Evidence has emerged that US police are using a system that lets them geo-locate just about any phone in the country and it is now thought that some cops may be using that system without appropriate warrants to do so.
In the US, police have access to a system developed by a firm called Securus Technologies. That system can be used to locate cell phones during the course of investigations. The Securus system can only legitimately be used by the authorities to “ping” a phone’s location once a warrant has been obtained; however, it is now feared that the system may have been abused.
The evidence first started mounting last year, when a Missouri deputy was accused of using a specialist system to illegally triangulate cell phone locations. Cory Hutcheson allegedly accessed the Securus system “for the unlawful purpose of spying on Plaintiffs for his own personal gain".
Holes in the system
Securus allows cops to ping cell phone locations in real time by exploiting infrastructure normally used by marketing firms to access location data provided by major cell phone carriers like Sprint, Verizon, and AT&T.
According to the allegations, Hutcheson used the system 11 times between 2014 and 2017 to discover the location not only of members of the general public - but also of a judge and a member of the state patrol.
Unfortunately, although warrants are necessary to access the phone tracking system, it would appear that Securus has not been thoroughly scrutinizing requests and, as a result, Hutcheson was able to abuse the system.
In a statement made last Thursday, Securus said that it requires “customers” [police officers and correctional officials] to upload the proper documentation - a warrant or affidavit - before processing a request. According to Senator Ron Wyden (Oregon), however, Securus has admitted that it does not “conduct any review of surveillance requests”.
Formal FCC complaint
Wyden has now written a formal complaint to the Federal Communications Commission. In the letter, Wyden states that “wireless carriers have an obligation to take affirmative steps to verify law enforcement requests.” He comments that Securus being able to provide the service at all is evidence that cell phone carriers do “not sufficiently control access to customers’ private information.” In his opinion, the system is severely encroaching on US citizens’ right to privacy.
A security researcher called Tobias Engel told Motherboard he believes US mobile carriers are selling out their customers. Both Engel and Wyden feel that telecoms firms are not getting proper permission from consumers before passing location data on to third parties. Engel has stated that:
“LE [law enforcement] is piggybacking onto this ‘commercial’ option which seems to have a much lower entry barrier than if they requested this kind of access from the carriers themselves.”
This is unsurprising and is a stark reminder that US ISPs, which were last year given permission to sell web browsing histories to third parties, are likely selling data to US surveillance agencies (allowing them to snoop on US citizens without scrutiny). Sadly, these kinds of loopholes are highly prized by US authorities - as is explained in Jennifer Granick’s excellent book American Spies.
It is not just in the US that mobile location data is being unjustly used by authorities to invade people’s privacy.
In Denmark, courts last year decided that mandatory tracking of citizens that allows “every movement in physical space” to be “registered and stored” for 12 months is legal. In the UK, a top British judge has recently gone public with his belief that one day it might be a legal requirement for UK residents to carry their phones with them at all times.
In a speech to the Law Society, Sir Geoffrey Vos QC, Chancellor of the High Court, said that a continuous record of individual's movements would be a great benefit to the police,
“Most people carry their smartphones on their person at all times with their GPS location switched on. They do this voluntarily, but if the legislators were, for example, to require citizens to carry phones at all times, it would be even more difficult to avoid detection.”
With opinions like these and technology like Securus, it is no wonder that alarm bells are ringing. Even in nations generally thought to be good for privacy like the Netherlands, multiple complaints have been made about smart sensors scanning phones for Mac numbers in order to track people as they move around Dutch cities.
And it is not just law enforcement that are using cell phones to track people. The Australian Competition and Consumer Commission (ACCC) is currently investigating Google over allegations that it is secretly using Australians’ phone plan data to covertly track their locations.
According to the computer software firm Oracle, Google is amassing around one gigabyte of mobile data each month from Australian Android accounts. In the US, there is evidence that Google location data is also being exploited by the authorities, adding another worrying complexity to the issue.
In at least four cases last year, police officers in Raleigh, North Carolina, used search warrants to demand data from Google accounts - not for specific suspects - but relating to any mobile device that happened to come close to the scene of a crime. Let that sink in.
Opinions are the writers own.
Title image credit: dennizn/Shuttestock.com
Image credits: Leonard Zhukovsky/Shutterstock.com, vchal/Shutterstock.com, josefkubes/Shutterstock.com, achinthamb/Shutterstock.com