A recent investigation proved just about anyone can get access to our cell phone location for a small fee and even track us on an ongoing basis. The reporter, Joseph Cox, discovered that T-Mobile, Sprint, and AT&T are selling access to their customers’ location data to just about anyone. The buyer can then turn around and track anyone with a phone.
Cox explained how he gave a bounty hunter a test phone number on the T-Mobile network. The bounty hunter used what he calls “a shady service” and bragged about how he could find the location of most any phone in this country. In this test, the bounty hunter was able to contact an associate who was able to locate the phone’s location within a few hundred meters on a Google map.
While tracking is commonly done using apps on a phone, this was done with none of that, just using information originating from these cellular networks that they freely provide for a small fee.
One of the companies they sell to is MicroBilt, which offers debt collection services and writes on its site, “MicroBilt’s suite of recovery and skip tracing tools provide quick, convenient, and current data that help you prioritize and successfully track people down and collect.”
Motherboard’s investigation highlighted the fact that our mobile networks are open for others to access with the cooperation of these three cellular companies and there’s no regulation or oversight from them about who gets access, including bounty hunters, private detectives, ex-spouses, stalkers, and criminals. Motherboard was told by a tipster that he was able to use this service to track his girlfriend.
This is not the first time the problem has been reported. According to Motherboard:
Last year, one location aggregator, LocationSmart, faced harsh criticism for selling data that ultimately ended up in the hands of Securus, a company that provided phone tracking to low-level enforcement without requiring a warrant. LocationSmart also exposed the very data it was selling through a buggy website panel, meaning anyone could geolocate nearly any phone in the United States at a click of a mouse.
The investigation found that numerous companies have access to the phone’s location data through successive sharing and selling. Essentially, it’s a free-for-all. They found that “T-Mobile shares its customers’ location data with an aggregator called Zumigo, which shares information with Microbilt. Microbilt then shared that data with a customer using its mobile phone tracking product. The bounty hunter then shared this information with a bail industry source, who shared it with Motherboard.”
Unauthorized tracking was a big issue last year when The New York Times and Senator Ron Wyden (D-Ore.) disclosed details of how Securus provided geolocation services, as noted above, without a warrant. At that time the cellular companies said they were taking extra measures to ensure their customers’ data would not be abused again. Verizon announced it would limit data access to companies not using it for legitimate purposes. T-Mobile, Sprint, and AT&T made similar promises.
T-Mobile’s CEO John Legere tweeted last June, “I’ve personally evaluated this issue & have pledged that @tmobile will not sell customer location data to shady middlemen.” I guess that means he’ll just sell to non-shady middlemen.