Apple takes careful steps to protect your location data, requiring apps to ask for permission to access it, and allowing you to decide whether to permit foreground or background access – as well as displaying which apps have recently accessed your location.
But these protections are of limited value if carriers sell your location to third-party companies, which both legal experts and a senator say is the case today …
The WSJ says that carriers – who can calculate your approximate position from cell tower data, without requiring access to your phone’s GPS – are sharing location data without checking that users or courts have authorized it. Instead, they take the word of dozens of third-party companies who are given the data without checking the claimed permissions.
Carriers such as AT&T. and T-Mobile rely on those firms to vouch that they obtained users’ consent before handing over the data. The companies that pay to access this information use it for everything from preventing credit-card fraud to providing roadside assistance.
The security failure came to light after one of those companies, Securus, allowed law-enforcement agencies to track locations of suspects without making any attempt to verify claimed court orders. Law professor Blake Reid said that all they checked was that a document had been uploaded.
Securus’ web portal let law-enforcement officials pull data by uploading an official document, though the system didn’t verify whether the document was actually authorization from a court or prosecutor. The file “could be a warrant, could be your grandma’s cookie recipe,” he said. “There’s no consent there.”
Another law expert said that ‘this is just the tip of the iceberg’ when it comes to this type of privacy breach. Stanford University law professor Al Gidari agreed, stating that the FCC failed to consider location data when drawing up privacy regulations imposed on carriers.
That was a green light for telecommunications carriers to monetize customer location data.
Senator Ron Wyden (D, Oregon) said that Verizon had admitted that customer location data was shared with around 75 companies.
Sen. Wyden said in a statement that “middlemen are selling Americans’ location to the highest bidder without their consent, or making it available on insecure web portals.”
The FCC says that it is investigating.