Skip to Content
Tech policy

Bounty hunters tracked people secretly using US phone giants’ location data

February 7, 2019

An investigation has found that hundreds of bounty hunters had access to the highly sensitive data—and one requested phone locations over 18,000 times.
 
The news: Motherboard has uncovered documents that reveal the shocking extent to which location data from Americans’ phones is being used without their knowledge. Its investigation has revealed that AT&T, T-Mobile, and Sprint sold location data to an aggregator. It then sold some of the information to a now-defunct company called CerCareOne, which operated from around 2012 to 2017, and sold location data to some 250 bounty hunters—those who claim a reward to help track people who have skipped bail.
 
The data: CerCareOne was keen to keep a low profile, using contracts that even forbid customers from revealing it had a website. It offered various kinds of information, including super-accurate “assisted-GPS,” or A-GPS, location data. This uses both GPS receivers on wireless base stations and phones’ in-built GPS chips to pinpoint a device’s location to within a few meters, even inside a building.
 
The controversy: A-GPS was developed to allow first responders to track the location of emergency calls, but telecom firms have been selling this and other highly sensitive location data without informing customers. In January, Motherboard revealed that a bounty hunter had sold one of its reporters location data about the reporter’s own phone for $300. Other black-market transactions may well have been taking place for years, letting people’s phones be tracked without their knowledge.
 
US telcos claimed the sale of the reporter’s data was an isolated incident. But the new investigation shows consumer location data was being distributed widely. Some bounty hunters reportedly made requests for large numbers of location “pings,” sometimes tracking phones minute by minute or hour by hour. One even used the service over 18,000 times in just over a year, according to records obtained by Motherboard. Some bail agreements permit the tracking of people’s phones if they disappear, but it’s not hard to see how location data could be leaked for unauthorized uses.
 
The backlash: In January, the telecom giants said they would stop selling location data to aggregators. But the US Federal Communications Commission (FCC) is still investigating the companies’ handling of sensitive location information. In a tweet responding to Motherboard’s latest story, Jessica Rosenworcel, an FCC commissioner, called on the agency’s staff to speed up its review. “There’s something fundamentally wrong,” she wrote, “when hundreds of bounty hunters can pay a few hundred dollars and know where any of us are with our mobile devices.”

Deep Dive

Tech policy

How the Supreme Court ruling on Section 230 could end Reddit as we know it

As tech companies scramble in anticipation of a major ruling, some experts say community moderation online could be on the chopping block.

2022’s seismic shift in US tech policy will change how we innovate

Three bills investing hundreds of billions into technological development could change the way we think about government’s role in growing prosperity.

Mass-market military drones: 10 Breakthrough Technologies 2023

Turkish-made aircraft like the TB2 have dramatically expanded the role of drones in warfare.

We’re witnessing the brain death of Twitter

An analysis of Musk’s tweets shows him at the center of conversations once kept on the fringes of Twitter.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.