Slashdot Mirror
US Cell Carriers Are Selling Access To Your Real-Time Phone Location Data (zdnet.com)
Four of the largest cell giants in the US are selling your real-time location data to a company that you've probably never heard about before. ZDNet: In case you missed it, a senator last week sent a letter demanding the Federal Communications Commission (FCC) investigate why Securus, a prison technology company, can track any phone "within seconds" by using data obtained from the country's largest cell giants, including AT&T, Verizon, T-Mobile, and Sprint, through an intermediary, LocationSmart. The story blew up because a former police sheriff snooped on phone location data without a warrant, according The New York Times. The sheriff has pleaded not guilty to charges of unlawful surveillance.
Yet little is known about how LocationSmart obtained the real-time location data on millions of Americans, how the required consent from cell user owners was obtained, and who else has access to the data. Kevin Bankston, director of New America's Open Technology Institute, explained in a phone call that the Electronic Communications Privacy Act only restricts telecom companies from disclosing data to the government. It doesn't restrict disclosure to other companies, who then may disclose that same data to the government. He called that loophole "one of the biggest gaps in US privacy law. The issue doesn't appear to have been directly litigated before, but because of the way that the law only restricts disclosures by these types of companies to government, my fear is that they would argue that they can do a pass-through arrangement like this," he said. Further reading: The Tech Used To Monitor Inmate Calls Is Able To Track Civilians Too.
Yet little is known about how LocationSmart obtained the real-time location data on millions of Americans, how the required consent from cell user owners was obtained, and who else has access to the data. Kevin Bankston, director of New America's Open Technology Institute, explained in a phone call that the Electronic Communications Privacy Act only restricts telecom companies from disclosing data to the government. It doesn't restrict disclosure to other companies, who then may disclose that same data to the government. He called that loophole "one of the biggest gaps in US privacy law. The issue doesn't appear to have been directly litigated before, but because of the way that the law only restricts disclosures by these types of companies to government, my fear is that they would argue that they can do a pass-through arrangement like this," he said. Further reading: The Tech Used To Monitor Inmate Calls Is Able To Track Civilians Too.
Any sane lawyer could sue all these telecom companies under both the EU GPDR and the US/Canada data treaties.
Your rights don't end at the border, unless you're only an American.
-- Tigger warning: This post may contain tiggers! --
Or sometimes other rights, don't exist in america, unless you a celebrity of sufficient wealth, or an asset to a politically well connected organization or corporation. Anyone who thought otherwise hasn't paid attention to the last 200 years of American History.
Really? You are saying treaties are getting in the way with the US Companies doing whatever they feel like?
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Let me ask about a different situation.
Every day there are private airplanes flying around in our US airspace, who interact with air traffic control (of course), and who can ask that afterwards the records of their tail numbers not get published -- by the government. It could be that a person or company doesn't want people to know where they're going, who they belong to.
Now there are also people who make it their hobby to record the airplanes they see taking off + landing, and share this info with others. There are probably companies who do this too.
Is that illegal? How are you to pass a law against someone getting access to information that could completely legitimately be obtained by someone observing it in person? Does public information fall under the domain of privacy?
That is the problem with privacy -- I don't know that the definition of it is something that can cover purely public information. Not talking about Social Security numbers or personal health data or credit card info.
Is someone's observation of your activities in public, private information?
That is all.
I suspect this is larger than most people ever imagined. Try this experiment. Have a friend of yours who will be traveling out of state take your credit card with them and use it to make a $200 purchase. It will be declined. Somehow the credit card company knows that you and the card are in different locations.
Thank you worker drone #56615762, now get back to work.
just wait for the same story to blow-up about mic in the cell phone to be on 24/7
Or at least I have. I remember being screamed and voted down on Slashdot because I was insisting the GPS and other location data was being accessed and would be given out to just about anyone, panic monger and paranoid lunatic that I am.
Amazing how people don't want to see what is right in front of them.
I haven't seen a Compute!'s Gazette code listing in years.
...that signing several thousand pages of contracts over fifteen different TOU's without reading them could lead to this.
They'll ignore it, or the contract for your phone will require you click through an agreement to let them do as they will. Even if that fails, they'll do it anyway. A fine here and there is nothing compared to the powe of knowing where every person, car, motorcycle and eventually bicycle on the planet is. It's THE power, knowing where everyone is, what they read, what they say, and who they associate with. Every nation on the planet, every corporation, every secret and public police will never let this go. Ever notice how Wikileaks is the only new org on the planet that gets real leaks? There is a reason for that. They brag openly to reporters they don't need a warrant to know who's been talking to them. We are sewn shut.
