Wireless Carrier Abuse Of Location Data Makes The Facebook, Cambridge Scandal Look Like Amateur Hour

from the we-need-outrage-symmetry dept

As we've noted a few times now, however bad the recent Facebook and Cambridge Analytica scandal was, the nation's broadband providers have routinely been engaged in much worse behavior for decades. Yes, the Cambridge and Facebook scandal was bad (especially Facebook threatening to sue news outlets that exposed it), but the behavior they were engaging in is the norm, not the exception. And watching people quit Facebook while still using a stock cellphone (which lets carriers track your every online whim and offline movement) was arguably comedic.

As the recent Securus and LocationSmart scandal highlights, wireless carriers pretty routinely sell your location data to a laundry list of companies, governments, and organizations with only fleeting oversight. And while some lawmakers are pressuring the FCC to more closely investigate the scandal (which resulted in the exposure of wireless location data of some 200 million users in the U.S. and Canada), few expect the same FCC that just killed net neutrality to actually do anything about it.

When the previous FCC tried to pass some pretty modest privacy protections last year requiring that ISPs be more transparent about all of this, ISPs quickly took advantage of a cash-compromised Congress to scuttle those protections before they could even take effect:

This collective apathy to routine telecom sector privacy abuses has been going on for decades. You might recall that multiple ISPs were accused years ago of collecting and selling consumer clickstream data. When they were pressed for details, many simply either denied doing it or refused to respond. As more sophisticated network gear like deep-packet inspection emerged, ISPs began tracking and selling your online browsing habits down to the millisecond, some even charging users extra if they wanted to protect their own privacy.

But things got immeasurably more profitable once wireless carriers began tracking user location data, which they now sell to everyone from urban planners to government agencies. Companies like Verizon Wireless were subsequently caught covertly modifying wireless user data packets to track users around the internet without telling them. It took security researchers two years to even discover this was happening and another six months of public shame before Verizon even provided an opt out option (a more powerful version of the tech is now being used by Verizon's Oath advertising brand).

And yet even in the wake of the LocationSmart fracas, which literally exposed the private data of nearly everybody in America, we're still somehow only seeing a fraction of the media, regulatory or public outrage we saw during the Facebook and Cambridge kerfuffle:

"You might think that the major wireless carriers would be facing intense pressure to account for their lax handling of customers’ data. You might think the story would be all over newspapers’ front pages and cable news. You might think their CEOs would be hounded by the media, as Facebook’s Mark Zuckerberg was after the Cambridge Analytica story broke. You might think they’d be dragooned into testifying before Congress.

You might think that, if you expected a reaction commensurate to the one that accompanied the Cambridge Analytica revelations. And it’s conceivable that it will still happen. But so far, there has been none of that."

It remains odd that the press and public still don't realize how deep this particular rabbit hole goes. And whereas the Cambridge scandal made headlines for months, the location data scandal has barely registered a fraction of the collective outrage in media coverage or in DC. Meanwhile, wireless carriers are effectively refusing to even acknowledge they work with companies like LocationSmart, and there's little to no indication accountability is heading their direction anytime soon.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Ninja (profile), 25 May 2018 @ 4:48am

    I'm still waiting a Facebook/Cambrige Analitica-like outrage and backlash.

    I don't think people understand what's going on.

    reply to this | link to this | view in chronology ]

  • identicon
    I.T. Guy, 25 May 2018 @ 6:30am

    People love their stupid little phones more than their privacy.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 May 2018 @ 6:45am

    Perfect for turn key spy operations!

    If a government wants to spy on US citizens, all they need to do is set up some companies here, buy access and wait for enough data to flow through. After half a decade or so, you will be able to identify cover identities versus real ones with a great deal of confidence.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 May 2018 @ 7:32am

      Re: Perfect for turn key spy operations!

      It might be quicker. This is very revealing data.

      If you want attention, buy the data and figure out who senators and congresspeople are meeting with.

      reply to this | link to this | view in chronology ]

  • identicon
    BroD, 25 May 2018 @ 6:56am

    Bingo

    "I don't think people understand what's going on."
    Of course not: this stuff is way too deep in the weeds for 98% of users (myself included.)

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 May 2018 @ 7:29am

      Re: Bingo

      Relax -- your local/state/federal government officials well understand all this technical stuff and are protecting you 24/7 !

