(Screenshot: ZDNet. Source: State of Georgia[1])
Four of the largest cell giants in the US are selling your real-time location data to a company that you've probably never heard about before.
In case you missed it, a senator last week sent a letter[2] demanding the Federal Communications Commission (FCC) investigate why Securus, a prison technology company, can track any phone "within seconds" by using data obtained from the country's largest cell giants, including AT&T, Verizon, T-Mobile, and Sprint, through an intermediary, LocationSmart.
The story blew up because a former police sheriff snooped on phone location data without a warrant, according The New York Times[3]. The sheriff has pleaded not guilty to charges of unlawful surveillance.
Yet little is known about how LocationSmart obtained the real-time location data on millions of Americans, how the required consent from cell user owners was obtained, and who else has access to the data.
Kevin Bankston, director of New America's Open Technology Institute, explained in a phone call that the Electronic Communications Privacy Act only restricts telecom companies from disclosing data to the government. It doesn't restrict disclosure to other companies, who then may disclose that same data to the government.
He called that loophole "one of the biggest gaps in US privacy law."
"The issue doesn't appear to have been directly litigated before, but because of the way that the law only restricts disclosures by these types of companies to government, my fear is that they would argue that they can do a pass-through arrangement like this," he said.
LocationSmart, a California-based technology company, is one of a handful of so-called data aggregators. It claimed to have "direct connections"[4] to cell