The location data of countless U.S. cellphone users was secretly being accessed by hundreds of bounty hunters despite previous claims from mobile providers that such abuses were isolated, Motherboard reports.
Documents from a location data selling company known as CerCareOne, which ceased operations in 2017, have revealed that roughly “250 bounty hunters and related businesses” had access to information from AT&T, T-Mobile, and Sprint customers.
Motherboard’s Joseph Cox notes that just one bail bond firm used CerCareOne’s services over 18,000 times. The company not only had location information derived from cell towers but from “highly sensitive and accurate GPS data” as well.
According to Blake Reid, associate clinical professor at Colorado Law, the GPS data was originally intended to be used only by emergency services in order to locate people who had dialed 911.
“The only reason we grant carriers any access to this information is to make sure that first responders are able to locate us in an emergency,” Reid told Motherboard. “If the carriers are turning around and using that access to sell information to bounty hunters or whomever else, it is a shocking abuse of the trust that the public places in them to safeguard privacy while protecting public safety.”
CerCareOne, which forced its customers to sign agreements to keep their existence secret, would charge as much as $1,100 for an individual’s location.
“The news shows how widely available Americans’ sensitive location data was to bounty hunters,” Cox writes. “This ease-of-access dramatically increased the risk of abuse.”
A bail agent whose name was found among the documents defended the practice, arguing that it specifically targeted fugitives.
“This type [of] information is solely used for and extremely beneficial in locating and tracking wanted fugitives who have jumped bond and are also wanted by law enforcement for absconding from justice,” the bail agent said.
The scale of the secretive location data market has caused concern among lawmakers and privacy advocates alike. Sen. Ron Wyden (D-Ore.), a vocal critic of many tech companies’ data practices, said in a statement to Motherboard the latest discovery proves the issue is far worse than previously believed.
“Carriers assured customers location tracking abuses were isolated incidents. Now it appears that hundreds of people could track our phones, and they were doing it for years before anyone at the wireless companies took action,” Wyden said. “That’s more than an oversight—that’s flagrant, willful disregard for the safety and security of Americans.”
The aforementioned mobile service providers promised last month to stop selling its customers’ location data altogether. AT&T has stated that it was unaware of the alleged abuses by CerCareOne while the company was active.The FCC has stated that it is currently investigating the handling of location information by the major carriers.