      What do ya think you pay all those taxes for ?

      reply to this | link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 25 May 2018 @ 7:29am

    It is a pity that before this broke a smart reporter didn't pull the data for Congress-members.

    They tend to ignore things until it effects them & opening with lists of where some of them have been might have gotten much faster results. (Of course they probably would have just added protections for themselves & leave the rest of us screwed)

    reply to this | link to this | view in chronology ]

    • identicon
      until it effects them, 25 May 2018 @ 7:37am

      Re:

      ? ... you don't trust Congress -- they tirelessly protect us from anarchy and free markets/competition in telecommunications

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 May 2018 @ 7:33am

    "Stock cellphone"

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 May 2018 @ 7:35am

    Stock cellphones

    And watching people quit Facebook while still using a stock cellphone (which lets carriers track your every online whim and offline movement) was arguably comedic.

    Why does it matter whether people are using a stock cellphone? Are there non-stock ones that can prevent this? My understanding is that it's cell-site data, meaning any phone connected to the network can be tracked—IOW, you'd have to have a wifi-only "phone" to avoid it.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 May 2018 @ 8:25am

      Re: Stock cellphones

      Oh, idk - you read that story about malware pre installed for your convenience?

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 25 May 2018 @ 8:35am

        Re: Re: Stock cellphones

        Yeah, more than one. Carriers are tracking "every offline movement" without that. Maybe not "every online whim", but unless you're using Orbot or a VPN they'll see every unencrypted online whim and every encrypted site address (but not content) you connect to.

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 May 2018 @ 9:58am

      Re: Stock cellphones

      Even then, I'm sure the ISP can get this type of info and turn around to sell it anyway.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 25 May 2018 @ 10:51am

        Re: Re: Stock cellphones

        Do you mean an ISP would track a wifi device is it moves between access points served by that ISP? It's plausible. If you randomize your MAC address and use a VPN it will be difficult.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 May 2018 @ 8:39am

    Here they come, yo

    Since 911, it was because: terrorism
    After the rapture it will be because: control
    Revelation 13:16-18.

    reply to this | link to this | view in chronology ]

  • icon
    Madd the Sane (profile), 25 May 2018 @ 9:40am

    Well, of course

    Of course they Facebook scandal got more media attention: the big ISPs put pressure on their news corporations to comment on it until the public got sick of it. Conversely, the ISPs are telling their news corps. to be quiet about their own privacy leaks.

    Doesn't Comcast own at least a few news organizations?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 May 2018 @ 10:23am

    I'm waiting for the first headline murder to occur where the gunman located the victim through cellular/GPS tracking. Maybe that's what it will take before the cellular carriers start respecting customer privacy.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 May 2018 @ 12:06pm

    The reason we saw backlash against CA wasn't because they were collecting this data, it's because they were proven to have been using it to manipulate public narrative.

    So far, there's been no proof that the telcos or the orgs they sold location data to have been using the data to overtly manipulate public discourse.

    Once that proof arrives (and there's no question that SOMEBODY is using the data in such a manner), we'll see the public uproar, but not before.

    We've seen this over and over again. The public knew that the NSA was collecting private data, but it took Snowden demonstrating not only what was collected but how it was proposed to be used before people got upset. Same has happened over and over again: people don't connect the dots when PII is collected; they definitely do when they're shown what it is to be used for.

    reply to this | link to this | view in chronology ]

  • icon
    Richard Bennett (profile), 25 May 2018 @ 1:37pm

    Today's Big Lie

    Here's the Bode of the day: "As the recent Securus and LocationSmart scandal highlights, wireless carriers pretty routinely sell your location data to a laundry list of companies, governments, and organizations with only fleeting oversight."

    Nope. Cell carriers sell location data on individual users only to companies who serve it up to law enforcement pursuant to warrants. Yes, the LocationSmart web site had a bug in it, but to jump from a bug to a full-blown conspiracy is the kind of thing only a troll would do.

    Try again, Karl.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 May 2018 @ 2:52pm

      Re: Today's Big Lie

      And you see nothing wrong in that data being sold in the first place, and that is the real problem.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 May 2018 @ 3:10pm

      Re: Today's Big Lie

      "Yes, the LocationSmart web site had a bug in it"

      Is that what you call it, Dicky McDickface?

