Your Cell Carrier Is Selling Your Location Data

Your Cell Carrier Is Selling Your Location Data

There’s a lot of hand-wringing over the amount of data Google and Facebook have on us, but mobile carriers have been flying under the radar. The fact is, they know roughly where you are all the time, and a new report claims they’ve been selling access to that information without the proper privacy safeguards in place. You can thank the shady world of data aggregators for this potentially egregious violation of your privacy.

A former Missouri sheriff has been charged with using an online service operated by law enforcement contractor Securus to track cell phones illegally, according to The New York Times. Prosecutors claim Cory Hutcheson used the system at least 11 times between 2014 and 2017 to track the phones of a judge, members of the state highway patrol, and others.

Securus mainly operates private telephone services for prisons and jails, but cell phone tracking is a “value-add” option in this lucrative and highly competitive market. The location data comes from a third-party called LocationSmart, which claims to have a direct connection to all four big US carriers, as well as several in Canada. The nature of this connection is unclear, but it would appear carriers are not getting the appropriate location consent before providing data to LocationSmart.

This location data isn’t anything new — your carrier always knows where you are based on network access, and that’s necessary to ensure you’re connected to the right towers. This network location data is not as accurate as GPS on your phone, but it usually pinpoints you within a few city blocks. LocationSmart even has a try-before-you-buy demo online where you can opt a phone number into the test and locate it in seconds. I tested it with a throwaway SIM, and it did indeed get close to my actual location.

Your Cell Carrier Is Selling Your Location Data

From a legal perspective, accessing a phone’s network location may or may not be illegal depending on where you live. Some states require warrants to track phones, but in others you only need that for real-time tracking. In a few places, this data requires no warrant at all. Us Senator Ron Wyden has sent a letter to the FCC seeking an investigation of Securus and LocationSmart, but the agency has not replied yet.

Carriers seem caught off guard by this report. They all have privacy policies that seem to prohibit this sort of sharing without consent, but Hutcheson was allegedly able to use Securus’ connection to LocationSmart to spy on multiple phones for years without anyone knowing. We’ve reached out to the big four US carriers to see if we can get updated statements on what, if anything, they are doing as a result of the New York Times report.

Continue reading

The PlayStation 5 Will Only Be Available Online for Launch Day
The PlayStation 5 Will Only Be Available Online for Launch Day

The PlayStation 5 isn't going to be available in stores on launch day, and if you want to pick up an M.2 SSD to expand its storage, you'll have some time to figure out that purchase.

Jupiter’s Moon Europa Might Glow in the Dark
Jupiter’s Moon Europa Might Glow in the Dark

The intense radiation bombarding Europa might make it glow in the dark, and that could help scientists learn more about the moon's ice sheets and the ocean below.

Which Is Faster, the Xbox Series X or PlayStation 5? Early Data Says It’s Complicated
Which Is Faster, the Xbox Series X or PlayStation 5? Early Data Says It’s Complicated

Competitive head-to-head data on the Xbox Series X versus the PlayStation 5 is beginning to trickle out.

Time to Update: Google Patches 2 Severe Zero-Day Chrome Vulnerabilities
Time to Update: Google Patches 2 Severe Zero-Day Chrome Vulnerabilities

Unlike the last few zero-days, Google didn't find these security holes itself. Instead, it was tipped by anonymous third-parties, and the problems are severe enough that it hasn't released full details. Suffice it to say, you should stop putting off that update.