Accessing Cell Phone Location Information

The New York Times is reporting about a company called Securus Technologies that gives police the ability to track cell phone locations without a warrant:

The service can find the whereabouts of almost any cellphone in the country within seconds. It does this by going through a system typically used by marketers and other companies to get location data from major cellphone carriers, including AT&T, Sprint, T-Mobile and Verizon, documents show.

Another article.

Boing Boing post.

EDITED TO ADD (6/12): Securus was hacked.

Posted on May 16, 2018 at 6:16 AM • 55 Comments

Comments

AlejandroMay 16, 2018 7:01 AM

According to the Supreme Court, if the government puts a GPS tracker on you, your car, or any of your personal effects, it counts as a search—and is therefore protected by the Fourth Amendment and requires a warrant approved by a judge.

OR, they can send a note on letterhead and get the same info over the phone from Securus.

That's what rots my socks. Police jump from one technology to the next and so long as the Supreme Court doesn't specifically BAN the method, they do it. I call it exempting themselves from the rule of law. And, at least it's unethical.

Will police stop doing this now they have been found out, and despite what the SC says?

I've already answered that question in this post.

Bob PaddockMay 16, 2018 7:07 AM

An elderly person I know was recently scammed and robbed.

Someone showed up saying they were from the Electric Company, they were working in the area and said they need to check their fuse box. While someone distracted them in the basement a cohort ransacked the house.

The two perpetrators were on their cellphones talking with each other the whole time.
The local Mayberry police say that fact is not useful to them because they don't know the phone numbers of the phones.

Given that it is a rural area and a place where cellphones normally aren't and we know the date, time and GPS location, is it possible to figure out the cellphone numbers so these people can be put a way?

Clive RobinsonMay 16, 2018 7:16 AM

I would expect to see a lot more of this sort of behavioir out of LEO's.

To put it in perspective they are envious of other government agencies and private companies who are not limited by judicial or other oversight.

From the political position they don't realy care how the police etc behave as long as it does not become a public embarrassment and those private prisons etc give the kickbacks.

We also know that the US MSM are not interested in reporting on abuse of process by the police unless they have no option. Which is why the shocking details of what was going on in Chicago first became public not through US journalists but UK journalists.

Stopping this sort of behaviour by LEO's requires very strong oversight and more importantly legislation to stop or limit the activities of various commercial entities.

But before that happens US citizens will have to understand the trade offs between loss of privacy and the faux claims of increased security[1].

Likewise people will have to learn to call out politicians that argue for more people to be put in jail for longer periods, and actually implement systems that have been known to reduce crime and more importantly the rising costs of a malfunctioning inneffective system that supprise supprise puts profit in ceryain peoples pockets that then gets used for bribes and kickbacks...

Oh and the claimed reduction in crime that many police and tech companies say is down to them, appears increasingly unlikely. In fact statistically it appears that the removal of the "anti-pinking" chemical tetraethyllead which is also a known neurotoxin from petrol/gas used in many cars and vehicles since the 1920s has had a greater effect on reducing crime... Likewise poor nutrition in children, poor sanitation as well as ineffective public schools...

[1] So far there is little or no evidence that the police need such systems or that they increase individuals security. In fact as with CCTV systems there is mounting evidence that they are not in any way cost effective let alone a deterant to career criminals. Worse systems that claim that they use AI etc have been shown to be less effective than existing methods and have also developed the same uninformed and wrong biases that make worse choices.

65535May 16, 2018 8:21 AM

@ Alejandro

“if the government puts a GPS tracker on you, your car, or any of your personal effects, it counts as a search—and is therefore protected by the Fourth Amendment and requires a warrant approved by a judge. OR, they can send a note on letterhead and get the same info over the phone from Securus. That's what rots my socks. Police jump from one technology to the next and so long as the Supreme Court doesn't specifically BAN the method, they do it.”

I agree.

This Securus Technologies has a so called warrant checking or other legal document verification system that is so weak that one just check a box on their page “pledging” that one has the proper legal authority to gather location data from cell towers of most cell phone companies.

If you notice this was brought to light by a bad cop who was spying judges and other law enforcement individuals. This location data is probably being used on and by many other people.

This doesn’t include civil cases involving private detective, repo men, stalker and about every other low life on the planet who just check the box on Secirus site a grabs real-time and historical location data. This very bad.

“The Supreme Court [of the USA] is set to rule on the case of Carpenter v. United States, which asks whether police can obtain more than 120 days' worth of cell-site location information of a criminal suspect without a warrant. In that case, as is common in many investigations, law enforcement presented a cell provider with a court order to obtain such historical data. But the ability to obtain real-time location data that Securus reportedly offers skips that entire process, and it's potentially far more invasive. For its part, Securus' "ensuring" seems to consist of nothing more than a check box on a website.”- Arstechnia

https://arstechnica.com/tech-policy/2018/05/senator-furious-at-polices-easy-ability-to-get-real-time-mobile-location-data/

This case not only involves forgery by ex-cops and other serious crimes but a host of privacy issues and litigation issues. You can see a poorly redacted grand jury indictment:

https://www.schneier.com/blog/archives/2018/05/friday_squid_bl_624.html#c6775160 which lead to my post and links.

Or
see actual indictment linked below.

https://assets.documentcloud.org/documents/4457113/Hutcheson-41-Snlj-Acl-0.txt
Equally poorly redacted pdf

https://assets.documentcloud.org/documents/4457113/Hutcheson-41-Snlj-Acl-0.pdf

@ Clive Robinson

“I would expect to see a lot more of this sort of behavioir out of LEO's… the political position they don't realy care how the police etc behave as long as it does not become a public embarrassment and those private prisons etc give the kickbacks.”- Clive R

Just give it some time and I am sure you will… until a big shot judge, lawyer or politician get burned in this cell phone location data market place. It is sad that not-so-digitally educated judges get angry when they get scammed and not your average Jane or Joe. I would guess this also takes place in the UK – correct me if I am wrong.

echoMay 16, 2018 9:03 AM

@65535

The legally dubious ACPO and "no criming" have human rights activists and lawyers protesting in the UK not that the media report this. I have copies of one court case which is fairly certain evasion of European Convention responsibilities (which was denied and which the plaintiff failed to appeal) and a separate case where the judge thunders away about the very sensitive due diligience required when cases involving European Convention rights are being considered. They cannot both be correct which raises questions about the judiciary.

There is very little strategic legal action in the UK. By and large legal action is tactical unlike the US and mainland Europe. A study by Sheffield (?) university discovered civic activism in the UK is lower than both the US and mainland EU.

Sadly too many cases of recent instititional abuse have been fought by plaintiffs who openly admitted in media interviews that if they weren't wealthy they would never have been able to stand up to the system.

JamesMay 16, 2018 9:18 AM

As i understand, Securus takes the location data from 3rd parties and the users willingly shared the data with those 3rd parties, someone correct me if i'm wrong ...

The 3rd parties probably have the usual "privacy policy", e.g. "We collect what ever data we want, and we share it with who ever we want with or without your consent (usually we don't even bother asking). And this policy can change at any moment, with or without notice (mostly without notice)".

The network does know your general location, it's the way mobile telephony systems operate, but the articles were talking about precise location ... Stop granting location permission to shady web sites and applications, disable it when not used, and this problem goes away.

