Wireless Carrier Abuse Of Location Data Makes The Facebook, Cambridge Scandal Look Like Amateur Hour
from the we-need-outrage-symmetry dept
As we've noted a few times now, however bad the recent Facebook and Cambridge Analytica scandal was, the nation's broadband providers have routinely been engaged in much worse behavior for decades. Yes, the Cambridge and Facebook scandal was bad (especially Facebook threatening to sue news outlets that exposed it), but the behavior they were engaging in is the norm, not the exception. And watching people quit Facebook while still using a stock cellphone (which lets carriers track your every online whim and offline movement) was arguably comedic.
As the recent Securus and LocationSmart scandal highlights, wireless carriers pretty routinely sell your location data to a laundry list of companies, governments, and organizations with only fleeting oversight. And while some lawmakers are pressuring the FCC to more closely investigate the scandal (which resulted in the exposure of wireless location data of some 200 million users in the U.S. and Canada), few expect the same FCC that just killed net neutrality to actually do anything about it.
When the previous FCC tried to pass some pretty modest privacy protections last year requiring that ISPs be more transparent about all of this, ISPs quickly took advantage of a cash-compromised Congress to scuttle those protections before they could even take effect:
Sorry to beat a dead horse, but @FCC's 2016 broadband #privacy rules would have required opt-in consent from customers 2 share cell phone location information. This Congress REPEALED those rules, w. all Senate Rs & all but 15 House Rs voting 4 repeal. https://t.co/LbawV3d5up
— Gigi Sohn (@gigibsohn) May 22, 2018
This collective apathy to routine telecom sector privacy abuses has been going on for decades. You might recall that multiple ISPs were accused years ago of collecting and selling consumer clickstream data. When they were pressed for details, many simply either denied doing it or refused to respond. As more sophisticated network gear like deep-packet inspection emerged, ISPs began tracking and selling your online browsing habits down to the millisecond, some even charging users extra if they wanted to protect their own privacy.
But things got immeasurably more profitable once wireless carriers began tracking user location data, which they now sell to everyone from urban planners to government agencies. Companies like Verizon Wireless were subsequently caught covertly modifying wireless user data packets to track users around the internet without telling them. It took security researchers two years to even discover this was happening and another six months of public shame before Verizon even provided an opt out option (a more powerful version of the tech is now being used by Verizon's Oath advertising brand).
And yet even in the wake of the LocationSmart fracas, which literally exposed the private data of nearly everybody in America, we're still somehow only seeing a fraction of the media, regulatory or public outrage we saw during the Facebook and Cambridge kerfuffle:
"You might think that the major wireless carriers would be facing intense pressure to account for their lax handling of customers’ data. You might think the story would be all over newspapers’ front pages and cable news. You might think their CEOs would be hounded by the media, as Facebook’s Mark Zuckerberg was after the Cambridge Analytica story broke. You might think they’d be dragooned into testifying before Congress.
You might think that, if you expected a reaction commensurate to the one that accompanied the Cambridge Analytica revelations. And it’s conceivable that it will still happen. But so far, there has been none of that."
It remains odd that the press and public still don't realize how deep this particular rabbit hole goes. And whereas the Cambridge scandal made headlines for months, the location data scandal has barely registered a fraction of the collective outrage in media coverage or in DC. Meanwhile, wireless carriers are effectively refusing to even acknowledge they work with companies like LocationSmart, and there's little to no indication accountability is heading their direction anytime soon.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: location data, privacy, wireless carriers
Companies: cambridge analytica, facebook, locationsmart, securus
Reader Comments
Subscribe: RSS
View by: Time | Thread
I don't think people understand what's going on.
[ link to this | view in thread ]
[ link to this | view in thread ]
Perfect for turn key spy operations!
[ link to this | view in thread ]
Bingo
Of course not: this stuff is way too deep in the weeds for 98% of users (myself included.)
[ link to this | view in thread ]
They tend to ignore things until it effects them & opening with lists of where some of them have been might have gotten much faster results. (Of course they probably would have just added protections for themselves & leave the rest of us screwed)
[ link to this | view in thread ]
Re: Bingo
What do ya think you pay all those taxes for ?
[ link to this | view in thread ]
Re: Perfect for turn key spy operations!
