by Larry Magid
Two recent news stories about cell phone location services recently caught my eye. One was a positive development and the other quite negative, until it was at least partially fixed.
The positive story is that Apple’s iOS 12 operating system for iPhone will enable users to “automatically and securely” share their location data with 911 call centers and first responders. The negative story revealed that cell phone carriers were selling real-time customer location information to data brokers who sold that information to law enforcement and others, without necessarily going through those annoying and time consuming formalities such as court orders. In response to the controversy, the major carriers are stopping the practice.
Locations disclosed without consent or court order
In a letter to AT&T president Randall Stephenson, Sen. Ron Wyden (D-OR) said that he “recently learned that Securus Technologies, a major provider of correction facility telephone services, purchases real-time location information from major wireless carriers and provides that information, via a self-service portal, to the government with nothing more than a pinky promise.” Wyden also went after Verizon, T-Mobile and Sprint. So far, Verizon, AT&T and Sprint have announced that they will no longer provide this information to these third parties.
According to Wyden, law enforcement agencies could obtain this data simply by uploading an “official document” to a Securus web portal but said that senior officials from Securus “have confirmed to my office that it never checks the legitimacy of those uploaded documents.”
In addition to these illegitimate sales to law enforcement, there is also the not-so-theoretical risk of hacking. Motherboard reported that a hacker broke into Securus servers and stole “2,800 usernames, email addresses, phone numbers, and hashed passwords and security questions of Securus users, stretching from 2011 up to this year.” And, as Krebs on Security reported last month, LocationSmart, another data aggregator with access to these phone location records, “has been leaking this information to anyone via a buggy component of its Web site — without the need for any password or other form of authentication or authorization.”
Location data can save lives
The positive story about smartphone location data is also important and worth celebrating. Last week, Apple announced that it’s working with emergency technology company RapidSOS to “quickly and securely” share iPhone callers’ location data with 911 centers. Cell phone carriers have long been able to provide some location data to 911 centers even before there were smartphones. But iPhones and Android devices have far more location data than those old flip phones, including what can be gleaned from GPS and WiFi access points. There are also efforts underway to pinpoint specific locations within buildings.
In a press release, Apple said that “Approximately 80 percent of 911 calls today come from mobile devices, but outdated, landline-era infrastructure often makes it difficult for 911 centers to quickly and accurately obtain a mobile caller’s location.” RapidSOS currently offers its RapidSOS Haven Emergency app for both Android and iPhones.
Even if you don’t have a 911-level emergency, there are other reasons to use your mobile device to share location data. One is to let others know when you are likely to arrive at a location, such as a meeting or dinner appointment.