JamesMay 16, 2018 9:34 AM

To add to the "privacy policy": "When we will screw up with regarding your data, and we will screw up, we will blame it on a software "bug" or similar, we will apologize, we will tell you how much we value your privacy and that we are taking steps so this will never happen again (until the next time). And you, since you like our services soo much, you will forget about it or you won't even care and you will still give us your data."

JohnMay 16, 2018 9:37 AM

I get law enforcement's abuse of the system is a bad thing but is that really the worse thing happening here?

"...It does this by going through a system TYPICALLY used by MARKETERS and OTHER companies to get location data from major cellphone carriers, "

So if I claim I am a marketer can I find out where blackmail victim one is cheating on his wife with? My phone knows where I am and when I install crap that markets to me on that basis, I have more specifically "consented" (insert eye roll) to it.

Forget law enforcement, law enforcement isn't the primary consumer of that data! My concern is who the heck else has access to that data, and why is that acceptable.

JamesMay 16, 2018 9:41 AM

John: Everybody willing to pay for it has access to this data. Why is that acceptable ? Because people want it.

MikeMay 16, 2018 9:41 AM

Well said by John.

Even more concerning is that this type of tracking is based on cell tower information, bot on phone GPS. So, if you are using a phone (even a basic phone, not even a smartphone), there is no way to avoid this type of tracking.

ChelloveckMay 16, 2018 9:48 AM

@Alejandro But the police *are* following the law. The law says they may not place a tracking device on a person or vehicle. It does *not* say they may not use tracking data given to them voluntarily by the individual. Okay, you didn't give the police permission directly, but you gave the cell phone company and/or app developers permission to collect and share your location. Does this violate the spirit of the law? Maybe, I think one could argue both sides of that one. Most likely it's a situation that wasn't even considered when the laws were drafted.

I don't like that the police are doing it, but I don't like that companies are allowed to sell the data to anyone with as little "consent" as a line stuck down on page 347 of a EULA. As long as that's legal I don't really see a way to forbid law enforcement from being a consumer of that data.

vas pupMay 16, 2018 9:58 AM

@65535:"Just give it some time and I am sure you will… until a big shot judge, lawyer or politician get burned in this cell phone location data market place."
Agree absolutely. They could understand the problem if that problem affects them directly.
Then, they could introduce law, regulation. etc. to fix the problem. Otherwise, they usually don' give a (bleep). Those all yours Joe/Jane problems. We don't care about you until two weeks before next election. After election we care about lobbyists. Just bitter observation.

JamesMay 16, 2018 10:01 AM

Chelloveck: My point exactly. The LE are technically buying that data. I wouldn't be surprised if the "warrant" they send is actually a check. Why bother asking the general location from the wireless carrier and then canvas the area with stingrays, when you can get the same results with a few clicks ?

Mike: Tower location / triangulation is not precise ... It only gives you a general location. The articles are talking about precise location, which is cell tower data, GPS, WiFi data, sensor data, etc.

meMay 16, 2018 10:15 AM

@Chelloveck
" It does *not* say they may not use tracking data given to them voluntarily by the individual"

if i use my phone (and also if i don't but i have it on)
it keep sharing my position.
am i voluntarily giving it away? hell no!
you might say that i can choice to not buy a phone, but in theese days you simply can not be without phone.
in fact if i remember correctly eff is challenging this.

meMay 16, 2018 10:19 AM

@Bob Paddock
YES they can, how do i know? because I CAN.
every month on the bill i can see every number i called, for how much, and how much it costed me.
so the company HAS all the necessary data.
so police could simply check what tower are near your house one for sure, max probably 3.
get every number attached to that tower(s) in that day and hour, and they will for sure find only ONE long call FROM and TO that tower.

why aren't they doing this? i have no idea...
why arent them finding every single stolen phone ever? phones send their IMEI and position all the time.
so as long as there is a list of stolen phones imei, and they are on you can find them. and yes, there is such list.

meMay 16, 2018 10:26 AM

(i'm sorry for the triple comment)

this makes me super angry, take a look here, there is an article (first link)
and an interactive map (second link)
https://www.nytimes.com/2011/03/26/business/media/26privacy.html
https://www.zeit.de/datenschutz/malte-spitz-vorratsdaten

how can i possibly beliveve that they CAN'T do it??? there is a damn map of all the places he was for six months, every place, every call.
and you want that i belive that you can't becasue you don't have a phone number?
this is ridiculus.

TheInformedOneMay 16, 2018 10:34 AM

Just one more reason to treat privacy as a human rights issue instead of a legal issue. I understand tracking your cell signal is not quite the same as wiretap law, but it's easy to see how they got here from there. In case some of you were wondering, it all went wrong in the year 1928 during "The Olmstead Case". The Court reviewed convictions obtained on the basis of evidence gained through taps on telephone wires in violation of state law. On a five-to-four vote, the Court held that wiretapping was not within the confines of the Fourth Amendment. Chief Justice Taft, writing the opinion of the Court, relied on two lines of argument for the conclusion. First, because the Amendment was designed to protect one’s property interest in his premises, there was no search so long as there was no physical trespass on premises owned or controlled by a defendant. Second, all the evidence obtained had been secured by hearing, and the interception of a conversation could not qualify as a seizure, for the Amendment referred only to the seizure of tangible items. Furthermore, the violation of state law did not render the evidence excludable, since the exclusionary rule operated only on evidence seized in violation of the Constitution. (Source: Justia.com)

gordoMay 16, 2018 12:12 PM

Jennifer Lynch, Symposium: Will the Fourth Amendment protect 21st-century data? The court confronts the third-party doctrine, SCOTUSblog (Aug. 2, 2017, 12:21 PM)

The Electronic Frontier Foundation and many others have argued that it’s time for the Supreme Court to revisit this outdated doctrine. As Sotomayor noted in Jones, the third-party doctrine “is ill suited to the digital age.” This is because, as she also noted, we live in an era “in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks.” We use cellphones to stay in touch with friends and family on the go, store data in the cloud to be able to access it anywhere later, rely on GPS mapping technologies to find our way about town, and wear activity trackers to try to improve our health. It’s impossible to use any of these technologies without sharing data with third parties.


This dilemma highlights a key weakness in this line of the Supreme Court’s Fourth Amendment jurisprudence: Assuming that it is unreasonable to expect privacy when we share something with others makes secrecy a prerequisite for privacy. But Justice Thurgood Marshall recognized in his dissent in Smith years ago that “[p]rivacy is not a discrete commodity, possessed absolutely or not at all.” That an individual discloses information to a third party for one purpose does not mean he believes he has relinquished all privacy interests in that information. Nor is it clear that such a belief would be good for society. To maintain secrecy as a prerequisite for Fourth Amendment safeguards would mean that information once protected in the non-digital world would lose that protection today.

http://www.scotusblog.com/2017/08/symposium-will-fourth-amendment-protect-21st-century-data-court-confronts-third-party-doctrine/

---

Fourth-party doctrine: Except under warrant, forbid the dissemination of third-party data to fourth parties.

War GeekMay 16, 2018 12:34 PM

One has to wonder what the retention time on the towers, or their presumable central logging hosts is?

