Skip to main content

‘Middlemen selling Americans’ smartphone location to the highest bidder,’ says senator

Apple takes careful steps to protect your location data, requiring apps to ask for permission to access it, and allowing you to decide whether to permit foreground or background access – as well as displaying which apps have recently accessed your location.

But these protections are of limited value if carriers sell your location to third-party companies, which both legal experts and a senator say is the case today …

The WSJ says that carriers – who can calculate your approximate position from cell tower data, without requiring access to your phone’s GPS – are sharing location data without checking that users or courts have authorized it. Instead, they take the word of dozens of third-party companies who are given the data without checking the claimed permissions.

Carriers such as AT&T. and T-Mobile rely on those firms to vouch that they obtained users’ consent before handing over the data. The companies that pay to access this information use it for everything from preventing credit-card fraud to providing roadside assistance.

The security failure came to light after one of those companies, Securus, allowed law-enforcement agencies to track locations of suspects without making any attempt to verify claimed court orders. Law professor Blake Reid said that all they checked was that a document had been uploaded.

Securus’ web portal let law-enforcement officials pull data by uploading an official document, though the system didn’t verify whether the document was actually authorization from a court or prosecutor. The file “could be a warrant, could be your grandma’s cookie recipe,” he said. “There’s no consent there.”

Another law expert said that ‘this is just the tip of the iceberg’ when it comes to this type of privacy breach. Stanford University law professor Al Gidari agreed, stating that the FCC failed to consider location data when drawing up privacy regulations imposed on carriers.

That was a green light for telecommunications carriers to monetize customer location data.

Senator Ron Wyden (D, Oregon) said that Verizon had admitted that customer location data was shared with around 75 companies.

Sen. Wyden said in a statement that “middlemen are selling Americans’ location to the highest bidder without their consent, or making it available on insecure web portals.”

The FCC says that it is investigating.


Check out 9to5Mac on YouTube for more Apple news:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications