Skip to Main Content
PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

Firm Lets Police Look Up Phone Location Data Without a Warrant

A Securus Technologies web portal lets cops plug in a phone number and pull up real-time location data, but no one's really monitoring their activity. Sen. Ron Wyden wants answers.

By Michael Kan
May 11, 2018
Digital Surveillance

A little-known prison technology company has been offering the police a way to look up the whereabouts of cell phones in the US—all without a warrant, said a US senator on Friday.

Using a potential loophole, Texas-based Securus Technologies has been buying the location data to power a web portal that runs the phone-tracking service, according to Sen. Ron Wyden, an Oregon Democrat. On Friday, he demanded that the FCC investigate the company's activities, saying they were likely illegal.

"This practice skirts wireless carriers' legal obligation to be the sole conduit by which the government conducts surveillance of Americans' phone records and needlessly exposes millions of Americans to potential abuse and surveillance by the government," Wyden said in his letter to the FCC.

According to Wyden, the web portal from Securus Technologies lets any user plug in a phone number to pull up real-time location data from the device. Only one requirement has to be fulfilled: users must first upload an "official document" that supposedly shows they have permission to see the data.

The problem is that no one is really checking the validity of these official documents. According to The New York Times, a former sheriff in Missouri used the system to track other police officers and a judge, without court orders.

In his letter to the FCC, Wyden said: "Top officials at Securus confirmed to my office that Securus takes no steps to verify that uploaded documents in fact provide judicial authorization for real-time location surveillance."

So far, Securus Technologies hasn't publicly commented on Wyden's letter. But the company told the Times: "Securus is neither a judge nor a district attorney, and the responsibility of ensuring the legal adequacy of supporting documentation lies with our law enforcement customers and their counsel."

The company is a major provider of telephone services at correctional facilities, which have drawn flak for charging inmates and their families exorbitant fees. But Securus has also been offering a phone-tracking service to law enforcement and correctional officers as a way to locate criminal suspects and missing medical patients. Reportedly, the system was able to get within 42 feet of one suspect's location in a murder case.

To obtain the location data, Securus appears to be exploiting a loophole in how wireless carriers can manage their customers' location data. Marketing firms and third-party "data aggregators" can get access to this data too because mobile apps and internet services are constantly requesting location data from people's smartphones. All that data can then be harvested and sold off for advertising purposes, without customers realizing what they're consenting to.

"Securus appears to be taking advantage of this third-party aggregator system," the Electronic Frontier Foundation said on Friday. "It buys access to real-time location information through these third-party location data aggregators, which have a commercial relationship with the major wireless carriers."

Specifically, Securus bought the data from a mobile marketing company called 3Cinteractive, which sourced its data from LocationSmart, according to Times.

On Friday, Wyden also sent a letter to the major wireless carriers demanding that they investigate their data-sharing practices with third-party providers. "This clear abuse is only possible because wireless carriers sell their customers' private information to companies claiming to have consumer consent without sufficiently verifying those claims," he said.

In response, Verizon said in a statement: "We're still trying to verify this, but if this company [Securus] is, in fact, doing this with our customers' data, we will take steps to stop it."

T-Mobile also said it's investigating the matter. "As always, if we were to find any misuse of our customers' data, we would take appropriate action," the company added.

The FCC has received Wyden's letter and is reviewing it.

A Conversation with WNYC's Manoush Zomorodi on Digital Privacy
PCMag Logo A Conversation with WNYC's Manoush Zomorodi on Digital Privacy

Like What You're Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.


Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

Sign up for other newsletters

TRENDING

About Michael Kan

Senior Reporter

I've been with PCMag since October 2017, covering a wide range of topics, including consumer electronics, cybersecurity, social media, networking, and gaming. Prior to working at PCMag, I was a foreign correspondent in Beijing for over five years, covering the tech scene in Asia.

Read Michael's full bio

Read the latest from Michael Kan