I think I raised this point before during a thread about the MH370 flight that the towers in Indonesia/Malaysia could have provided conclusive tracking data to the public if only the various security apparatus were not pretending they couldn't/didn't track the signal amplitudes of the many cell phones on board.

echoMay 16, 2018 1:04 PM

@TheInformedOne

I'm kicking myself I didn't post a comment on UK constititional law and how the concept of feudal state self-preservation and the concept of abuse of authority and the concept of possession intertwine via the Burkian doctrine.

Rather than politicians waiting to squeak when an issue affect them I have noticed an increasing amount of opportunistic abuses of power. This last one is UK politicians currently working on new legislation which contains a legal "loophole" to acquire data which reveals an individuals political opinions. Politicians were the first the shout about state snooping of their business and aghast when the "Wilson doctrine" was show to be a sham, and now? Naked self-interest and greed when it comes to equivalent citizens rights.

I have been threatened by a state official for holding opinions about flouting standards. How long before politicians threaten constituents?

http://www.theregister.co.uk/2018/05/16/uk_privacy_group_asks_politicians_not_to_use_personal_data_for_electioneering/

Among the many concerns activists have with the bill is an exemption that allows registered parties to process personal data "revealing political opinions" for the purposes of their political activities.

A bit shy.May 16, 2018 1:12 PM

Law enforcement has been "hacking the Constitution" for a long time now: they try whatever until the courts make them stop. If the activity turns out to be unlawful, then the public pays for the resulting lawsuits and there are no meaningful consequences for the criminal gangs-in-uniforms/suits who just alter their approach slightly to avoid conflicting with the judgements (unless it's FISA, in which case almost nobody knows and few care). This is the exact opposite of the intent of the Constitution, which was to give government a delineated sandbox to work in and changes to that sandbox must be approved via legislation or court decision first.

Nothing will change unless law enforcement is held to the same standards are anyone else - you break the law, you have penalties. If they choose to live in gray areas, they should be held accountable just as you or I would if the courts decide those areas aren't so gray. In fact, they should be held to even higher standards and penalties (triple, at least), as their position grants them an incredible amount of power - including that over life and death in many cases.

Until something like that happens, only the specifics of these situations will change - the overall problem will remain. Qualified immunity has to be turned on its head - extra penalties, not privileges.

justinacolmenaMay 16, 2018 1:20 PM

... a company called Securus Technologies that gives police the ability to track cell phone locations without a warrant ...

Ok, now we're getting more at some the things NSA's SIGINT, CSS, and DHS do which are actually wrong. NSA participates in the so-called "Fusion Centers" which have somehow escaped media attention of late despite the official corruption inherent in them.

The very name "fusion" is intended to evoke an air of "nuclear-like" secrecy. Meanwhile the gummint insists that mommies shouldn't be feeding honey to babies under a year old https://www.fda.gov/food/resourcesforyou/healtheducators/ucm091681.htm

AlejandroMay 16, 2018 2:29 PM

@Chelloveck

Re: "But the police *are* following the law."

So the police say. They always say that until told not to. Then they do it anyways by using a new technology wrinkle.

If they cannot attach a GPS to your person, why is it 'legal' to use my personal private property, attach to my pocket, a cell phone, to search out my location?

Because I gave the police informed consent to do that? Because they got a warrant? Of course not.

Like I said, they won't stop until the Supreme Court tells them not to. That doesn't mean it's 'legal' based on our commonly held views of the our laws and human rights.

Last, but not least, in a democracy the people are entitled to determine what is legal or not. It is our right. NOT the police.

They should ask us through the legislature or courts if what they do is 'legal', before they do it. Instead they game the system like common criminals.

Saul RosenbergMay 16, 2018 4:08 PM

@James

"Mike: Tower location / triangulation is not precise..."

Doe anyone remember Pablo Escobar? As I recall, they couldn't find this guy for months - until the day he made a cell phone call, and he was dead in 30 minutes. I'm relatively certain there were no GPS phones back then. Sounds pretty precise to me...

WombatMay 16, 2018 5:14 PM

They already appear to have an intimate relationship with LEOs. It looks like they make money by selling a service to prisons that blocks contraband phones from connecting to the network. They also appear to sell approved calls from inmates families to the inmates.

AmieMay 16, 2018 6:24 PM

Don't let yourselves be distracted by Securus. Their poor security should not be the story. How are they getting this data? Say Securus fixes everything. Then what? What stops any other random company from doing the same thing?

Let's look at what the NYT wrote: "Securus received the data from a mobile marketing company called 3Cinteractive, according to 2013 documents from the Florida Department of Corrections. Securus said that for confidentiality reasons it could not confirm whether that deal was still in place, but a spokesman for Mr. Wyden said the company told the senator’s office it was. In turn, 3Cinteractive got its data from LocationSmart, a firm known as a location aggregator, according to documents from those companies. LocationSmart buys access to the data from all the major American carriers, it says."

Forget about 3Cinteractive and LocationSmart too. Evidently one can simply buy the data from carriers.

In other words, "all the major American carriers" are selling out their customers. If you're looking for someone to sue, to regulate, to call out in public, look there.

echoMay 16, 2018 9:27 PM

@Amie

I understand the American legal position is that the citizens data becomes owned by the company? The EU position is obviously very different. I don't know the details of American law. What does bother me is how bullying corproatiosn can assume powers they wouldn't if contracts were fairly negotiated. The idea that a EULA or clauses like forced arbitration take precendence over a citizens rights in law holds no force in law in the UK or other EU states.

If the logic of what you say is true then Securus paperwork process for approval is really puffery? In the UK we have this kind of thing with a television licence enforcement quango who send all manner of threatening letters. It's all language of a kind designed to con the weak minded.

While orthogonal to this topic the Scottish parliament has voted against a bill that attempted to grab power without consent.

https://www.theguardian.com/commentisfree/2018/may/16/eu-withdrawal-bill-scotland-reject-holyrood-brexit

The constitutional battle, which may well end up in the supreme court in July, centres around the C-word. Since its inception the Holyrood parliament needs to pass a legislative consent motion any time Westminster wants to introduce legislation in areas that are devolved. Under the withdrawal bill Westminster is only offering to consult, rather than seek consent. And, it adds in a less than winning rider, we will go ahead if you agree, and we will go ahead if you don’t.

Sam WellerMay 17, 2018 1:49 AM

Consular Officer: So, why do you want to renounce your U.S. citizenship?

Mr.Joe Schmoe: I got tired of being spied upon. In short, I want to be free.

Z.LozinskiMay 17, 2018 2:53 AM

"Mike: Tower location / triangulation is not precise..."

It's complicated ...

The mobile network must be able to identify the location of a device down to a calling area (a group of cells) - that is the basis of cellular network technology. With a city, a calling area might be a few city blocks, but in rural areas it could be tens of km.

In the USA, ever since the mid 90s, there has been an effort to improve the network's location accuracy to within 50 metres. This generally comes under the heading of E911, and was driven by a couple of early cases of people who died when they made 911 (emergency) calls from a mobile device and the emergency services didn't know where they were.

There is a large set of technologies that allow you to improve the precision of mobile location available *to the network*. ECellID, OTDOA (Observed Time Difference Of Arrival) etc. But ... these technologies are optional, so you can't guarantee any individual cell site has this feature. That's the catch. There are many cases where the network has, and can report, on the location of a mobile device with reasonable accuracy. But 50 meter positioning for *every* device in the network 100% of the time, is hard; especially when it has to work with older devices, across an entire country, and in rural areas with 30km to the nearest cell tower.

