Protection from theft

[kfet]

A big contribution to the usefulness and popularity of AirTags (and similar tech) is the ability of their owners to track valuable items (cars, luggage, etc) in case they get stolen from their owners.

With the current specification it seems this use case is not considered, and any criminal with any compatible smart device (iOS/Android) will be allowed to detect such tracking and disable it 30m after stealing valuables.

[Sn0wfreezeDev]

Hi @kfet,

That is one use-case for which these trackers are used, but it has never been the intended use-case. This specification does not make it easier to discover these trackers for thieves. AirTags, Samsung Trackers, Tile, they all rely on Bluetooth. Every simple Bluetooth scanner app can find them.

The intended use-case was to find your lost valuables and that's where these devices are great at. The added protection against stalking is helpful for people who are in threat of stalking. Stalking can lead to harmful attacks and have already ended up in at least two people getting killed after they have been tracked with an AirTag. The value of any material device should never be higher than the value of human life.

[kfet]

Hello @Sn0wfreezeDev, thanks for responding!

Stalking can lead to harmful attacks and have already ended up in at least two people getting killed after they have been tracked with an AirTag. The value of any material device should never be higher than the value of human life.

This is implied. However it should not be an excuse to ignore how other use-cases are affected.

I don't think it is an either-or case, we could have both unwanted tracker detection and help on finding stolen property. Just as a very trivial example to start-off such conversation it could be made possible for authorities to recover details of the device used to disable a tracker, it it gets reported as tracking stolen property. If nothing else this could discourage theft.

This specification does not make it easier to discover these trackers for thieves.

I think this is not true. This spec will make it trivially easy, by having a tracker work with any smart phone to proactively notify a thief of the tracker's presence, AND allowing it to get disabled, with zero effort on their part, no additional equipment or app required.

At the very least it seem to me the effect on this use case should be acknowledged as a side-effect.

[mrlnc]

I don't think it is an either-or case, we could have both unwanted tracker detection and help on finding stolen property.

I think Section 2: Applicability goes in that direction; unwanted tracking countermeasures are required only for small items (with high potential for misuse). Find My enabled suitcases, bicycles or cars (with the tracker built-in) could remain silent.

Is my understanding correct?

[Sn0wfreezeDev]

Yes that's the way how Apple has internally defined that for participants of the Find My Network already. You can find leaked documents about this online.

[Guggie30]

After experiencing the theft of my wallet, I purchased a new one which has the capability of holding an AirTag in it. I also add AirTags to my briefcase and hide them inside my luggage lining. I’m concerned that these benefits will be rendered useless if proposed specifications do not allow for this popular usage.

[Sn0wfreezeDev]

We are actively developing an iOS and an Android App that can detect virtually any tracker that is out there. Our goal is stalking and unwanted tracking protection and its a state funded university project. You can already expect that a thieve would be able to find the AirTag in your wallet.

[kfet]

You are assuming 100% adoption of your app on all Android and iOS devices. This is not a realistic assumption.

[Sn0wfreezeDev]

No, I do not assume that. That's why I am in favor of this proposal, because that will lead to the adoption needed to fight unwanted tracking. However, I assume that knowledgable people that are concerned of unwanted tracking (e.g. politians, journalists, etc.) can inform themselves and use these tools to protect themselves. The same I assume for organized thieves.

[kfet]

... The same I assume for organized thieves.

Jumping from "it is possible with knowledge" to "everyone will know how to do this" is a huge leap, especially when talking about petty theft, and random un-targeted street crimes, like stealing wallets and suite cases.

I don't see substance so far behind the claim that trackers provide no protection from such crimes, because everyone would already know how to detect and disable the tracker, even without this specification. This is not a realistic assumption for the general public, criminal or not.

[kfet]

I don't think it is an either-or case, we could have both unwanted tracker detection and help on finding stolen property.

I think Section 2: Applicability goes in that direction; unwanted tracking countermeasures are required only for small items (with high potential for misuse). Find My enabled suitcases, bicycles or cars (with the tracker built-in) could remain silent.

Is my understanding correct?

Thanks for pointing this out, I read the section, and the intent is unrelated. It specifies the best practices as required for items small enough to be hidden undetected, which absolutely makes sense, but it doesn't address the general concern discussed in this issue, like the fact that a lot of valuables one would hope to recover are small enough to match this requirement - think wallets with IDs and credit cards, or passport holders.

[gillian-epm]

Hi Kalin, it’s true that this tradeoff exists, and if you implement this spec this should be taken into consideration. Prioritizing protections against unwanted tracking is the position we (Google and Apple) have taken; as others have commented above, AirTag is specifically intended to be used for tracking lost items, not for recovering stolen items. Accessory makers who implement the spec should be aware of this tradeoff and understand its implications on the theft detection scenario.

[bledvina]

The question of theft protection vs unwanted tracking was discussed at the first IETF BoF meeting. Notes are there:

Quote from Eva Galperin summarizes the position of the focus on protecting people: https://datatracker.ietf.org/doc/minutes-117-dult-202307271630/

"Want to push back on the idea that tracking children, elderly, stolen goods without detection. It's fine for children and elderly to know they are being tracked. Anti-theft technologies like this are stalking devices. People are more important than property."

