This summer the Iraqi insurgent group ISIS captured the city of Mosul—and along with it, three army divisions’ worth of U.S.-supplied equipment from the Iraqi army, including Humvees, helicopters, antiaircraft cannons and M1 Abrams tanks. ISIS staged a parade with its new weapons and then deployed them to capture the strategic Mosul Dam from outgunned Kurdish defenders. The U.S. began conducting air strikes and arming the Kurds to even the score against its own weaponry. It is past time that we consider whether we should build in a way to remotely disable such dangerous tools in an emergency. The theft of iPhones plummeted this year after Apple introduced a remote “kill switch,” which a phone’s owner can use to make sure no one else can use his or her lost or stolen phone. If this feature is worth putting in consumer devices, why not embed it in devices that can be so devastatingly repurposed—including against their rightful owners, as at the Mosul Dam? An immediate worry is whether a kill switch might not work when it is supposed to. An even bigger concern is that it might work when it is not supposed to—for example, if it is hacked by an enemy. There is a reason tank operators start their vehicles with a switch requiring no ignition key or code: it is so easy to misplace or become separated from keys on a battlefield that the risk of unauthorized access is worth bearing. But ignition keys represent the best technology of 1949. Today there are many more possibilities. At least one foreign policy analyst has suggested incorporating GPS limitations into Stinger surface-to-air missiles to assist the Free Syrian Army in its defenses against air attack while ensuring that the missiles are useless outside that theater of conflict. More simply, any device with onboard electronics, such as a Stinger or a modern tank, could have a timed expiration; the device could operate after the expiration date only if it receives a coded “renew” signal from any of a number of overhead satellites. The renewal would take effect as a matter of course—unless, say, the weapons were stolen. This fail-safe mechanism could be built using basic and well-tested digital signature-and-authentication technologies. One example is the permissive action link devices by which American nuclear weapons are secured; these devices allow the weapons to be activated only when specific codes are shared. Another involves the protocols by which remotely operated drones are safeguarded against digital hijacking. The simplest way to use a kill switch would be to place it in the hands of the weapons’ original recipients. With a kill switch, the current Iraqi government could have disabled the bristling trophies of ISIS’s post-Mosul parade. A more radical use of a kill switch would be to leave it in the hands of the weapons-providing government. This would turn weaponry into a service rather than a product. Many arms purchasers would no doubt turn elsewhere, but others might find the U.S. to be the only willing source. Some arms deals, including those between the U.S. and Israel, have already been subject to agreed-on limitations. A kill switch would represent a powerful enforcement mechanism. For those who believe the United Nations Security Council might have a meaningful role to play in advancing world security, imagine if a kill switch reposed there, capable of being triggered only if the council voted to use it. In the most common case, a resolution to activate a kill switch would simply be vetoed by disagreeing member states. But in those cases where world opinion is sufficiently unified—as with the current Security Council arms embargo against al Qaeda (and by explicit association, ISIS)—the council’s edict could have bite, with no military action necessary. Implementation is everything, and policy makers must think about how a kill-switch strategy could fail. For example, because kill switches would provide assurance that weapons can be controlled down the line, they could lead to more weapons transfers happening overall. If those kill switches were easy to circumvent, we would be worse off than before. Today, however, we are making a conscious choice to create and share medium and heavy weaponry while not restricting its use. This choice has very real impacts. If they can save even one innocent life at the end of a deactivated U.S. barrel, kill switches are worth a serious look.

It is past time that we consider whether we should build in a way to remotely disable such dangerous tools in an emergency. The theft of iPhones plummeted this year after Apple introduced a remote “kill switch,” which a phone’s owner can use to make sure no one else can use his or her lost or stolen phone. If this feature is worth putting in consumer devices, why not embed it in devices that can be so devastatingly repurposed—including against their rightful owners, as at the Mosul Dam?

An immediate worry is whether a kill switch might not work when it is supposed to. An even bigger concern is that it might work when it is not supposed to—for example, if it is hacked by an enemy. There is a reason tank operators start their vehicles with a switch requiring no ignition key or code: it is so easy to misplace or become separated from keys on a battlefield that the risk of unauthorized access is worth bearing.

But ignition keys represent the best technology of 1949. Today there are many more possibilities. At least one foreign policy analyst has suggested incorporating GPS limitations into Stinger surface-to-air missiles to assist the Free Syrian Army in its defenses against air attack while ensuring that the missiles are useless outside that theater of conflict. More simply, any device with onboard electronics, such as a Stinger or a modern tank, could have a timed expiration; the device could operate after the expiration date only if it receives a coded “renew” signal from any of a number of overhead satellites. The renewal would take effect as a matter of course—unless, say, the weapons were stolen. This fail-safe mechanism could be built using basic and well-tested digital signature-and-authentication technologies. One example is the permissive action link devices by which American nuclear weapons are secured; these devices allow the weapons to be activated only when specific codes are shared. Another involves the protocols by which remotely operated drones are safeguarded against digital hijacking.

The simplest way to use a kill switch would be to place it in the hands of the weapons’ original recipients. With a kill switch, the current Iraqi government could have disabled the bristling trophies of ISIS’s post-Mosul parade. A more radical use of a kill switch would be to leave it in the hands of the weapons-providing government. This would turn weaponry into a service rather than a product. Many arms purchasers would no doubt turn elsewhere, but others might find the U.S. to be the only willing source. Some arms deals, including those between the U.S. and Israel, have already been subject to agreed-on limitations. A kill switch would represent a powerful enforcement mechanism.

For those who believe the United Nations Security Council might have a meaningful role to play in advancing world security, imagine if a kill switch reposed there, capable of being triggered only if the council voted to use it. In the most common case, a resolution to activate a kill switch would simply be vetoed by disagreeing member states. But in those cases where world opinion is sufficiently unified—as with the current Security Council arms embargo against al Qaeda (and by explicit association, ISIS)—the council’s edict could have bite, with no military action necessary.

Implementation is everything, and policy makers must think about how a kill-switch strategy could fail. For example, because kill switches would provide assurance that weapons can be controlled down the line, they could lead to more weapons transfers happening overall. If those kill switches were easy to circumvent, we would be worse off than before.

Today, however, we are making a conscious choice to create and share medium and heavy weaponry while not restricting its use. This choice has very real impacts. If they can save even one innocent life at the end of a deactivated U.S. barrel, kill switches are worth a serious look.