Yes, there are sorts of subsidiary systems like WiFi access points you can use. Now start thinking about the security and resilience issues involved ...

Note: a modern *device* with access to one of the Global Navigation Satellite Systems, can locate itself to 5-10m. That is different, unless there is a way to ask the device to report it's location.

If you're short of sleep, there most recent FCC report "In the Matter of Wireless E911 Location Accuracy Requirements PS Docket No. 07-114 FOURTH REPORT AND ORDER Released: February 3, 2015" runs to 116 pages.

https://apps.fcc.gov/edocs_public/attachmatch/FCC-15-9A1.pdf

IsmarMay 17, 2018 5:01 AM

OK
So we are giving away data about ourselves in return for useless services we get hooked on by aggressive marketing by the industry which consider us the same as any other natural resource to be plundered for a short term profits.
It should be our primary focus then to make it economically unviable for these parasites to collect it in the first place by placing more importance on data protection and supporting products that help us to do so.
Just complaining and theorising about it is not enough to change the status quo.
Written on DuckDuckGo browser

Clive RobinsonMay 17, 2018 8:30 AM

@ Wombat,

They also appear to sell approved calls from inmates families to the inmates.

That is a major scam by both the service provider and the prison managment...

You can hunt around on line, but in some places it's a premium rate call into a call center, to make an appointment, and if you do not phone back at exactly the appointed time they then find some reason to cancel the call, after making the inmates family wait a long period on "call hold" on a premium rate line...

Bad as it is for prisoners who have been convicted, apparently it's even worse for those awaiting trial. Some prisons make a visit by a representative near impossible, but make it bluntly clear not only are the calls monitored they are recorded as well which makes them not "privileged" as they should be but "third party records" available to whom ever the Service Provider wishes...

Such is the "rights stripping" "human rights abusing" legal system the DoJ et al have made the US system...

Oh and rising evidence suggests that those imprisoned whilst awaiting trial get considerably longer sentencing if found guilty than those who are alowed a degree of freedom whilst awaiting trial. Thus if you are wealthy your chances of not only winning in court goes up, but in many cases your prison sentance on being found guilty is much diminished, and your chance at appealing also greater...

Oh and then there is the "kick backs" issue from the private prisons to the judiciary and other parts of the legal system.

As I noted the other day, you will not find US journalists getting to publish this information, just the more liberal press in other countries... An example was the UK Guardian newspaper breaking the story about the gross violations and abuse carried out by the Chicago PD illegal detention/tourture center where people just "disappeared" for days and longer...

65535May 17, 2018 8:34 AM

@ vas pup

“@65535:"Just give it some time and I am sure you will… until a big shot judge, lawyer or politician get burned in this cell phone location data market place."
Agree absolutely. They could understand the problem if that problem affects them directly. Then, they could introduce law, regulation. etc. to fix the problem. Otherwise, they usually don' give a (bleep).”

Exactly.

Digitally ignorant Judges in high place don’t give a squat about the average Jane/Joe. The high up ignorance problem is huge. I would guess the EFF guys would try to educate judges even before bringing the above cell phone location data to court on everybody if they had the time. I think it is time to support the EFF regarding educating digitally ignorant judges and politician. The exception is Sen. Ron Wyden who seem to care about privacy and a host of other issues. Digital ignorant judges under their sworn duty to the US Constitution be reprimanded on this digital ignorance issue.

@ James

“Stop granting location permission to shady web sites and applications, disable it when not used, and this problem goes away.”

I concur.

Do you have any exact steps to do so? People would like to know.

@ John

“if I claim I am a marketer can I find out where blackmail victim one is cheating on his wife with? My phone knows where I am and when I install crap that markets to me on that basis, I have more specifically "consented" (insert eye roll) to it.”

Yes.

But, the problem is only corrected when “important people” get burned.

@ Chelloveck

“I don't like that companies are allowed to sell the data to anyone with as little "consent" as a line stuck down on page 347 of a EULA.”
I am of the same opinion .

EULA shove-downs should be revisited by judges and regulators. This mini typed 50 page EULA problem has to be fixed.

@ me

“YES they can, how do i know? because I CAN. every month on the bill i can see every number i called, for how much, and how much it costed me.
so the company HAS all the necessary data. so police could simply check what tower are near your house one for sure, max probably 3. get every number attached to that tower(s) in that day and hour, and they will for sure find only ONE long call FROM and TO that tower… here is a damn map of all the places he was for six months, every place, every call. and you want that i belive that you can't becasue you don't have a phone number? this is ridiculus.”

That is what I understand. The non-gps cell tower can locate within about 30 meters or less. The GPS is very accurate data location. This is a real problem.

@ TheInformedOne

“one more reason to treat privacy as a human rights issue instead of a legal issue.”

In the USA I believe it is both a legal issue and human rights issue or what little human rights there of left standing.

@ War Geek

“One has to wonder what the retention time on the towers, or their presumable central logging hosts is?”

That is a good question.

@ AJWM

“Well, that didn't take long "the stolen data [...] includ[ed] usernames and poorly secured passwords for thousands of Securus' law enforcement customers."”
The danger of Securus is high in the hands of criminals. This good example of a bad example of data leaker companies.

@ echo

“Among the many concerns activists have with the bill is an exemption that allows registered parties to process personal data "revealing political opinions" for the purposes of their political activities.”

It sure is a dangerous problem.
@ A bit shy

“Law enforcement has been "hacking the Constitution" for a long time now: they try whatever until the courts make them stop.”

Yes, ex-police who abuse their shield priviliges has to be stopped. This the same for data location providers of all stripes.

@ justinacolmena

“NSA participates in the so-called "Fusion Centers" which have somehow escaped media attention of late despite the official corruption inherent in them.”

This has to stop. Fusion centers are closely connected with location data providers and should be controlled or abolished. These Fusion centers have not stopped a terrorist attack that I know of.

@ Peter Quirk

“Does Securus get location info from Google too? Google knows your location, even when location services are turned off.”

If so then Google or alphabet does it should be publically examined.

@ Amie
‘In other words, "all the major American carriers" are selling out their customers. If you're looking for someone to sue, to regulate, to call out in public, look there.’

If so then Sen Wyden should examine it.

@ others

Good points. I think we need a full airing of the location data brokerage system. If not the damage will expand.

Rich M.May 17, 2018 12:29 PM

I really don't see a serious problem with LEO's using this data. Are they to patrol our neighborhoods both physical and digital with eyes closed and only open them when a crime is reported.

This data is already being collected and correlated by 3rd parties and "sold" to marketeers et al. Our privacy is already evaporating. If LEO can use this info to catch some perps, well, why not.

Don't like the idea of your location information being exploited/sold? Then argue that it shouldn't be collected/stored in the first place. Yes, I know that's how the phone network works but that information should then be kept in escrow, unavailable to anyone (including cell tower operators) and only revealed with a court order from LEOs. If marketeers want the info, well, just say no.

Anti-RichMay 17, 2018 1:10 PM

For anyone who doesn't believe in privacy, please remove all your curtains from your windows, and doors from your bathrooms. Also please publish publicly all your bank account and card details, usernames/passwords, name/location/addresses, etc... Let's see what kind of world we really have without privacy. If you don't like that kind of world, then you are NOT against privacy.

