Cellphone location data from T-Mobile, AT&T and Sprint was sold to bail bondsmen

Around 250 bounty hunters and related businesses had access to AT&T, T-Mobile and Sprint customer location data. (Shutterstock)

Between 2012 and 2017, a nefarious company named CerCareOne leveraged real-time location data from telecom companies to sell information to bail bond companies, according to an investigative report in Motherboard.

The location data from carriers, including T-Mobile, AT&T and Sprint, was captured by a so-called location aggregator called Locaid (later renamed LocationSmart), which then sold that data to a number of different companies, including CerCareOne.

In turn, CerCareOne sold the data to bounty hunters and bail bondsmen, enabling them to find the real-time location of mobile phones. The company would sometimes charge up to $1,100 per phone location, according to a Motherboard source.

Sponsored by Nokia

Report : 3000 consumers reveal what they really want from 5G

New research from Nokia provides insights into consumer perceptions to help you develop a 5G go-to-market strategy that meets customer expectations. What do consumers expect from 5G and are they willing to pay for it? Which 5G use cases are most appealing? Who would they want to buy it from?

The news outlet first broke this story in January. And in response, telecom companies said that the abuse was limited to a few fringe cases.

But this week, Motherboard reported that around 250 bounty hunters and related businesses had access to AT&T, T-Mobile, and Sprint customer location data, with one bail bond firm using the phone location service more than 18,000 times.

In addition to providing GPS data, CerCareOne also provided assisted-GPS (A-GPS) data, which can hone in on a person’s exact location within a building.

The FCC does require that cellphones be GPS-enabled to provide customers with 911 service. Customers also want the GPS capability for applications such as GPS maps and ride-sharing services.

It’s unclear whether Sprint, AT&T or T-Mobile ever sold GPS data to LocationSmart. None of the companies specifically denied that they had sold GPS data that ended up in the hands of bounty hunters.

However, all three companies have recently issued statements saying they have decided to end their arrangements with data aggregators.

“We only permit sharing of location when a customer gives permission for cases like fraud prevention or emergency roadside assistance, or when required by law," AT&T said. "Over the past few months, as we committed to do, we have been shutting down everything else. We have decided to eliminate all location aggregation services—even those with clear consumer benefits. We are immediately eliminating the remaining services and will be done in March.”

But at this point, the carriers’ commitments are completely voluntary.

Sen. Ron Wyden, D-Ore., introduced a discussion bill in November 2018. The Consumer Data Protection Act would allow consumers to control the sale and sharing of their data and give the Federal Trade Commission authority to render stiffer penalties when companies are found to be out of compliance.

California is in the process of implementing the California Consumer Privacy Act of 2018. Starting in 2020, it will give Californians the right to opt out of data sharing.

Suggested Articles

After bidding on Monday, Auction 105 had garnered around $1.28 billion.

Dish Network is tapping Tucows’ technology platform for its newly acquired wireless retail business.

Ligado Networks is joining the Open RAN Policy Coalition.