UK police want mandatory passwords for all new phones

Last month, Microsoft and Google committed to join Apple in implementing new anti-theft protections in their operating systems, providing a disincentive to those who might be thinking about stealing your device. It's part of an industry-wide measure to address the problem of crime related to mobile devices - and authorities want more to be done to convince potential thieves that stealing phones isn't just wrong; it's also futile. 

London's Metropolitan Police (known colloquially by some Brits as 'the Met') believes that an important step in this direction will be the introduction of mandatory passwords on every smartphone sold in the UK. As The Register reports, the Met has been lobbying government and device manufacturers, including Apple and Samsung, for the last two years to get them to commit to implementing this policy. 

According to research by the Met's National Mobile Phone Crime Unit (NMPCU), as many as 60% of devices in the hands of British users are not protected by a password, PIN code or similar. This makes it easier for thieves to not just wipe devices to be resold, but also to access the data stored on them. 

Detective Chief Inspector Bob Mahoney, who heads the NMPCU explained: "We have intelligence that shows a phone with personal information is worth more than other mobiles, because the thief can sell it to anyone who can make use of that info. On an unlocked phone, you can find a person's home address, home telephone number, their partner's details, their diary, Facebook and Twitter account. This allows thieves to know when a target is not going to be at home or perhaps use their details to set up banking loans. They could destroy a person's life."

The hope is that by forcing users to deal with a pre-installed password, they will consider the security of their handset more carefully. "We are trying to get [passwords] to be set as a default on new phones," Mahoney explained, "so that when you purchase it, you will physically have to switch the password off, rather than switch it on." 

He added that the idea has gained "a lot of traction", both in the industry and in government, and is just one of a range of measures being considered to help improve user awareness of the risks, and - ultimately - to help reduce crime.

Source: The Register 

Report a problem with article
Previous Story

Microsoft rolls out Windows OS preview for 'Internet of Things'

Next Story

For Microsoft, getting Diablo 3 to run at 1080P was a necessity to compete with PS4

34 Comments

Please Login or Sign Up to post a comment.

What was wrong with making a note of your IMEI. If your phone gets stolen, you let the police and your phone company know the IMEI and get it blacklisted?

*#06#

This will make the task of returning lost phones that have been found, far more time consuming: Normally a simple phone call or two establishes contact with the owner. Now it will involve a trip to the nearest police station, and the inevitable wait.
Solutions to this on a SIM sized post card please.

So if the phone had this, would it mean that it could not be formatted or anything and used? If it could then there isn't really much point in it all.

I always thought PII was a bonus since the idea was to wipe the phone and sell it in another country.

Also, encryption should be mandatory.

It would be better to enforce an activation password, where the last person to activate a device must enter a password for it to ever be activated again, this would only be a problem in the event of death of the activator.

This is what Apple does. There is a separate activation lock and PIN code. So if you don't want to enter a PIN all the time, you can leave it off without making your phone resellable by thieves. Sexy, sexy thieves.

Apple already does this at set up. Theres also knock code at set up for some android devices. Don't remember if windows phone set up has anything, haven't set one up in a while.

-adrian- said,
Well we wouldn't put locks on our front doors if the government wouldn't have put frontdoors with locks mandatory

The front door may have a lock, but you don't have to lock it ;)

belto said,
I always pass lock my devices, this is just common sense.

I am not pass locked my cellphone in years. In fact, i stopped doing that after my cellphone was stolen.

"On an unlocked phone, you can find a person's home address, home telephone number, their partner's details, their diary, Facebook and Twitter account. This allows thieves to know when a target is not going to be at home or perhaps use their details to set up banking loans. They could destroy a person's life."

Yes, that's great, but they're forgetting all this information is available on public records anyway. With the vast majority of users willingly giving away more details from their facebook, twitter, instagram etc that allows you to stalk and follow them without them even knowing anything is wrong, ie their phone has been stolen, and such things as their address, phone number, partners, kids details if not on facebook are on government held, or public company records that you can access at the likes of 192.com or visit your local library and request the details there, you can even get a copy of birth, marriage etc visit their home on waste collection day and take up their paper recycle box where they've not shredded their bills and statements... a stolen phone means nothing other then the person who's lost their phone knows to be aware.
Forcing passwords on to phones is only going to annoy people more and/or fool them into a false sense of security. Mostly though, they're going to remove the password so they can simply hand their phone over to their partner, friend, kids etc,


Lastly, As we know time and time again... default password that won't be changed... 0000

This is where the general population goes "oh, that is a great idea, sure go ahead". Thus relinquishing freedom over perceived safety. Then one day we look around and realize that there is a law governing every facet of our lives.

We don't need a law for this, we need education and choice.

There other day I was waiting in my car for a friend to come down stairs. I took the few minutes and closed me eyes to meditate/relax. A couple cops knocked on my car window and said that it was illegal to sleep in a car. They wanted me to step out of the car and search me, I told them to ###### off. Luckily cooler heads prevailed.

probably a bad example but you get what I am saying.

