Do you know that mobile carriers in the U.S. can offer real-time location data of any desired person to marketing companies for a fee? How can location data which cannot be obtained even by law enforcement agencies if they do not possess ‘warrants’ for the concerned individual be sold so easily by the mobile carriers?
They can and it is being done by taking advantage of a loophole present in the Federal Privacy law. This was the way by which an unknown company named Securus was selling location data in real time to the cops without checking for the presence of a warrant. It came to light that Securus was a client of LocationSmart, one of those marketing companies who was obtaining the data from the country’s leading mobile carriers. The existence of contracts between LocationSmart and the biggest American cellular carriers such as Sprint, Verizon, AT&T and T-Mobile gave it access to the location data in a matter of few seconds.
The website of the marketing company offered a demo service option which showed how this was possible without payment of any charge. You could test the service using your own cell number; the demo gave the data only after obtaining permission from the concerned cell number. Unfortunately, this service had no security checks for avoiding unauthorized queries from taking place. This was realized when Robert Xiao, a security researcher at CMU’s Human-Computer Interaction Institute investigated this service a little more in depth.
Through his efforts, he learned that the service offered by LocationSmart could be effectively utilized to track the direction of an individual’s movements. All that had to be done was to ring up the mobile network of the individual a number of times over a range of time-period and insert the location points into Google Maps and lo! The directional movements of the individual can be easily traced.
Isn’t this fact something to mull upon? Incidentally, LocationSmart has closed down its demo portal.