Location Bounty Hunters Had Access to GPS Data

AlphaAtlas

AlphaAtlas

[H]ard|Gawd
Staff member
Joined
Mar 3, 2018
Messages
1,713
In January, Motherboard found that AT&T, T-Mobile, and Sprint were unwittingly compromising their user's privacy and security. The telecommunication giants were reportedly selling data to third parties in bulk, a practice they've been criticized for before, who in turn were selling data about specific customers to "bounty hunters" that can locate nearly any phone in the U.S. for about $300. Telecoms claimed they were going to address the issue, but the publication kept digging, and earlier this week, they released a new series of reports claiming that practice was not an "isolated incident." They say that around 250 bounty hunters had access to the location data, some of whom accessed it "thousands or tens of thousands of times." Additionally, some of the requests used GPS data instead of cell tower data, which is sometimes accurate enough to tell where a user is inside a building.

A list of a particular customer's use of the phone location service obtained by Motherboard stretches on for around 450 pages, with more than 18,000 individual phone location requests in just over a year of activity. The bail bonds firm that initiated the requests-known in the industry as phone pings-did not respond to questions asking whether they obtained consent for locating the phones, or what the pings were for. "The scale of this abuse is outrageous," Eva Galperin, director of cybersecurity at campaign group the Electronic Frontier Foundation, told Motherboard in an email.
 
I do not find this shocking in the least. I also highly doubt it was "unwittingly" done. They were paid for data and didnt care to ask what you did with it...
 
Great track down the criminal with his or her phone and get your bail jumper money!
 
Vader1975 said:
Great track down the criminal with his or her phone and get your bail jumper money!
Click to expand...
The only problem is, you know that this service was used to track people other than bail jumpers. Think how useful this would be to private investigators to track cheating spouses and such. The temptation to abuse this type of data is just too great.
 
PaulP said:
The only problem is, you know that this service was used to track people other than bail jumpers. Think how useful this would be to private investigators to track cheating spouses and such. The temptation to abuse this type of data is just too great.
Click to expand...

I am going to play devils advocate for a minute: Is that really abuse of the data? Your phone provider sold access to that data, data you willingly provided (its probably in your contract) and did not place any restrictions on what could or could not be done with it. I am not aware of any laws restricting private use of said data either. To be sure we all care if the Govt is using the data and for what purposes but to date people have largely not cared what private individuals do with it.

So stepping back I would have to say this is something we have to provide a legal framework for that clearly sets out what consumer rights are regarding this data and how it is to be tracked and used by third parties.
 
  • Like
Reactions: DocNo
like this
kju1 said:
I am going to play devils advocate for a minute: Is that really abuse of the data? Your phone provider sold access to that data, data you willingly provided (its probably in your contract) and did not place any restrictions on what could or could not be done with it. I am not aware of any laws restricting private use of said data either. To be sure we all care if the Govt is using the data and for what purposes but to date people have largely not cared what private individuals do with it.

So stepping back I would have to say this is something we have to provide a legal framework for that clearly sets out what consumer rights are regarding this data and how it is to be tracked and used by third parties.
Click to expand...
From a legal/technical point of view, I don't disagree with what you are saying...but: most people buy a cell phone for the purpose of communicating with other people and accessing the net (obviously games, taking pictures, etc. are part of the mix, but the primary purpose is communication), not to provide a way to be tracked. And they pay a heft sum every month for this service. Few would explicitly allow unrestricted tracking, even for a discount on their monthly fee. So even if the mobile service providers are not technically breaking the law by quietly selling this information to 3rd parties (and not restricting how they can use it), they are sill abusing the expectations and trust of their customers.
 
PaulP said:
The only problem is, you know that this service was used to track people other than bail jumpers. Think how useful this would be to private investigators to track cheating spouses and such. The temptation to abuse this type of data is just too great.
Click to expand...

But if you did nothing wrong then you have nothing to hide, right? </sarcasm>
 
PaulP said:
From a legal/technical point of view, I don't disagree with what you are saying...but: most people buy a cell phone for the purpose of communicating with other people and accessing the net (obviously games, taking pictures, etc. are part of the mix, but the primary purpose is communication), not to provide a way to be tracked. And they pay a heft sum every month for this service. Few would explicitly allow unrestricted tracking, even for a discount on their monthly fee. So even if the mobile service providers are not technically breaking the law by quietly selling this information to 3rd parties (and not restricting how they can use it), they are sill abusing the expectations and trust of their customers.
Click to expand...

I am not in disagreement, I just wanted to be devils advocate and point out what they did was completely legal if of questionable morality. On a personal level I believe we should have a legal framework which allows the consumer to dictate what can be done with their data or at the very least requires notification of every intended use and unintentional use (including violations). I would prefer to have complete control over my data.
 
You must log in or register to reply here.
Back
Top