This is a huge deal. It smells a lot to me like Cambridge Analytica, but even worst.
>The service can find the whereabouts of almost any cellphone in the country within seconds. It does this by going through a system typically used by marketers and other companies to get location data from major cellphone carriers, including AT&T, Sprint, T-Mobile and Verizon, documents show.
> A system typically used by marketers and other companies to get location data from major cellphone carriers...
Wait, what? Carriers are selling personally identifiable location information? I knew they were selling aggregate data, but how are they legally selling location numbers tied to actual phone numbers?
I dug into my carrier's privacy policy, and it looks like this is true. They say you'll be asked for consent before it happens, but what mechanism does the carrier even have to request that consent? I've certainly never seen an opt-in prompt for anything like that before, but according to my carrier's site, there are at least two companies that are accessing or have accessed my location data through my carrier. That is not okay.
If an app or service I use wants access to my location, they can go through my phone's location services API, which requires my affirmative consent. It is completely unacceptable that they can bypass me and get it directly from my carrier.
shrug It's America, there's no general concept of privacy in law. It's not considered to be your data, it's their data. I'd be rather more surprised if this is legally happening in the EU.
(I would not be surprised to discover that most EU carriers are compromised by some quasi-private intelligence service organisation like Cambridge Analytica/SCL group, illegally selling location data or derived results.)
Like many things in the Constitution, that only restricts the government. If they asked for this information, they'd need to get a warrant for it to be admissible in court.
Privacy right is not in the Constitution, it was created by the courts (IIRC there was a hilarious argument about penumbras of Constitution and stuff, but really, how credulous has one to be?). So I would think they may make it restricting anybody they like. And of course the Congress is the legislative body, which can legislate these restrictions, as it does with a myriad others. As long as the Constitution does not ban it, it'd be fine - and it's not likely that SCOTUS would consider right to privacy as contrary to the constitution, I think.
No, not at all; it only refers to search and seizure carried out by the government. Whereas the 1st amendment is usually interpreted to mean that, once you've given data to a third party, they are free to publish it. In this situation the phone location data belongs to the phone company.
ECHR Article 8 contains a genuine right to privacy.
> Wait, what? Carriers are selling personally identifiable location information? I knew they were selling aggregate data, but how are they legally selling location numbers tied to actual phone numbers?
I tried the demo (https://www.locationsmart.com/try/) and it indeed works. The location given is about 200 meters away from my location. This is kinda scary? Why are carriers allowed to do this and are there any opt-out options?
Of course. Of course marketers are just allowed to track specific numbers for nebulous marketing reasons. Of course the phone companies just hand that feature out to whoever the fuck they want. What kind of god damn terrible security is this? What is wrong with the FCC? Oh yeah they were bought to exclusively terrorize the competitors of large telecom companies.
I remember when cell phones first started becoming commonplace and people thought I was crazy for having doubts. I hate being right.
Apparently US companies can do this if they "get concent". I don't know what that means though, it could be a couple terms buried in your contract. It's definitely huge, I haven't heard of it before either.
Does anyone know if there's an EU directive on this? I looked into my contract, and there's a completely abstract and vague paragraph noting how they can use personal data for some reasons (including commercial) but they don't even mention what that might be. It could be "just" the insurance/tax identification numbers and the full name, or it could be a lot more things.
I guess it also depends on whether the tracking can be done with existing hardware and a software solution or not. If it's easy, (ie they can easily figure out the tower and get signal levels) they probably do it. If you need better hardware, they probably don't, mostly because of lower buying power and more legal implications.
If you have T-Mobile, I recommend logging into your account and going to Profile > Privacy and Notifications > Advertising & Insights and disabling everything. Obviously, as a consumer I don't know exactly how this data is being collected, but if the the carriers are sharing individual level data, this is hopefully the opt-out.
EDIT: This is the text from one of the settings:
With your consent, T-Mobile, affiliates, and ad providers use your web browsing and app usage data along with advertising identifiers to deliver relevant mobile advertising and to learn more about your preferences. Advertising identifiers used can include Android and iOS Advertising IDs, browser mobile cookies, and device identifiers.
I have had those disabled on my T-Mobile account since I opened it a few years ago, but I was still able to get the location of my cell phone on https://www.locationsmart.com/try
If you find another place to opt-out, let me know...
Yeah, he really seems like he's the kind of guy to champion individual rights at the expense of police power and corporate moneymaking interests. Not.~
This is horrible, but you just can't expect privacy in your use of anything electronic in the US. They will track you if they can in any conceivable way. We should advocate for a gpdr like law in the us. It will take years to get there, we don't even have net neutrality, but we need that. Every step of the way there will be people claiming that we can't have protection of privacy because that would be bad for business.
Sounds like the ICE license plate tracker that is for tracking license plates across the US for immigration monitoring, just so happens to nag everyone in it...[1]
> The Immigration and Customs Enforcement (ICE) agency has officially gained agency-wide access to a nationwide license plate recognition database, according to a contract finalized earlier this month. The system gives the agency access to billions of license plate records and new powers of real-time location tracking, raising significant concerns from civil libertarians.