My phone lets me change when it needs a passcode to unlock. I can set it to ask me every time it wakes, or 30s after it went to sleep, or 1 minute, 3 minutes, 5 minutes, 15 minutes or 30 minutes.

I'd imagine most smartphones out there offer similar options

Forjo said,
Sure. Let the government "save" you. And watch your freedoms erode further.

How is this hurting your freedom? It's just a password enabled by default.. which you can turn off after you buy the thing.

Forjo said,
Sure. Let the government "save" you. And watch your freedoms erode further.

Setting a PW for your smartphone is, at least for me, something obvious. I would never carry one without it. I even set a SIM PW....

Max Norris said,

How is this hurting your freedom? It's just a password enabled by default.. which you can turn off after you buy the thing.

And then two years later, police want mandatory back door passwords on phones because the same stupids, who couldn't be bothered to set a password on their phone in the first place, couldn't be bothered to remember the one forced up on them.

The result is the police have access to the same backdoor password system as the manufacture. With more and more smart phones storing a copy of your date online, it's only a matter of time before the government snoops your data with free reign.

May be overly simple and eccentric, but that's how your freedom erodes.

sagum said,
And then two years later, police want mandatory back door passwords on phones because the same stupids, who couldn't be bothered to set a password on their phone in the first place, couldn't be bothered to remember the one forced up on them.

Ah. So you're fortune telling. Sorry, I only deal with reality, and the reality is that it's just a default-on versus default-off, which you can change.

Max Norris said,

How is this hurting your freedom? It's just a password enabled by default.. which you can turn off after you buy the thing.

How? There is a concept in the legal system known as precedent. It, among other things, allows very bad things to happen if the process is gradual enough.

Also, legislating instead of educating rarely has the intended result. Most people will keep the default password and others will forget and be forced to wipe their phones unless another means is implemented to reset the luck code. In addition, not everyone allows personal information on their phones. Stone just browse and play games. Why should they be forced to lock their phones? And what about seniors and children? My kids have wifi-only Lumia 520s. I'd I don't want them using then, I take them away. There would be no reason for a lock code.

We have a term for this: the "nanny state". I'd oppose anything like this if it were ever proposed in The States.

Forjo said,

How? There is a concept in the legal system known as precedent. It, among other things, allows very bad things to happen if the process is gradual enough.

Also, legislating instead of educating rarely has the intended result. Most people will keep the default password and others will forget and be forced to wipe their phones unless another means is implemented to reset the luck code. In addition, not everyone allows personal information on their phones. Stone just browse and play games. Why should they be forced to lock their phones? And what about seniors and children? My kids have wifi-only Lumia 520s. I'd I don't want them using then, I take them away. There would be no reason for a lock code.

We have a term for this: the "nanny state". I'd oppose anything like this if it were ever proposed in The States.

You will not be forced to lock your phone. You would be able to disable it in the settings. Did you even read the article? My best bet is, there will be no default password. It will be something you setup when you get your phone. And if you choose not to have it, I bet you can disable it right there in the setup process. I don't see why this is hurtig your freedom?

_-Psycho-_ said,

You will not be forced to lock your phone. You would be able to disable it in the settings. Did you even read the article? My best bet is, there will be no default password. It will be something you setup when you get your phone. And if you choose not to have it, I bet you can disable it right there in the setup process. I don't see why this is hurtig your freedom?

Of course I read the article. As an IT consultant I also know how people use their devices. Your "best bet" is by no means a certainty. Nor does it make any sense. If the device is to be locked by default, there must be a password or the user will be prompted to create one before they can use the phone (and before they can turn it off). If the option to not use a password is right there up front, then what is the point of the law?

You also fail to take into account that some lawmakers don't understand how things work in the real world and often fail to account for all the ramifications of their changes. Forcing this default setting might be in the law, but remedies for users who are adversely affected by it will probably not be.

That's the problem with legislating changes instead of letting the market dictate what is necessary. The competitive market tends to shake out ideas that don't work or don't work well. Laws stick us with things that are very hard to change whether they work on not.

What they did not tell you is they also want a universal password (only them know) working on all the devices sold in UK.

FloatingFatMan said,
For once, the cops actually have a good idea for handling technology!

Except it's not.

If a thief has your phone, they have it regardless of it has a password on it or not. Your phone, along with that password you have, is still gone.

A better measure would to be have the manufactures implement a 'who owns this' screen, where the owner can provide their contact details, so even if a phone is stolen and resold on, legitimate buyers know who they're buying from and can change the details over to them. Allow this to be viewed from the lock screen, optionally and more people are going to end up getting their phones back rather then sold to phone shops for a few quid where they're broken down for parts.

In the UK, you have to register your contact details when you buy a phone anyway. So it's not a huge deal.

sagum said,

A better measure would to be have the manufactures implement a 'who owns this' screen, where the owner can provide their contact details.

you can kind of do this on windows phone. Just lock the device online and leave contact details as a note. This will make the phone unusable and leave a message for anyone that finds it.