Slashdot Mirror
US Cell Carriers Are Selling Access To Your Real-Time Phone Location Data (zdnet.com)
Four of the largest cell giants in the US are selling your real-time location data to a company that you've probably never heard about before. ZDNet: In case you missed it, a senator last week sent a letter demanding the Federal Communications Commission (FCC) investigate why Securus, a prison technology company, can track any phone "within seconds" by using data obtained from the country's largest cell giants, including AT&T, Verizon, T-Mobile, and Sprint, through an intermediary, LocationSmart. The story blew up because a former police sheriff snooped on phone location data without a warrant, according The New York Times. The sheriff has pleaded not guilty to charges of unlawful surveillance.
Yet little is known about how LocationSmart obtained the real-time location data on millions of Americans, how the required consent from cell user owners was obtained, and who else has access to the data. Kevin Bankston, director of New America's Open Technology Institute, explained in a phone call that the Electronic Communications Privacy Act only restricts telecom companies from disclosing data to the government. It doesn't restrict disclosure to other companies, who then may disclose that same data to the government. He called that loophole "one of the biggest gaps in US privacy law. The issue doesn't appear to have been directly litigated before, but because of the way that the law only restricts disclosures by these types of companies to government, my fear is that they would argue that they can do a pass-through arrangement like this," he said. Further reading: The Tech Used To Monitor Inmate Calls Is Able To Track Civilians Too.
Yet little is known about how LocationSmart obtained the real-time location data on millions of Americans, how the required consent from cell user owners was obtained, and who else has access to the data. Kevin Bankston, director of New America's Open Technology Institute, explained in a phone call that the Electronic Communications Privacy Act only restricts telecom companies from disclosing data to the government. It doesn't restrict disclosure to other companies, who then may disclose that same data to the government. He called that loophole "one of the biggest gaps in US privacy law. The issue doesn't appear to have been directly litigated before, but because of the way that the law only restricts disclosures by these types of companies to government, my fear is that they would argue that they can do a pass-through arrangement like this," he said. Further reading: The Tech Used To Monitor Inmate Calls Is Able To Track Civilians Too.
Any sane lawyer could sue all these telecom companies under both the EU GPDR and the US/Canada data treaties.
Your rights don't end at the border, unless you're only an American.
-- Tigger warning: This post may contain tiggers! --
Let me ask about a different situation.
Every day there are private airplanes flying around in our US airspace, who interact with air traffic control (of course), and who can ask that afterwards the records of their tail numbers not get published -- by the government. It could be that a person or company doesn't want people to know where they're going, who they belong to.
Now there are also people who make it their hobby to record the airplanes they see taking off + landing, and share this info with others. There are probably companies who do this too.
Is that illegal? How are you to pass a law against someone getting access to information that could completely legitimately be obtained by someone observing it in person? Does public information fall under the domain of privacy?
That is the problem with privacy -- I don't know that the definition of it is something that can cover purely public information. Not talking about Social Security numbers or personal health data or credit card info.
Is someone's observation of your activities in public, private information?
That is all.
I suspect this is larger than most people ever imagined. Try this experiment. Have a friend of yours who will be traveling out of state take your credit card with them and use it to make a $200 purchase. It will be declined. Somehow the credit card company knows that you and the card are in different locations.
Or at least I have. I remember being screamed and voted down on Slashdot because I was insisting the GPS and other location data was being accessed and would be given out to just about anyone, panic monger and paranoid lunatic that I am.
Amazing how people don't want to see what is right in front of them.
...that signing several thousand pages of contracts over fifteen different TOU's without reading them could lead to this.
They'll ignore it, or the contract for your phone will require you click through an agreement to let them do as they will. Even if that fails, they'll do it anyway. A fine here and there is nothing compared to the powe of knowing where every person, car, motorcycle and eventually bicycle on the planet is. It's THE power, knowing where everyone is, what they read, what they say, and who they associate with. Every nation on the planet, every corporation, every secret and public police will never let this go. Ever notice how Wikileaks is the only new org on the planet that gets real leaks? There is a reason for that. They brag openly to reporters they don't need a warrant to know who's been talking to them. We are sewn shut.
1.
It's worth noting who's upset about this and for some reason many of the stories don't mention him.
2.
Just in case any of you were still working under the false assumption that it doesn't matter which party you vote for. Keep it in mind as election season approaches.
You are welcome on my lawn.
Any sane lawyer could sue all these telecom companies under both the EU GPDR and the US/Canada data treaties.
Your rights don't end at the border, unless you're only an American.
Umm.. wait, what? "Rights" are a concept granted by the country you're in. They do, literally, end at the border. "Your Rights" become whatever the rights are that are granted to foreigners in the new country you entered if the new country does grant such rights. Do all countries even have the concept of individual rights? If you go to China for Example with the 9mm pistol your home country gives you the right to carry you aren't going to have a good day. If you go to North Korea running your mouth about how their emperor sucks badly... same thing - they don't care about the rights you had when you were in your "home" country. They do care that foreign nationals in those countries don't have the right to do those things.
