back to article US prison telco accused of selling your phone's location to the cops

An American telco that provides costly phone services to prisoners has been accused of harvesting location data on American phone users – and selling it to the police with no oversight. Senator Ron Wyden (D-OR) has asked America's comms watchdog – the Federal Communications Commission – and wireless carriers to investigate how …

  1. arctic_haze Silver badge

    The obligatory Soviet Russia joke

    In Soviet Russia, the track phones you

  2. Alistair Silver badge
    Windows

    "But Senator Wyden, you MUST NOT impede the ability of the prison system operators to make a PROFIT off the slaves uhh, subjects errrrrr income sources oh, right, hehehehe *Crinimals* umm, crominates, dangit, criminals incarcerated therein"

  3. Anonymous Coward
    Anonymous Coward

    Mr Wyden for President!

    Looking at this from a UK point of view, this Senator Wyden fella seems to be a good man to have around. Seems to know his stuff and is for ever throwing good spanners in the works of dubious people. Could do with a few members of the British Parliament of the same calibre. Most don't know a URL from a SSD.

    1. Anonymous Coward
      Anonymous Coward

      Re: Mr Wyden for President!

      I was just thinking the same thing.

      Imagine a President that actually upheld the Constitution.

  4. Sureo

    These are the guys that pass the laws allowing them to snoop on everyone, then get upset when they find out someone else is doing it. /cynic

    1. Jeffrey Nonken Silver badge

      You mean Wyden? No. You're claiming guilt by association. Don't forget that he is not the only person in the legislature. Please don't blame everything wrong with our system on him.

  5. DougS Silver badge

    Simple change to the law will fix it

    Make telcos financially liable at $100 per occurrence for giving out location information (or other private info) without a valid court order. They would fix the process PDQ!

    Of course this won't happen, too many legislators on both sides of the aisle are in the telco's pockets, and if pressed would no doubt come up with some creative excuses as to why such a law was not needed (we don't need more regulation!) or that it would increase consumers cell bills by preventing telcos from making money selling location information to third party marketers.

    We really need European style data protection in the US!

    1. K Silver badge
      Big Brother

      Re: Simple change to the law will fix it

      "We really need European style data protection in the US!"

      It'd be a cold day in hell before that happens - Politicians rely too heavily upon corporate ownership sponsorship. In order to achieve this, the first thing you'd need to do, is massively curtail this and second is place heavy limits on the amount any company or organisation can spend of lobbying.

      Even though some of the lobbying has some potential public interest (Net Neutrality), but all you need to do is examine the tens of millions (possible hundreds) that have been ploughed into both sides of the argument, then also look at the clout organisations such as the NRA have.

      1. DougS Silver badge

        Re: Simple change to the law will fix it

        I don't think it is possible to eliminate lobbying without turning the first amendment into a smoking ruin. Nor do I think that would be a good idea - legislators are not experts on the internet, energy, defense, etc. (maybe one or two fields, but not all) and trying to have them write laws without having experts helping them isn't feasible. AT&T or the NRA spending money to talk to politicians and say "this is what we'd like to see in this new law" is not the problem. Campaign "finance", trips, jobs after they leave congress ("quid pro quo") THAT'S the bad thing, and that's what should lead to long jail time for both ends of the transaction!

        It should certainly be possible (though likely require a constitutional amendment) to 'clarify' the first amendment that money is not speech so campaign finances can be brought under control - no corporate contributions, or contributions from other organizations (unions, non-profits, etc.) Individual US citizens only, with the amounts strictly limited, and political advertising would only be permitted by organizations that make their donors lists and amounts public, along with their charter (i.e. who/what they are advocating for or against)

        I mean, while I'm wishing for stuff that will never happen to go along with the Euro style privacy protection and all...

        1. Anonymous Coward
          Anonymous Coward

          Re: Simple change to the law will fix it

          If you can't eliminate lobbying, because freedom of speech, how about just mandating that documents/transcripts are made publicly available? After all, they're communicating with public representatives, so what possible objection could they have?

          And no, I don't seriously expect that either party to the lobbying would ever allow that to happen.

        2. VanguardG

          Re: Simple change to the law will fix it

          It boggles the mind how "vote in our favor now, and you'll have a cushy job with us when you retire" isn't viewed as precisely that...instead its just "lobbying". Being absolutely ignorant of a thing has in no way ever slowed any politician's attempt to establish control over it. Often their very ignorance is why they are so dogged about regulating it. Most are intelligent people, but they want an "elevator briefing" on complex topics and then attempt to extrapolate, or intrapolate, the rest on the fly. In my personal opinion, the first thing every nation that elects leaders is term limits for EVERYONE. If every poltiican has the same "shelf life", and is banned from holding office at a certain level ever again after a set number of years, their value to the lobbyists is lower. Also, a politician can only raise so much money for a campaign. Everyone can raise a certain dollar amount for the primary election stage, and if the candidate goes to the general election, any money left from the primary phase counts against their budget for the general phase. If they are allowed "x" million, and reach that, they cannot accept any more donations from anybody. Level the playing field and make the jokers show they can actually work within a budget BEFORE they get elected. If some grumble their rights were trampled, they can contribute their money earlier next time. "Soft" money is harder to regulate, but that doesn't mean we can't start fixing what we can while working on a fix for the rest. The system's broken...citizens need to take it back and fix it, because the nimrods in DC like it just the way it is.

