US Cell Carriers Are Selling Access To Your Real-Time Phone Location Data (zdnet.com) 146
Four of the largest cell giants in the US are selling your real-time location data to a company that you've probably never heard about before. ZDNet: In case you missed it, a senator last week sent a letter demanding the Federal Communications Commission (FCC) investigate why Securus, a prison technology company, can track any phone "within seconds" by using data obtained from the country's largest cell giants, including AT&T, Verizon, T-Mobile, and Sprint, through an intermediary, LocationSmart. The story blew up because a former police sheriff snooped on phone location data without a warrant, according The New York Times. The sheriff has pleaded not guilty to charges of unlawful surveillance.
Yet little is known about how LocationSmart obtained the real-time location data on millions of Americans, how the required consent from cell user owners was obtained, and who else has access to the data. Kevin Bankston, director of New America's Open Technology Institute, explained in a phone call that the Electronic Communications Privacy Act only restricts telecom companies from disclosing data to the government. It doesn't restrict disclosure to other companies, who then may disclose that same data to the government. He called that loophole "one of the biggest gaps in US privacy law. The issue doesn't appear to have been directly litigated before, but because of the way that the law only restricts disclosures by these types of companies to government, my fear is that they would argue that they can do a pass-through arrangement like this," he said. Further reading: The Tech Used To Monitor Inmate Calls Is Able To Track Civilians Too.
Yet little is known about how LocationSmart obtained the real-time location data on millions of Americans, how the required consent from cell user owners was obtained, and who else has access to the data. Kevin Bankston, director of New America's Open Technology Institute, explained in a phone call that the Electronic Communications Privacy Act only restricts telecom companies from disclosing data to the government. It doesn't restrict disclosure to other companies, who then may disclose that same data to the government. He called that loophole "one of the biggest gaps in US privacy law. The issue doesn't appear to have been directly litigated before, but because of the way that the law only restricts disclosures by these types of companies to government, my fear is that they would argue that they can do a pass-through arrangement like this," he said. Further reading: The Tech Used To Monitor Inmate Calls Is Able To Track Civilians Too.
Violation of EU GPDR and Canada/US data treaties (Score:4, Insightful)
Any sane lawyer could sue all these telecom companies under both the EU GPDR and the US/Canada data treaties.
Your rights don't end at the border, unless you're only an American.
Re: (Score:2)
Really? You are saying treaties are getting in the way with the US Companies doing whatever they feel like?
Re:Violation of EU GPDR and Canada/US data treatie (Score:5, Insightful)
Any sane lawyer could sue all these telecom companies under both the EU GPDR and the US/Canada data treaties.
Your rights don't end at the border, unless you're only an American.
Umm.. wait, what? "Rights" are a concept granted by the country you're in. They do, literally, end at the border. "Your Rights" become whatever the rights are that are granted to foreigners in the new country you entered if the new country does grant such rights. Do all countries even have the concept of individual rights? If you go to China for Example with the 9mm pistol your home country gives you the right to carry you aren't going to have a good day. If you go to North Korea running your mouth about how their emperor sucks badly... same thing - they don't care about the rights you had when you were in your "home" country. They do care that foreign nationals in those countries don't have the right to do those things.
Re:Violation of EU GPDR and Canada/US data treatie (Score:5, Insightful)
hence... treaties... which extend/grant rights to citizens of other constituencies based upon mutual agreement!!
Re:Violation of EU GPDR and Canada/US data treatie (Score:4)
Rights are not granted by anyone. "We hold these truths to be self-evident, that all men are created equal, that they are endowed, by their Creator, with certain unalienable Rights..." Your rights are something you are born with, and they are numerous beyond counting, and universal, applying everywhere. Governments can only recognize and protect, or ignore and abuse those rights.
The distinction is seriously important.
Re: (Score:1)
+1. Rights are recognized. Privileges are granted.
Re: (Score:3)
Rights are granted by societies. There is nothing inherently magical about people or their origin that bestow them these rights, no matter how much you believe in faerie tales and invisible sky wizards.
