
U.S. Telcos Sold Highly Sensitive Customer GPS Data Typically Used for 911 Calls - walterbell
https://motherboard.vice.com/en_us/article/a3b3dg/big-telecom-sold-customer-gps-data-911-calls
======
zamalek
Why is anyone surprised at this point? These companies manipulate legislature;
in what world don't they, at the very least, exploit the data that they gather
from you to empower themselves? Selling your data off is a far easier moral
leap to make.

The only thing that surprises me is that I thought T-Mobile were the good
guys. Apparently their stance on net neutrality was empty fan service.

Nothing digital has any semblance of privacy. If you want to take nudies with
your significant other, buy a Polaroid camera. If you want to shake hands on a
shady deal, do it in person. If it's not the company who develops your product
screwing you, it's the people pwning them: just look at what happened to the
bastion of privacy, Apple (the iCloud leak).

Stop trusting your digital devices, or, alternatively accept that you have no
privacy (which is a completely valid choice).

~~~
ngngngng
I don't like this fatalistic attitude. Privacy is not black and white. I
switched to signal, duck duck go, and Firefox. And since then, no one knows
how to target ads to me anymore. That's a privacy win, even if there's a long
ways to go.

~~~
zamalek
It's not fatalistic. Your digital Life is optional, which is my point. You can
have privacy, or you can have a device: and _both_ are fine.

Do you use you DNSSEC on your phone?

~~~
nikeee
Does DNSSEC contribute to privacy (which is what I think this question
implies)? If so, how?

~~~
krankthat
No -- you'd need DNSCrypt for that.

------
nerdbaggy
Apple has their own replacement for A-GPS, I wonder if it’s more secure or not
[https://www.idownloadblog.com/2018/01/08/apple-helo-
technolo...](https://www.idownloadblog.com/2018/01/08/apple-helo-technology/)

Edit: Looks like apple uses a 3rd party clearinghouse to pass the information
go 911, so the carriers don’t get it.
[https://cdn.ymaws.com/www.nena.org/resource/resmgr/docs/Appl...](https://cdn.ymaws.com/www.nena.org/resource/resmgr/docs/Apple_Enhanced_Emergency_Dat.pdf)

------
mehrdadn
I'm confused, how does GPS data get gathered by the telco? Wouldn't that need
a backdoor in the OS's GPS software/driver?

~~~
nitrogen
Cell networks triangulate a pretty accurate device location in order to
connect you to the best cell towers for where you are.

Also, the baseband processor in most phones runs its own code out of the
control of the OS and has access to a _ton_ of surprising stuff.

~~~
mehrdadn
GPS != cell networks, and I'm asking what is actually happening, not for a
hypothetical guess (which I can make too).

~~~
ShorsHammer
The article mentions it's aGPS which uses tower triangulation. But this would
be requiring a data link back to the network provider I'd assume.

In airplane mode it _shouldn't_ be sending that data.

[https://en.m.wikipedia.org/wiki/Assisted_GPS](https://en.m.wikipedia.org/wiki/Assisted_GPS)

~~~
TomVDB
aGPS has nothing to do with cell tower triangulation.

With aGPS, the cell phones can download up to date GPS almanac from the tower
instead of having to lock to GPS satellites to get it.

~~~
nitrogen
Read the wikipedia page before downvoting the parent commenter, who was
correct: "A-GPS augments that by using cell tower data to enhance quality and
precision when in poor satellite signal conditions."

~~~
TomVDB
Feel free to point out where the Wikipedia says that it helps with
triangulation. (Hint: it does not.)

The parent commenter explicitly write "A-GPS which uses triangulation".

That is simply not true.

------
writepub
The reason for US' paranoia about Huawei is a scenario where the network
(built with Huawei gear) could not only triangulate locations in real time,
but also transmit voice and data via backdoors to China.

------
josteink
And people in the US still oppose telecom regulations like those we have in
the EU.

Amazing.

------
nerdbaggy
Puts device manufacturers in a tough spot. They can fix the problem because
sometimes the carriers/police/whoever need the A-GPS data

~~~
walterbell
Apple could add an option to disable A-GPS, leaving the device relying only on
satellite GPS.

Carriers would still have cell tower location.

~~~
kevin_nisbet
I'm sure apple could, but this might be an easier said than done item.

