According to a new report from The New York Times, a service provided by a company whose business centers around monitoring ex-inmate phone calls may actually be helping police perform warrantless location tracking. The tracking, provided to law enforcement agencies by Securus Technologies, utilizes tower-based location data generated by each of the four major U.S. carriers and is billed as usable to track possible crimes associated with ex-convicts. More specifically, it’s meant to provide police with insights into where and who individuals on probation are contacting, which could feasibly be used to prevent escapes, contraband smuggling, and other illegal activities. However, a loophole in the data being collected and given to Securus raises concerns because it could be used by police to effectively track any cell phone within the country. Because it’s based on tower data, it also couldn’t be blocked by disabling GPS and there’s a layer of convolution in place that makes the possible loophole difficult to address.
For starters, the data isn’t technically collected by Securus. Instead, the company receives its data from the mobile marketing company 3Cinteractive which actually receives the data from a location aggregator called LocationSmart. Of course, that data is pooled from data carried over by the mobile network providers themselves. With that said, the use of Securus effectively cuts the carriers out of the equation, despite the fact that Sprint and AT&T have responded to the discovery by highlighting their policy requirements for legal documentation before giving out location data. T-Mobile, on the other hand, has said that it is launching an internal investigation to see if steps can be taken to stop the data collection. In the meantime, there have already been cases where that data has been used as opposed to data directly from the carriers between 2013 and 2017. Authorities have stated that data has only been pulled in situations where time is a factor. For example, the data was collected to track ex-inmate calls and make an arrest in a case where an inmate was sent drugs. In search-and-rescue operations, the data has been used for finding missing individuals.
Moreover, the claim is that very few officers have access to the databases and that audits are performed to prevent misuse – with technology policies in place in most states to prevent the warrantless use of data. However, not every state offers protections for user data and there is a discrepancy in those laws that do exist with regard to what those protections are. In some states, only location data collected during phone calls or in real time is protected while in others, all data requires a warrant. That’s leading to some confusion but the onus currently seems to be on carriers, who are selling the data to third-parties for marketing purposes to begin with. The issue is now becoming an increasingly prevalent concern and it wouldn’t be a bad idea for anybody sharing it to check their own local laws on the matter just to be sure.