for long periods of time."
"What we need to do is remove the marketability of these items," he said.
Gascón, who has become one of the most outspoken members of the law enforcement community on the issue, is proposing the electronic equivalent of a self-destruct command.
"What we need is a technical solution, we need a kill switch that when a phone gets reported stolen the manufacturer or the carrier or a combination of both are going to render that phone inoperable anywhere," he said.
To work, it would have to rewrite the phone's basic software so the device becomes completely useless and cannot be restored, even if it was later recovered.
Gascón says his message has not been received well by the carriers.
"I started last year by meeting with one of the carriers," he said. "They seemed to be genuinely concerned and wanted to set up a follow-up meeting."
The second meeting, between Gascón, representatives of the four major carriers, and the CTIA, a Washington-based lobbying group for the telecommunications industry, didn't get far.
"It became very clear to me from the beginning, as the lobbying group took the lead on this, that they felt they had done all they were going to do," he said.
The CTIA disagrees with his assertion.
"I really think it's important for people to know that we recognize this is important for law enforcement," said Guttman-McCabe. But he doesn't support the idea of an electronic kill switch.
"Think of all the times people lose their phone and then find it, and imagine how consumer-unfriendly it would be if the carrier hit a kill switch," he said. "All of a sudden, you have a high-end smartphone that's useless and you have to buy an unsubsidized phone."
For now, the CTIA is sticking to its stolen phone database plan and isn't looking at other possible solutions.
The kill switch wanted by Gascón would probably not be perfect, but it could help, said Lookout's Mahaffey.
"It would be very difficult to build anything that is impossible to take off a device," he said. "You can make it so difficult that all but the most sophisticated thieves can get around it. As we've seen with jailbreaking, no matter how much effort Apple put in, there will always be a way around it."
For now, the best thing phone users can do is try to avoid having their phones snatched in the first place.
"If you need to talk on your phone, we ask that you just step to the side of a building, put your back against the building, make your phone call or make your text, but then also be aware of what's going on around you. That makes a huge difference," said Officer Dennis Toomer of the San Francisco Police Department. He said most thefts occur because people are texting or talking on phones while walking and not paying attention to their surroundings.
"Day or night, you should always be aware of what's going on around you," he said.
In Washington, D.C., a series of crime-prevention posters show photographs of people using cellphones in public. In the pictures, the cellphones are overlayed with an image of a hundred-dollar bill and the tag line "This is how thieves see you on the street."
Phone users are also encouraged to install tracking software in their handsets. Apple has the Find My iPhone feature, and a number of applications exist for other phones that allow users to remotely track a phone's position and delete data stored on the device. They require the phone to be switched on and connected to a network, but often thieves don't immediately switch off stolen phones.
If a phone is promptly reported stolen, police can sometimes locate the device and the thieves using such applications.
"As with any security, there is no silver bullet, there's no one thing you can do," said Mahaffey. "But that doesn't mean we shouldn't do it, we should continue to find better ways to solve these problems."
Martyn Williams covers mobile telecoms, Silicon Valley and general technology breaking news for The IDG News Service. Follow Martyn on Twitter at @martyn_williams. Martyn's e-mail address is firstname.lastname@example.org