We are in the midst of a major and worrying data privacy scandal — but you probably haven’t heard about it.
To put it in the simplest terms possible: Law enforcement entities can figure out exactly where you are, at this very minute, using your smartphone. All without your knowledge.
This is because the largest telecom companies in the U.S. — AT&T, Verizon, T-Mobile and Sprint — have been selling your real-time location data to a little-known company called LocationSmart. Another firm, Securus Technologies, obtains and uses that location data for its own purposes.
Securus Technologies is a prison technology company whose primary gig is inmate phone call monitoring. But the firm also quietly offers another service to law enforcement that can locate nearly any phone in the U.S. using cell tower data. In a public document, Securus even boasts that it can do so “within seconds.”
The existence of such a service was revealed earlier this month when The New York Times reported that a former Missouri sheriff had used it to track people’s locations without a warrant.
While telecom companies are barred by law from handing over data to the government, they can freely give that data to other companies. In turn, those companies can give that same data to government entities.
Kevin Bankstown, director of the Open Technology Institute, explained the loophole to ZDNet — calling it “one of the biggest gaps in U.S. privacy law.”
Securus maintains that its service is used for legitimate purposes. (It has about 3,450 law enforcement customers.) Banks and other companies also use LocationSmart data for marketing and anti-fraud purposes.
But the service, obviously, raises some serious privacy concerns — particularly as the tracking can be done with little legal oversight, the NYT reported.
While LocationSmart requires a person’s explicit consent before tracking their location, that requirement goes out the window if a search warrant is issued. As ZDNet points out, that’s why Securus is able to track devices without asking for a user’s permission.
Worse still, a few days after news of the service broke, Motherboard reported that a hacker breached Securus’ servers and obtained login information and passwords for thousands of the company’s law enforcement customers.
In the wake of these revelations, Democratic Sen. Ron Wyden called for increased scrutiny and a federal investigation into the matter. Wyden also urged telecom companies to stop sharing that data with third parties.