I was going to point out something similar, but the coward made the point much better and far more sincerely than I would have. To address the original comment
"We hold these truths to be self-evident, that all men are created equal, that they are endowed, by their Creator, with certain unalienable Rights..."
This only works if you believe that everyone has a common "Creator", that this "Creator" created everyone equally and endowed them with "Rights". If you don't believe any part of that, it really falls apart. You could support the idea of "Rights" out of benevolent self interest, but that only holds up as long as cooperation is in everyone's inte
Re: (Score:2)
Well, you started off on a bad foot and took it into a worse conclusion. You have to remember the time frame, Darwin had yet to produce his theory and wouldn't for a hundred ish years. Even if you didn't believe in the christian god at the time, you were at a loss as to how to explain how man got here. The intent of this statement is to add moral authority to the simple concept of "people are born free and anything you do to impune on that is wrong."
In short, you are looking at this exactly backwards. T
Re: (Score:2)
For what it's worth, I'm not an atheist, I'm not disgusted and I know the Constitution is not the idealistic ramblings of religious zealots. But they were somewhat idealistic for their time. Radicals too. Are they correct in their determination everyone's Rights? Where their definition might conflict with the EU's definition of Rights, which is correct?
When dealing with conflicting "Rights" as have been discussed in this thread (such as the EU's people's Right to Privacy and the US company's right to
Re: (Score:1)
Or an EU or Canadian citizen working in, or living in the US.
Re: (Score:1)
Wrong. You are subject to the laws of the country you live in, not the one you come from.
Re: (Score:1)
Wrong, you are subject to the treaty that overrides state or national laws, it's in the US constitution even.
Re: (Score:1)
There are plenty of countries that have laws that apply to people outside their territory.
If you matter to them, they will try to get you.
There are international arrest warrants. Many countries will not hand over their own citizens, but most will hand over citizens of other countries.
They might freeze your bank accounts at banks that do business in multiple countries.
Re: (Score:1)
There is no general rule here. It depends on countries and individual laws.
The GPDR explicitly states that it applies to data from people who are in the EU. Including non-EU citizens that happen to be in the EU, excluding EU citizens that happen to be outside the EU.
Other laws apply differently. E.g. many countries tax their citizens even when outside the country. The US goes unusually far in taxing even US citizens that never lived in the US (and demanding a large sum of money for getting rid of US citizen
Re: (Score:2)
The GPDR explicitly states that it applies to data from people who are in the EU.
Which is irrelevant to a U.S. based company without presence in the EU.
Re: (Score:1)
So you think the US Marines and the US Navy and the US Air Force don't enforce rights in international waters?
You sure about that?
Why do you think we created the Marines in the first place?
Seriously, don't any of you actually take any history or civics classes?
And who do you think created the British Navy and British Marines?
Each country can choose to do such things.
Personal privacy and personal IP rights... (Score:1)
Or sometimes other rights, don't exist in america, unless you a celebrity of sufficient wealth, or an asset to a politically well connected organization or corporation. Anyone who thought otherwise hasn't paid attention to the last 200 years of American History.
Re: (Score:1)
Thank you worker drone #56615762, now get back to work.
Re: Whoop-di-do (Score:4, Interesting)
More like: we have reason to believe you were involved in a crime that happened adjacent to your work/home route. Your cell phone was the closest phone in proximity to the theft, and an eye witness says she can identify the culprit. Please stem this way to the window line up so our witness can identify or exonerate you.
Have fun getting your ass ponded because "the government has no reason to want to hurt me".
Re: (Score:2)
ummm, no need to "step" to the window, a picture has already been uploaded from your camera.
