The GSM/LTE call protocol may be an even bigger risk
Someone please correct me if I'm wrong, because if this is true (seen on Slashdot, so I don't know) then it may not help much to block cellular companies from selling this info. If I have a cellular modem with an AT&T SIM, apparently I can call any AT&T subscriber and when their phone rings I'll get a packet back indicating the CELLID they are currently using. That would give a ballpark location estimate (within maybe 100m in a city, or a km or two in rural areas) using one of the free sites showing GPS coordinates for a given CELLID.
In a city that's easily enough for a stalker to tell if you are home, at work, at the gym etc. assuming they are spread out a bit. For a jealous spouse to determine you are not where you said you were. For a terrorist/assassin to determine a specific target is at the right location to set off the bomb. Maybe it will take the latter to happen before someone seriously considers the protocol security as a risk?