          1. strum Silver badge

            Re: Simple change to the law will fix it

            >If every poltiican has the same "shelf life", and is banned from holding office at a certain level ever again after a set number of years, their value to the lobbyists is lower.

            ..and inexperienced pols are much easier to manipulate. When another corporate scam comes round the corner, it may help if there are legislators who have been around this block a few times.

            What's more, a term-limited pol needs a job after that limited term. Who you gonna call?

          2. JohnFen Silver badge

            Re: Simple change to the law will fix it

            "It boggles the mind how "vote in our favor now, and you'll have a cushy job with us when you retire" isn't viewed as precisely that"

            It is clearly and obviously bribery, and is probably the most common form of corruption in our government. I don't care whether or not it's legal. It's wrong, and it's destructive to our nation.

  6. This post has been deleted by its author

  7. Anonymous Coward
    Anonymous Coward

    It's not just the Telcos

    Some phone manufacturers and vendors have modified Android OS's that send out the devices SIM data, IMEI, IP address, device make and model as well as having their own GPS servers that use don't use encryption like this one: "http://xtrapath1.izatcloud.net/xtra3grc.bin" .

    Also, any device that has an app that has the Facebook Places software embedded will gather a lot of location data as well.

    1. JimboSmith Silver badge

      Re: It's not just the Telcos

      Also, any device that has an app that has the Facebook Places software embedded will gather a lot of location data as well.

      Hence why I disable Facebook and any associated apps on my phone.

  8. Anonymous Coward
    Anonymous Coward

    That's all citizens, by the way, not just prisoners

    There is still a distinction?

    1. scrubber

      Re: That's all citizens, by the way, not just prisoners

      The distinction is that one set gets free healthcare and fed daily whereas the other group can die on the street for all the government cares.

  9. MachDiamond Silver badge

    But it found a 3yo child

    Of course the company will trot out a couple of instances where their spying did something good it doesn't absolve them of the far more numerous times it intercepted calls between an inmate and their attorney. What if that led to an appeal in favor of a violent criminal? The US legal system is biased in favor of the accused as precaution against putting people in jail/prison that are not guilty of the crime they are said to have committed. To that end, things such as attorney/client privilege have to be maintained with no appearance of breeches by the court and its officers.

    Any company that blindly takes an official looking request for sensitive information without making any attempt to verify its veracity is negligent. How many movies and books have used the forged document in their story line? So many it's clichè and authors risk getting tossed from the writer's guild for using it.

  10. Frumious Bandersnatch Silver badge

    Oh, Brave New World

    And what people, innit?

    1. ecofeco Silver badge

      Re: Oh, Brave New World

      Indeed. Indeed.

  11. redpawn Silver badge

    Professionals

    are always trustworthy, so no problem.

    1. ecofeco Silver badge

      Re: Professionals

      *snerk*

  12. low_resolution_foxxes

    Your life generally improves when you delete facebook, instagram and Twitter from your phone. Or disable, as it is physically impossible to delete fb on many phones. More time, less stress, you read more books etc. If I really want to see that stuff just open the website. Ghostery helps, an eye opening range of advertising networks unable to stalk you.

    Anyway - is the crux of this story why is a prison requesting geolocation data without due cause/reason/authority. Or that Securus should perform due diligence on incorrect paperwork.

    1. Waseem Alkurdi Silver badge

      Are you sure that the Disable switch is actually wired to something? What about the hidden miners? (Or the spying apps that hide inside other packages, like the OnePlus instance?)

      And you still have Google Play Services. To get rid of that you have to flash a custom ROM. Good luck with that, sir, if you have an obscure headset that has no kernel sources. (Kernel sources? We've heard of those, says manufacturer)

    2. Eeep !

      Erm, have all those apps on my phone and can say that it's not the presence of those apps on your device that's the problem - why do you open them?

      Regularly use Skype/WhatsApp/Instagram to communicate with people on the other side of the world and they improve my life - variety being interesting.

      Want to describe what it was that made you think the apps were the problem?