Re: (Score:1)
We just sold your location info to some guys out of Lower Elbonia. They likely will sell it to some local gangbangers who will use it to know when to break in. Not like your Simplisafe unit is going to call the police when it is tossed in the toilet before it goes off. Oh, and we know about the fact that you visit a club with dancing midgets, and that fact will be sent with pictures and phone geo-location maps in real time unless you pay us 3 BTC within 24 hours. Perhaps the DA will like to know that yo
Re:Whoop-di-do (Score:5, Insightful)
You say you don't care about your privacy, yet you post as anonymous coward. Interesting.
is public info = private? (Score:4, Interesting)
Every day there are private airplanes flying around in our US airspace, who interact with air traffic control (of course), and who can ask that afterwards the records of their tail numbers not get published -- by the government. It could be that a person or company doesn't want people to know where they're going, who they belong to.
Now there are also people who make it their hobby to record the airplanes they see taking off + landing, and share this info with others. There are probably companies who do this too.
Is that illegal? How are you to pass a law against someone getting access to information that could completely legitimately be obtained by someone observing it in person? Does public information fall under the domain of privacy?
That is the problem with privacy -- I don't know that the definition of it is something that can cover purely public information. Not talking about Social Security numbers or personal health data or credit card info.
Is someone's observation of your activities in public, private information?
Re: (Score:2)
Re: is public info = private? (Score:1)
Bullshit. The Transmission is encrypted. Geolocation of mobile phones is quite hard, because of the Constant chatter of other phones in same frequency.
Re: (Score:2)
Anti-stalking laws say "Hi". You cannot follow someone around 24/7 when they are in public.
Re: (Score:2)
You may RTFA, but I don't think you RTF parent post.
The example is private plane takeoff and landing where one records comings and goings from a particular airport. One presumably does not tail all the subjects in a chase plane. The bit that you you quoted specifically says "legitimately be obtained," which would specifically exclude information obtained while stalking, trespassing, etc.
This is some subtlety to this topic, where the public's right to say things is balanced against an individual's right to p
Re: (Score:2)
This would be akin to the government (who has some kind of law, or regulation that makes them offer the option to have your tail number not be published, I imagine) selling that data to, for example, a corporate competitor of yours who is very interested in knowing where you're going, but either cannot, or has not, put in the leg work to try to observe your tail number tak
Re: (Score:2)
Let me ask about a different situation.
Every day there are private airplanes flying around in our US airspace, who interact with air traffic control (of course), and who can ask that afterwards the records of their tail numbers not get published -- by the government. It could be that a person or company doesn't want people to know where they're going, who they belong to.
Now there are also people who make it their hobby to record the airplanes they see taking off + landing, and share this info with others. There are probably companies who do this too.
Is that illegal? How are you to pass a law against someone getting access to information that could completely legitimately be obtained by someone observing it in person? Does public information fall under the domain of privacy?
That is the problem with privacy -- I don't know that the definition of it is something that can cover purely public information. Not talking about Social Security numbers or personal health data or credit card info.
Is someone's observation of your activities in public, private information?
Your analogy isn't great because the hobbyists don't have a contract with the pilots.
In this situation, you are paying your cell provider for a service with the (apparently unwarranted) expectation of privacy. They are then selling that information to companies, who profit from your history by reselling that information to others or targeting you with advertising.
So a better analogy would be more like your doctor selling your medical history to a company, which then spammed you with STD antibiotic ads righ
We need a new class of IP protections for personal (Score:3, Insightful)
That is all.
Re:We need a new class of IP protections for perso (Score:4, Insightful)
They'll ignore it, or the contract for your phone will require you click through an agreement to let them do as they will. Even if that fails, they'll do it anyway. A fine here and there is nothing compared to the powe of knowing where every person, car, motorcycle and eventually bicycle on the planet is. It's THE power, knowing where everyone is, what they read, what they say, and who they associate with. Every nation on the planet, every corporation, every secret and public police will never let this go. Ever notice how Wikileaks is the only new org on the planet that gets real leaks? There is a reason for that. They brag openly to reporters they don't need a warrant to know who's been talking to them. We are sewn shut.
