Last year, four of the largest U.S. cell carriers were caught selling and sending real-time location data of their customers to shady companies that sold it on to big spenders, who would use the data to track anyone “within seconds” for whatever reason they wanted.
At first, little-known company LocationSmart was obtaining (and leaking) real-time location data from AT&T, Verizon, T-Mobile and Sprint and selling access through another company, 3Cinteractive, to Securus, a prison technology company, which tracked phone owners without asking for their permission. This game of telephone with people’s private information was discovered, and the cell carriers, facing heavy rebuke from Sen. Ron Wyden, a privacy-minded lawmaker, buckled under the public pressure and said they’d stop selling and sharing customers’ locations.
And that would’ve been that — until it wasn’t.
Now, new reporting by Motherboard shows that while LocationSmart faced the brunt of the criticism, few focused on the other big player in the location-tracking business, Zumigo. A payment of $300 and a phone number was enough for a bounty hunter to track down the participating reporter by obtaining his location using Zumigo’s location data, which was continuing to pay for access from most of the carriers.
Worse, Zumigo sold that data on — like LocationSmart did with Securus — to other companies, like Microbilt, a Georgia-based credit reporting company, which in turn sells that data on to other firms that want that data. In this case, it was a bail bond company, whose bounty hunter was paid by Motherboard to track down the reporter — with his permission.
Everyone seemed to drop the ball. Microbilt said the bounty hunter shouldn’t have used the location data to track the Motherboard reporter. Zumigo said it didn’t mind location data ending up in the hands of the bounty hunter, but still cut Microbilt’s access.
But nobody quite dropped the ball like the carriers, which said they would not to share location data again.
T-Mobile, at the center of the latest location-selling revelations for passing the reporter’s location to the bounty hunter, said last year in the midst of the Securus scandal that it “reviewed” its real-time location data sharing program and found appropriate controls in place. To appease even the skeptical, T-Mobile chief executive John Legere tweeted at the time that he “personally evaluated the issue” and promised that the company “will not sell customer location data to shady middlemen.”
It’s hard to see how that isn’t, in hindsight, a downright lie.
This time around, T-Mobile said it…