1.
It's worth noting who's upset about this and for some reason many of the stories don't mention him.
2.
Just in case any of you were still working under the false assumption that it doesn't matter which party you vote for. Keep it in mind as election season approaches.
You are welcome on my lawn.
Any sane lawyer could sue all these telecom companies under both the EU GPDR and the US/Canada data treaties.
Your rights don't end at the border, unless you're only an American.
Umm.. wait, what? "Rights" are a concept granted by the country you're in. They do, literally, end at the border. "Your Rights" become whatever the rights are that are granted to foreigners in the new country you entered if the new country does grant such rights. Do all countries even have the concept of individual rights? If you go to China for Example with the 9mm pistol your home country gives you the right to carry you aren't going to have a good day. If you go to North Korea running your mouth about how their emperor sucks badly... same thing - they don't care about the rights you had when you were in your "home" country. They do care that foreign nationals in those countries don't have the right to do those things.
buy a faraday cage bag and check your phone every 15 minutes or so.
i am so very tired....
Or an EU or Canadian citizen working in, or living in the US.
-- Tigger warning: This post may contain tiggers! --
We just sold your location info to some guys out of Lower Elbonia. They likely will sell it to some local gangbangers who will use it to know when to break in. Not like your Simplisafe unit is going to call the police when it is tossed in the toilet before it goes off. Oh, and we know about the fact that you visit a club with dancing midgets, and that fact will be sent with pictures and phone geo-location maps in real time unless you pay us 3 BTC within 24 hours. Perhaps the DA will like to know that you do an underground rat-pucking league, and those phone maps will go to him unless you pay 5 BTC. Cheaper than bail and felony charges.
You say you don't care about your privacy, yet you post as anonymous coward. Interesting.
More like: we have reason to believe you were involved in a crime that happened adjacent to your work/home route. Your cell phone was the closest phone in proximity to the theft, and an eye witness says she can identify the culprit. Please stem this way to the window line up so our witness can identify or exonerate you.
Have fun getting your ass ponded because "the government has no reason to want to hurt me".
We already have limits on how US government can use personal information. The Carpenter Vs US lawsuit will continue to define those limits. We created these protections because we realized that government can use personal information to predict, manipulate, and control us. The combination of powerful government and enabling personal information is a threat to self-determination and rule by consent of the governed.
We have seen many recent examples where powerful modern entities used technology and personal information to predict, manipulate, and control us. FaceBook can predict, control and manipulate us. So can Google, Amazon, Political Action Committees, The Russian Government, advertising agencies, and so on. We need to take further action to protect our unalienable right of self determination. If we fail to act, our society and government continue to transform into "Rule by Manufactured Consent of the Manipulated".
Manipulation is a threat to ourselves and our society. Manipulation advances the goals of the manipulator. Manipulation has no fundamental respect for reality. Past manipulation divorced the victims from reality. Manipulation weakens both individuals and society. Present day manipulation must not be assumed to be legitimate, just because it is cheaper, more effective, more powerful, or wielded by new entities.
Once personal information is collected, it is almost impossible to destroy. It will be monetized. It will leak. It will spread. The cell-phone companies will sell or breech. An Intelligence agency will seize and leak. A well-meaning judge will issue a General Warrant.
For NOW, when you need privacy, you must DITCH THE PHONE.
One path forward is to realize that any personal information that is effective at predicting, controlling or manipulating us IS our identity. As long as this information is effective, and valuable, it is a part of us. We must establish that owning your own personal information is an unalienable right. The right of owning your personal information can not be stolen, seized, legislated or contracted away.
hence... treaties... which extend/grant rights to citizens of other constituencies based upon mutual agreement!!
ummm, no need to "step" to the window, a picture has already been uploaded from your camera.
"911 call's GPS coordinates showed van's location"
RTFHeadLINE
no substitute for pure incompetence. or perhaps the cop was too busy polishing his gun to care for an actual life.
I tried it using my personal cellphone. It told me I was in an area that is 10 miles (16km) from where I actually am.
The last time I was in that area was Friday, four days ago.