Re: (Score:2)
Re: (Score:2)
And disabling the GPS really isn't much of a solution. Just knowing which cell tower you connect to will likely pinpoint your location fairly accurately, and the only way to disable that is to turn your phone off and leave it off.
Re: (Score:2)
Re: (Score:3)
But my phone doesn't even have a GPS receiver.
Just because you don't have an 'app' for your GPS location doesn't mean the chipset doesn't have a GPS receiver integrated into it. You might also be surprised to know it's got an FM broadcast receiver integrated into it too, but again no 'app' to access it. Even the cheap-ass plastic LG dumbphone that cost less than $50 has GPS in the chipset, just no 'app' to access it. But that doesn't mean the carrier can't access it, or the government, or a hacker.
Re: (Score:1)
Whether or not you enable GPS or even have a GPS receiver, the cell network can triangulate the signal from your phone. Depending on the technology used, all cell phones can be located through this technology built into the network, or have GPS that can be activated remotely with no option to override. This is legally required, so that 911 operators can see where you are if you call in and can't talk to them or don't know where you are.
Inconvenient work around (Score:2)
Re: (Score:1)
Try this (Score:4, Interesting)
I suspect this is larger than most people ever imagined. Try this experiment. Have a friend of yours who will be traveling out of state take your credit card with them and use it to make a $200 purchase. It will be declined. Somehow the credit card company knows that you and the card are in different locations.
Re: (Score:3)
Re: Try this (Score:2, Insightful)
You do the opposite of what he said.
Re: (Score:1)
You do the opposite of what he said.
But it's the same thing. I got the impression that the GP is implying that the CC company knows that the card and the owner are not in the same place. But really, they just suspect they're not in the same place, because all they can tell is if the card is moving around. Of course they'll be tracking where the card is used.
Re: (Score:2)
The implementation details beyond that are enough to call into question his assertion that they require the card to be geolocated near my phone.
Re: (Score:2)
They know based on your billing address and purchase history. I travel a couple times each year and I've never had a charge declined when I use my credit cards out of state.
Re:Try this (Score:4, Insightful)
It is just as likely to fail if you travel with your phone. The charge is declined because if falls outside your normal buying habits.
mic (Score:1)
just wait for the same story to blow-up about mic in the cell phone to be on 24/7
We've been screaming about this since 2001 (Score:4, Interesting)
Or at least I have. I remember being screamed and voted down on Slashdot because I was insisting the GPS and other location data was being accessed and would be given out to just about anyone, panic monger and paranoid lunatic that I am.
Amazing how people don't want to see what is right in front of them.
Re: We've been screaming about this since 2001 (Score:1)
Also not correct. The SS7 protocol allows for snooping of random phones globally. No SMS required. Any crook can do it with a bit if money.
Re: (Score:2)
I'm shocked I tell you... (Score:5, Insightful)
Names, please (Score:5, Informative)
1.
It's worth noting who's upset about this and for some reason many of the stories don't mention him.
2.
Just in case any of you were still working under the false assumption that it doesn't matter which party you vote for. Keep it in mind as election season approaches.
Re: (Score:1)
So the congressman of Oregon puts the cat on the table. Would you say that the Republican option wouldn't have? What ensures that a Democrat candidate in a state currently represented by a Republican congressman would do as Wyden has?
It occurs to me that Oregon is a northwest US liberal paradise, or hellhole depending who you ask, while other states such as Wisconsin and Michigan could just as well stick with their pro-corporate line regardless of whether the congressfuck is a Demonican or a Republicrat.
Re: (Score:3)
Would you say that the Republican option wouldn't have?
Yes.
What ensures that a Democrat candidate in a state currently represented by a Republican congressman would do as Wyden has?
Nothing.
It occurs to me that Oregon is a northwest US liberal paradise, or hellhole depending who you ask, while other states such as Wisconsin and Michigan could just as well stick with their pro-corporate line regardless of whether the congressfuck is a Demonican or a Republicrat.
Agreed, entirely.
Your overall point wasn't missed, and I don't disagree with it.