      And your comments about reading books; strangely know lots of people that complain they read less in this digital time - myself moved to audio books a long time ago (was always a BBC R4 listener) and find it annoying that those people that complain about being short of reading, and when challenged about listening time, haven't a clue about any of the books they have an opinion about - especially when particularly inaccurate.

    3. Someone Else Silver badge

      @low_resolution_foxxes --

      Or that Securus should perform due diligence on incorrect paperwork.

      What? And require the poor, over-stressed American Corporation to hire someone to keep up paperwork?!? Shirley, you jest!

  13. handleoclast

    Nuke them from orbit

    Twice. Just to be sure.

    1. ecofeco Silver badge

      Re: Nuke them from orbit

      My mommy always said there were no monsters, no real ones. But there are.

  14. John Smith 19 Gold badge
    Unhappy

    So yet another "revenue stream" for corrections officers

    Takes $x100

    Print up "authorization" on home printer.

    Present to these guys.

    Data in hands of "client" by end of the day.

    The US self financing prison system.

  15. M. Poolman

    That's all citizens, by the way, not just prisoners.

    Shurely you'd kinda hope that you don't need cell phone location data to know where the prisoners are.

    (There's going to be a jail break, somewhere in this town)

    1. ecofeco Silver badge

      Re: That's all citizens, by the way, not just prisoners.

      I AM NOT A NUMBER!

  16. John Savard Silver badge

    It's quite true that the quoted statement:

    “Securus requires documentation and reasonably relies on the professionalism and integrity of our law enforcement customers and their counsel. Securus is neither a judge nor a district attorney, and the responsibility of ensuring the legal adequacy of supporting documentation lies with our law enforcement customers and their counsel.”

    sounds pretty strange.

    As a company that has access to confidential data, they are responsible for the privacy of everyone using the mobile telephone system. So one would think they would be responsible if they released this data without taking adequate precautions against improper release.

    However, the law as it stands in the U.S. may not place an absolute onus on them, and voluntary cooperation with the police, without requiring a court order, is certainly not criminalized for data that a firm holds itself.

    Functioning as a back door to data about users of other telephone providers, though, is an invitation to abuse, especially when a firm is known for being less questioning of requests from law enforcement sources than others.

    Hopefully, the firm at least keeps careful records of every such request that it receives, so that any improper requests can be tracked by the relevant authorities? That would seem to be a minimal step to take in order to ensure that the responsibility does lie with the requestor and not them.

    But even if no one at Securus is jailed for violating privacy, a possible consequence, if they're not complying with standards expected by other telephone carriers for the handling of the data to which they have access as a telephone carrier themselves... could be being unplugged from the telephone network, and thus losing their business. I mean, I presume they had to sign something to become a telephone carrier.

    1. Paul Hovnanian Silver badge

      "As a company that has access to confidential data, they are responsible for the privacy of everyone using the mobile telephone system."

      Except that late in the last century, we (in the USA) lost ownership of our calling metadata. Thanks to one of those telecom bills, it belongs to the phone company. And IIRC, that was tested in court. And we (the public) lost.

      From TFA: "This practice skirts wires carriers’ legal obligation to be the sole conduit by which the government conducts surveillance...".

      But that is a restriction on the behavior of government, not the carriers or their customers (Securus, for example). Law enforcement might be obliged to serve warrants directly to AT&T or Verizon for _THEIR_ data. But there is nothing stopping these telecoms from selling _THEIR_ property to third parties. It's up to our government (police, department of corrections, etc.) to abide by the law and our Constitution (specifically the Fourth Amendment). But given their recent actions surrounding commercially available genealogical DNA data, That's a tempting cookie jar on an easy to reach shelf. Undoubtedly, law enforcement will argue that their recent solution to the Golden State Killer justifies unrestricted access. But the question remains as to whether police can use front companies to accumulate evidence against a person without a warrant.

  17. GrimGlimmer351

    Wyden for President

    I'm so proud Senator Wyden comes from my great State of Oregon.

    From defending the 1st amendment from FOSTA to protecting the 4th Amendment intrusive police state assholes like this.

    Prosecutors, police and legislators regularly make a mockery of our Constitution and behave as if the Bill of Rights is there to protect them from the people. Wyden from President 2020.

  18. Anonymous Coward
    Anonymous Coward

    Don't be a mug

    You're a bigger mug if you think that your data isn' being constantly collected, monitored and sold. No element of your digital fingerprint is private.

  19. Anonymous Coward
    Anonymous Coward

    To get my job, I had to submit my identity documents and employment history. These documents were checked for authenticity before the contract could be commenced. Why should this be any different?

  20. JohnFen Silver badge

    Best practices?

    "We have a best practices approach to handling our customers’ data."

    And after reading their explanation, it's clear that their "best practices" are absolutely terrible.

    Tower location data should not be made available to anybody for any reason in the absence of a court order. Period.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019