Now, for anyone who actually believes in privacy, but believes police (or any other authority figure) should have unfettered access to every detail of everyone's lives in real time all the time (i.e. privacy between us but no privacy for us to our great and glorious leaders), please move to a real dictatorship country for a while, and see how that works out first. I would suggest North Korea to start with. Not moving? Well then, you don't really believe in this either then, do you?

Everyone else remaining, well you must believe in not only basic privacy and decency, but also some sort of limits to government powers and access, right? What should that be? How do you prevent abuse?

Related question: is it better that a few criminals go free to ensure no innocent people get punished? Or is it better that no criminals can ever escape even if it means terrible collateral damage to a lot of innocent people in the process?

65535May 17, 2018 4:54 PM

@ all

Krebs says the site is now off line. That is good news.

“LocationSmart, a U.S. based company that acts as an aggregator of real-time data about the precise location of mobile phone devices, has been leaking this information to anyone via a buggy component of its Web site — without the need for any password or other form of authentication or authorization — KrebsOnSecurity has learned. The company took the vulnerable service offline early this afternoon after being contacted by KrebsOnSecurity, which verified that it could be used to reveal the location of any AT&T, Sprint, T-Mobile or Verizon phone in the United States to an accuracy of within a few hundred yards.”- Krebs on Security

The bad news:

"Stephanie Lacambra, a staff attorney with the the nonprofit Electronic Frontier Foundation, said that wireless customers in the United States cannot opt out of location tracking by their own mobile providers… unless and until Congress and federal regulators make it more clear how and whether customer location information can be shared with third-parties, mobile device customers may continue to have their location information potentially exposed by a host of third-party companies, Lacambra said. “This is precisely why we have lobbied so hard for robust privacy protections for location information,” she said. “It really should be only that law enforcement is required to get a warrant for this stuff, and that’s the rule we’ve been trying to push for.” ...Chris Calabrese is vice president of the Center for Democracy & Technology, a policy think tank in Washington, D.C. Calabrese said the current rules about mobile subscriber location information are governed by the Electronic Communications Privacy Act (ECPA), a law passed in 1986 that hasn’t been substantially updated since. ““The law here is really out of date,” Calabrese said… Before LocationSmart’s demo was taken offline today, KrebsOnSecurity pinged five different trusted sources, all of whom gave consent to have Xiao determine the whereabouts of their cell phones. Xiao was able to determine within a few seconds of querying the public LocationSmart service the near-exact location of the mobile phone belonging to all five of my sources.”- Krebs on Security

https://krebsonsecurity.com/2018/05/tracking-firm-locationsmart-leaked-location-data-for-customers-of-all-major-u-s-mobile-carriers-in-real-time-via-its-web-site/#more-43823

@ Anti-Rich

I agree with the thrust of Anti-Rich’s post. The idea of having police track you everymovement is a fishing expedition and an accident waiting to happen.

I have to agree to disagree with Rich M. statement that “I really don't see a serious problem with LEO's using this data.”

This is a Fourth Amendment violiation and a huge fishing expedition. I could easily see the abuse angle particulary when a cop stalks judges. These types of Location Tracks sites are a disaster waiting to happen. They should be very strickly controlled or outlawed!

Alyer Babtu May 17, 2018 6:49 PM

Xiao’s repurposing of the demo was ludicrously simple. One has to wonder what else out there is lke this.

65535May 17, 2018 10:16 PM

I am getting an ugly picture of judicial warrant end-runs by police. According to Krebs on security major cell phone companies, ATT, Verizon and so on, have partnered with two little known location data laundering services companies which then knowing hands this highly confidential and sensitive information to Securus to give to police and everyone else for little or no charge.

As Zdnet article notes:

“LocationSmart [who hands over location data to Secureus – ed] one of a handful of so-called data aggregators. It claimed to have "direct connections" to cell carrier networks to obtain real-time cell phone location data from nearby cell towers. It's less accurate than using GPS, but cell tower data won't drain a phone battery and doesn't require a user to install an app. Verizon, one of many cell carriers that sells access to its vast amounts of customer location data, counts LocationSmart as a close partner. The company boasts coverage of 95 percent of the country, thanks to its access to all the major US carriers, including US Cellular, Virgin, Boost, and MetroPCS, as well as Canadian carriers, like Bell, Rogers, and Telus. "We utilize the same technology used to enable emergency assistance and this includes cell tower and cell sector location, assisted GPS and cell tower trilateration," said a case study on the company's website. "With these location sources, we are able to locate virtually any US based mobile devices," the company claimed.”-Zdnet

https://www.zdnet.com/article/us-cell-carriers-selling-access-to-real-time-location-data/

Names:

LocationSmart

“LocationSmart® is a cloud-based location and messaging service that brings instant nationwide device location awareness to enterprise and consumer applications. It provides immediate reach to over 360 million devices nationwide via a single API. Managing user consent is paramount; we provide the controls and flexibility required… FREE TRIAL Try LocationSmart today! - Take a test drive of our location platform using our beneficial Find "IT" service. It uses the real-time location of your mobile device to discover nearby POIs.”- Verizon page now taken down and archived page

https://archive.li/duHET

“LocationSmart enables enterprises to reach more than 15 billion devices worldwide through its cross-carrier mobile network location, Cell ID, Wi-Fi and IP geolocation databases, mobile app SDKs, and suite of location services. Its services are available for smartphones, tablets, feature phones, M2M and virtually all other connected device types. With the expansive reach offered by LocationSmart, contact center operators are equipped to quickly deploy pervasive location-based solutions.”- an apparent location smart page now archived with a top level domain of dot li [But server location is probably different location]

https://archive.li/THiIy

Zimigo

“Zumigo secures and validates transactions, mobile devices, and identities leveraging mobile carrier data. Whether you are trying to verify a financial transaction without changing consumer behavior or confirm the ownership of a mobile phone, only Zumigo offers a full range of services delivered globally. Services include network-based mobile device location, device information and ownership details. Learn how your business can benefit from Zumigo.”- Verizon archived page

https://archive.li/tCLrd

Zumigo apparent blank page.

https://www.zumigo.com/

This type of data laundering appears to be organized or syndicated, worldwide and most likely the main method of illegal warrant-end runs by police and probably the FBI [part of the controversial US Justice Department].

The is horrible. Combine every police cruiser with automatic license plate readers, stingrays and cell phone location data and you have a Witches Brew. There could have been nasty criminal acts done by police not to mention criminals.
This could include deadly Swatting, carding scams and out-right illegal police behavior.

The players in the syndicate are police, ATT, Verizon etc., LocationSmart, Zumgo, Securus and probably others.

This may be the main reason “parallel construction” and Warrantless Wiretaps are occurring on many levels.

My hope it Sen. W Ron Wyden D-Oregon thoroughly investigates this location laundering and highly restricts these type of location data laundering companies.

If it is proven that any major criminal conviction was gotten via illegal means then the entire police system in this country and possibly Europe may lead to said convictions overturned and All the bad apples in this syndicate tossed out of business for fired from the police force. This could include a black eye to the US Justice Department and European authorities.

