Tile Trackers Accountability Mode

One of the problems with tracking devices is that they can be used for good or for evil. When used for good, they can help you locate a stolen purse, a stolen car or bicycle, or even help you figure out where you misplaced your wallet. When used for evil, they can be used for cyberstalking, harassment or worse. You see, any device that allows you to track its location allows you to track the location of the person who has that device.

Unfortunately, to solve that problem, you either have to make the device less useful for its primary function—tracking stolen goods—or make it more useful for its evil function—tracking and stalking former partners, boyfriends or girlfriends. It’s a policy choice. if the device warns the person who has the device that the device is being tracked, then the person riding the stolen bike simply rummages through various places on the bicycle until they find the tracking device—which they either throw in the trash or, if they’re clever, stick on some 18-wheeler driving to Canada. If, on the other hand, the device is truly in stealth mode, then it can be used easily for stalking purposes

Apple and its AirTag program chose the warning mode. If an AirTag user reported that their AirTag has been stolen (meaning that the device containing the AirTag has been stolen) then the AirTag will do two things: First, it will notify any Apple devices that are traveling with the stolen AirTag that an AirTag is traveling with it. Presumably, if someone has put an AirTag in your car to track you and you have or are near an Apple device, you will question why there’s an AirTag following you. Second, the AirTag will emit an audible beep to help the person being stalked know where that AirTag is. Of course, this only works if the person being stalked has an Apple device, is able to hear the audible beep over what might be overwhelming other sounds and noises or isn’t hearing impaired. AirTags’ rival, Tile, has chosen a different approach.

According to Tile’s new terms of service, certain users will be able to activate what is called anti-theft mode. In anti-theft mode, the user reports some device with an associated Tile device as stolen and activates the tracking mode. Rather than issuing either a signal or a warning, the user can track the device in stealth mode. The thief who has the device is not alerted in any way that the device is present or has been activated. Of course, the same thing is true for the person being stalked. To attempt to deter users from using Tile devices for stalking purposes, Tile’s new updated terms of service attempts to do two things. The first is enhanced accountability. Before a user can activate the anti-theft mode, the owner of the device has to give up their anonymity and provide a government-supplied user ID, like a driver’s license, and prove that they are who they claim to be. The theory here is that if people cannot activate the anti-theft mode anonymously and must verify who they are, they are much less likely to use the Tile device for cyberstalking.

Maybe. The terms of service say:

“Anti-Theft Mode
Anti-Theft Mode allows you to protect your valuables from theft. When you activate Anti-Theft Mode you will hide your Tiles from users of Tile’s Bluetooth device finder, Scan and Secure.

In order to activate Anti-Theft Mode, you must provide to Tile your name, date of birth, and identification information and give Tile permission to store the same in accordance with our Privacy Policy. The activation process will also require that you scan your driver’s license, government issued ID card, or passport to verify your identity.

The following additional terms and conditions apply to your use of Tile’s Anti-Theft Mode:

You must be at least 18 years of age; You understand and agree that if your Tile devices are suspected of being used with criminal intent, your information may be shared with law enforcement in accordance with Tile’s Privacy Policy; You acknowledge that any misuse of Anti-Theft Mode by you could lead to significant liability and damage to Tile which would be difficult or impossible to ascertain, and you agree that in such event you will be liable to Tile for liquidated damages in the amount of $1 million, which is a fair and reasonable estimation of those damages; You give Tile permission to verify your identity and store that verification information in accordance with Tile’s Privacy Policy. You agree that by enabling this feature your Tiles will no longer be discoverable by Tile’s Scan and Secure feature. You agree that Tile reserves the right to deactivate or modify Anti-Theft Mode at our discretion.”

Tile also includes some FAQ’s about the service. Those note that:

“All the Tiles you own in your account will be included in Anti-Theft Mode and will no longer be discoverable by our Scan and Secure feature and certain other third-party scanning tools.

There is not an option to include only certain Tiles with anti-theft mode. If a Tile is owned by you and shared with others it will be in anti-theft mode. Tiles owned by someone else and shared with you will not be in anti-theft mode, unless they activated the feature on their account, And if you transfer a Tile from your account to another account it will not be in anti-theft mode unless the new owner has activated the feature on their account.”

Verify, Validate and Give Up Privacy

It appears that Tile uses Life360 for its identity verification service. And that’s a problem.