A-GPS certainly shouldn't be disabled at all times, as it is a mandate as part
of E911, which has the express purpose of closing the gap on emergency
services being able to find a caller in an emergency.

The difficulty is, I don't think A-GPS is OS controlled, I think it largely
lives in the baseband, which Apple may have a much more limited control over,
optionally enabling and disabling features that for all intensive purposes are
built into the hardware. Ideally, a user should get a notification when not in
a 911 call, but without spending a good deal of time hunting in the standards,
it's possible this isn't exposed either.

I think in the CDMA2000 day's when I looked at this, the OS call for GPS
positions couldn't even say don't use assisted GPS. The baseband if it had a
network connection, would just contact the location server, and use that when
locating the device to give back to the OS. That's old technology though, I'm
not intimately familiar with the current standards.

------
stevenicr
Kind of surprised no one has started a petition for each tel co (maybe there
is one and it;s viral on fbook which I hardly see any of) and demanded privacy
legislation to stop other carriers collecting and transferring location data
at this point.

~~~
justtopost
I have personally called and written my carriers. I think if more did they
might take notice.

------
bubblethink
Can you opt out of location service for 911 calls ? One the one occasion I had
to call 911 from my cell phone, I had to laboriously go over my address. There
was more friction than ordering pizza since there was a lot of back and forth
over the address. So I don't know what this back channel for gps data for 911
does anyway. And ultimately, it seems like a reasonable tradeoff for people to
make on their own if they don't want enhanced 911. Cell phone operators will
still get other auxiliary and approximate data from towers, but I don't want
an API for them to request more precise location.

~~~
ubolonton_
It appears that you will be able to opt out of Apple's new Enhanced Emergency
Data. However, that part is device-initiated anyway. The traditional Network-
Initiated Location Requests probably cannot be opted out of.

------
alanfranzoni
Does anybody have an explanation about A-GPS? How does it work? I thought it
was available to end users, I don't understand why carriers have such data.

~~~
nerdbaggy
Wikipedia has a great article on it
[https://en.m.wikipedia.org/wiki/Enhanced_9-1-1](https://en.m.wikipedia.org/wiki/Enhanced_9-1-1)

~~~
alanfranzoni
I do not understand. That carriers have my cell location data, that seems ok.
But do they get my own phone GPS data along with it? The article seems to
imply that such data is sent only when dialing certain emergency numbers...
Not always!

~~~
alx_mcc
Pinpointing a phone requires three satellites. With A-GPS, it can be
accomplished with two satellites and cell tower data and/or WiFi info.

Official Apple statement:

Calculating a phone’s location using just GPS satellite data can take up to
several minutes. iPhone can reduce this time to just a few seconds by using
Wi-Fi hotspot and cell tower data to quickly find GPS satellites, and even
triangulate its location using just Wi-Fi hotspot and cell tower data when GPS
is not available (such as indoors or in basements). These calculations are
performed live on the iPhone using a crowd-sourced database of Wi-Fi hotspot
and cell tower data that is generated by tens of millions of iPhones sending
the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an
anonymous and encrypted form to Apple.
[https://www.businesswire.com/news/home/20110427005749/en/App...](https://www.businesswire.com/news/home/20110427005749/en/Apple-
QA-Location-Data)

Also worth reading:
[https://transition.fcc.gov/pshs/911/Apps%20Wrkshp%202015/911...](https://transition.fcc.gov/pshs/911/Apps%20Wrkshp%202015/911_Help_SMS_WhitePaper0515.pdf)

~~~
TomVDB
> With A-GPS, it can be accomplished with two satellites and cell tower data
> and/or WiFi info.

I think you might be confusing 2 separate things:

* aGPS uses the cell tower to download data that helps with locking on to GPS satellites much faster. It basically tells the GPS receiver: here are the satellites you need to be looking for.

* cell tower triangulation is used when you have no GPS reception at all. It’s inaccurate, but it’s better than nothing.

