It isn’t a secret that wireless carriers gather a lot of data from phone users on their networks — yes, even iPhones. But a new report sheds light on why that may be a bigger issue than some may have assumed.
Motherboard has a story out on Tuesday that tells the tale of an individual, in this case the author of the article, Joseph Cox, and how Cox cave $300 to a bounty hunter and ultimately discovered that the data that person was capable of gathering was pretty extensive. Cox got permission from someone else to be the target of the test. It only took a phone call and handing over a few hundred dollars to learn the precise location of the target’s phone.
According to the report, carriers like AT&T, Sprint, and T-Mobile are selling customers’ location data to third-party aggregators, but there appears to be a bit of a gray area where that customer information can get purchased by some relatively unsavory characters at the same time. There isn’t much supervision when it comes to what that data can be used for, or where it can go after it’s been sold off by the wireless carriers.
“The investigation also shows that a wide variety of companies can access cell phone location data, and that the information trickles down from cell phone providers to a wide array of smaller players, who don’t necessarily have the correct safeguards in place to protect that data.”
It’s important to note that this method to find someone doesn’t require any hacking at all, or even require a rudimentary knowledge of the phone’s past locations, or current location for that matter. This is regularly-available data sold by the wireless carriers.
“The bounty hunter did this all without deploying a hacking tool or having any previous knowledge of the phone’s whereabouts. Instead, the tracking tool relies on real-time location data sold to bounty hunters that ultimately originated from the telcos themselves, including T-Mobile, AT&T, and Sprint, a Motherboard investigation has found. These surveillance capabilities are sometimes sold through word-of-mouth networks.”
Now, while it’s not a secret that carrier sell data, it’s also not a secret that law enforcement agencies can gather the same information as well. Those agencies have multiple ways to gather that information, which also includes buying it from third-party aggregators or companies. And it turns out that one company, Microbilt, is selling customer location data to several different entities:
“Whereas it’s common knowledge that law enforcement agencies can track phones with a warrant to service providers, IMSI catchers, or until recently via other companies that sell location data such as one called Securus, at least one company, called Microbilt, is selling phone geolocation services with little oversight to a spread of different private industries, ranging from car salesmen and property managers to bail bondsmen and bounty hunters, according to sources familiar with the company’s products and company documents obtained by Motherboard. Compounding that already highly questionable business practice, this spying capability is also being resold to others on the black market who are not licensed by the company to use it, including me, seemingly without Microbilt’s knowledge.”
One other important note: The CTIA, or Cellular Telecommunications Industry), oversees wireless carriers like the ones mentioned above. This body says that those telecom companies and aggregators are supposed to get consent from the people they want to track. But, according to the report, that’s apparently just not happening:
“Telecom companies and data aggregators that Motherboard spoke to said that they require their clients to get consent from the people they want to track, but it’s clear that this is not always happening.”
So, there’s some relatively bleak news for you on a Tuesday. Part of this isn’t all that shocking, considering it’s our personal data we’re talking about and some companies play it pretty loosey-goosey when it comes to that. Still, it’s good to be aware of what’s going on.
Check out the full write-up through the source link below.