Since a tablet is generally going to access the Internet from behind a firewall or AP of some sort, it has to initiate the connection for sure. The server side must log and trace the external IP to maximize useable info.
If you read my previous posts above you'll see that's exactly what I was thinking, except for the email. I'd much rather see this info sent encrypted to the main server. The server can then email a copy of the data to the user should they wish, or they could get it via web interface. (IANAL but email has chain of custody issues that could prevent data received that way from being used in court. A bonded insured legitimate company that receives data directly from the stolen device and saves the entire TCP/IP exchange verbatim including traceroute, etc. would be better.) My main concern is the 'trigger' As I posted previously, I think that PKI is the way to go. That way only the user can trigger 'find-me' mode by signing a message with their private key which then waits on the server for when the tablet next checks in. This would be to prevent the operator of the server activating the daemon without the user's consent. On the daemon side most of the code is trivial. But security of the authentication handshakes and trigger mechanism is crucial to a successful service and prevention of abuse. It is MANDITORY that the server not have access to the user's private key so as not to be able to activate the daemon without user consent. It is also MANDITORY that the privacy policy of the service be such that any data gathered during the course of normal check-in not be cached OR shared with any third party AT ALL. It is MANDITORY that the daemon be open-source to assure users there's no 'back-door' into their tablet that could allow abuse.

Still, though there are some real non-trivial privacy concerns to address, I'm starting to get inspired here...

As for the actual triggers and such. Once reported stolen The tablet should take a picture periodically when it senses it is being used and should stop when it is not. If reported lost or stolen it should try to get a GPS fix on a schedule and if GPS is started by the 'thief' or person in possession it should log it. It should also try to connect aggressively to any unencrypted Internet connection it can to phone home and ignore normal WLAN connection settings also on a schedule.

cheers,
kernelpanic

p.s.- I was thinking of calling this I.T. Phone Home, but PC and Mac phone home would sue the pants off of me (Not to mention Spielberg, Ouch!). So for now this project will have a working name of Sheep Dog It will likely not be a garage project, at least until there's a working framework in which any privacy issues have been worked out and tested.