If you know your location roughy with triangulation, you can improve your
location estimate if you add 2 satellites to the mix (more data is usually
better than not), but even then it has nothing to do with aGPS.

~~~
alx_mcc
Thank you. I went back and did some additional reading. From what I read it
appears aGPS has different options available.

Standalone - Your handset has no connection to the network, and uses only the
GPS satellite signals it can currently receive to try and establish a
location.

MS Based - Your handset is connected to the network, and uses the GPS signals
+ a location signal from the network.

MS Assisted - Your handset is connected to the network, uses GPS signals + a
location signal then relays its 'fix' to the server, which then uses the
signal strength from your phone to the network towers to further plot your
position.

> If you know your location roughy with triangulation, you can improve your
> location estimate if you add 2 satellites to the mix (more data is usually
> better than not), but even then it has nothing to do with aGPS.

Isn't this exactly what aGPS is? One or more data points outside of satellite
data? If you have an additional resource I'd love to take a look. Just a quick
search of the topic did reveal some contradicting statements.

[https://www.windowscentral.com/gps-vs-agps-quick-
tutorial](https://www.windowscentral.com/gps-vs-agps-quick-tutorial)

~~~
TomVDB
> Isn't this exactly what aGPS is? One or more data points outside of
> satellite data?

I don’t think that’s what it is: with aGPS, the phone downloads data of where
the satellites are. That allows the phone to accelerate its ability to lock
onto GPS satellites.

Triangulation based on cell phone tower location is orthogonal to aGPS. The
original iPhone didn’t have a GPS receiver and didn’t use aGPS, so it used the
location of the towers as a crude way to figure out its location.

The triangulation + 2 satellites examples could be (but doesn’t have to be) a
hybrid of the 2:

Use old school triangularion as one of the location estimates and use 2
satellites as further location estimates.

And then, orthogonally and optionally, you could use aGPS to accelerate
finding additional satellites.

------
ghotli
Forgive me if this seems obtuse but honestly seriously in each of our phones
is an antenna, over that antenna is sent radiowaves, encoded in those
radiowaves is information that must be decoded by the other side of the
transmission.

Each layer of that has a specification, in that specification each side has
implementations of that specification. To me, I fundamentally don't care what
an individual corporation "can or can't do". I care what the spec says,
because that's what the corporation can and can't do unless they have
something completely 100% proprietary.

Speculation is worthless, show me the spec of what function calls enable the
collection of this data, and what the structure of the message looks like over
the wire.

Beyond that, on a rooted device that I have full control over, I should be
able to work out the details of how that's happening and whether or not I want
to fiddle with it to allow my carry around computer to do so or not.

If the implicit assumption that root access to my pocket computer makes it
unable to turn off such a thing, then that's news. The rest are layers and
layers of complexity as to what the defaults of the systems involved are
allowed to do via permissions systems. We're either cool with those defaults,
or we aren't.

So, imo. Start with the specs, if it's possible via them then it's surely
happening whether or not it's "legal" to do so. My apologies if this comes
across as harsh, but what else did we expect? We're fortunate enough to live
in the cusp of the information age, but the first 50/100/200 years of this are
bound to be messy before it either goes full dystopian forever, or enough
outrage affects those defaults.

~~~
implying
This isn't just about software capabilities. The telcos don't need to have
remote code execution on the device. Their huge network of receivers has to
identify your device for routing, and that reveals your location. Simply
connecting to the towers implies that you're within a few miles of them. In
areas with denser coverage, triangulating you within a few meters is trivial,
and I suspect that every network is storing your location in perpetuity from
this method alone. It isn't a issue of software freedom, it's an issue of
having a radio signal emitting from your pocket to a huge network of receivers
with known positions.

Only way to guarantee you aren't being tracked is to turn the signal off,
which isn't feasible for most.

~~~
ghotli
I hear ya, and I personally understand that that's the case, thus if just the
"connection" of my antenna to the tower reveals information I personally don't
care to share then the natural next question is: "can I toggle the antenna off
on my own device except when I want to reveal my location, or is that beyond
my control as long as the antenna has power?"

I personally don't know that I mind it, but some people do and that's the
question that is either allowed by some spec or isn't.

edit: furthermore, just connecting to the towers at all would give approximate
information, unless it's connecting to multiples wherein they can triangulate.
the other question would be "can I compromise and force my antenna into 'one
tower at a time' mode" via some spec. Would I then affect my ability to do
tower handoffs upon movement without having multiple tower connections? If so,
do I care that my antenna is forced into single tower "approximate location"
mode with drops upon new tower acquisition or not? What spec controls that and
can I control it via root access to my device? See what I mean?

~~~
ubolonton_
This is probably between the baseband firmware and the SIM card, so rooting
wouldn't help. And it's using A-GPS (probably in MSA mode, where the location
is derived on the servers, not the phones), not just cell tower triangulation.

