Wireless Carrier Abuse Of Location Data Makes The Facebook, Cambridge Scandal Look Like Amateur Hour
from the we-need-outrage-symmetry dept
As we’ve noted a few times now, however bad the recent Facebook and Cambridge Analytica scandal was, the nation’s broadband providers have routinely been engaged in much worse behavior for decades. Yes, the Cambridge and Facebook scandal was bad (especially Facebook threatening to sue news outlets that exposed it), but the behavior they were engaging in is the norm, not the exception. And watching people quit Facebook while still using a stock cellphone (which lets carriers track your every online whim and offline movement) was arguably comedic.
As the recent Securus and LocationSmart scandal highlights, wireless carriers pretty routinely sell your location data to a laundry list of companies, governments, and organizations with only fleeting oversight. And while some lawmakers are pressuring the FCC to more closely investigate the scandal (which resulted in the exposure of wireless location data of some 200 million users in the U.S. and Canada), few expect the same FCC that just killed net neutrality to actually do anything about it.
When the previous FCC tried to pass some pretty modest privacy protections last year requiring that ISPs be more transparent about all of this, ISPs quickly took advantage of a cash-compromised Congress to scuttle those protections before they could even take effect:
Sorry to beat a dead horse, but @FCC's 2016 broadband #privacy rules would have required opt-in consent from customers 2 share cell phone location information. This Congress REPEALED those rules, w. all Senate Rs & all but 15 House Rs voting 4 repeal. https://t.co/LbawV3d5up
— Gigi Sohn (@gigibsohn) May 22, 2018
This collective apathy to routine telecom sector privacy abuses has been going on for decades. You might recall that multiple ISPs were accused years ago of collecting and selling consumer clickstream data. When they were pressed for details, many simply either denied doing it or refused to respond. As more sophisticated network gear like deep-packet inspection emerged, ISPs began tracking and selling your online browsing habits down to the millisecond, some even charging users extra if they wanted to protect their own privacy.
But things got immeasurably more profitable once wireless carriers began tracking user location data, which they now sell to everyone from urban planners to government agencies. Companies like Verizon Wireless were subsequently caught covertly modifying wireless user data packets to track users around the internet without telling them. It took security researchers two years to even discover this was happening and another six months of public shame before Verizon even provided an opt out option (a more powerful version of the tech is now being used by Verizon’s Oath advertising brand).
And yet even in the wake of the LocationSmart fracas, which literally exposed the private data of nearly everybody in America, we’re still somehow only seeing a fraction of the media, regulatory or public outrage we saw during the Facebook and Cambridge kerfuffle:
“You might think that the major wireless carriers would be facing intense pressure to account for their lax handling of customers? data. You might think the story would be all over newspapers? front pages and cable news. You might think their CEOs would be hounded by the media, as Facebook?s Mark Zuckerberg was after the Cambridge Analytica story broke. You might think they?d be dragooned into testifying before Congress.
You might think that, if you expected a reaction commensurate to the one that accompanied the Cambridge Analytica revelations. And it?s conceivable that it will still happen. But so far, there has been none of that.”
It remains odd that the press and public still don’t realize how deep this particular rabbit hole goes. And whereas the Cambridge scandal made headlines for months, the location data scandal has barely registered a fraction of the collective outrage in media coverage or in DC. Meanwhile, wireless carriers are effectively refusing to even acknowledge they work with companies like LocationSmart, and there’s little to no indication accountability is heading their direction anytime soon.
Filed Under: location data, privacy, wireless carriers
Companies: cambridge analytica, facebook, locationsmart, securus
Comments on “Wireless Carrier Abuse Of Location Data Makes The Facebook, Cambridge Scandal Look Like Amateur Hour”
I’m still waiting a Facebook/Cambrige Analitica-like outrage and backlash.
I don’t think people understand what’s going on.
People love their stupid little phones more than their privacy.
Perfect for turn key spy operations!
If a government wants to spy on US citizens, all they need to do is set up some companies here, buy access and wait for enough data to flow through. After half a decade or so, you will be able to identify cover identities versus real ones with a great deal of confidence.
Re: Perfect for turn key spy operations!
It might be quicker. This is very revealing data.
If you want attention, buy the data and figure out who senators and congresspeople are meeting with.
“I don’t think people understand what’s going on.”
Of course not: this stuff is way too deep in the weeds for 98% of users (myself included.)
Relax — your local/state/federal government officials well understand all this technical stuff and are protecting you 24/7 !
What do ya think you pay all those taxes for ?
It is a pity that before this broke a smart reporter didn’t pull the data for Congress-members.
They tend to ignore things until it effects them & opening with lists of where some of them have been might have gotten much faster results. (Of course they probably would have just added protections for themselves & leave the rest of us screwed)
? … you don’t trust Congress — they tirelessly protect us from anarchy and free markets/competition in telecommunications
Why does it matter whether people are using a stock cellphone? Are there non-stock ones that can prevent this? My understanding is that it’s cell-site data, meaning any phone connected to the network can be tracked—IOW, you’d have to have a wifi-only "phone" to avoid it.
Re: Stock cellphones
Oh, idk – you read that story about malware pre installed for your convenience?
Re: Re: Stock cellphones
Yeah, more than one. Carriers are tracking "every offline movement" without that. Maybe not "every online whim", but unless you’re using Orbot or a VPN they’ll see every unencrypted online whim and every encrypted site address (but not content) you connect to.
Re: Stock cellphones
Even then, I’m sure the ISP can get this type of info and turn around to sell it anyway.