[bledvina]

Closing this issue per above comments.

[Guggie30]

So it’s safe to say that there will be no attempt to develop standards that will prevent unwanted stalking and preserve detection of stolen property? That is the final verdict?

Doug Gerard

On Dec 11, 2023, at 7:20 PM, Brent Ledvina @.***> wrote:



Closing this issue per above comments.

— Reply to this email directly, view it on GitHubhttps://github.com/bdetwiler/draft-detecting-unwanted-location-trackers/issues/3#issuecomment-1851104808, or unsubscribehttps://github.com/notifications/unsubscribe-auth/BAZIRFMIS2LTNTI27D4V2GTYI6PLZAVCNFSM6AAAAAAXXXR4SWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNJRGEYDIOBQHA. You are receiving this because you commented.Message ID: @.***>

[kfet]

The question of theft protection vs unwanted tracking was discussed at the first IETF BoF meeting.

Framing the issue as "theft protection vs unwanted tracking" is inaccurate, as I've commented above. Obviously, the main goal of this effort is to prevent unwanted tracking. There are ways to keep the main focus on fixing unwanted tracking, while addressing theft protection as well.

A naive approach I've suggested in the comments above is for OEMs to keep track of device IDs used to disable tracking, and have those available to authorities, in case a tracker is reported as stolen / attached to a stolen item. This suggestion has its own obvious problems, but it sets the precedent that it doesn't have to be a "VS" argument at all.

[kfet]

Just to develop this suggestion a bit further, a possible approach is to disable tracking, but make available an obfuscated ID of the device used to disable it to the tracker owner. OEMs can record that action, and inform the tracker owner that they are being recorded, if they want to get that obfuscated ID.

The tracker owner can submit the obfuscated ID to authorities, which can request decoding from OEMs, and do further investigation (e.g. locate the device by its real ID, and recover a stolen car) after going trough the state-specific motions to approve those actions (e.g. obtaining a judge order).

[kfet]

Reopening as I am not sure the points above came across clearly in the conversation so far, drowned by discussions around whether this was a valid argument at all to begin with.

Feel free to close again, if there is no will to address theft use cases at all.

[Guggie30]

Ok. Now we’re getting somewhere. This is an excellent suggestion. I’d like to see this developed further. Doug

On Dec 11, 2023, at 8:08 PM, Kalin Fetvadjiev @.***> wrote:



Just to develop this suggestion a bit further, a possible approach is to disable tracking, but make available an obfuscated ID of the device used to disable it to the tracker owner. OEMs can record that action, and inform the tracker owner that they are being recorded, if they want to get that obfuscated ID.

The tracker owner can submit the obfuscated ID to authorities, which can request decoding from OEMs, and do further investigation (e.g. locate the device by its real ID, and recover a stolen car) after going trough the state-specific motions to approve those actions (e.g. obtaining a judge order).

— Reply to this email directly, view it on GitHubhttps://github.com/bdetwiler/draft-detecting-unwanted-location-trackers/issues/3#issuecomment-1851143648, or unsubscribehttps://github.com/notifications/unsubscribe-auth/BAZIRFJNYHWRQOL6A3C6EMTYI6VBFAVCNFSM6AAAAAAXXXR4SWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNJRGE2DGNRUHA. You are receiving this because you commented.Message ID: @.***>

[ArcticZeroo]

Just to develop this suggestion a bit further, a possible approach is to disable tracking, but make available an obfuscated ID of the device used to disable it to the tracker owner. OEMs can record that action, and inform the tracker owner that they are being recorded, if they want to get that obfuscated ID.

The tracker owner can submit the obfuscated ID to authorities, which can request decoding from OEMs, and do further investigation (e.g. locate the device by its real ID, and recover a stolen car) after going trough the state-specific motions to approve those actions (e.g. obtaining a judge order).

Definitely a neat idea as far as solving the theft problem goes, but I don't see this solution as being in-scope for this particular spec.

Correct me if I'm wrong, but the platforms used by location trackers are not interoperable and are not required to be as a part of this spec - the spec only outlines a platform-agnostic way for the trackers themselves to advertise their presence, and otherwise there is no communication between platforms (e.g. even after implementation of this spec, my Android phone wouldn't report the location of an AirTag to Apple, but the spec would allow it to detect the AirTag being on my person).

If my understanding is correct, how would this (obfuscated) device ID make its way to the tracker owner if they are on another platform? There is no way for my Android phone to inform Apple that I've disabled tracking on the AirTag. IMO, there are also negative privacy implications for these platforms to start storing device IDs, especially since this spec is in the context of reducing unwanted tracking.

Further, as far as I can tell, disablement is currently only defined as a physical action, so there is no actual way to figure out which person/device has physically disabled the tracker. The spec would need to define a way to disable an unwanted tracker through bluetooth.