A phone service from a company that monitors calls made by inmates can be used to track almost anyone in the United States.
A former sheriff in Mississippi County, Missouri, allegedly used a product from Securus Technologies, a company that provides phone calls to thousands of jails and prisons across the U.S., to surveil other officers without court orders, according to a New York Times report.
The service he employed is capable of tracking almost any phone in the U.S. within seconds from a system typically used by marketers to get location data on potential customers. That information is provided by major mobile carriers like AT&T, T-Mobile, and Verizon.
The accused officer, Cory Hutcheson, allegedly used the service at least 11 times on other law enforcement officials between 2014 and 2017. A judge and state highway patrol members were among those he allegedly tracked. Hutcheson denies the allegation, pleading not guilty in a surveillance case that has raised questions about the privacy of Americans.
A Securus document claims the company gives its clients the ability to track “the location of a suspect’s cell phone, in real time, regardless of whether a call is in process.” The American Civil Liberties Union (ACLU) published a report denouncing Securus and its shady practices. It cites a letter by Sen. Ron Wyden (D-Ore.) to the Federal Communications Commission (FCC) urging the agency to take action against the firm and wireless carriers for their “potentially unlawful action.”
“I ask that the FCC promptly investigate Securus, the wireless carriers’ failure to maintain exclusive control over law enforcement access to their customers’ location data, and also conduct a broad investigation into what demonstration of customer consent, if any, each wireless carrier requires from other companies before the carriers provide them with customer location information and other data,” he wrote.
He argues wireless carriers must take steps to verify law enforcement requests for information and should be the sole source of that exchange. He also says that while the government allows carriers to grant third-parties data about customers, they must receive consent to do so.
These cell phone tracking services aren’t something anyone can buy at their local electronics store, but that doesn’t mean it can’t fall into the wrong hands, as the aforementioned case has already proven. Securus, which has been previously criticized for charging exorbitant fees for prisoner’s calls, told the New York Times that only law enforcement and corrections facilities are given access to location information and customers must obtain a warrant or affidavit to authorize the activity.
But Securus also said that it’s up to law enforcement customers and their councils to ensure the “legal adequacy of supporting documentation.” Rather than verify the information on its end, Securus only requires that clients check a box to verify the documents they’re uploading are official, as pointed out by the ACLU. The customer then puts the cell phone number in of the person they’re searching for and a graphical map of their location pops up within seconds.
Wyden considers these contracts between Securus and the government “nothing more than the legal equivalent of a pinky promise.”
When law enforcement officials obtain the tool, they’re given the ability to track down any cell phone throughout the U.S. with troubling accuracy. Securus provided examples of times when its software was used successfully. In one instance, a woman sentenced to drug rehab left her facility and was later located by an officer using the service. In another, officials found a missing Alzheimer’s patient and were able to get within 42 feet of their location. While these are all best-case scenarios, there isn’t anything preventing a bad actor from mishandling the location finder, raising serious privacy concerns.
The ACLU is urging each party involved to take a stand, especially wireless carriers, which are the primary source of the data.
“Major phone carriers, the FCC, state attorneys general, and individual correctional facilities must take steps to remedy these exploitative practices,” the nonprofit organization wrote.
“If this company is, in fact, doing this with our customers’ data, we will take steps to stop it,” a Verizon spokesman told the Times. T-Mobile said it “would take appropriate action” if needed. AT&T said it would follow “best practices” while Sprint said it only gives customer location information with consent.
The FCC and wireless carriers told the New York Times they were reviewing Wyden’s letter.