It's hard to believe that much of anything is truly private these days. Between smartphones, the internet, and everything else, so much of our data and lives are on full display for various businesses to see. Recently, it was discovered that all four of the major United States carriers provide your real-time location info to third-parties thanks to a loophole in the Electronic Communications Privacy Act.
How'd this matter come to light? Between 2014 and 2017, former sheriff Cory Hutcheson used a service called "Securus" to track the location of a judge and members of Missouri's Highway Patrol around 11 different times. Securus is a service that allows police officers to facilitate calls made to inmates, but it can also be used to pinpoint the location of a cell phone in a matter of seconds.
Securus obtains this location info from AT&T, Sprint, T-Mobile, and Verizon, but it does so through a middle-man called "LocationSmart."
LocationSmart can pinpoint your real-time location in about 15 seconds.
LocationSmart is based out of California, and after it obtains this data from carriers, sells it to companies like Securus. The location data LocationSmart gets is based on tower information it gets from carriers, and while this process is slower than using GPS, it works in the background without your knowledge and has little-to-no impact on battery life. LocationSmart touts it can pinpoint someone's real-time location in just 15 seconds.
In other words, carriers are letting LocationSmart have your real-time location information so it can then share it with other third-parties. Is any of this even legal?
The Electronic Communications Privacy Act prevents carriers from sharing user location to the United States government, but there aren't any restrictions in place on other companies. As noted by Kevin Bankston, the Director of New America's Open Technology Institute, this is "one of the biggest gaps in US privacy law."
If you're looking for a silver lining, LocationSmart says that companies that use its services must get "explicit consent" from users before obtaining their location – whether it be through an app or text. However, there are other instances where it's implied that a user wants their location shared and this step can be avoided (such as when someone calls a towing company to pick up their car).
The FCC's been asked to investigate the matter by Democratic Senator Ron Wyden, but it remains to be seen what actions (if any) will be taken.
Visible: Everything you need to know about Verizon's new phone service
ooofest on May 15th, 2018 at 04:56 UTC »
This article seems to have a little more detail and context:
https://www.zdnet.com/article/us-cell-carriers-selling-access-to-real-time-location-data/
If you go the link they provide on how consent is made for LocationSmart to collect and process your data from carriers, it seems that there is always a step where you must have agreed to some sort of tracking need.
However, some of those are "implied" such as calling for emergency assistance - so, they apparently sign you up for tracking, because don't you need that for the service to locate you? How nice.
mikechi2501 on May 15th, 2018 at 02:47 UTC »
Wow. I did NOT know this tidbit. Shocking but not surprising.
radome9 on May 15th, 2018 at 02:38 UTC »
That sounds illegal.