The Latest Privacy Scandal: Your Cell Phone Location Data Could Be At Risk

Phone carriers, and the companies they work with to move your calls from cell tower to cell tower, know your location. And one of them has been hacked. Congress and the FCC are just beginning to take notice.

By Shelly BrisbinMay 28, 2018 10:57 am,

It probably isn’t a surprise that your cell phone company knows a lot about you, including where you are right now and where you were last night. The phone company doesn’t really care where you were last night. But the police might, if they think you could be involved in a crime, they can scoop up your location data after the fact. But how would it feel to know that phone carriers are passing your location data on to third parties, and that you can’t opt out of that sharing?

Slate Senior Technology Writer Will Oremus says what’s happening here is different than the Facebook/Cambridge Analytica scandal that captured so much attention among the public and the press. That scandal focused on Facebook users’ profile data and likes to help political campaigns, while the newest scandal concerns how wireless carriers are being careless with user location data with third parties.

“They’re letting third parties, companies you’ve never heard of, have access to that data that they keep on you and where you are at all times,” Oremus says. “And they’re not making sure that those third parties are keeping that data safe. They’re not making sure that nobody gets access to that data who isn’t supposed to.”

Oremus says that in some states, phone companies are prohibited from sharing your location data with law enforcement without a warrant, but there are fewer regulations for sharing that data with other private companies. LocationSmart is an example of a third party company that does mobile location tracking.

“Say you’re a subscriber of Verizon. Verizon wherever you go with your mobile phone on, they can ping it from the nearest cell tower and figure out which Verizon cell tower you’re closest to,” he says. “But LocationSmart works with all the major wireless carriers. They can combine the information – Verizon is pinging you from one cell tower, but then they can combine that with information with AT&T. Maybe you’re actually closer to an AT&T tower. LocationSmart can then pinpoint your location better than any one carrier could do on its own.”

He says while there are some ways users benefit when location data is shared, LocationSmart has not been safeguarding the data they have.

“The way it’s supposed to work is only if you’re a professional client of these companies do you then get access to use this location data for certain approved purposes,” he says.

He says most of the threat is hypothetical only because there is not enough information about whether data has been used, and how.

“[The tech news site] Ars Technica reported…that the FCC has indeed taken preliminary steps to look into LocationSmart and why they had this vulnerability to let people track other people’s locations at all times,” Oremus says.

LocationSmart might be the tip of the iceberg – we don’t know what other third parties may be using, collecting, and sharing location data. However, this new scandal isn’t gaining as much traction as Facebook’s lax data-sharing policies has. Oremus hypothesizes the lack of attention is because the new privacy scandal doesn’t have political ties.

“And in general, as a tech reporter, I have seen over the years – it’s really only when you have the concrete, dramatic, demonstrated harm that you get the sustained pressure on the companies to change, or the government to intervene,” he says.

Written by Amber Chavez.