See Krebs on Security for a well explained location data laundering player list.

https://krebsonsecurity.com/2018/05/tracking-firm-locationsmart-leaked-location-data-for-customers-of-all-major-u-s-mobile-carriers-in-real-time-via-its-web-site/

Rich M.May 18, 2018 8:35 AM

@ anti-Rich

You've missed my point, perhaps I didn't state it clearly, I do believe in privacy (and modesty, hence I do close my bathroom door), but our location information as well as other information used to create 'our profile' is already 'out there' and being used and abused by marketers and others think political strategists. It's that that I object to more strongly than the LEO having access to that info.

When a crime is committed every good citizen should come forward and report what they know, yeah, right. In a lot a places snitches get stitches, so what is LEO to do, Tivo an entire city and trace a perp back to his/her home?

#65535 IANAL, if this is in fact a Forth Amendment violation then it should be stopped and LEO should go through the process of obtaining a warrant each and every time. I think this really falls into a gray area

My experience with police (or lack of an experience with police) may be different from yours. We all view the world through the flaws in our own character. I'm seeing more law breakers getting away with crimes than I see innocent people being charged and convicted. In the latter that is a problem with a judicial system that finds innocent people guilty or guilty of a more severe crime than was actually committed. It's been discussed here before, we all have something to hide, it's selective enforcement that is another problem.

And, for what it's worth, allow me to wave my virtue flag, I have supported the Innocence Project for years.

Rich M.May 18, 2018 8:43 AM

@ anti-Rich

You've missed my point, perhaps I didn't state it clearly, I do believe in privacy (and modesty, hence I do close my bathroom door), but our location information as well as other information used to create 'our profile' is already 'out there' and being used and abused by marketers and others - think political strategists. It's that that I object to more strongly than the LEO having access to that info.

When a crime is committed every good citizen should come forward and report what they know, yeah, right. In a lot a places snitches get stitches, so what is LEO to do, Tivo an entire city and trace a perp back to his/her home? But THAT might be another Forth Amendment violation, but maybe not. There is, and should be, no expectation of privacy on public streets.

#65535 IANAL, if this is in fact a Forth Amendment violation then it should be stopped and LEO should go through the process of obtaining a warrant each and every time. I think this really falls into a gray area

My experience with police (or lack of an experience with police) may be different from yours. We all view the world through the flaws in our own character. I'm seeing more law breakers getting away with crimes than I see innocent people being charged and convicted. In the latter that is a problem with a judicial system that finds innocent people guilty or guilty of a more severe crime than was actually committed. It's been discussed here before, we all have something to hide, it's selective enforcement that is another problem.

And, for what it's worth, allow me to wave my virtue flag, I have supported the Innocence Project for years.

Anti-RichMay 18, 2018 10:50 AM

@Rich M

So are you saying that as long as data *exists* somewhere, police should have free access to it and that's fine?

The concept that every good citizen should tell the police everything they know when a crime is committed only works in practice in a perfect world. This perfect world has only simple and obvious laws, and not too many, so every citizen easily knows all of them, and can therefore follow them completely. This perfect world is a world where the police and the court system never make a mistake, and could never possibly get the wrong guy and convict him.

However, the world we live in is full of mistakes, both in laws, and in the police. That's why the 5th Amendment was created, because that's us citizens' main defense against this imperfectness. We use it so that the police don't just pin a crime on the first obvious guy they find (they wouldn't be questioning you if you weren't on that short list already). It's the main defense against a system of laws that have become so complex that not only can we not know them all, many laws on the books are ridiculous and over complicated, outlawing many common things we don't even know are outlawed. We are therefore all lawbreakers every day without even knowing it. There is even a guy who claims that every American commits 3 felonies per day: (https://www.amazon.com/dp/1594035229).

So here in the real world, the police shouldn't have unlimited power to sift through all data in existence to find every criminal, they should have far more limited power (which is why the warrant system exists, as imperfect as it may be too). Otherwise, they can pretty much just put anyone they want in prison at any time. Just keep digging in the data and they're bound to find something. Here's a professor of law and a police officer who together explain all this in more detail: https://www.youtube.com/watch?v=d-7o9xYp7eE

As an aside note, I agree that marketing access to it all is a problem too... but in our world the police having full access to omniscience (knowing everything, like a god) leads to a very sick and dark future that's actually worse than being marketed to. It's just farther off in the future I guess (I hope), so people can't envision it perhaps?

Finally, I'm a white middle aged American male, not the kind of profile the police here typically suspect has committed every crime (i.e. I'm not black)... yet one time I was driving along and saw a police car pull out behind me... I made *really* *sure* I stopped completely at the next stop sign, but he pulled me over anyway... why? For failing to stop at the stop sign. What! How would most people react in this situation? Do you think most people would be a bit incredulous? I sure was. And no I didn't know yet I should always just shut my mouth first thing. Next this police officer starts saying things like, "if you don't know you didn't stop at that stop sign, you must be drunk, I'm gonna have your car towed right now" (never mind I'm legally parked) and all I can think is I'm going to feel handcuffs next... so I calm down, swallow my self-dignity and apologize to the guy profusely, and then stop speaking... Next he explodes with "now that you've ADMITTED to this crime..." what? I admitted to no such thing, I'm only sorry that you're being such an ass, not that I've committed a crime here, but I say nothing... he has all the power and I have none. At this point the police officer informs me he's going to let me off with just a "warning"... and then it finally dawns on me, that this was a blind corner, maybe what he really means is that I've stopped at the wrong *place* not that I didn't stop *at* *all*.... Before he goes I question him about this, and he confirms that. You don't think he could have said that in the first place? You don't think he could be a bit more understanding, and explain that? I was in fact being pulled over for not stopping twice at a stop sign: once waaaay back from the intersection with my front bumper in line with the sign, and again up in the more logical place where I could see around the corner at the high-speed cross traffic (it reduces from 55 to 35 only 2 blocks down, most people haven't slowed by this corner). So I went on my merry way, but not very happy... These kinds of power-hungry cops are the ones you want to have all knowledge about everyone all the time in real time... Everything will be fine. What could possibly go wrong. sigh.

SteveMay 18, 2018 12:59 PM

If the phrase "aggregator of real-time data about the precise location of mobile phone devices" (https://krebsonsecurity.com/2018/05/tracking-firm-locationsmart-leaked-location-data-for-customers-of-all-major-u-s-mobile-carriers-in-real-time-via-its-web-site/) doesn't make you want to smash your mobile phone into a thousand pieces and then burn the pieces to ash and slag, you're probably not paying close enough attention.

I only reluctantly got a personal tracking device . . . er. . . I mean. . . mobile phone about four years ago after much argument and resistance and that only because I was expecting to be traveling a lot.

I am reevaluating that decision.

RockLobsterMay 18, 2018 9:39 PM

Kinda related to this topic;

Google constantly tracking Android users location

"experts, from computer and software corporation Oracle, claim Google is draining roughly one gigabyte of mobile data monthly from Android phone users’ accounts as it snoops in the background"

"Google’s privacy consent discloses that it tracks location 'when you search for a restaurant on Google Maps'. But it does not appear to mention the constant monitoring going on in the background even when Maps is not in use.

"The Oracle experts say phone owners’ data ends up being consumed even if Google Maps is not in use or aeroplane mode is switched on. Nor will removing the SIM card stop it from happening. Only turning off a phone prevents monitoring, it says."

65535May 19, 2018 5:29 AM

@ Anti-Rich

I agree with you and disagree with Rich M.

“I think this really falls into a gray area…” -Rich M.

