Your Real-Time Cell Phone Location Data is for Sale

January 18, 2019 | by Andrew Regitsky

Your Real-Time Cell Phone Location Data is for Sale

Cell phone service providers are involved in a new controversy.  According to a January 8, 2019 report on the website Motherboard, AT&T, T-Mobile and Sprint are apparently selling real time cell phone customer location data to at least one unauthorized company who resells this information to anyone, including companies not authorized to possess this data.  Motherboard explained how the process works:

Whereas it’s common knowledge that law enforcement agencies can track phones with a warrant to service providers, IMSI catchers, or until recently via other companies that sell location data such as one called Securus, at least one company, called Microbilt, is selling phone geolocation services with little oversight to a spread of different private industries, ranging from car salesmen and property managers to bail bondsmen and bounty hunters, according to sources familiar with the company’s products and company documents obtained by Motherboard.  Compounding that already highly questionable business practice, this spying capability is also being resold to others on the black market who are not licensed by the company to use it... seemingly without Microbilt’s knowledge.  (Motherboard January 8, 2019).

This investigation demonstrated how vulnerable our mobile networks are in this country.  According to Motherboard, real time location data is “open to surveillance by ordinary citizens, stalkers, and criminals.”  Moreover, “a wide variety of companies can access cell phone location data, and that the information trickles down from cell phone providers to a wide array of smaller players, who don’t necessarily have the correct safeguards in place to protect that data.”

This potential misuse of information caught the eye of Congress who were quick to saddle mobile carriers with the blame.  Senator Ron Wyden (D-Ore) stated:

Carriers are always responsible for who ends up with their customers’ data — it’s not enough to lay the blame for misuse on downstream companies.  The time for taking these companies at their word is long past.  Congress needs to pass strong legislation to protect Americans’ privacy and finally hold corporations accountable when they put your safety at risk by letting stalkers and criminals track your phone on the dark web.

Senator Kamala Harris (D-CA) sought an emergency investigation by the FCC to address this issue.  FCC Commissioner Jessica Rosenworcel tweeted her agreement. “[I]t shouldn’t be that you pay a few hundred dollars to a bounty hunter and then they can tell you in real time where a phone is within a few hundred meters.  That’s not right. This entire ecosystem needs oversight.”

Mobile providers have reacted quickly.  AT&T issued a statement on January 9. 2019 pledging to stop selling all location data:

In light of recent reports about the misuse of location services, we have decided to eliminate all location aggregation services – even those with clear consumer benefits.  We are immediately eliminating the remaining services and will be done in March.

Similar pledges were made by T-Mobile and Verizon.  Both say they also will stop selling location data by March.  Unfortunately for these carriers, with the Democrats now in charge of the House of Representatives, such pledges are not going to be enough.  Frank Pallone (D-NJ) the new chairman of the House Energy and Commerce demanded an emergency briefing from the FCC and is not willing to wait until the government reopens.

The FCC once again appears to have dragged its feet in protecting consumers.  While some carriers have now recommitted to stopping such unauthorized disclosure, the public can no longer rely on their voluntary promises to protect this extremely sensitive information.  (Frank Pallone letter to FCC Chairman Ajit Pai, January 11, 2019.)

Congress will make sure the onus on resolving this issue falls on the FCC.  Many Democrats believe Chairman Pai (to be frank) is simply a tool of the large carriers.  They will continue to pressure him and the FCC to address this issue quickly and decisively, with large fines levied at any carrier that continues to sell data.  Moreover, carriers should take note, customer privacy issues will be a paramount issue for the new House of Representatives in 2019.