My phone has been communicating with cell towers over here on the "far side" of town for four days solid,
great reception, incoming and outgoing SMS and calls, so clearly their data is... um... wrong.
Not so smart after all.
Ehud Gavron
Tucson AZ
Motorola Moto G4 / LineageOS
Wrong. You are subject to the laws of the country you live in, not the one you come from.
FWIW it's not very difficult to physically disable GPS on your phone, just takes some electronics background and a phone you can safely disassemble/reassemble.
Any information that is collected can and probably will be abused at some point. It doesn't matter what laws are enacted. This is why any "privacy" methods that don't prevent the collection in the first place are fairly doomed.
With our current technology, cell operators HAVE to know where a phone is so calls can be routed to them. However, there is no reason they should be SAVING that information, much less giving it or selling it to ANYONE.
So, OS and settings and GPS aside, just having your phone "on" the cell network means you ARE being tracked.
Wrong, you are subject to the treaty that overrides state or national laws, it's in the US constitution even.
-- Tigger warning: This post may contain tiggers! --
Getting rating requests: Please rate the restaurant you just ate at: 2 Stars; Only half the menu available and the restrooms are out of service. Please rate the municipal park you just visited: 5 Stars: Beautifully maintained, with clean, stocked restrooms.
Rights are not granted by anyone. "We hold these truths to be self-evident, that all men are created equal, that they are endowed, by their Creator, with certain unalienable Rights..." Your rights are something you are born with, and they are numerous beyond counting, and universal, applying everywhere. Governments can only recognize and protect, or ignore and abuse those rights.
The distinction is seriously important.
You're making an assumption that any setting on your phone that ostensibly allows you to turn the GPS receiver 'OFF' actually does that, or can't be overridden remotely, which it most certainly can, and your phone would likely still show it as 'OFF'. The only way to actually disable it is to do as I said above: locate the antenna and short it to ground.
+1. Rights are recognized. Privileges are granted.
And disabling the GPS really isn't much of a solution. Just knowing which cell tower you connect to will likely pinpoint your location fairly accurately, and the only way to disable that is to turn your phone off and leave it off.
There is no general rule here. It depends on countries and individual laws.
The GPDR explicitly states that it applies to data from people who are in the EU. Including non-EU citizens that happen to be in the EU, excluding EU citizens that happen to be outside the EU.
Other laws apply differently. E.g. many countries tax their citizens even when outside the country. The US goes unusually far in taxing even US citizens that never lived in the US (and demanding a large sum of money for getting rid of US citizenship). Most criminal law applies depending on where the crime was comitted, but some laws are applied depending on the nationality of the victim or accused, even if the crime happened outside the territory of the state that made the law.
There are plenty of countries that have laws that apply to people outside their territory.
If you matter to them, they will try to get you.
There are international arrest warrants. Many countries will not hand over their own citizens, but most will hand over citizens of other countries.
They might freeze your bank accounts at banks that do business in multiple countries.
Rights are granted by societies. There is nothing inherently magical about people or their origin that bestow them these rights, no matter how much you believe in faerie tales and invisible sky wizards.
I was going to point out something similar, but the coward made the point much better and far more sincerely than I would have. To address the original comment
"We hold these truths to be self-evident, that all men are created equal, that they are endowed, by their Creator, with certain unalienable Rights..."
This only works if you believe that everyone has a common "Creator", that this "Creator" created everyone equally and endowed them with "Rights". If you don't believe any part of that, it really falls apart. You could support the idea of "Rights" out of benevolent self interest, but that only holds up as long as cooperation is in everyone's interest.
After you get past that, the question is what makes 2 people any more equal than a person and say a cow or the neanderthal? This belief in equality is only useful to create rules to protect yourself and you interests until you have enough power and influence to acquire want you want and need and to protect the things you care about without the rules. Then you are in a superior position and can create new rules to protect your interests and control those who would work against your interests.
"Rights" are a nice idea and can make a society run better. But you can't expect people to believe in your "Rights" any more than you can expect them to believe in your God. "Rights" are granted by those who are capable and willing to enforce them and rejected by those who can gain more without them.
In the context of this thread, the EU and cellphone companies are arguing incompatible "Rights". The cellphone companies are hoping the US will protect the cellphone companies' "Rights" from the EU's attempts to enforce the EU's Rights. Most other people involved and the people affected are operating at the "cow or the neanderthal" level. The Creator is letting us make our own mess.
