既防賊偷又防賊惦記 防止手機被偷的終極大招

How do you stop the growing epidemic of stolen smartphones? Lawmakers in California seem to think it's by mandating providers to sell devices with built-in "kill switch" capabilities that would make stolen phones inoperable. This month, when the California Senate approved a bill that would require smartphone providers to build a "kill switch" feature into their devices, a key question was left unanswered: Is this the solution to smartphone theft?

智能手機日新月異的同時，隨之而來的是被偷走的手機越來越多。如何能既防賊偷、又防賊惦記？美國加州的立法者們似乎認爲，只要強制手機廠商給手機安一個“自殺開關”，就能一勞永逸地解決這個問題。本月，加州參議院通過了一項強制手機提供商在設備上加裝“自殺開關”的法案。但是一個關鍵的問題目前仍然沒有答案：“自殺開關”是否是手機防盜的終極方案？

You'd be hard-pressed to find a consensus among industry experts on the matter. What's clear is that cell phone theft is a growing problem. In 2013, more than three million devices were stolen in the U.S., up from 1.6 million in 2012, according to Consumer Reports. And in San Francisco alone, 2,400 cellphones were stolen in 2013, up by 23 percent from the year before, according to the San Francisco Police Department. "Police departments across the U.S. are starting to drown in smart phone thefts,"says Tom Kemp, CEO of Centrify, a software and cloud security provider.

行業專家們針對這個問題還沒有形成共識。但是手機被盜無疑已經是一個越來越嚴重的問題。根據《消費者報告》（Consumer Reports）的數據，2013年美國有超過300萬部智能手機被盜，遠超2012年的160萬部。另據舊金山警局表示，光是在舊金山，去年就有2400部手機被偷，比前年上漲了23個百分點。軟件與雲安全服務提供商Centrify公司的CEO湯姆?坎姆指出：“全美各地的警察局幾乎都被智能手機被盜的案子給淹沒了。”

The bill, SB 962, introduced by State Senator Mark Leno and sponsored by San Francisco's district attorney, George Gascón, is an attempt to curb these alarming figures. If approved by the California State Assembly and Governor Jerry Brown as early as August, it would require all smartphones sold after July 1, 2015 in California to include a kill switch function that would effectively "brick" stolen phones. Those sellers who don't comply would face fines of up to $2,500 per device.

這個編號“SB 962”的法案是由加州參議員馬克?雷諾提出的，並且獲得了舊金山地區地方檢察官喬治?加斯肯的支持。如果這份提案最早在八月初能獲得加州衆議院以及州長傑瑞?布朗的批准，它將意味着從2015年7月1日起，所有在加州銷售的智能手機都要安裝一個能讓手機變成板磚一塊的“自殺開關”。如果手機銷售商違反這項法案，則將面臨最高每部手機2500美元的罰款。

The bill, which was originally rejected by the California Senate in April and opposed by major providers including Apple (AAPL) and Microsoft (MSFT), passed this month with a vote of 26 to 8. While it targets the state of California, its effects would be national, as added features mandated by the state would likely make it into phones sold across the country.

這項法案最初在今年四月被加州參議員駁回，而且還遭到了包括蘋果（Apple）和微軟（Microsoft）在內的幾大主流廠商的抵制，但它最終還是在本月以26對8的比率投票通過。雖然這項法案主要着眼於加州，但是由於加州強制推動的手機附加功能很可能逐漸普及到在全美各地銷售的手機上，因此它的影響將是全國性的。

Opponents of the bill including CTIA, the wireless association that represents providers, believe forcing providers to put a solution in place state-by-state will only hurt consumers in the end. The group believes that the industry itself should drive innovation in the field. "State-by-state technology mandates stifle innovation to the ultimate detriment to the consumer," according to a statement released by Jamie Hastings, CTIA's vice president of external and state affairs. In an attempt to take matters into its own hands, last month, CTIA released a "Smartphone Anti-Theft Voluntary Commitment," an agreement signed by major industry players like Apple, Samsung, AT&T (T) and Verizon (VZN) who pledge that smartphones they manufacture after July 2015 will include free built-in antitheft tools.