If you want attention, buy the data and figure out who senators and congresspeople are meeting with.
[ link to this | view in thread ]
"Stock cellphone"
[ link to this | view in thread ]
Stock cellphones
Why does it matter whether people are using a stock cellphone? Are there non-stock ones that can prevent this? My understanding is that it's cell-site data, meaning any phone connected to the network can be tracked—IOW, you'd have to have a wifi-only "phone" to avoid it.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Stock cellphones
[ link to this | view in thread ]
Re: Re: Stock cellphones
Yeah, more than one. Carriers are tracking "every offline movement" without that. Maybe not "every online whim", but unless you're using Orbot or a VPN they'll see every unencrypted online whim and every encrypted site address (but not content) you connect to.
[ link to this | view in thread ]
Here they come, yo
After the rapture it will be because: control
Revelation 13:16-18.
[ link to this | view in thread ]
Well, of course
Doesn't Comcast own at least a few news organizations?
[ link to this | view in thread ]
Re: Stock cellphones
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Stock cellphones
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Here they come, yo
[ link to this | view in thread ]
Re: Re:
https://www.nbcnews.com/news/us-news/company-invents-gun-folds-look-cellphone-n547221
[ link to this | view in thread ]
So far, there's been no proof that the telcos or the orgs they sold location data to have been using the data to overtly manipulate public discourse.
Once that proof arrives (and there's no question that SOMEBODY is using the data in such a manner), we'll see the public uproar, but not before.
We've seen this over and over again. The public knew that the NSA was collecting private data, but it took Snowden demonstrating not only what was collected but how it was proposed to be used before people got upset. Same has happened over and over again: people don't connect the dots when PII is collected; they definitely do when they're shown what it is to be used for.
[ link to this | view in thread ]
Today's Big Lie
Nope. Cell carriers sell location data on individual users only to companies who serve it up to law enforcement pursuant to warrants. Yes, the LocationSmart web site had a bug in it, but to jump from a bug to a full-blown conspiracy is the kind of thing only a troll would do.
Try again, Karl.
[ link to this | view in thread ]
[ link to this | view in thread ]
Umm, NO, Facebook and GOOGLE still plenty bad!
Facebook and Google only collect 80 percent or so of advertising revenue, and control similar amount of search. This assertion that Facebook is minor is a flat lie.
[ link to this | view in thread ]
Re: Today's Big Lie
[ link to this | view in thread ]
Re: Today's Big Lie
Is that what you call it, Dicky McDickface?
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Umm, NO, Facebook and GOOGLE still plenty bad!
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Today's Big Lie
Are seriously this retarded or are you just going for broke now since I've completely and totally demolished you and your lies in every single one of your comments? Can't take the heat so you're just going to lie about everything and hope something sticks?
Your assertion is literally and patently false, and an obvious and deliberate lie. It was verified that anyone could go on the site, request a demo, and instantly find the location of any random cell phone. Not only that, the bug in the site wasn't that you could do this, it was that you could even bypass the demo and documentation submission requirement and use it as many times as you wanted to for free. This was verified by multiple independent security researchers and journalists. The only way this could have occurred is if they had access to the entirety of carriers' location data, which they even admitted to.
From a cached press release from LocationSmart:
Huh, direct access to databases. Look at that. Who's the liar now?
To deliberately lie about publicly available and verified facts is something only an industry paid shill would do.
Try again Richard.
[ link to this | view in thread ]
Re: Umm, NO, Facebook and GOOGLE still plenty bad!
You're an idiot.
[ link to this | view in thread ]
Re: Re: Today's Big Lie
It'd almost be funny if it wasn't skullfuckingly dumb.
[ link to this | view in thread ]
Re: Re: Re: Today's Big Lie
How desperate or delusional do you have to be to think that telling that big and obvious of a lie is going to fool anyone?
[ link to this | view in thread ]
Re: Re: Re: Re: Today's Big Lie
Granted, the comment wasn't signed in. But Dick believes that fake names don't matter, only the ideas do. What's good for the goose...
[ link to this | view in thread ]
[ link to this | view in thread ]
enter without so much as knocking
All they need to do is wait.
[ link to this | view in thread ]