Don’t Underestimate the Technology

Over at Vice.com, Patrick McGuire has a good article analyzing a new combination of hardware and app called “Tile” that bills itself as “the worlds largest lost and found.”

Tiles are little 1″x1″ wifi-enabled tags that you can stick to things you might lose. The tiles connect to smart phones through the tile app, and the app reports the GPS location of the tile to Tile’s cloud service. When you’re within 50-150′ of the tile, the app will show you a warmer/cooler type display, and each tile has a speaker that can chirp to help you find something that’s not in plain view.

Tile lets you share access to your tiles, so multiple people (families, roommates, etc.) can find communal objects, and if you report something marked with a tile as being stolen, the Tile app on every device scans for it and if it is detected Tile reports its location back to you.

Sounds pretty handy, but, as McGuire says:

Anyway, when I first saw Tile being advertised, I got an itchy, all-over heebie jeebies feeling. Firstly, adding a whole new matrix of location data to our digital world of over-sharing has some potentially scary implications. Do we really need a brand new social network, set up to monitor the whereabouts of our personal property? And what could be done with that data if it were to be placed in the hands of someone with malicious intent?

So, McGuire did what any privacy-sensitive person would do – he checked the FAQ, and since that was a little light on the privacy and security side of things, he called up Tile. According to Tile:

A Tile does not contain a GPS unit or a cellular radio and cannot provide continuous automatic location updates. Therefore it is not a good solution for real-time tracking of moving objects. The goal of Tile is to help people keep track of or find items they are likely to lose, and will not support long-distance tracking of moving items.

So basically, if you lose your keys and there’s a Tile attached to it, you will need to be within 100-150 feet of your lost property for your phone to recognize it’s in the presence of your precious, lost Tile. This means if you were to clandestinely put a Tile on someone or something you wanted to keep secret tabs on, you would need to be so close to them in the first place that you’d essentially be stalking them anyway. And while you could, theoretically, boost the range of your Tile tracking capabilities by having a bunch of co-conspirators with the Tile app, tracking that same Tile you put onto someone else’s property—that would be a wildly inefficient criminal operation, and again, would be tantamount to stalking anyway.

Even at 50-150′ a group of dedicated individuals could follow a tile without being noticed, but presumably the police and the government have better tools for that sort of thing anyway. So McGuire concludes that “All in all, it doesn’t sound like Tile is going to produce a serious security vulnerability given its poor location range, nor does it sound like the perfect solution to finding stolen property, given it’s limited range.”

But that assumes Tile’s range is only 50-150 feet.

Over at Quora there’s an article about Flutter, an alternative to Wi-Fi that can cover 100 times as great an area, with a range of 3,200 feet, using relatively little power. At half a mile or more, the network created by Tiles or something like them has a lot more insidious potential for disclosing information about where we are, what we’re doing, and who and what we’re doing it with.

So, while McGuire is probably right that the current incarnation of Tile doesn’t create a significant privacy threat (at least not more of one than our current infatuation with location based services and general flooding of the world with personal information), the privacy implications of technologies like this need to be evaluated assuming that they will improve.

What happens when each of our things is reporting its location to anyone within half a mile who can listen? Tiles seem to be reasonably well designed in terms of limiting access by others to the information being sent out by your stuff, but it wouldn’t take much for there to be a “skeleton key,” and it wouldn’t be surprising if the government were willing to pay for it.

Like so many conveniences, tools like Tiles create backdoors into the privacy and security of our lives. Worried that you might lock yourself out of your house? Put a key in a secret place – the kind that thieves know to look for. If you forget your password, there’s an easy way to reset it with a “secret” code – one that is much weaker than your password and frequently disclosed by you on social media (as Paris Hilton and Sarah Palin both discovered). We make it so easy for ourselves to recover from forgetting things, losing things, etc., that we make it that much easier for someone else to take advantage of the same tricks.

Once, again, Pogo was right.
pogowasright

Advertisements

About John Nicholson

I'm a transactional attorney who focuses on structuring and negotiating large outsourcing transactions (both on and offshore). As part of my work, I've specialized in: - Structuring and negotiating large outsourcing transactions (both on and offshore) including IT outsourcing and various BPOs (including HRO, Facilities Management, Procurement, Finance and Accounting), large systems development and implementations; - Assisting with development of RFPs, proposal evaluation, down select, and negotiation; - US and European privacy laws, including US Safe Harbor, and state privacy and data breach notification laws; and - Privacy, security, legal and contractual issues associated with cloud computing. I'm a frequent speaker on outsourcing, privacy and security issues. Before becoming a lawyer, I was the acting IT director for a mid-size company prior to hiring the CIO and project manager for the company's Oracle Financials implementation.
This entry was posted in cybersecurity, mobile apps, privacy, social media and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s