The usual caveats: I do not declare myself an expert on topics related to technology. I have enough knowledge and curiosity to cause problems and raise questions. I also have not used any of these devices; I simply want to point out topics of concern I do not hear in the conversations about them.

The pandemic threw innumerable wrenches in the gears of our practices and provided the ultimate stress test for a Western generation bereft of challenges that drastically affect our daily lives. Travel, shipping, and supply chain disruptions abruptly and universally ground to a halt and forced us all to reconsider how we move our high-value objects around the world. We devised and quickly adopted several solutions to re-oxygenate the blood in our industry: bookend couriers, checkpoint tracking and documentation, and tracking devices. The quick adoption forced us to swallow several tradeoffs that we should re-evaluate now that we have removed the ventilators from travel and shipping. The trackers and the use of the data they aggregate draw my attention now.

Let us consider the two largest shippers in the United States, Masterpiece International and Dietl, who have both adopted tracking devices. Masterpiece works with Tive and Dietl works with SenseAware (though I cannot find a public declaration of this). These companies rolled out trackers as a proxy courier (“in-transit visibility”) amidst the gauntlet of travel restrictions that intended to reduce the spread of COVID-19. These devices provide valuable real-time information such as GPS, temperature, humidity, light exposure, and vibration readings of your shipment while in transit and notify the user of abnormalities as they occur – assuming connectivity to a cellular or WiFi network. Interesting enough, couriers NEVER provided this information. They provided a level of oversight and decision-making that would complement this data. Thus the device does not change the necessity of a person courier (I have seen and raised my bet on bookend couriers as the long-term solution) or really even belong in the courier discussion because it does simply does not do the same job. Regardless, some will concede that given the situation, we did the best we could do. Fine.

Though this information creates a glut of value for the user, we should take a moment to consider risks associated with how the attainment of the information affects our institutions.

Network connectivity creates a tiny crack in the foundation as data breaches become a possibility anytime something connects to the internet. Such a fissure – though extremely unlikely – will allow a malicious third party access to the whereabouts of your objects.

Though hacking into the parent companies or the devices themselves may appear unlikely, it may also be an unnecessary risk. First, for many years prior to the pandemic we have had GPS technology which allowed us to know the exact locations of every truck in transit and every airborne flight. They do not automatically notify you of stoppages, but your shipping agent should, however. Further, websites like FlightAware and FlightStats have similarly allowed anyone with access to the internet a way to track the status of any flight without a physical presence. Yes, this “old school” GPS also requires the use of the internet but does not trace to a specific object or crate. That difference does not make the situation safer, but I point it out simply to note that we could already watch in real time, ultra HD the OJ white Bronco car chase that is the global shipping.

Further, scientists and farmers alike have deployed RFID technology for decades and allowed us to track great white sharks to the middle of the ocean, inventory at Walmart, and nuclear materials entering Los Alamos without connection to the internet. Yes, companies have for years made devices specifically for works of art as well.

All of this to say that we have had for decades the means to know the exact location of our objects. Do we need this new thing? Claiming that the trackers stand in for a person, similarly is a red herring for the courier debate. They do not make the real-time decisions a courier makes but can provide additional, useful climate information that may affect how we coddle our collections in the future.

The ability to monitor environmental conditions inside a crate and send real-time notifications to the user can and will change the direction of shipping high-value objects; however, a user cannot change these conditions until the next shipment. Likewise, a thermo hygrometer or datalogger will do the same thing minus the shock sensors. If you do not get the data until after the shipment, what is the difference? Also, why have crating companies not built in an RFID, vibration sensor, and datalogger directly into the crates – specifically companies that make reusable crates?

We already construct and test our crates to manage temperature fluctuations and mitigate vibration and shock. Knowing that an event threatened our objects on a specific transit might spur a different treatment when the object arrives at its destination or might simply demonstrate and numb us to the constant stress that travel imposes on objects. Whatever the case, however, we can rarely respond in real time; we can only react after.

On the other hand, the devices, now with nearly two years of data aggregated from shipments, have provided users with elephantine amounts of data which will enable improved crate construction, transit protocols, and object care. They have also gifted the tracker manufacturers with this data.

We have all accepted a degree of transparency regarding our personal data while using smartphones. We know, disagree with, but reluctantly accept that using social media, for example, allows those companies to track our interests and feed us an all-you-can-eat buffet of ads, posts, and connections to keep you using the platform. GPS-based map programs similarly know where you are and send you ads for services in that area. If you have ever used Waze, you know how ads appear for gas and other nearby services whenever you stop. We accept them because it genuinely makes life more convenient for us. However, what if your tracker companies did the same?

Do you know if the tracker companies have the ability to sell the collected data? What if the tracker pings its location in New York and suddenly advertises to you transport and handling companies in the area, museum exhibitions, or insurance companies to safeguard future transits through the same push notifications that allow you to know about anomalies in climate conditions? Have you agreed to not share this data?

Similarly, a nefarious party could draw conclusions about the cargo based on tracker data. The fact that a crate has a tracker in the first place indirectly announces its value. Further, where it goes, how often it travels, and any climate fluctuations (or lack thereof) may also broadcast the level of value in transit thus making it a target.

Connecting the devices to the internet also allows a bad actor to change or cloak the location of object. What if the tracker reports that it sits in Paris as planned when in fact a hack places it it there?

As I prefaced, I have not driven these products around the block and would actually delight to hear that manufacturers have addressed these issues. I just have not seen this stated publicly or taken part in conversations where representatives or colleagues have snuffed out concerns. No matter how secure and private, though, they still have the data.

You will also note through my other posts that I do not have an allergy to technological innovations in the field, but as we improve our protocols, we must also recognize their shortcomings. Despite the gilded value in the aggregated data, make sure you consider all aspects of asset protection when you indulge in these new technologies.

Please, reach out to me if you have used these devices and have further knowledge of the data usage. Also, what safeguards have you imposed to protect your institutions?