But my phone doesn't even have a GPS receiver.
Just because you don't have an 'app' for your GPS location doesn't mean the chipset doesn't have a GPS receiver integrated into it. You might also be surprised to know it's got an FM broadcast receiver integrated into it too, but again no 'app' to access it. Even the cheap-ass plastic LG dumbphone that cost less than $50 has GPS in the chipset, just no 'app' to access it. But that doesn't mean the carrier can't access it, or the government, or a hacker.
So you think the US Marines and the US Navy and the US Air Force don't enforce rights in international waters?
You sure about that?
Why do you think we created the Marines in the first place?
Seriously, don't any of you actually take any history or civics classes?
And who do you think created the British Navy and British Marines?
Each country can choose to do such things.
-- Tigger warning: This post may contain tiggers! --
The GPDR explicitly states that it applies to data from people who are in the EU.
Which is irrelevant to a U.S. based company without presence in the EU.
I'm not a complete idiot... Some parts are missing.
Whether or not you enable GPS or even have a GPS receiver, the cell network can triangulate the signal from your phone. Depending on the technology used, all cell phones can be located through this technology built into the network, or have GPS that can be activated remotely with no option to override. This is legally required, so that 911 operators can see where you are if you call in and can't talk to them or don't know where you are.
Well, you started off on a bad foot and took it into a worse conclusion. You have to remember the time frame, Darwin had yet to produce his theory and wouldn't for a hundred ish years. Even if you didn't believe in the christian god at the time, you were at a loss as to how to explain how man got here. The intent of this statement is to add moral authority to the simple concept of "people are born free and anything you do to impune on that is wrong."
In short, you are looking at this exactly backwards. The declaration of independence was written as a message to an abusive government, and was done so in such a way as to accuse them of immorality. "We hold these TRUTHS to be self evident...." You can't claim ignorance, everybody knows these things. "All men are created equal." We are all born the same, any injustice is because YOU imposed it or allowed it. "certain unalienable Rights..." There are certain things, if you try to suppress them, we have a MORAL justification for fighting you.
Rights aren't a scientific classification, they are a moral justification. I have the right to free speech. Why? Because everyone does and you are an asshole if you try to take it away.
Now, without a doubt, I will probably need help to protect those rights. So forming a government to acknowledge and defend those rights is probably a good idea, but the key point is that those rights existed before the government. Otherwise you get into an illogical chicken and egg loop.
As to the thread context, just because you call something a right, doesn't necessarily make it one. Being wrapped up with morality, they are difficult to define and limit, but that doesn't mean they don't exist. At least for humans.
As a side note, there was serious debate around the creation of a bill of rights. It was argued at the time that the "uneducated" would assume those rights were the only ones they possessed. To alleviate this concern, the 9th amendment was provided. "The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people."
Smarter and better men than you or I have made their life's work arguing these things, and I for one am not willing to dismiss it as idealistic ramblings or religious zealots.
Oh, and I have been an atheist since 15, I would advise you not to let the inclusion of the word God in a sentence blind you with disgust such that you ignore the rest of the words in it.
For what it's worth, I'm not an atheist, I'm not disgusted and I know the Constitution is not the idealistic ramblings of religious zealots. But they were somewhat idealistic for their time. Radicals too. Are they correct in their determination everyone's Rights? Where their definition might conflict with the EU's definition of Rights, which is correct?
When dealing with conflicting "Rights" as have been discussed in this thread (such as the EU's people's Right to Privacy and the US company's right to use the information they posses) who is correct? There is not some inherent absolute for you to tied yourself to. The coward I was responding to made it clear that God wasn't something you can expect everyone to anchor their axioms to. What would you expect everyone to anchor to so they see your "TRUTH" & "MORAL" justification as correct? Just that you capitalized them? (Ya, I know, but really, capitalizing them makes it seem like you think you've written something beyond dispute, even though people when to war to dispute it. Saying "everybody knows these things" doesn't mean everybody knows these things.)
I believe there are things that are right and true, but yammering about my "Rights", especially in international matters is about as silly as my declaring "It's God's will! We'll fight you if you disagree!"
Verizon is the only one who said it would stop providing data. The others said they'd require consent, but there is no actual mechanism for you to verify consent with them ... so they are lying fucking bastards.
If a hundred thousand people vote with their wallets today, this will be done with tomorrow.