Windows 8, Silently deleting your applications
The very anticipated operating system Windows 8 will have a feature that was never found on PCâ€™s before: A kill switch that can remotely delete software and edit code without the userâ€™s permission. Although Microsoft claims the switch would only be used for software that is downloaded from its app store, no official policies clearly define the actual purpose of the kill switch. In other words, nothing is truly considered â€œillegalâ€ and that includes issues regarding spying, censorship and free speech. Although the kill switch is promoted as a â€œtool against malwareâ€ it can potentially accomplish much, much more. In fact, it would not be impossible to have all smart-phones and Windows PCâ€™s simultaneously shut down at any given time. The following article from Business Week also mentions the infamous case of Amazon that remotely deleted from userâ€™s Kindle e-readers illegal copies of two books. Which ones? Prepare for intense ironyâ€¦George Orwellâ€™sÂ 1984Â andÂ Animal Farm.
The Kill Switch Comes to the PC
A feature common in phones will let Microsoft remotely disable malware
Janne KytÃ¶mÃ¤ki, a Finnish software developer, was cruising Googleâ€™s (GOOG) Android Market for smartphone apps last year when he noticed something strange. Dozens of best-selling applications suddenly listed the same wrong publisher. It was as if Stephen Kingâ€™s name had vanished from the covers of his books, replaced by an unknown author. KytÃ¶mÃ¤ki realized the culprit was a piece of malware that was spreading quickly, and he posted his findings online.
Google responded swiftly. It flipped a little-known kill switch, reaching into more than 250,000 infected Android smartphones and forcibly removing the malicious code. â€œIt was sort of unreal, watching something like that unfold,â€ says KytÃ¶mÃ¤ki, who makes dice simulator apps. Kill switches are a standard part of most smartphones, tablets, and e-readers. Google, Apple (AAPL), and Amazon (AMZN) all have the ability to reach into devices to delete illicit content or edit code without usersâ€™ permission. Itâ€™s a powerful way to stop threats that spread quickly, but itâ€™s also a privacy and security land mine.
Microsoft declined to answer questions about the kill switch in Windows 8 other than to say it will only be able to remove or change applications downloaded through the new app store. Any software loaded from a flash drive, DVD, or directly from the Web will remain outside Microsoftâ€™s control. Still, the kill switch is a tool that could help Microsoft prevent mass malware infections. â€œFor most users, the ability to remotely remove apps is a good thing,â€ says Charlie Miller, a researcher with the security company Accuvant.
The history of kill switches on smartphones and e-readers suggests theyâ€™re double-edged swords for the companies that wield them. In 2009, Amazon reached into usersâ€™ Kindles to delete e-book copies of George Orwellâ€™sÂ 1984Â andÂ Animal FarmÂ that had been sold by a publisher without the necessary rights. The ensuing backlash caused Amazon Chief Executive Officer Jeff Bezos to call the move â€œstupid, thoughtless, and painfully out of line with our principles.â€
The reluctance of tech companies to set explicit policies for when they will and will not use kill switches contributes to the fear theyâ€™ll be abused. Civil rights and free speech advocates worry that tech companies could be pressured by governments to delete software or data for political reasons. â€œYou have someone who has absolute control over my hard drive in ways I may have never anticipated or consented to,â€ says Eric Goldman, director of the High Tech Law Institute at Santa Clara Universityâ€™s law school in California. â€œIf they use that power wisely, they actually make my life better. We donâ€™t know if they use the power wisely. In fact, we may never know when they use their power at all.â€
Hiroshi Lockheimer, Googleâ€™s vice president of Android engineering, says the search company reserves the use of the kill switch for â€œreally egregious, really obvious casesâ€ of harmful content. Microsoftâ€™s Biggs says the company has used the functionality in its smartphones only for â€œtechnical issues and content issues.â€ Apple declined to comment. Amazon did not respond to several messages.
Like many in his profession, Kevin Mahaffey, co-founder of the San Francisco startup Lookout, which makes security software for smartphones, expresses mixed emotions about the emergence of kill switches. â€œThe remote removal tools are very much a response to the mistakes of the PC era,â€ he says. â€œWhether or not itâ€™s an overcorrection, I think history will tell us. It can be done right, but we as an industry need to tread carefully. Itâ€™s easy to imagine several dystopian futures that can arise from this.â€
One supporter is Janne KytÃ¶mÃ¤ki, the Finn who discovered the Android malware outbreak. He says Google did the right thing by deleting the malware without usersâ€™ permission. â€œWhat was the alternative?â€ he says. â€œLeave those apps installed on 200,000 peopleâ€™s mobiles? This is something that had to be done.â€