Last year, it became public knowledge that LocationSmart, a location-as-a-service company out of California, obtaining real-time location data from America’s four major cell carriers. According to Tech Crunch, they were selling that information to a prison technology company called Securus, which tracked phone owners without their consent. The scandal was thought to no longer be an issue, however, after Senator Ron Wyden of Oregon called on cell carriers to stop such privacy-invading practices.
Motherboard, however, reports that another company, Zumigo, was as guilty of such violation as LocationSmart, but had somehow escaped public attention. With just a phone number and a payment of $300, a bounty hunter was able to track the Motherboard reporter’s phone, who gave them permission to do so. T-Mobile had sold the location data to Zumigo, who sold it to Microbilt, a Georgia-based credit reporting company, who sold it to the bail bond company that the bounty hunter worked for.
Predictably, the cell carriers turn out to be the real bad guys in the story, all refusing to take a genuine hard stance against selling customer data to third parties. Sprint promised in a letter about a year ago that they would begin a “process of terminating its current contracts with data aggregators to whom we provide location data.” They still have not carried such a process to completion and still sell and share their customers’ data.
AT&T promised about a year ago that they would “shut down” Securus’ access to its real-time store of customer location data, but have since rolled back this hard line on sharing data, as they now “only permit the sharing of location” in limited cases. Verizon never even tried to pretend like they were taking a stance against such practices, promising to not work with Zumigo and LocationSmart but still sharing location data with anyone else who is willing to pay them.
T-Mobile is perhaps the biggest perpetrator. CEO John Legere promised via Twitter last June that T-Mobile “will not sell customer location data to shady middlemen,” but only recently announced that it will not be ending its relationship with location aggregators until March. Not to mention the fact that the long chain of illicit sales that led the bounty hunter to the Motherboard reporter’s data began with T-Mobile selling such info to Zumigo.
“If there is money to be made they will keep selling the data,” a geolocation source told Motherboard. “Those third-level companies sell their services. That is where you see the issues with going to shady folks [and] for shady reasons.”