I stopped reading there. Oh, sure cops staking judges is a grey area. Right.

Take that argument to the Judge. Ms Rich you could also take that to K street and market the slogan “It falls in to a gray area”.

More QUALCOMM and other radio chip tracking via commenter David at Krebs on security

“The rabbit hole goes even deeper according to comments on Hacker News: https://news.ycombinator.com/item?id=17081684 “ -David

https://krebsonsecurity.com/2018/05/tracking-firm-locationsmart-leaked-location-data-for-customers-of-all-major-u-s-mobile-carriers-in-real-time-via-its-web-site/#comment-467301

Or

https://krebsonsecurity.com/2018/05/tracking-firm-locationsmart-leaked-location-data-for-customers-of-all-major-u-s-mobile-carriers-in-real-time-via-its-web-site/

Location data collectors is just not a rabbit hole business but more akin to a sewer hole.

Example from hacker news comments:

[Throwaway account.]

“I work in location / mapping / geo. Some of us have been waiting for this to blow (which it hasn't yet). The public has zero idea how much personal location data is available. It's not just your cell carrier. Your cell phone chip manufacturer, GPS chip manufacturer, phone manufacturer and then pretty much anyone on the installed OS (android crapware) is getting a copy of your location data. Usually not in software but by contract, one gives gps data to all the others as part of the bill of materials. This is then usually (but not always) "anonymized" by cutting it in to ~5 second chunks. It's easy to put it back together again. We can figure out everything about your day from when you wake up to where you go to when you sleep…”

See first comment at ycombinator and read on:

https://news.ycombinator.com/item?id=17081684

This whole Data Location collection thing must be regulated or outlawed. It is just to invasive and dangerous on many levels.

Rich M.May 19, 2018 12:11 PM

@Anti-Rich

“@Rich M
So are you saying that as long as data *exists* somewhere, police should have free access to it and that's fine?”

Not quite, I’m talking about location information, something we all give away “freely” (freely as in we have no choice if we want to use a cell phone). I do not give away my medical, banking or financial information freely therefore if LEO’s want access to that they get a warrant.

The concept that every good citizen should tell the police everything they know when a crime is committed only works in practice in a perfect world. This perfect world has only simple and obvious laws, and not too many, so every citizen easily knows all of them, and can therefore follow them completely. This perfect world is a world where the police and the court system never make a mistake, and could never possibly get the wrong guy and convict him.

I acknowledge that the world isn’t perfect. Neither the citizenry nor the LEO’s are perfect. I contend that the imperfections of the former brought about the creation of the latter. When a crime is committed and the citizenry knows that snitches get stitches what are LEO’s (police) to do, simply shrug their shoulders?

Yes, it is a gray area when investigators want to know for example “the location data for the past three day for a given mobile phone” versus “what mobile phones were within some radius of these three areas during the times when crimes were committed”. In the former, getting a court order for a specific individual phone or person might be pretty straight forward, in the latter it could be considered a fishing expedition but is it an expedition or simply an investigator looking for some correlation in the digital data?

Finally, I'm a white middle aged American male, not the kind of profile the police here typically suspect has committed every crime (i.e. I'm not black)...

I too am a white, American male, though older than you. I live is a small town surrounded by other small towns in a some what rural area and all towns have accordingly sized police departments. Yes, there was a time when the police here were the ones to keep a lid on things with a sometimes very heavy hand. But things changed over time, our town went through a very difficult process, we lost half our department at the time. That was over 20 years ago. The recent Chiefs of Police in our town and in our area have done a great job of changing the way the police do their job. They have improved not only the image of the police but actually improved the way the police do their job. The police are now considered simply part of the community, many are known – and in a good way – by their first names. I don’t know how this works in other areas or in a big city. If you’ve got bad police officers than get rid of them and hire more competent individuals but quit viewing them as adversaries. The police not only carry a gun and hand cuffs but also a badge. That badge gives them the authority to enforce the laws as written. There's a hint. Don't look for an 'efficient (but flawed) cause' of a problem "Police enforce the law, police bad" rather look for the 'final cause' "Why are there so many laws written and in such a vague or actually conflicting manner".

More on topic. What I’m hearing/reading here is a general complaint with some hand waving towards police abuse of their investigatory powers. Complaints can’t be fixed but problems can. I sincerely want to know examples of where this abuse of power has led to problems for our society. May I offer an alternative idea as to why so many people are ‘caught’ committing a crime? It’s not because of broad investigatory powers that LEO’s deploy giving them access to so much digital data, rather, our society today is simply a target rich environment. (From the Old testament, can't remember verse, chapter or even book "between every buyer and seller there is sin").

Lastly, if I have a complaint/problem with anyone it’s with our legislature, those people that write the laws (state and federal) the LEO are tasked with enforcing. It’s been said here there is no way for the average citizen to know all the laws which they might be violating on a daily basis. These laws are written in such a way that only lawyers can understand them and even then the actual meaning and applicability is open to interpretation, that right there is unfair.

This perfect world has only simple and obvious laws, and not too many, so every citizen easily knows all of them, and can therefore follow them completely.
I agree 100%, though perfection is not something that can ever be achieved it should be something to strive for.

Peace.

gordoMay 20, 2018 2:17 PM

Below, from last November, reporting on oral arguments in Carpenter v. United States:

A Liberal-Conservative Alliance on the Supreme Court Against Digital Surveillance
Justices found common ground in asserting the relevance of the Fourth Amendment in the electronic age, even as they cited sharply different rationales
Jeffrey Rosen Nov 30, 2017

Gorsuch: Mr. Dreeben [U.S. Deputy Solicitor General], it seems like your whole argument boils down to if we get it from a third party we’re okay, regardless of property interest, regardless of anything else. But how does that fit with the original understanding of the Constitution and writs of assistance?
You know, John Adams said one of the reasons for the war was the use by the government of third parties to obtain information forced them to help as their snitches and snoops. Why—why isn’t this argument exactly what the framers were concerned about?

https://www.theatlantic.com/politics/archive/2017/11/bipartisanship-supreme-court/547124/

Granted that third-party data brokerage and location aggregation are growth industries, yet the relative silence from the major carriers on the Securus-LocationSmart-3CInteractive scandal speaks volumes.

As Senator Wyden put it in his letter May 8 letter to AT&T:

This practice skirts wireless carrier's legal obligation to be the sole conduit by which the government may conduct surveillance of Americans' phone records, and needlessly exposes millions of Americans to potential abuse and unchecked surveillance by the government.

https://www.documentcloud.org/documents/4457319-Wyden-Securus-Location-Tracking-Letter-to-AT-amp-T.html

Maybe a Kogan-like rationale from 3CInteractive, LocationSmart or Securus would have been too apt:

Kogan refused to accept that he had broken Facebook’s terms of service — instead asserting: “I don’t think they have a developer policy that is valid… For you to break a policy it has to exist. And really be their policy, The reality is Facebook’s policy is unlikely to be their policy.”
“I just don’t believe that’s their policy,” he repeated when pressed on whether he had broken Facebook’s ToS. “If somebody has a document that isn’t their policy you can’t break something that isn’t really your policy."

https://techcrunch.com/2018/04/24/kogan-i-dont-think-facebook-has-a-developer-policy-that-is-valid/

As it regards Securus, it would seem they have some other troubles, as well:

A lawsuit aims to end the prison telephone racket
Boston Globe | Editorial | May 05, 2018

The lawsuit alleges that [Sheriff] Hodgson’s contract with Securus includes an illegal payoff that has nearly doubled the cost inmates have to pay for phone calls.
[. . .]
Unfortunately, the practice of charging inmates exorbitant rates for a phone call is not limited to Bristol County. The predatory and corruption-prone inmate telephone industry has been under scrutiny for nearly two decades. Securus and Global Tel Link, the two private equity-backed companies that dominate the industry, are allowed to pay a commission, a concession fee of sorts, to jails and prisons in exchange for getting exclusive contracts. These high fees are then transferred to the inmates and their families.
[. . .]
Although an existing rule is meant to cap phone charges for prisoners, the companies circumvented it by arguing that since they are Internet-based phone services, the rule from the landline era doesn’t apply to them.

https://www.bostonglobe.com/opinion/editorials/2018/05/05/lawsuit-aims-end-prison-telephone-racket/owb0PuEzRgs8BkJjUwJXaP/story.html

The Supreme Court's ruling in Carpenter may well be a first signal to the courts, legislatures, agencies, citizens and industry, that is, to all concerned, that it's time for America, acting with fidelity and deference toward its constitution, to move forward.

Anti-RichMay 21, 2018 5:38 PM

@Rich M.

Not quite, I’m talking about location information, something we all give away “freely” (freely as in we have no choice if we want to use a cell phone). I do not give away my medical, banking or financial information freely therefore if LEO’s want access to that they get a warrant.

You do give away all your medical and banking/financial information just as freely as your location information... if you ever use any banks/financial institutions... or use any medical services... those are all considered "third parties" in exactly exactly the same way under the current USA "third party doctrine"... So it's really all information for which the sole copy hasn't always been physically inside your house/car/pocket/etc... Of course, doctors and lawyers in particular have some unique "confidentiality" precedent, so maybe that's what you are referring to? (banks do not have that, they probably do sell off a lot of the data, how do you think we get so much junk snail mail).

I'm glad to hear you've managed to fix your police issues in your small town. Maybe I should move there... In a lot of other places, I've learned I should "plead the 5th" with almost every police encounter, it's the safest course of action. It's also what every lawyer will always advise you to do (really, see that video in my last post for all the details why... both a lawyer and a police officer confirm this). Do you think lawyers know what they're talking about? Or we shouldn't listen to them?

Let me give an example: The police officer pulls you over and asks "do you know how fast you were going?" or "do you know what you did wrong?" Do you think he's being nice to check if you know? Absolutely not! Part of their training is to ask that question, because a lot of people will answer with some lesser crime than the one they actually did, thinking that by doing so they are downplaying what they actually did. When they do that, they confess to a crime. They also commit another crime by lying to a police officer (if he can prove they did a crime different than they say, he's now got them on 2 crimes). The police officer is trained to ask this question in order to make his job of prosecuting you easier, not to be nice to you... You would be far better off by answering "I choose to remain silent".... or, a little less confrontational, answer "yes" if you know how fast you were going, but if you don't actually know don't lie and commit another crime... don't ever answer "no" or "I don't know" either, because then you can't contest whatever he writes on that ticket later on in court (he'll testify that you told him you didn't know at the time of the incident, which casts doubt on your sudden remembrance later on). It's a trick question really, because most common ordinary answers are bad answers.

By the way, I mentioned it's a crime to lie to any police officer, but it's not a crime for them to lie to you... In fact they are trained to lie to you to get you to open up and talk even when you don't want to... With this kind of imbalance, how can you trust what police officers say? You can't. At least, not completely. You have to consider the situation and motives and things, and read between the lines to some degree. For example, if they're questioning you about some crime, any crime, even minor crimes, then you are a suspect, and you should therefore trust very little, if any of what they say surrounding that encounter.

Even if you had nothing to do with it, and it just happened down your street, and you believe in your heart that truth will always win out in the end... Look, you live there, so you have had opportunity to commit the crime, you are a prime suspect. All they have to do is find a motive now (like... you "didn't like the guy" or something)... motive + opportunity = you did it! in any court of law! Lawyers and judges don't advance their careers by getting at the truth, they advance by "winning their case" or "putting away bad guys" respectively... Now, I'm not saying most ignore the truth to win cases, I'm more saying it's really easy for them to get tunnel vision in this system! This is why freely allowing "fishing expeditions" are so evil, and will bring about a much worse system in the end... Please watch the video I posted last, it explains a lot of this too...

RockLobsterMay 23, 2018 12:31 AM

Interesting discussion but I think everyone is failing to see the big picture.

Real time location tracking data will be correlated using AI to create profiles which will be available to third parties.

This means, it will know where you go, who you visit, how long you spent there.
It will know who else was there, thereby recording in your profile if you associate with known felons, drug users, drug dealers.
You could spend time talking with some guy who lives in your neighborhood not knowing he is a known sex offender. AI will know.
All goes in your profile.
It will know who you spent the night with and where.
It already knows who has herpes or HIV or other transmutable diseases from other data gathering sources so it will know if you are now potentially a disease carrier.
It will know who is cheating on their wife or husband how often and in which motel room.
It will know how much time you spend in bars, how often you visit liquor stores.

So who would have access to your profile.
Common sense should say, anyone with the money to pay for it because it is always about the dollar so include potential employers, law enforcemrnt, the media, government agencies etc and of course government agencies with real time location tracking data on political opposition, dissidents, political activists, journalists will undoubtedly mean assassinations and other nefarious covert activities.

gordoMay 26, 2018 10:37 AM

Location is everything.

Mobile Giants: Please Don’t Share the Where
Brian Krebs 22 May 2018

Your mobile phone is giving away your approximate location all day long. This isn’t exactly a secret: It has to share this data with your mobile provider constantly to provide better call quality and to route any emergency 911 calls straight to your location. But now, the major mobile providers in the United States — AT&T, Sprint, T-Mobile and Verizon — are selling this location information to third party companies — in real time — without your consent or a court order, and with apparently zero accountability for how this data will be used, stored, shared or protected.


[. . .]

Consider the damage that organized crime syndicates — human traffickers, drug smugglers and money launderers — could inflict armed with an app that displays the precise location of every uniformed officer from within 300 ft to across the country. All because they just happened to know the cell phone number tied to each law enforcement official.

Maybe you have children or grandchildren who — like many of their peers these days — carry a mobile device at all times for safety and for quick communication with parents or guardians. Now imagine that anyone in the world has the instant capability to track where your kid is at any time of day. All they’d need is your kid’s digits.

Maybe you’re the current or former target of a stalker, jilted ex-spouse, or vengeful co-worker. Perhaps you perform sensitive work for the government. All of the above-mentioned parties and many more are put at heightened personal risk by having their real-time location data exposed to commercial third parties.

https://krebsonsecurity.com/2018/05/mobile-giants-please-dont-share-the-where/

TomABCMay 26, 2018 10:56 AM

I would imagine that there are some savvy thieves that are already using this capability to assure themselves that the home/car/boat owners are absent (or at least their phones are).

gordoMay 26, 2018 1:51 PM

That reminds me of stories of prosecuting attorneys questioning defendants about why the defendant had left their mobile phone at home during the time that they were alleged to have been somewhere else committing a crime.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.