Re: Re: Stock cellphones
Do you mean an ISP would track a wifi device is it moves between access points served by that ISP? It’s plausible. If you randomize your MAC address and use a VPN it will be difficult.
Here they come, yo
Since 911, it was because: terrorism
After the rapture it will be because: control
Re: Here they come, yo
Wait – I thought the bible thumpers would all be raptured.
Well, of course
Of course they Facebook scandal got more media attention: the big ISPs put pressure on their news corporations to comment on it until the public got sick of it. Conversely, the ISPs are telling their news corps. to be quiet about their own privacy leaks.
Doesn’t Comcast own at least a few news organizations?
I’m waiting for the first headline murder to occur where the gunman located the victim through cellular/GPS tracking. Maybe that’s what it will take before the cellular carriers start respecting customer privacy.
Even then, I’m not sure…
Does it count if the murderer is a cop responding to an E911 call?
Re: Re: Re:
No, because cellphones look just like guns (even long before they actually did) and cops have a right to neutralize anyone that makes them feel unsafe.
The reason we saw backlash against CA wasn’t because they were collecting this data, it’s because they were proven to have been using it to manipulate public narrative.
So far, there’s been no proof that the telcos or the orgs they sold location data to have been using the data to overtly manipulate public discourse.
Once that proof arrives (and there’s no question that SOMEBODY is using the data in such a manner), we’ll see the public uproar, but not before.
We’ve seen this over and over again. The public knew that the NSA was collecting private data, but it took Snowden demonstrating not only what was collected but how it was proposed to be used before people got upset. Same has happened over and over again: people don’t connect the dots when PII is collected; they definitely do when they’re shown what it is to be used for.
Today's Big Lie
Here’s the Bode of the day: “As the recent Securus and LocationSmart scandal highlights, wireless carriers pretty routinely sell your location data to a laundry list of companies, governments, and organizations with only fleeting oversight.”
Nope. Cell carriers sell location data on individual users only to companies who serve it up to law enforcement pursuant to warrants. Yes, the LocationSmart web site had a bug in it, but to jump from a bug to a full-blown conspiracy is the kind of thing only a troll would do.
Try again, Karl.
Re: Today's Big Lie
And you see nothing wrong in that data being sold in the first place, and that is the real problem.
Re: Today's Big Lie
“Yes, the LocationSmart web site had a bug in it”
Is that what you call it, Dicky McDickface?
Re: Today's Big Lie
Are seriously this retarded or are you just going for broke now since I’ve completely and totally demolished you and your lies in every single one of your comments? Can’t take the heat so you’re just going to lie about everything and hope something sticks?
Your assertion is literally and patently false, and an obvious and deliberate lie. It was verified that anyone could go on the site, request a demo, and instantly find the location of any random cell phone. Not only that, the bug in the site wasn’t that you could do this, it was that you could even bypass the demo and documentation submission requirement and use it as many times as you wanted to for free. This was verified by multiple independent security researchers and journalists. The only way this could have occurred is if they had access to the entirety of carriers’ location data, which they even admitted to.
From a cached press release from LocationSmart:
Huh, direct access to databases. Look at that. Who’s the liar now?
To deliberately lie about publicly available and verified facts is something only an industry paid shill would do.
Try again Richard.
Re: Re: Today's Big Lie
The extent Dick is going to in order to justify the “totally real” comments made by senators in favor of the net neutrality repeal is hilarious. “Google bad, but you should like totes trust me with all your data, and anybody else who asks for it.”
It’d almost be funny if it wasn’t skullfuckingly dumb.
Re: Re: Re: Today's Big Lie
What I don’t understand is why would you lie about something that can be proven false so easily. I mean, even the company itself admitted it royally screwed up.
How desperate or delusional do you have to be to think that telling that big and obvious of a lie is going to fool anyone?
Re: Re: Re:2 Today's Big Lie
He’s the guy who wants Ajit to, and I quote, “put a “Pai” in my oven”. The only truth Dick believes in is whatever Pai has shoved in his rectum.
Granted, the comment wasn’t signed in. But Dick believes that fake names don’t matter, only the ideas do. What’s good for the goose…
Are you going to write about the Democrats shipping all that data to Qatar and hiring Islamists from MPAC and SAAR to program the “abuse” filters shared on all of the big tech and media websites, or is that still not a story because some gamers may or may not have harassed a couple of women for being stupid?
What about her emails?
Because this things are “news” only in your special universe.
Umm, NO, Facebook and GOOGLE still plenty bad!
This is the tried and true “I’m your buddy, and that criminal over there is the one you should worry about”.
Facebook and Google only collect 80 percent or so of advertising revenue, and control similar amount of search. This assertion that Facebook is minor is a flat lie.
Re: Umm, NO, Facebook and GOOGLE still plenty bad!
Yes, let us not lose sight of FB & Goog. Do not ever think about anything else.
Re: Umm, NO, Facebook and GOOGLE still plenty bad!
So you’re ok with carriers selling your real-time location data to companies who then turn around and give the entire public access to your exact location at any moment in time? Because “facebook and google bad!”.
You’re an idiot.
How many news organisations are wholly or partly owned by the ISPs? That might give you a clue at the lack of outrage.
enter without so much as knocking
If anyone wants a fictional correspondence to this, Iain M Banks’ Consider Phlebas, last chapter/s, where the Culture Minds conquer the Idirans by taking over their (non-sentient) computer systems and raising them to sentience. With all the flaws visible in US infosecurity – and much of it by design – nobody needs to fight a war to bring the US to its knees, maugre the billions wasted on the Pentagon.
All they need to do is wait.