There are however trends and average among the parties that are starkly different, even if the same kind of terrible shit is done by outliers in both.
Re: (Score:2)
Hey, Oregon is a pretty diverse state -- go east of ... roughly Hood River and you're basically in Texas.
Not that this matters much anyways; we're full. Though I hear Utah is wonderful.
Re: (Score:1)
I've spent time in Eastern Oregon and I've lived in Texas. On its worst day, Eastern Oregon is light years better than Texas.
Re: (Score:2)
To be clear, Bend doesn't count :)
Re: (Score:2)
Interesting that you bring that up. Remember the pathetic excuse for a Facebook hearing where they intentionally asked Zuckerberg really stupid questions that didn't get to the heart of the matter at all? That was chaired by Republican Representative Greg Walden (Congressional district 2, covering Central, Eastern, and Southern Oregon), Oregon's congressional delegation's only Republican. He set the strict rules for the hearing that were intended, and did so successfully, to make sure it didn't come out
Personal info = threat to self determination. (Score:5, Interesting)
We already have limits on how US government can use personal information. The Carpenter Vs US lawsuit will continue to define those limits. We created these protections because we realized that government can use personal information to predict, manipulate, and control us. The combination of powerful government and enabling personal information is a threat to self-determination and rule by consent of the governed.
We have seen many recent examples where powerful modern entities used technology and personal information to predict, manipulate, and control us. FaceBook can predict, control and manipulate us. So can Google, Amazon, Political Action Committees, The Russian Government, advertising agencies, and so on. We need to take further action to protect our unalienable right of self determination. If we fail to act, our society and government continue to transform into "Rule by Manufactured Consent of the Manipulated".
Manipulation is a threat to ourselves and our society. Manipulation advances the goals of the manipulator. Manipulation has no fundamental respect for reality. Past manipulation divorced the victims from reality. Manipulation weakens both individuals and society. Present day manipulation must not be assumed to be legitimate, just because it is cheaper, more effective, more powerful, or wielded by new entities.
Once personal information is collected, it is almost impossible to destroy. It will be monetized. It will leak. It will spread. The cell-phone companies will sell or breech. An Intelligence agency will seize and leak. A well-meaning judge will issue a General Warrant.
For NOW, when you need privacy, you must DITCH THE PHONE.
One path forward is to realize that any personal information that is effective at predicting, controlling or manipulating us IS our identity. As long as this information is effective, and valuable, it is a part of us. We must establish that owning your own personal information is an unalienable right. The right of owning your personal information can not be stolen, seized, legislated or contracted away.
Well, not so smart... (Score:2)
I tried it using my personal cellphone. It told me I was in an area that is 10 miles (16km) from where I actually am.
The last time I was in that area was Friday, four days ago.
My phone has been communicating with cell towers over here on the "far side" of town for four days solid,
great reception, incoming and outgoing SMS and calls, so clearly their data is... um... wrong.
Not so smart after all.
Ehud Gavron
Tucson AZ
Motorola Moto G4 / LineageOS
abuse (Score:3)
Any information that is collected can and probably will be abused at some point. It doesn't matter what laws are enacted. This is why any "privacy" methods that don't prevent the collection in the first place are fairly doomed.
With our current technology, cell operators HAVE to know where a phone is so calls can be routed to them. However, there is no reason they should be SAVING that information, much less giving it or selling it to ANYONE.
So, OS and settings and GPS aside, just having your phone "on" the cell network means you ARE being tracked.
It's Everywhere.. (Score:1)
Cancel your contracts and move to Verizon ... (Score:2)
Verizon is the only one who said it would stop providing data. The others said they'd require consent, but there is no actual mechanism for you to verify consent with them ... so they are lying fucking bastards.
If a hundred thousand people vote with their wallets today, this will be done with tomorrow.
Re: (Score:1)
"911 call's GPS coordinates showed van's location"
RTFHeadLINE
no substitute for pure incompetence. or perhaps the cop was too busy polishing his gun to care for an actual life.