It's Apparently Easy To Pretend To Be A Cop, Grab Location Data From Cellular Carriers

from the ill-communication dept

While Facebook tends to get the lion's share of (deserved) criticism, the telecom sector continues to make its case for being the absolute worst when it comes to protecting your private data. Scandal after scandal have highlighted how wireless carriers routinely collect and store your daily location data, then sell that data to a universe of shady middlemen with little to no oversight as to how the data is used. Users sign one overlong privacy policy with their wireless carrier, and that policy is being read to mean consumers sign off on the practice, which they certainly haven't.

This week journalist Joseph Cox again highlighted the problems on the location data front, reporting how many stalkers and debt collectors are able to get access to this data without paying for it. How? By pretending to be law enforcement officers:

"...bounty hunters and people with histories of domestic violence have managed to trick telecommunications companies into providing real-time location data by simply impersonating US officials over the phone and email, according to court records and multiple sources familiar with the technique. In some cases, these people abuse telecom company policies created to give law enforcement real-time location data without a court order in “exigent circumstances,” such as when there is the imminent threat of physical harm to a victim.

In addition to cellular tower location data, carriers were also recently busted selling A-GPS data, which is supposed to be protected by FCC data rules. Despite significant reporting on this subject and carrier promises to stop collecting and selling this data, this practice is still ongoing. Like Facebook, these are companies that are staring down the barrel of looming regulation -- and still somehow can't seem to find the motivation to behave. Regulators at the Ajit Pai FCC have also sat on their hands and have yet to issue so much as a warning to cellular carriers.

At least one skiptracer told Motherboard that wireless carriers remain several steps behind in trying to crack down on the practice:

"So many people are doing that and the telcos have been very stupid about it. They have not done due diligence and called the police [departments] directly to verify the case or vet the identity of the person calling,” Valerie McGilvrey, a skiptracer who said she has bought phone location data from those who obtained access to it, told Motherboard. A skiptracer is someone tasked with finding out where people, typically fugitives on the run or those who owe a debt, are located."

In many instances the third parties are exploiting telecom company procedures for "exigent circumstances," allowing them to request and receive real-time location data by fabricating law enforcement data request documents telecom operators aren't properly verifying. Of course as the New York Times noted more than a year ago, law enforcement officers have also been busted abusing this system to spy on judges and other law enforcement officers.

Like so many sectors, wireless carriers were so excited by the billions to be made selling your daily habits, they forgot to actually protect that data. As reporters like Cox continue to dig deeper, you have to think that many cellular carriers are scrambling hard to clean up their mess as inevitable class action lawsuits and regulatory investigations wait in the wings. This scandal is getting so ugly, even the carrier-cozy Trump FCC may, at some point, be forced to actually do something about it.

Filed Under: bounty hunters, data sharing, debt collectors, exigent circumstances, impersonation, law enforcement, location info, privacy, stalkers, telcos