You say you don't care about your privacy, yet you post as anonymous coward. Interesting.
More like: we have reason to believe you were involved in a crime that happened adjacent to your work/home route. Your cell phone was the closest phone in proximity to the theft, and an eye witness says she can identify the culprit. Please stem this way to the window line up so our witness can identify or exonerate you.
Have fun getting your ass ponded because "the government has no reason to want to hurt me".
We already have limits on how US government can use personal information. The Carpenter Vs US lawsuit will continue to define those limits. We created these protections because we realized that government can use personal information to predict, manipulate, and control us. The combination of powerful government and enabling personal information is a threat to self-determination and rule by consent of the governed.
We have seen many recent examples where powerful modern entities used technology and personal information to predict, manipulate, and control us. FaceBook can predict, control and manipulate us. So can Google, Amazon, Political Action Committees, The Russian Government, advertising agencies, and so on. We need to take further action to protect our unalienable right of self determination. If we fail to act, our society and government continue to transform into "Rule by Manufactured Consent of the Manipulated".
Manipulation is a threat to ourselves and our society. Manipulation advances the goals of the manipulator. Manipulation has no fundamental respect for reality. Past manipulation divorced the victims from reality. Manipulation weakens both individuals and society. Present day manipulation must not be assumed to be legitimate, just because it is cheaper, more effective, more powerful, or wielded by new entities.
Once personal information is collected, it is almost impossible to destroy. It will be monetized. It will leak. It will spread. The cell-phone companies will sell or breech. An Intelligence agency will seize and leak. A well-meaning judge will issue a General Warrant.
For NOW, when you need privacy, you must DITCH THE PHONE.
One path forward is to realize that any personal information that is effective at predicting, controlling or manipulating us IS our identity. As long as this information is effective, and valuable, it is a part of us. We must establish that owning your own personal information is an unalienable right. The right of owning your personal information can not be stolen, seized, legislated or contracted away.
hence... treaties... which extend/grant rights to citizens of other constituencies based upon mutual agreement!!
Any information that is collected can and probably will be abused at some point. It doesn't matter what laws are enacted. This is why any "privacy" methods that don't prevent the collection in the first place are fairly doomed.
With our current technology, cell operators HAVE to know where a phone is so calls can be routed to them. However, there is no reason they should be SAVING that information, much less giving it or selling it to ANYONE.
So, OS and settings and GPS aside, just having your phone "on" the cell network means you ARE being tracked.
Rights are not granted by anyone. "We hold these truths to be self-evident, that all men are created equal, that they are endowed, by their Creator, with certain unalienable Rights..." Your rights are something you are born with, and they are numerous beyond counting, and universal, applying everywhere. Governments can only recognize and protect, or ignore and abuse those rights.
The distinction is seriously important.
Rights are granted by societies. There is nothing inherently magical about people or their origin that bestow them these rights, no matter how much you believe in faerie tales and invisible sky wizards.
I was going to point out something similar, but the coward made the point much better and far more sincerely than I would have. To address the original comment
"We hold these truths to be self-evident, that all men are created equal, that they are endowed, by their Creator, with certain unalienable Rights..."
This only works if you believe that everyone has a common "Creator", that this "Creator" created everyone equally and endowed them with "Rights". If you don't believe any part of that, it really falls apart. You could support the idea of "Rights" out of benevolent self interest, but that only holds up as long as cooperation is in everyone's interest.
After you get past that, the question is what makes 2 people any more equal than a person and say a cow or the neanderthal? This belief in equality is only useful to create rules to protect yourself and you interests until you have enough power and influence to acquire want you want and need and to protect the things you care about without the rules. Then you are in a superior position and can create new rules to protect your interests and control those who would work against your interests.
"Rights" are a nice idea and can make a society run better. But you can't expect people to believe in your "Rights" any more than you can expect them to believe in your God. "Rights" are granted by those who are capable and willing to enforce them and rejected by those who can gain more without them.
In the context of this thread, the EU and cellphone companies are arguing incompatible "Rights". The cellphone companies are hoping the US will protect the cellphone companies' "Rights" from the EU's attempts to enforce the EU's Rights. Most other people involved and the people affected are operating at the "cow or the neanderthal" level. The Creator is letting us make our own mess.
But my phone doesn't even have a GPS receiver.
Just because you don't have an 'app' for your GPS location doesn't mean the chipset doesn't have a GPS receiver integrated into it. You might also be surprised to know it's got an FM broadcast receiver integrated into it too, but again no 'app' to access it. Even the cheap-ass plastic LG dumbphone that cost less than $50 has GPS in the chipset, just no 'app' to access it. But that doesn't mean the carrier can't access it, or the government, or a hacker.