February 7, 2019 — And that includes A-GPS data, too
Additional information provided to Motherboard shows that carriers made A-GPS data available through the chain of information resellers and it ended up in the hands of over 250 different bounty hunters and related businesses.
A-GPS (Assisted Global Positioning System) data is accumulated with the assistance of carriers. The regular GPS chip in your phone can take minutes (or longer) to pinpoint your location, and A-GPS was developed to help first responders and 911 operators find a cell phone when the need was urgent. Because it uses far less battery power, it's commonplace and now used by many apps and services on your phone.
The information provided to Motherboard includes screen captures from tracking services showing the data being used. According to Laura Moy, executive director at the Center on Privacy and Technology at Georgetown University Law Center, this is the first instance of A-GPS data being sold wholesale.
When contacted by Motherboard, none of the carriers denied selling A-GPS data.
Your location is worth about $300, according to an in-depth study by Motherboard.
The website followed a tip and after a convoluted series of events and $300 changing hands, it was able to correctly pinpoint a phone's location without asking for any consent, because carriers are still selling your location data to "shady" middlemen who resell it under their own policies. And unlike the debacle in May 2018, when LocationSmart was selling your location to law enforcement, this time it's being sold to private individuals and businesses.
How the whole thing happened
Here's how it worked in the Motherboard case. For your phone — any phone and not one particular model, make, or one that uses a particular OS — to operate correctly, it has to periodically send a signal that cell towers receive, and they, in turn, send one back. That's known as "pinging" cell towers and it's how your phone knows which tower is closest and which to connect with. Your carrier keeps track of these pings, which contain a fairly close approximation of your location.
T-Mobile has an agreement with a company called Zumigo where it sells this location data, complete with a set of rules how it can be used. It so happens that Zumigo is the same company that sold T-Mobile subscriber location data to LocationSmart last May, which caused T-Mobile CEO John Legere to evaluate and pledge to not "sell customer location data to shady middlemen" in response to a Senate inquiry.
Sounds like word hasn't gotten to you, @ronwyden. I've personally evaluated this issue & have pledged that @tmobile will not sell customer location data to shady middlemen. Your consumer advocacy is admirable & we remain committed to consumer privacy. https://t.co/UPx3Xjhwog— John Legere (@JohnLegere) June 19, 2018
Zumigo has a separate contract with other companies that want your location data. One of these companies is Microbilt, which resells it again to other companies and individuals like bounty hunters, debt collectors and even used car salesmen. One of these Microbilt clients obtained the location of the phone in question and then sold it to a private individual, who then sold it again for $300 to Motherboard. If all this makes you dizzy and prone to a headache, you're not alone.
The companies involved all pointed to their own agreements that state how this data is to be used, claiming that the responsibility falls on whoever in the chain sold the data to an "unauthorized" party. And no laws were broken; it is illegal for a carrier in the United States to sell your data directly to law enforcement, but not to any private company.
Used car salesmen can buy your live location for as little as $8.42. What they do with it is anyone's guess.
Posing as potential customers, Motherboard's investigation found evidence of AT&T, Sprint, and T-Mobile selling customer location data to service companies in the business of reselling it. All three defended the practice, pointing to the agreements each holds with these location aggregate businesses, which state how the data can be used. After being contacted by Motherboard, each claims to have cut any and all ties to Microbilt until a full investigation can be completed. When trying to obtain location data for a Verizon number, Microbilt was "unwilling or unable" to search for the data, and Verizon did not respond to a request for comment.
Microbilt offers customer location tracking for as little as $8.42 when purchasing in bulk, according to documents Motherboard was able to obtain while posing as a customer. The relevant pages have been removed from the Microbilt website, but Motherboard posted copies of the originals that you can see at the source link above.
What it all means
This all points to one of the biggest issues facing us in the future, and that's how poorly implemented and insecure your carrier's data privacy measures are. With the current administration at the FCC — which was unable to comment while the offices are closed for the U.S. government shutdown — I don't see any of this getting better.
No matter what steps you take to preserve your privacy, your carrier still gives it to anyone with a fistful of money.
We may earn a commission for purchases using our links. Learn more.
Buy a Synology NAS to boost your home network storage productivity!
With a network attached storage enclosure, you can easily back up data from all devices on your home network, and you can use it as a powerful media server. With options starting off from just $100, these are the best Synology NAS enclosures for home use.
At this point, Google should just launch the Pixel 4a with the Pixel 5
With delay after delay pushing back the Pixel 4a's launch into July and possibly August, it would make a lot of sense for Google to simply call it the Pixel 5a and launch it alongside the Pixel 5 in October.
Google is playing the long game with its hardware company acquisitions
Why does Google keep buying companies that it doesn't always know what to do with?
Which MVNOs are best for hotspot data?
MVNOs are offering more data than ever and many of them are letting you share it with your other Wi-Fi devices. If you need a backup plan for Wi-Fi or just spend a lot of time away from public access points, you can get connected with a prepaid carrier.