
Service Meant to Monitor Inmates’ Calls Could Track You, Too - walterbell
https://www.nytimes.com/2018/05/10/technology/cellphone-tracking-law-enforcement.html
======
mav3r1ck
This is a huge deal. It smells a lot to me like Cambridge Analytica, but even
worst.

>The service can find the whereabouts of almost any cellphone in the country
within seconds. It does this by going through a system typically used by
marketers and other companies to get location data from major cellphone
carriers, including AT&T, Sprint, T-Mobile and Verizon, documents show.

~~~
BonesJustice
> A system typically used by marketers and other companies to get location
> data from major cellphone carriers...

Wait, _what_? Carriers are selling personally identifiable location
information? I knew they were selling aggregate data, but how are they legally
selling location numbers tied to actual phone numbers?

I dug into my carrier's privacy policy, and it looks like this is true. They
say you'll be asked for consent before it happens, but what mechanism does the
carrier even have to request that consent? I've certainly never seen an opt-in
prompt for anything like that before, but according to my carrier's site,
there are at least two companies that are accessing or have accessed my
location data through my carrier. That is _not_ okay.

If an app or service I use wants access to my location, they can go through my
phone's location services API, which requires my affirmative consent. It is
completely unacceptable that they can bypass me and get it directly from my
carrier.

~~~
pjc50
> how are they legally selling location numbers

 _shrug_ It's America, there's no general concept of privacy in law. It's not
considered to be your data, it's their data. I'd be rather more surprised if
this is legally happening in the EU.

(I would not be surprised to discover that most EU carriers are compromised by
some quasi-private intelligence service organisation like Cambridge
Analytica/SCL group, illegally selling location data or derived results.)

~~~
cortesoft
I think the 4th Amendment is about the general concept of privacy, and it is
definitely the law.

~~~
pjc50
No, not at all; it only refers to _search and seizure_ carried out by the
government. Whereas the 1st amendment is usually interpreted to mean that,
once you've given data to a third party, they are free to publish it. In this
situation the phone location data belongs to the phone company.

ECHR Article 8 contains a genuine right to privacy.

------
lioeters
Related:

"For sale: Systems that can secretly track where cellphone users go around the
globe" (2014) [https://www.washingtonpost.com/business/technology/for-
sale-...](https://www.washingtonpost.com/business/technology/for-sale-systems-
that-can-secretly-track-where-cellphone-users-go-around-the-
globe/2014/08/24/f0700e8a-f003-11e3-bf76-447a5df6411f_story.html)

Signalling System No. 7: Protocol security vulnerabilities
[https://en.wikipedia.org/wiki/Signalling_System_No._7#Protoc...](https://en.wikipedia.org/wiki/Signalling_System_No._7#Protocol_security_vulnerabilities)

------
dgllghr
If you have T-Mobile, I recommend logging into your account and going to
Profile > Privacy and Notifications > Advertising & Insights and disabling
everything. Obviously, as a consumer I don't know exactly how this data is
being collected, but if the the carriers are sharing individual level data,
this is hopefully the opt-out.

EDIT: This is the text from one of the settings: With your consent, T-Mobile,
affiliates, and ad providers use your web browsing and app usage data along
with advertising identifiers to deliver relevant mobile advertising and to
learn more about your preferences. Advertising identifiers used can include
Android and iOS Advertising IDs, browser mobile cookies, and device
identifiers.

~~~
dabernathy89
Verizon has multiple information sharing settings you can disable as well. Log
into your account and go to "My Profile" > "Privacy Settings".

~~~
PhantomGremlin
My setting have all been disabled for years.

That didn't stop locationsmart.com from just now locating me down to a few
hundred meters.

------
logfromblammo
[https://www.eff.org/files/2018/05/11/wyden-securus-
location-...](https://www.eff.org/files/2018/05/11/wyden-securus-location-
tracking-letter-to-fcc-1.pdf)

Senator's letter to the FCC on this topic.

~~~
ellius
I'm sure Ajit Pai will get right on it.

~~~
logfromblammo
Yeah, he really seems like he's the kind of guy to champion individual rights
at the expense of police power and corporate moneymaking interests. Not.~

------
Rjevski
This exploits design flaws in the SS7 & MAP protocols that power mobile
networks worldwide. Cooperation from the carriers isn’t even required.

------
Latteland
This is horrible, but you just can't expect privacy in your use of anything
electronic in the US. They will track you if they can in any conceivable way.
We should advocate for a gpdr like law in the us. It will take years to get
there, we don't even have net neutrality, but we need that. Every step of the
way there will be people claiming that we can't have protection of privacy
because that would be bad for business.

------
drawkbox
Sounds like the ICE license plate tracker that is for tracking license plates
across the US for immigration monitoring, just so happens to nag everyone in
it...[1]

> _The Immigration and Customs Enforcement (ICE) agency has officially gained
> agency-wide access to a nationwide license plate recognition database,
> according to a contract finalized earlier this month. The system gives the
> agency access to billions of license plate records and new powers of real-
> time location tracking, raising significant concerns from civil
> libertarians_.

[1] [https://www.theverge.com/2018/1/26/16932350/ice-
immigration-...](https://www.theverge.com/2018/1/26/16932350/ice-immigration-
customs-license-plate-recognition-contract-vigilant-solutions)

~~~
dsfyu404ed
>just so happens to nag everyone in it...

Thank you for your concern. We are closing this ticket as "not a bug".

------
wpdev_63
I am a victim of possibly "lawful" surveillance and tracking. The law is a
very thickle thing of the business courts today. Right and wrong regarding to
the court has a very loose connection to the constitution and morality. If
I've learned anything about the law is that people will do anything they can
get away with legally. It's a scary world out there, and it's just going to
get more scary.

------
iudqnolq
I don't see any way to opt out of this on my Project Fi (Google) account...

~~~
gerwitz
I opted out by moving to Europe.

~~~
zeveb
The trouble is that Europe isn't great either: many European countries
recognise the rights to free speech & arms-bearing in limited ways, and their
governments don't necessarily do a great job with respect to privacy, either.
And many have criminal-court systems which are worse than the U.S. & U.K.
jury-based systems.

Sadly, there's no one perfect state.

------
Lionsion
> Securus received the data from a mobile marketing company called
> 3Cinteractive .... In turn, 3Cinteractive got its data from LocationSmart, a
> firm known as a location aggregator, according to documents from those
> companies. LocationSmart buys access to the data from all the major American
> carriers, it says.

Someone with a little money to burn should subscribe to 3Cinteractive or
LocationSmart's service and use the data to _spam the whole country with texts
with the location info telling the recipient they 're being tracked._ That
ought to rile people up and help end whatever practices enable this kind of
tracking.

~~~
testvox
I am guessing they make you sign a contract saying you won't disclose "their"
data to third parties. So you would really need a lot of money.

~~~
Lionsion
Or the willingness to do it, concede the lawsuit, then declare bankruptcy.

~~~
testvox
Judgements from intentionally torts are not dischargeable in bankruptcy.

~~~
Lionsion
But wouldn't it be a breach of contract and not a tort? There may be other
torts involved, but I was only considering the issue you brought up with
breaking their contract terms.