美國無線通信與互聯網協會（CTIA）也是這項法案的反對者之一。這個協會代表了無線服務商的利益，它認爲如果強制手機提供商一個州一個州地加裝防盜裝置，最終只會損害消費者的利益。同時CTIA也認爲，行業本身最終會加強在手機防盜領域的創新。CTIA的對外與對公事務副理事長傑米?哈斯廷斯說：“逐個州出臺技術要求只會僵化創新，最終受害的是消費者。”爲了在這個問題上掌握主動權，CTIA上個月發佈了一份由蘋果、三星（Samsung）、美國電話電報公司（AT&T）、威瑞森（Verizon）等電信巨頭聯名簽署的《智能手機防盜自願承諾》，宣誓從2015年7月起生產的智能手機將加裝免費的內置防盜工具。

But supporters of the bill aren't convinced this is enough and see legislation as a way to speed up the process. "What that California legislation does is a positive step in encouraging the industry to actually develop a solution faster," says DmitriAlperovitch, cofounder and CTO of CrowdStrike Inc., a provider of security technology and services.

但是這項法案的支持者並不認爲光是這樣就足夠了，他們認爲立法途徑是促進各大廠商加強手機防盜的一種有效方式。安全技術與服務提供商CrowdStrike公司共同創始人兼技術總監德米特里?阿帕羅維奇認爲：“加州立法機構這次邁出了積極的一步，促使行業真正加快了開發防盜解決方案的步伐。”

Others see it as a sign of meddling in the industry. "Proponents of a kill switch know nothing about how technology works," says Robert Siciliano, a McAfee Online Security expert. "Whatever kill switch is implemented, will be hack-able and rendered useless by anyone with ill intent."

也有人認爲這項法案顯示出干預行業正常發展的跡象。邁克菲在線安全專家羅伯特?西西里亞諾指出：“支持‘自殺開關’的人根本不知道科技是怎樣運作的。只要犯罪分子懷有惡意，不管你用什麼樣的自殺開關，都是可以破解的，最終只會形同虛設。”

Software-only based approaches have the potential to backfire. For one, they can be worked around by clever thieves. "If someone steals a phone, there are ways to block it from receiving communications that would kill a device," says Greg Kazmierczak, CTO of Wave Systems, a provider of hardware-based encryption technology. For instance, a thief could place the stolen phone in a signal-blocking phone case that would prevent all electromagnetic communications from reaching the device. According to Kazmierczak, it could be possible to put it into one of those cases and perform whatever you need to in order to stop the kill signal from coming in.

純粹依靠軟件的技術手段必然有可以動手腳的空間，因而也必然會被聰明的小偷利用。基於硬件的加密技術提供商Wave Systems技術總監格雷格?卡茲米耶爾扎克說：“如果有人偷了一部手機，那就有辦法阻止它從外部接收自毀指令。”比如小偷只要把偷來的手機放在一個能阻絕無線信號的手機殼裏，就能阻斷這部手機的所有電磁通訊。據卡茲米耶爾扎克表示，將被盜手機放在這種手機殼裏，然後再進行各種阻斷接受自殺信號的操作，的確具有可能性。

Another alternative solution is to use hardware, rather than software to make stolen phones inoperable -- an approach that's becoming more widely recognized in the industry. This would involve embedding actual hardware into the phone that would prevent thieves from circumventing software technology to get access to data encrypted on the phone.

另一種手機防盜方案是用硬件、而不是使用軟件，讓手機變“板磚”，而且這種方法已經受到業界越來越多的認可。這種方案要求在手機內部植入一個硬件設備，它可以防止小偷繞過軟件程序竊取手機內部的加密數據。

Hardware technology offers a much more secure solution, says Kazmierczak. But the question of which technology to use is not arbitrary. It hinges on what drives thieves to steal phones in the first place. "We need to understand what the motivation is in the theft before instilling a solution," Kazmierczak says. "What's the most valuable component -- the hardware or the data you are storing in your device?"

卡茲米耶爾扎克表示，硬件技術提供了一種更加安全的解決方案。但是現在就斷言應該使用哪種技術仍然是武斷的，它應該取決於小偷盜竊手機的動機。卡茲米耶爾扎克認爲：“加裝解決方案之前，我們需要了解一下小偷盜竊手機的動機。你的手機裏最有價值的究竟是硬件，還是儲存在手機裏的數據？”

A software-based approach could protect a phone from getting wiped and reset to factory default, but it would not be as effective in protecting the user's data encrypted on hardware in the device. A hardware-based approach, on the other hand, might make it possible for thieves to reactivate the phone for resale, but would protect encrypted personal data about the original owner from getting stolen. "As we put more and more into these devices, the data is more valuable than the device itself," Kazmierczak says.

