It's hard to believe that much of anything is truly private these days. Between smartphones, the internet, and everything else, so much of our data and lives are on full display for various businesses to see. Recently, it was discovered that all four of the major United States carriers provide your real-time location info to third-parties thanks to a loophole in the Electronic Communications Privacy Act.
How'd this matter come to light? Between 2014 and 2017, former sheriff Cory Hutcheson used a service called "Securus" to track the location of a judge and members of Missouri's Highway Patrol around 11 different times. Securus is a service that allows police officers to facilitate calls made to inmates, but it can also be used to pinpoint the location of a cell phone in a matter of seconds.
Securus obtains this location info from AT&T, Sprint, T-Mobile, and Verizon, but it does so through a middle-man called "LocationSmart."
LocationSmart can pinpoint your real-time location in about 15 seconds.
LocationSmart is based out of California, and after it obtains this data from carriers, sells it to companies like Securus. The location data LocationSmart gets is based on tower information it gets from carriers, and while this process is slower than using GPS, it works in the background without your knowledge and has little-to-no impact on battery life. LocationSmart touts it can pinpoint someone's real-time location in just 15 seconds.
In other words, carriers are letting LocationSmart have your real-time location information so it can then share it with other third-parties. Is any of this even legal?
Unfortunately, it sure is.
The Electronic Communications Privacy Act prevents carriers from sharing user location to the United States government, but there aren't any restrictions in place on other companies. As noted by Kevin Bankston, the Director of New America's Open Technology Institute, this is "one of the biggest gaps in US privacy law."
If you're looking for a silver lining, LocationSmart says that companies that use its services must get "explicit consent" from users before obtaining their location – whether it be through an app or text. However, there are other instances where it's implied that a user wants their location shared and this step can be avoided (such as when someone calls a towing company to pick up their car).
The FCC's been asked to investigate the matter by Democratic Senator Ron Wyden, but it remains to be seen what actions (if any) will be taken.
