It has been discovered that there is a massive flaw in the United States’ Electronic Communications Privacy Act. The Act restricts a mobile phone carrier from sharing a user’s location to the US government, but there is no restriction in place for the carrier to share it with another company.
All of the four major carriers in the US – AT&T, Sprint, T-Mobile, and Verizon, have been providing data – that includes your location – to various companies. This shocking privacy flaw came to light when former sheriff Cory Hutcheson used a service called Serucus between 2014 and 2017. Hutcheson used Securus to track the location of a judge and members of Missouri’s Highway Patrol on 11 separate occasions.
Securus is a service that allows members of law enforcement to facilitate calls made to inmates, however it can also be used to pinpoint the location of almost any cell phone in the US in a matter of seconds. It does this through a company known as LocationSmart. LocationSmart, which is based in California, obtains data from phone carriers and sells this data to companies such as Securus.
The location data LocationSmart obtains is based on the tower information carriers receive. While this process is slower than GPS, as you’re moving between mobile towers, it essentially gives anyone a rough idea where you are at any given time. It takes about 15 seconds to determine someone’s location, and it’s completely legal.
LocationSmart have stated that they only provide this data to companies/individuals who have received “explicit consent” from the party involved before it obtains their location.