If like most people you keep your cell phone handy, your mobile-service provider knows where you are nearly all the time. And several major cell companies are selling that information to firms that sell it onward in a practice that could let stalkers and criminals find out your location in real time, according to a new report.
“A wide variety of companies can access cell phone location data, and … the information trickles down from cell phone providers to a wide array of smaller players, who don’t necessarily have the correct safeguards in place to protect that data,” Motherboard reported Jan. 8.
AT&T, T-Mobile and Sprint are among the cell-service firms reportedly peddling the data, according to the tech website. Car salesmen, property managers, bail bondsmen and bounty hunters are among the groups of people ultimately buying the location data, Motherboard reported.
The expose prompted a U.S. senator to call on the Federal Communications Commission to take action. “This information could be obtained by anyone: a stalker, an ex, …,” Democrat Sen. Ron Wyden tweeted Jan. 8. “It’s time for the @FCC to get its act together.”
The FCC did not immediately respond to a request for comment.
Last year, Verizon was revealed to have been selling location data and, after criticism from Wyden, said it would stop.
Motherboard’s investigation “shows just how exposed mobile networks and the data they generate are, leaving them open to surveillance by ordinary citizens, stalkers and criminals,” according to Motherboard.
“There’s a complex supply chain that shares some of American cell phone users’ most sensitive data, with the telcos potentially being unaware of how the data is being used by the eventual end user, or even whose hands it lands in.”
Location data can be bought for legitimate purposes, for example by financial firms seeking to detect fraud or by roadside-assistance companies using it to find customers whose vehicles break down, according to Motherboard.
But “aggregation” companies specializing in selling location data are passing it onward “at a profit, and with minimal oversight,” Motherboard reported. In the site’s investigation, location data was sold to a “bounty hunter” who pinpointed the location of a test phone to within a couple blocks, the site reported.
One firm selling the data offers “a continuous tracking service,” according to Motherboard.
AT&T told the site that use of the data by bounty hunters would violate its policies. The firm said it was looking into the situation and had stopped transmitting data to an aggregator while it investigated.
“We only permit the sharing of location when a customer gives permission for cases like fraud prevention or emergency roadside assistance, or when required by law,” an AT&T spokesperson told the site.
T-Mobile told the site it wouldn’t tolerate misuse of customer data. The company said a location-data aggregator it worked with had “shut down all transmission of T-Mobile data.”
And Sprint told Motherboard that protecting customer privacy was a “top priority,” and that if it found any of its customers had violated their contracts with the company, Sprint would take “appropriate action.”