I am a victim of possibly "lawful" surveillance and tracking. The law is a very thickle thing of the business courts today. Right and wrong regarding to the court has a very loose connection to the constitution and morality. If I've learned anything about the law is that people will do anything they can get away with legally. It's a scary world out there, and it's just going to get more scary.
The trouble is that Europe isn't great either: many European countries recognise the rights to free speech & arms-bearing in limited ways, and their governments don't necessarily do a great job with respect to privacy, either. And many have criminal-court systems which are worse than the U.S. & U.K. jury-based systems.
> Securus received the data from a mobile marketing company called 3Cinteractive .... In turn, 3Cinteractive got its data from LocationSmart, a firm known as a location aggregator, according to documents from those companies. LocationSmart buys access to the data from all the major American carriers, it says.
Someone with a little money to burn should subscribe to 3Cinteractive or LocationSmart's service and use the data to spam the whole country with texts with the location info telling the recipient they're being tracked. That ought to rile people up and help end whatever practices enable this kind of tracking.
But wouldn't it be a breach of contract and not a tort? There may be other torts involved, but I was only considering the issue you brought up with breaking their contract terms.
The t&c of the trial do indeed state you cannot share non-public data with a third party. However, I wonder if you could find wighle room if you only share data with those who already know it. That is, are you sharing data by telling someone theor own location? Probably you are still in violation of the t&c, but did you cause harm? I dont know. Ianal.
This is a huge deal. It smells a lot to me like Cambridge Analytica, but even worst.
>The service can find the whereabouts of almost any cellphone in the country within seconds. It does this by going through a system typically used by marketers and other companies to get location data from major cellphone carriers, including AT&T, Sprint, T-Mobile and Verizon, documents show.
> A system typically used by marketers and other companies to get location data from major cellphone carriers...
Wait, what? Carriers are selling personally identifiable location information? I knew they were selling aggregate data, but how are they legally selling location numbers tied to actual phone numbers?
I dug into my carrier's privacy policy, and it looks like this is true. They say you'll be asked for consent before it happens, but what mechanism does the carrier even have to request that consent? I've certainly never seen an opt-in prompt for anything like that before, but according to my carrier's site, there are at least two companies that are accessing or have accessed my location data through my carrier. That is not okay.
If an app or service I use wants access to my location, they can go through my phone's location services API, which requires my affirmative consent. It is completely unacceptable that they can bypass me and get it directly from my carrier.
> how are they legally selling location numbers
shrug It's America, there's no general concept of privacy in law. It's not considered to be your data, it's their data. I'd be rather more surprised if this is legally happening in the EU.
(I would not be surprised to discover that most EU carriers are compromised by some quasi-private intelligence service organisation like Cambridge Analytica/SCL group, illegally selling location data or derived results.)
Am I correct in recalling that the way abortion became legal was an argument about a constitutional right to privacy? I wonder what happened...
Like many things in the Constitution, that only restricts the government. If they asked for this information, they'd need to get a warrant for it to be admissible in court.
Privacy right is not in the Constitution, it was created by the courts (IIRC there was a hilarious argument about penumbras of Constitution and stuff, but really, how credulous has one to be?). So I would think they may make it restricting anybody they like. And of course the Congress is the legislative body, which can legislate these restrictions, as it does with a myriad others. As long as the Constitution does not ban it, it'd be fine - and it's not likely that SCOTUS would consider right to privacy as contrary to the constitution, I think.
I think the 4th Amendment is about the general concept of privacy, and it is definitely the law.
It's about protection from government intrusion. Negative rights, rather than a positive right as in Europe.
No, not at all; it only refers to search and seizure carried out by the government. Whereas the 1st amendment is usually interpreted to mean that, once you've given data to a third party, they are free to publish it. In this situation the phone location data belongs to the phone company.
ECHR Article 8 contains a genuine right to privacy.
> Wait, what? Carriers are selling personally identifiable location information? I knew they were selling aggregate data, but how are they legally selling location numbers tied to actual phone numbers?
I tried the demo (https://www.locationsmart.com/try/) and it indeed works. The location given is about 200 meters away from my location. This is kinda scary? Why are carriers allowed to do this and are there any opt-out options?
Of course. Of course marketers are just allowed to track specific numbers for nebulous marketing reasons. Of course the phone companies just hand that feature out to whoever the fuck they want. What kind of god damn terrible security is this? What is wrong with the FCC? Oh yeah they were bought to exclusively terrorize the competitors of large telecom companies.
I remember when cell phones first started becoming commonplace and people thought I was crazy for having doubts. I hate being right.
Apparently US companies can do this if they "get concent". I don't know what that means though, it could be a couple terms buried in your contract. It's definitely huge, I haven't heard of it before either.
