Big Telecom sold highly sensitive customer GPS data commonly used for 911 calls

This is a breaking news piece. You can read our full study here.

About 250 bounty hunters and related businesses had access to AT&T, T-Mobile, and Sprint Customer Locations, according to motherboard documents. The documents also show that the telecommunications companies sold data intended to be used by 911 operators and first responders to computer aggregators who sold it to bounty hunters. The data was in some cases so accurate that a user could be traced to specific locations in a building.

The news not only shows how much the Americans' sensitive location data has been sold through the overlooked and questionable data broker market, but also how the simple access dramatically increased the risk of abuse. The motherboard found that a single company made over 1[ads1]8,000 data placement requests through a data store; other companies made thousands of requests. The full details of the survey are available here.

"This scandal is getting worse. Carriers assured customers that traffic follow-up violations were isolated events. Now, hundreds of people seem to be able to track our phones and they did so for years before anyone on the wireless companies took action," says Oregon Senator Ron Wyden in an email after presentation with the motherboard's findings. "It's more than an oversight – it's blatant, deliberate respect for the safety of Americans."


A screenshot obtained by the motherboard of a phone located via GPS data. The motherboard has blurred and cropped portions of the image to protect individuals' privacy. Image: Motherboard [19659007] Between at least 2012, until it closed in late 2017, a current data vendor named CerCareOne allowed bounty hunters, bail bondsmen and bail agents to find the real-time position of AT&T, T-Mobile and Sprint mobile phones. The company will sometimes charge up to $ 1,100 per phone location, according to a source familiar with the company. Motherboards gave a number of sources in this story anonymity to provide details of a controversial industry practice.

Some of the data available to CerCareOne cuomers included the phone's "assisted GPS" or A-GPS data, according to documents and screenshots of the service performed by two independent sources. A-GPS is a technology used by first respondents to find 911 callers in emergencies. A letter to the Federal Communications Commission from a T-Mobile attorney in 2013 noted that "A-GPS is the reasonable basis for wireless [emergency] 911 location for both indoor and outdoor locations."

"Often, A-GPS provides information about where someone is inside a building ," said Laura Moy, CEO of the Privacy and Technology Center at Georgetown University Law Center, on the motherboard of an email.

Blake Reid, associated with Colorado Law's clinical professor, told the motherboard in an email that "with assisted GPS, your position can be triangulated within a few meters. This allows you to create a detailed overview of where you are traveling." "The only reason why we give carriers access to this information is to ensure that the first respondents can find us in an emergency," Reid added. "If the carriers turn around and use that access to sell information to bounty hunters or anyone, it's a shocking abuse of trust that the audience places in them to protect their privacy while protecting public security."

Both Reid and Moy said this was the first time a telecoms selling A-GPS data they had heard about.

Did you get a tip? You can safely contact this reporter at Signal on +44 20 8133 5190, OTR chat at, or email

A Sprint spokesperson does not respond directly to whether the company has ever sold A-GPS data. When asked if T-Mobile has sold A-GPS data, a motherboard spokesperson said in an email "We have nothing more to add at this stage." AT&T did not respond to a request to clarify whether it sells or has ever sold A-GPS data.

A list of a particular customer's use of the motherboard telephone service provided by motherboards extends for about 450 pages, with more than 18,000 individual phone location requests in just over a year of activity. The Bail bonds firm that started the inquiries that are known in the industry as telephone pings did not respond to questions that asked if they got the consent to find the phones or what the purses were for.

"The scale of this abuse is outrageous," Eva Galperin, cyber security director of the Electronic Frontier Foundation campaign group, told the motherboard in an email.

Subscribe to our new cybersecurity podcast, CYBER.

Source link

Back to top button