Skip to Content
Security & privacy

Shocking report says your location data is for sale in the black market

Our location data is a critical component of our digital identity. It can be used for our benefit – like allowing carriers to pinpoint our location to 911 responders or roadside assistance services in case of emergencies.

On the flip side, this data can also be used in questionable ways. For instance, marketers can use this data to track our habits or our preferences and daily routines, leading to its own share of privacy issues.

And with this data being blatantly shopped around, are the carriers too careless with our personal information? Too careless, in fact, that our data is making its way to unscrupulous parties who have no business handling such sensitive and private information?

Carriers are still sharing your location data

A new report from Motherboard revealed that T-Mobile, Sprint, and AT&T are still selling their customers’ location data, and with the help of shady middlemen, the data is ending up for sale on the black market.

With this data, any willing buyer can potentially locate any phone in the U.S. without their owners’ knowledge.

Here’s how the data gets passed along. First, the carriers sell their customer’s location data to so-called “location aggregators.” Location aggregators are companies that help manage real-time geolocation information for a wide range of legitimate uses like roadside assistance, emergency services and fraud detection.

However, these companies will then resell this data to a variety of other companies including smaller private outfits like car salesmen, property managers, bail bondsmen and bounty hunters.

Your location data is sold and resold

The problem is that the carriers don’t have oversight over these smaller companies and the data could end up being resold in the black market, straight to the hands of people who are not authorized to use it.

For example, in Motherboard’s investigation, reporter Joseph Cox provided a working T-Mobile phone number to a “bounty hunter” who, with the help of a bail bond company, successfully located the phone within a few hundred meters.

The information reportedly was obtained via a tracking tool that uses real-time location data from a credit-reporting company called Microbilt.

Microbilt, in turn, buys its data from location data aggregator Zumigo, which has access to T-Mobile’s location data. (Yep, our location data is being passed along through a chain of suppliers.)

How cheap is your data?

According to the report, Microbilt’s phone location data can be bought for as low as $4.95. Real-time location tracking can cost as little as $12.95.

Now, here’s where it gets all extremely shady. These middlemen who buy Microbilt’s services resell the information – typically with huge markups – to willing buyers. (In Motherboard’s report, the middleman charged a hefty $300 fee for the phone’s real-time location,)

Whose problem is it?

The carriers, as expected, are passing the buck to the location aggregators themselves.

For their part, the carriers are all reiterating that they don’t share geolocation data without a customer’s consent or in cases where law enforcement requires it.

These location aggregators themselves also claim that they are not aware that third parties are misusing their data.

In this case, Microbilt told Motherboard that it “was unaware that its terms of use were being violated by the rogue individual that submitted the request under false pretenses” and it has terminated the customer’s access to its products.

So who should be blamed for these instances then? Perhaps if the carriers stop sharing data to location aggregators then there won’t be any potential for these types of abuse.

Carriers are promising to cut ties with aggregators

Last year, carriers were urged by Congress to change their data sharing policies when it was revealed that the prison phone company Securus offered a service that allowed law enforcement to locate most U.S. phones within seconds. Similar to Microbilt, Securus obtained its location data from another aggregator called LocationSmart.

The carriers then promised to stop sharing their data to third-parties in June, but based on the Motherboard report, they are still selling customer data to aggregators to this day.

As I mentioned earlier, there are legitimate uses for location data like roadside assistance and emergency services, but can’t the carriers still do these without selling customer data to third parties?

The bottom line is this – big data is big money. Maybe it’s about time that the government steps in and enacts laws that will sincerely protect sensitive consumer data and severely penalize companies which carelessly share our information for profit.

Ask me your digital question!

Navigating the digital world can be intimidating and sometimes downright daunting. Let me help! Reach out today to ask your digital question. You might even be on my show!

Ask Me