Does anyone know if there's an EU directive on this? I looked into my contract, and there's a completely abstract and vague paragraph noting how they can use personal data for some reasons (including commercial) but they don't even mention what that might be. It could be "just" the insurance/tax identification numbers and the full name, or it could be a lot more things.
I guess it also depends on whether the tracking can be done with existing hardware and a software solution or not. If it's easy, (ie they can easily figure out the tower and get signal levels) they probably do it. If you need better hardware, they probably don't, mostly because of lower buying power and more legal implications.
I would guess it's pretty easy, given that they need to find your tower anyway in order to complete incoming calls.
Related:
"For sale: Systems that can secretly track where cellphone users go around the globe" (2014) https://www.washingtonpost.com/business/technology/for-sale-...
Signalling System No. 7: Protocol security vulnerabilities https://en.wikipedia.org/wiki/Signalling_System_No._7#Protoc...
If you have T-Mobile, I recommend logging into your account and going to Profile > Privacy and Notifications > Advertising & Insights and disabling everything. Obviously, as a consumer I don't know exactly how this data is being collected, but if the the carriers are sharing individual level data, this is hopefully the opt-out.
EDIT: This is the text from one of the settings: With your consent, T-Mobile, affiliates, and ad providers use your web browsing and app usage data along with advertising identifiers to deliver relevant mobile advertising and to learn more about your preferences. Advertising identifiers used can include Android and iOS Advertising IDs, browser mobile cookies, and device identifiers.
Direct link: https://my.t-mobile.com/profile/privacy_notifications/advert...
I have had those disabled on my T-Mobile account since I opened it a few years ago, but I was still able to get the location of my cell phone on https://www.locationsmart.com/try
If you find another place to opt-out, let me know...
Verizon has multiple information sharing settings you can disable as well. Log into your account and go to "My Profile" > "Privacy Settings".
My setting have all been disabled for years.
That didn't stop locationsmart.com from just now locating me down to a few hundred meters.
https://www.eff.org/files/2018/05/11/wyden-securus-location-...
Senator's letter to the FCC on this topic.
I'm sure Ajit Pai will get right on it.
Yeah, he really seems like he's the kind of guy to champion individual rights at the expense of police power and corporate moneymaking interests. Not.~
This exploits design flaws in the SS7 & MAP protocols that power mobile networks worldwide. Cooperation from the carriers isn’t even required.
This is horrible, but you just can't expect privacy in your use of anything electronic in the US. They will track you if they can in any conceivable way. We should advocate for a gpdr like law in the us. It will take years to get there, we don't even have net neutrality, but we need that. Every step of the way there will be people claiming that we can't have protection of privacy because that would be bad for business.
Sounds like the ICE license plate tracker that is for tracking license plates across the US for immigration monitoring, just so happens to nag everyone in it...[1]
> The Immigration and Customs Enforcement (ICE) agency has officially gained agency-wide access to a nationwide license plate recognition database, according to a contract finalized earlier this month. The system gives the agency access to billions of license plate records and new powers of real-time location tracking, raising significant concerns from civil libertarians.
[1] https://www.theverge.com/2018/1/26/16932350/ice-immigration-...
>just so happens to nag everyone in it...
Thank you for your concern. We are closing this ticket as "not a bug".
I am a victim of possibly "lawful" surveillance and tracking. The law is a very thickle thing of the business courts today. Right and wrong regarding to the court has a very loose connection to the constitution and morality. If I've learned anything about the law is that people will do anything they can get away with legally. It's a scary world out there, and it's just going to get more scary.
I don't see any way to opt out of this on my Project Fi (Google) account...
I opted out by moving to Europe.
The trouble is that Europe isn't great either: many European countries recognise the rights to free speech & arms-bearing in limited ways, and their governments don't necessarily do a great job with respect to privacy, either. And many have criminal-court systems which are worse than the U.S. & U.K. jury-based systems.
Sadly, there's no one perfect state.
> Securus received the data from a mobile marketing company called 3Cinteractive .... In turn, 3Cinteractive got its data from LocationSmart, a firm known as a location aggregator, according to documents from those companies. LocationSmart buys access to the data from all the major American carriers, it says.
Someone with a little money to burn should subscribe to 3Cinteractive or LocationSmart's service and use the data to spam the whole country with texts with the location info telling the recipient they're being tracked. That ought to rile people up and help end whatever practices enable this kind of tracking.
I am guessing they make you sign a contract saying you won't disclose "their" data to third parties. So you would really need a lot of money.
Or the willingness to do it, concede the lawsuit, then declare bankruptcy.
Judgements from intentionally torts are not dischargeable in bankruptcy.
But wouldn't it be a breach of contract and not a tort? There may be other torts involved, but I was only considering the issue you brought up with breaking their contract terms.
The t&c of the trial do indeed state you cannot share non-public data with a third party. However, I wonder if you could find wighle room if you only share data with those who already know it. That is, are you sharing data by telling someone theor own location? Probably you are still in violation of the t&c, but did you cause harm? I dont know. Ianal.