Life360’s privacy policy allows a bunch of uses for the data you provide to authenticate to your Tile device, including behavioral analysis, internal research and even connections to your social media that you may not want. While users can opt out of some of these, doing so requires an affirmative act by the user. Just by way of example, the privacy policy notes that they share your personal data—which, by this point, includes your biometrically authenticated government-issued ID—and your location with, for example, its “business partners” noting that “Two of Life360’s Business Partners, Arity and Placer.ai, both provide important services to us as our service provider as well as have the right to commercialize aggregated data for certain purposes while also upholding your privacy. In particular, Arity powers the Life360 collision and driving features of the app and also monetizes non-personal and/or aggregated data for traffic insights and real-time traffic purposes. Arity also helps advertisers serve personalized offers and/or advertisements, and may also make additional use of your data independently with your express opt-in consent. Placer.ai is an analytics company focused on places of interest.”

That’s a whole lotta sharing just to be able to find a stolen purse.

The Million Dollar Fine!

Tile’s press release also indicated that that it now is “including a $1 million fine for any individual convicted in a court of law for using Tile devices to illegally track any individual without their knowledge or consent.”

Not quite.

Many states have laws that prohibit the use of tracking devices to track individuals without their consent. For example, California, Delaware, Florida, Illinois, Texas and Virginia all make the installation and monitoring of tracking devices without consent (express or implied) a crime.

But the Tile terms of service don’t create a new “fine” for violation of these statutes. What they do is purport to create a contract between the tile owner (who theoretically uses the tile device for stalking) and Tile as a company (the updated terms of service) whereby the Tile owner agrees not to use the device to “illegally track any individual without their knowledge and consent” and the contract provides for what the law calls “liquidated damages” to Tile if the Tile owner breaches the contract.

So, if someone uses the device to stalk their girlfriend and Tile finds out about it, Tile—not the girlfriend—can sue for $1 million for breach of contract. Also, the provision does not require that the stalker be convicted in a court of law—or, for that matter, to even be charged with a crime. In fact, it does not even require cyberstalking or any crime. It entitles Tile to get a million bucks from their customer if they can show “any misuse of Anti-Theft Mode by you …” Any misuse. Not just cyberstalking. Pretty vague.

Also, it’s not clear that a liquidated damages clause which calls for a contracting party to pay damages not to the injured party (the stalking victim) but instead to a device manufacturer would be enforceable. The Tile Terms of Use apply California law. California, unlike some states, expressly recognizes and enforces “liquidated damage” provisions in contracts as a general rule. However, cases note that a liquidated damages clause is invalid if it “bears no reasonable relationship to the
range of actual damages that the parties could have anticipated would flow from a breach.” Instead, the amount specified must be the result “‘of a reasonable endeavor by the parties to estimate a fair average compensation for any loss that may be sustained.'”

While Tile’s reputation may be damaged if someone “misuses” their device, I’m not sure that a court would award damages of a million bucks to Tile for that.

It’s not a bad idea to have some personal responsibility and accountability in the event technology is used to do bad things. But Tile’s solution may be worse than the problem—it requires the owner of the device to give up a lot of personal information to some possibly sketchy entities for the “privilege” of finding their lost luggage. Not a great tradeoff, in my opinion.

Image Source: Photo by Anna Schroeder on Unsplash

Avatar photo

Mark Rasch

Mark Rasch is a lawyer and computer security and privacy expert in Bethesda, Maryland. where he helps develop strategy and messaging for the Information Security team. Rasch’s career spans more than 35 years of corporate and government cybersecurity, computer privacy, regulatory compliance, computer forensics and incident response. He is trained as a lawyer and was the Chief Security Evangelist for Verizon Enterprise Solutions (VES). He is recognized author of numerous security- and privacy-related articles. Prior to joining Verizon, he taught courses in cybersecurity, law, policy and technology at various colleges and Universities including the University of Maryland, George Mason University, Georgetown University, and the American University School of law and was active with the American Bar Association’s Privacy and Cybersecurity Committees and the Computers, Freedom and Privacy Conference. Rasch had worked as cyberlaw editor for SecurityCurrent.com, as Chief Privacy Officer for SAIC, and as Director or Managing Director at various information security consulting companies, including CSC, FTI Consulting, Solutionary, Predictive Systems, and Global Integrity Corp. Earlier in his career, Rasch was with the U.S. Department of Justice where he led the department’s efforts to investigate and prosecute cyber and high-technology crime, starting the computer crime unit within the Criminal Division’s Fraud Section, efforts which eventually led to the creation of the Computer Crime and Intellectual Property Section of the Criminal Division. He was responsible for various high-profile computer crime prosecutions, including Kevin Mitnick, Kevin Poulsen and Robert Tappan Morris. Prior to joining Verizon, Mark was a frequent commentator in the media on issues related to information security, appearing on BBC, CBC, Fox News, CNN, NBC News, ABC News, the New York Times, the Wall Street Journal and many other outlets.

mark has 203 posts and counting.See all posts by mark