SA Forum is an invited essay from experts on topical issues in science and technology.
This summer the insurgent group ISIS captured the Iraqi city of Mosul—and along with it, three army divisions’ worth of U.S.-supplied equipment from the Iraqi army, including Humvees, helicopters, antiaircraft cannons and M1 Abrams tanks. ISIS staged a parade with its new weapons and then deployed them to capture the strategic Mosul Dam from outgunned Kurdish defenders. The U.S. began conducting air strikes and rearming the Kurds to even the score against its own weaponry. As a result, even more weapons have been added to the conflict, and local arms bazaars have reportedly seen an influx of supply.
It is past time that we consider whether we should build in a way to remotely disable such dangerous tools in an emergency. Other technologies, including smartphones, already incorporate this kind of capability. The theft of iPhones plummeted this year after Apple introduced a remote “kill switch,” which a phone’s owner can use to make sure no one else can use his or her lost or stolen phone. If this feature is worth putting in consumer devices, why not embed it in devices that can be so devastatingly repurposed—including against their rightful owners, as at the Mosul Dam?
An immediate worry is that a kill switch might not work when it is supposed to. An even bigger concern is that it might work when it is not supposed to—for example, if it is hacked by an enemy. There is a reason tank operators start their vehicles with a switch requiring no ignition key or code—it is too easy to misplace or become separated from keys on a battlefield, even at the cost of unauthorized access.
But ignition keys represent the best technology of 1949. Today there are many more possibilities. At least one foreign policy analyst has suggested incorporating GPS limitations into Stinger surface-to-air missiles to assist the Free Syrian Army in its defenses against air attack while ensuring that the missiles are useless outside that theater of conflict. More simply, any device with onboard electronics, such as a Stinger or a modern tank, could have a timed expiration; the device could operate after the expiration date only if it receives a coded “renew” signal from any of a number of overhead satellites. The renewal would take effect as a matter of course—unless, say, the weapons were stolen. This fail-safe mechanism could be built using basic and well-tested digital signature-and-authentication technologies. One example is the permissive action link devices by which American nuclear weapons are secured so that they can be activated only when specific codes are shared. Another involves the protocols by which military drones are operated remotely and yet increasingly safeguarded against digital hijacking.
The simplest way to use a kill switch would be to place it in the hands of the weapons’ original recipients. With a kill switch, the current Iraqi government could disable the bristling trophies of ISIS’s post-Mosul parade, or the embattled Libyan government could secure jetliners from taking off on terrorist missions from the overrun airport in Tripoli. A more radical use of a kill switch would be to leave it in the hands of the weapons-providing government. This would turn weaponry into a service rather than a product. Many arms purchasers would no doubt turn elsewhere, but others might find the U.S. to be the only willing source. Some arms deals, including deals between the U.S. and Israel, have already been subject to agreed-on limitations. A kill switch would represent a more powerful enforcement mechanism.
For those who believe the United Nations Security Council might have a meaningful role to play in advancing world security, imagine if a kill switch reposed there, capable of being triggered only if the Council voted to use it. In the most common case, a resolution to activate a kill switch would simply be vetoed by disagreeing states like China and Russia. But in those cases where world opinion is sufficiently unified—as with the current Security Council arms embargo against al Qaeda (and by explicit association, ISIS)—the Council’s edict could have bite, with no military action necessary.
The past five years have occasioned a sea change in consumer technology: the code we run on our PCs, tablets, and smartphones, and the content that is available through them, are increasingly controllable from afar, by vendors with whom we must have a relationship rather than a mere transaction. And governments can in turn command those vendors. I’ve worried about that phenomenon, and why it is overkill to think of using tools such as kill switches for Kindle content to address concerns such as copyright infringement. But it is certainly worth considering them for battlefield tools of unprecedented power and sophistication.
Implementation is everything, and policy makers must reflect on the long-term consequences of using them. For example, because kill switches could provide assurance that weapons can be controlled down the line, they could lead disquietly to more weapons transfers happening overall. If those kill switches then became easy to circumvent, we would be worse off than before.
Today, however, we are making a conscious choice to create and share medium and heavy weaponry while not restricting its use. This choice has very real impacts. If they can save even one innocent life at the end of a deactivated U.S. barrel, including the lives of our own soldiers, kill switches are worth a serious look.