The (depressing) future of stalking tech
Posted by ekr on 09 May 2021
Earlier, I wrote about concerns about the privacy properties of personal trackers like the Apple AirTag. These are legitimate concerns, but it's important to recognize that they appear against the background of the current technological landscape, a landscape that is changing rapidly. Until relatively recently, if you wanted to track someone's movements you pretty much had to follow them around. This is practical in some circumstances but doesn't really scale well, and made it kind of a full-time job. But technology has changed that.
It's important to recognize that we're already long past the point where governments can easily track you, especially now that most everyone is carrying a tracking device in their pocket. Even without that, governments have widely deployed surveillance cameras, automatic number plate recognition cameras, etc. If the government wants to spy on you, they have a lot of options that are mostly constrained by legal restrictions, not technical ones.
For individuals who cannot subpoena cellphone records and the like, the situation is different. Without access to the preinstalled surveillance infrastructure of the state and the big telcos, the attacker has two main options:
Subvert the victim's existing tech (e.g., install spyware on their devices)
Plant your own tracking tech on the victim
The second of these is the concern with AirTags and other personal trackers, namely that the attacker will plant an AirTag on the victim and use it to follow them around. Much of the concern around the design of these devices centers around whether they have been built with strong enough countermeasures to prevent nonconsensual tracking. There are real questions here, but I suspect that they will be obsolete before long.
We should start by asking why systems like Tile and AirTags are implemented the way they are. In particular, why do they depend on other people's devices to localize your tracker and relay its position back to you? Why don't they just have a GPS and use the mobile phone network to report your position? This would have a number of advantages, including that the system would work from the very beginning, rather than depending on a critical mass of installed devices to help locate your device. One big reason is technical limitations, namely price, size, and battery: an AirTag costs less than $30, weighs 11 grams, is powered by a CR2032 battery, and has a battery lifetime of over a year. By contrast, my Garmin GPS watch is expensive, weighs over 90g and needs to be charged every week or two, and I can barely get through a day without recharging my iPhone. So, BlueTooth-type trackers have real advantages.
Here's the problem: the countermeasures that people are talking about to prevent stalking via this kind of personal tracker mostly depend on them being built in this particular way:
Detecting if a tracker has been separated from its paired device and alerting assumes there is a paired device.
Detecting if a tracker has been moving with you depends on it transmitting some readily detectable signal (e.g. BlueTooth).
But there's no reason things have to be this way. Although it's certainly convenient to build tracking tags as BlueTooth transponders using phones as a relay network, there are already two categories of somewhat widely-deployed tracking devices that don't work this way:
Pet trackers like the Fi dog collar which use GPS (and I expect WiFi and cell tower location) and WiFi or cellular for communication.
Neither of these solutions are that attractive for finding your keys (Fi costs $199/each and weighs about 4x as much as an AirTag), but it's not out of the question that someone would use it for tracking purposes: though nowhere near as small as an AirTag or Tile these devices are small enough to conceal in a bag have a battery lifetime of a few weeks depending on exactly how they are used. Note that some of these devices are managed via Bluetooth, so should be detectable by the "devices following me" type mechanisms that Apple uses for preventing tracking with AirTags, but they don't have to be and some of them, like the SPOT Trace, do not appear to have any BlueTooth functionality.
I'm not saying that existing tracking devices are ideal for stalking out of the box, although it's certainly possible that some of them can be used that way or can be easily reprogrammed for it. Rather, it's that it's already technically possible to build a tracking device which is self-contained and doesn't require BlueTooth or relaying through other people's phones. Even if there is no such device presently on the market, it's likely that someone will eventually build one, either for some other purpose or intentionally for surveillance.
Which brings us to the final point I want to make, which is that technology in this space is advancing rapidly and there is pressure to make things lighter (backpackers always want things lighter, and don't you want a GPS collar for your cat?) as well as to make battery lifetime better. This has several implications: First, these devices are likely to become smaller and have longer battery lifetime and thus be easier to conceal and less of a pain to use. Second, as the state of the art advances it will become more practical and cheaper for people to make dedicated surveillance tech versions of this type of device; even if the normal consumer devices are easy to detect, such as by BlueTooth ID, those surveillance models won't be.
I know this is a bummer. Regrettably, technology does not always improve things and functionality which can be extremely useful in some contexts (finding your dog, rescuing you in the backcountry) can be extremely undesirable in others.
There is a general observation here, which is that a lot of what technology has done in this area is to take surveillance which used to be in principle possible but in practice prohibitively expensive and make it extremely practical. Justice Alito's concurrence in US v. Jones does a good job of covering this. In US v. Jones, the government attached a GPS tracker to the suspect's car. Alito writes "In the pre-computer age, the greatest protections of privacy were neither constitutional nor statutory, but practical. Traditional surveillance for any extended period of time was difficult and costly and therefore rarely undertaken. The surveillance at issue in this case—constant monitoring of the location of a vehicle for four weeks— would have required a large team of agents, multiple vehicles, and perhaps aerial assistance. Only an investigation of unusual importance could have justified such an expenditure of law enforcement resources. Devices like the one used in the present case, however, make long-term monitoring relatively easy and cheap." The concurrence also comes complete with a hypothetical in which "a constable secreted himself somewhere in a coach and remained there for a period of time in order to monitor the movements of the coach’s owner", about which Alito says "The Court suggests that something like this might have occurred in 1791, but this would have required either a gigantic coach, a very tiny constable, or both—not to mention a constable with incredible fortitude and patience." ↩︎
As I noted previously, this is a huge advantage for Apple, in that they don't need to persuade users to install their app. ↩︎
I've lost devices this size in my bag plenty of times. ↩︎
Note that the BlueTooth features which enable this functionality seem undesirable for other privacy reasons. ↩︎
For that matter, I wouldn't be surprised to learn that they already exist. ↩︎