An investigation has found that hundreds of bounty hunters had access to the highly sensitive data—and one requested phone locations over 18,000 times.
The news: Motherboard has uncovered documents that reveal the shocking extent to which location data from Americans’ phones is being used without their knowledge. Its investigation has revealed that AT&T, T-Mobile, and Sprint sold location data to an aggregator. It then sold some of the information to a now-defunct company called CerCareOne, which operated from around 2012 to 2017, and sold location data to some 250 bounty hunters—those who claim a reward to help track people who have skipped bail.
The data: CerCareOne was keen to keep a low profile, using contracts that even forbid customers from revealing it had a website. It offered various kinds of information, including super-accurate “assisted-GPS,” or A-GPS, location data. This uses both GPS receivers on wireless base stations and phones’ in-built GPS chips to pinpoint a device’s location to within a few meters, even inside a building.
The controversy: A-GPS was developed to allow first responders to track the location of emergency calls, but telecom firms have been selling this and other highly sensitive location data without informing customers. In January, Motherboard revealed that a bounty hunter had sold one of its reporters location data about the reporter’s own phone for $300. Other black-market transactions may well have been taking place for years, letting people’s phones be tracked without their knowledge.
US telcos claimed the sale of the reporter’s data was an isolated incident. But the new investigation shows consumer location data was being distributed widely. Some bounty hunters reportedly made requests for large numbers of location “pings,” sometimes tracking phones minute by minute or hour by hour. One even used the service over 18,000 times in just over a year, according to records obtained by Motherboard. Some bail agreements permit the tracking of people’s phones if they disappear, but it’s not hard to see how location data could be leaked for unauthorized uses.
The backlash: In January, the telecom giants said they would stop selling location data to aggregators. But the US Federal Communications Commission (FCC) is still investigating the companies’ handling of sensitive location information. In a tweet responding to Motherboard’s latest story, Jessica Rosenworcel, an FCC commissioner, called on the agency’s staff to speed up its review. “There’s something fundamentally wrong,” she wrote, “when hundreds of bounty hunters can pay a few hundred dollars and know where any of us are with our mobile devices.”
Three things to know about the White House’s executive order on AI
Experts say its emphasis on content labeling, watermarking, and transparency represents important steps forward.
A high school’s deepfake porn scandal is pushing US lawmakers into action
Legislators are responding quickly after teens used AI to create nonconsensual sexually explicit images.
A controversial US surveillance program is up for renewal. Critics are speaking out.
Here's what you need to know.
Meta is giving researchers more access to Facebook and Instagram data
There’s still so much we don’t know about social media’s impact. But Meta president of global affairs Nick Clegg tells MIT Technology Review that he hopes new tools the company just released will start to change that.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.