About a year ago, Motherboard has paid a bounty hunter the amount of $300 in exchange for geolocating a phone. Sure enough, the person came back to the reporters with an approximate location, claiming that the device was in a specific neighborhood in Queens, New York. The target was using a T-Mobile number, and the bounty hunter only used a hacking tool that had no relation to the telecom provider’s own software tools. Of course, the target had no spyware installed on their device, so this could only mean that telcos are not protecting the user’s location data the way they should. Even worse, the FCC has just confirmed that “one or more” of telecommunication firms in the US were straight out selling this data.
The bounty hunter had told Motherboard they could do this with T-Mobile, AT&T, or Sprint, so the choice of the telco would supposedly make no difference. With the latest revelations, the publication reached out to all US carriers for comment. Sprint declined to say anything about the story, while Verizon and AT&T told the journalists to direct their requests to the CTIA. The latter told Motherboard that all carriers who had location data leaking issues have already investigated the cases of misuse, suspended the access of third parties, and already terminated the programs.
As for the FCC statement, this can be summed up to the following: “I wish to inform you that the FCC’s Enforcement Bureau has completed its extensive investigation and that it has concluded that one or more wireless carriers apparently violated federal law.” By “extensive” investigation, the FCC means that they started looking into this matter since 2018 when Senator Ron Wyden alerted them of these programs. As for the violations of the law, the FCC means the violation of the consumers’ privacy rights, and also the endangerment of their safety.
These location data are meant to help the police or rescue teams locate a device when needed, but it looks like carriers were selling them to data brokers too. Motherboard claims to have evidence about rogue sheriff deputies being involved in these schemes too. Obviously, this is a case of blatant data misuse and system abuse, so the FCC is now planning to move forward with hefty fines for the telcos that will be held accountable. Hopefully, the fines will be large enough to put a definitive end on this disrespectful and privacy-invading black market.