基於軟件的技術可以防止手機被格式化或者重設爲出廠設置，但它不能有效保護儲存在手機硬件裏的加密數據。而基於硬件的技術雖然令小偷有可能重新激活手機用來轉賣，但是卻能保護原機主儲存在手機裏的加密個人信息。對此，卡茲米耶爾扎克說：“隨着我們放進智能手機的東西越來越多，手機裏儲存的數據往往比機器本身更有價值。”

Attempts to offer a solution to the problem are already in place by some providers. Anti-theft software like Apple's Activation Lock rolled out in 2013 as part of iOS 7 and last month Samsung released a "Reactivation Lock," both of which would allow consumers whose phones were stolen to lock them remotely and prevent thieves from wiping and reactivating their devices to be resold.

有些廠商已經針對這個問題推出了自己的防盜工具。比如蘋果就在2013年與iOS7一道推出了一款防盜軟件“激活鎖定”，上個月三星也推出了“重新激活鎖定”功能。這兩項功能都能讓消費者遠程鎖定被盜的手機，防止小偷抹除手機中的數據，重新激活設備，再轉賣給其他人。

And a few phone manufacturers are putting a hybrid of hardware and software technologies in place in their newest models. Samsung phones with Knox technology in them do this, as do newer iPhones that include proprietary hardware to protect encrypted data. The downside of such a hardware solution, of course, is that it can't be introduced remotely to older modeled phones in the same way a software update can be.

有些手機廠商還在最新款的手機中採取了硬件與軟件技術相結合的模式。比如三星在最新款的手機中整合了Knox技術，新款iPhone也內置了用來保護加密數據的專有硬件。不過硬件解決方案的缺點是沒辦法遠程“種”到老款手機裏，不像軟件方案只需一次軟件升級就能解決這個問題。

Regardless of whether smartphone makers take a software, hardware, or combined approach to theft prevention, one of the biggest challenges they have yet to figure out is where the manpower to monitor and regulate a kill switch function will come from. When someone wants to resell a used phone legally, for example, how can they transfer kill switch capabilities to the new owner safely and securely? "How do you validate that it's the right person trying to kill the device? Someone could kill your phone if they know your password," Kemp says. "So far no one has figured that out yet."

不管手機廠商使用的是軟件方案、硬件方案還是軟硬件相結合的防盜方案，目前他們仍有一個最大的挑戰沒有解決，那就是由誰來監管手機的“自殺”功能。比如說，如果有人想要合法地轉賣自己的手機，那麼他應該如何把“自殺”功能安全地轉讓給新用戶？坎普說：“你怎樣證明這個讓手機‘自殺’的人不是小偷？因爲只要有人知道你的密碼，他就可以讓你的手機‘自殺’。目前還沒有人搞清楚這個問題。”

Other solutions beyond the kill switch have been attempted, including a database of blacklisted IMEIs or identification numbers for stolen phones, better policing and a proposed bill by New York senator Jeffrey D. Klein, that would require those people selling more than one used phone to provide receipts of purchase to prevent black-market business. But CTIA's blacklist, which was proposed in 2012 hasn't helped reduce crime numbers and Klein's bill has been stuck in a Senate Committee since it was proposed last October.

除了“自殺開關”之外，也有人嘗試了一些其它防盜方案，比如給被盜手機IMEI串號或驗證碼建立一個“黑名單”數據庫，再比如紐約參議員傑弗裏?克雷恩的提案建議，出售一臺以上二手手機的人必須提供購買發票以避免黑市交易。但是CTIA在2012年提出的“黑名單”方案並沒有起到降低犯罪率的效果，而克萊恩的議案自從去年十月提出之後，至今仍卡在參議院委員會未能通過。

"With robberies of smartphones reaching an all-time high, California cannot continue to stand by when a solution to the problem is readily available," said Senator Leno in a statement. But while solutions to the problem are available, how effective they'll be at actually curbing smartphone theft still remains to be seen.

參議員雷諾在一份聲明中稱：“隨着搶劫智能手機的案件達到有史以來的最高峯，既然就這個問題已有解決方案可用，那麼加州就不能繼續坐視不理。”但是儘管已有備選的防盜方案可用，但它們是否能有效降低手機盜竊案，目前仍然有待觀察。