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 May 2018 @ 8:05pm

      Re: Today's Big Lie

      Cell carriers sell location data on individual users only to companies who serve it up to law enforcement pursuant to warrants.

      Are seriously this retarded or are you just going for broke now since I've completely and totally demolished you and your lies in every single one of your comments? Can't take the heat so you're just going to lie about everything and hope something sticks?

      Your assertion is literally and patently false, and an obvious and deliberate lie. It was verified that anyone could go on the site, request a demo, and instantly find the location of any random cell phone. Not only that, the bug in the site wasn't that you could do this, it was that you could even bypass the demo and documentation submission requirement and use it as many times as you wanted to for free. This was verified by multiple independent security researchers and journalists. The only way this could have occurred is if they had access to the entirety of carriers' location data, which they even admitted to.

      From a cached press release from LocationSmart:

      LocationSmart has direct connections to all major wireless carriers providing near-complete coverage for US subscribers.

      LocationSmart enables enterprises to reach more than 15 billion devices worldwide through its cross-carrier mobile network location, Cell ID, Wi-Fi and IP geolocation databases

      Huh, direct access to databases. Look at that. Who's the liar now?

      but to jump from a bug to a full-blown conspiracy is the kind of thing only a troll would do.

      To deliberately lie about publicly available and verified facts is something only an industry paid shill would do.

      Try again Richard.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 25 May 2018 @ 8:11pm

        Re: Re: Today's Big Lie

        The extent Dick is going to in order to justify the "totally real" comments made by senators in favor of the net neutrality repeal is hilarious. "Google bad, but you should like totes trust me with all your data, and anybody else who asks for it."

        It'd almost be funny if it wasn't skullfuckingly dumb.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 25 May 2018 @ 8:43pm

          Re: Re: Re: Today's Big Lie

          What I don't understand is why would you lie about something that can be proven false so easily. I mean, even the company itself admitted it royally screwed up.

          How desperate or delusional do you have to be to think that telling that big and obvious of a lie is going to fool anyone?

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 26 May 2018 @ 4:51am

            Re: Re: Re: Re: Today's Big Lie

            He's the guy who wants Ajit to, and I quote, "put a "Pai" in my oven". The only truth Dick believes in is whatever Pai has shoved in his rectum.

            Granted, the comment wasn't signed in. But Dick believes that fake names don't matter, only the ideas do. What's good for the goose...

            reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 May 2018 @ 2:00pm

    Are you going to write about the Democrats shipping all that data to Qatar and hiring Islamists from MPAC and SAAR to program the "abuse" filters shared on all of the big tech and media websites, or is that still not a story because some gamers may or may not have harassed a couple of women for being stupid?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 May 2018 @ 2:00pm

    Umm, NO, Facebook and GOOGLE still plenty bad!

    This is the tried and true "I'm your buddy, and that criminal over there is the one you should worry about".

    Facebook and Google only collect 80 percent or so of advertising revenue, and control similar amount of search. This assertion that Facebook is minor is a flat lie.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 May 2018 @ 3:12pm

      Re: Umm, NO, Facebook and GOOGLE still plenty bad!

      Yes, let us not lose sight of FB & Goog. Do not ever think about anything else.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 May 2018 @ 8:07pm

      Re: Umm, NO, Facebook and GOOGLE still plenty bad!

      So you're ok with carriers selling your real-time location data to companies who then turn around and give the entire public access to your exact location at any moment in time? Because "facebook and google bad!".

      You're an idiot.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 May 2018 @ 7:33pm

    How many news organisations are wholly or partly owned by the ISPs? That might give you a clue at the lack of outrage.

    reply to this | link to this | view in chronology ]

  • identicon
    Wobbygong, 28 May 2018 @ 7:42pm

    enter without so much as knocking

    If anyone wants a fictional correspondence to this, Iain M Banks' Consider Phlebas, last chapter/s, where the Culture Minds conquer the Idirans by taking over their (non-sentient) computer systems and raising them to sentience. With all the flaws visible in US infosecurity - and much of it by design - nobody needs to fight a war to bring the US to its knees, maugre the billions wasted on the Pentagon.

    All they need to do is wait.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.