Baron v. Sprint Corporation
Filing
1
COMPLAINT against Sprint Corporation ( Filing fee $ 400 receipt number 0416-7981263.), filed by Paul Baron. (Attachments: #1 Civil Cover Sheet, #2 Summons, #3 Exhibit A, #4 Exhibit B, #5 Exhibit C, #6 Exhibit D, #7 Exhibit E, #8 Exhibit F, #9 Exhibit G, #10 Exhibit H)(Zajdel, Cory)
T-Mobile, Sprint, and AT&T Are Selling Customers' Real-Time...
https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bou...
Moveable Hacking Environment
Space Gaming Health Tech
SURVEILLANCE
I Gave a Bounty Hunter $300. Then He
Located Our Phone
T-Mobile, Sprint, and AT&T are selling access to their customers’
location data, and that data is ending up in the hands of bounty
hunters and others not authorized to possess it, letting them track
most phones in the country.
By Joseph Cox | Jan 8 2019, 12:08pm
SHARE
TWEET
Image: Shutterstock. Remix: Jason Koebler
Nervously, I gave a bounty hunter a phone number. He had offered to geolocate a
phone for me, using a shady, overlooked service intended not for the cops, but for
private individuals and businesses. Armed with just the number and a few hundred
1 of 26
4/4/19, 3:43 PM
T-Mobile, Sprint, and AT&T Are Selling Customers' Real-Time...
https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bou...
Moveable Hacking Environment
Space Gaming Health Tech
The bounty hunter sent the number to his own contact, who would track the phone.
The contact responded with a screenshot of Google Maps, containing a blue circle
indicating the phone’s current location, approximate to a few hundred metres.
Queens, New York. More specifically, the screenshot showed a location in a particular
neighborhood—just a couple of blocks from where the target was. The hunter had
found the phone (the target gave their consent to Motherboard to be tracked via their
T-Mobile phone.)
The bounty hunter did this all without deploying a hacking tool or having any previous
knowledge of the phone’s whereabouts. Instead, the tracking tool relies on real-time
location data sold to bounty hunters that ultimately originated from the telcos
themselves, including T-Mobile, AT&T, and Sprint, a Motherboard investigation has
found. These surveillance capabilities are sometimes sold through word-of-mouth
networks.
Whereas it’s common knowledge that law enforcement agencies can track phones with
a warrant to service providers, IMSI catchers, or until recently via other companies that
sell location data such as one called Securus, at least one company, called Microbilt,
is selling phone geolocation services with little oversight to a spread of different
private industries, ranging from car salesmen and property managers to bail bondsmen
and bounty hunters, according to sources familiar with the company’s products and
company documents obtained by Motherboard. Compounding that already highly
questionable business practice, this spying capability is also being resold to others on
the black market who are not licensed by the company to use it, including me,
seemingly without Microbilt’s knowledge.
ADVERTISEMENT
2 of 26
4/4/19, 3:43 PM
T-Mobile, Sprint, and AT&T Are Selling Customers' Real-Time...
https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bou...
Moveable Hacking Environment
Space Gaming Health Tech
Motherboard’s investigation shows just how exposed mobile networks and the data
they generate are, leaving them open to surveillance by ordinary citizens, stalkers, and
criminals, and comes as media and policy makers are paying more attention than ever
to how location and other sensitive data is collected and sold. The investigation also
shows that a wide variety of companies can access cell phone location data, and that
the information trickles down from cell phone providers to a wide array of smaller
players, who don’t necessarily have the correct safeguards in place to protect that
data.
“People are reselling to the wrong people,” the bail industry source who flagged the
company to Motherboard said. Motherboard granted the source and others in this story
anonymity to talk more candidly about a controversial surveillance capability.
Got a tip? You can contact Joseph Cox securely on Signal on +44 20 8133 5190,
3 of 26
4/4/19, 3:43 PM
T-Mobile, Sprint, and AT&T Are Selling Customers' Real-Time...
https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bou...
Moveable Hacking Environment
Space Gaming Health Tech
Your mobile phone is constantly communicating with nearby cell phone towers, so your
telecom provider knows where to route calls and texts. From this, telecom companies
also work out the phone’s approximate location based on its proximity to those towers.
Although many users may be unaware of the practice, telecom companies in the United
States sell access to their customers’ location data to other companies, called
location aggregators, who then sell it to specific clients and industries. Last year, one
location aggregator called LocationSmart faced harsh criticism for selling data that
ultimately ended up in the hands of Securus, a company which provided phone
tracking to low level enforcement without requiring a warrant. LocationSmart also
exposed the very data it was selling through a buggy website panel, meaning anyone
could geolocate nearly any phone in the United States at a click of a mouse.
CYBER
I Gave a Bounty Hunter $300.
Then He Located Our Phone
Jan 24, 2019 · 42 min
View terms
[Subscribe to CYBER on Apple Podcasts or any podcast app.]
There’s a complex supply chain that shares some of American cell phone users’ most
sensitive data, with the telcos potentially being unaware of how the data is being used
by the eventual end user, or even whose hands it lands in. Financial companies use
phone location data to detect fraud; roadside assistance firms use it to locate stuck
customers. But AT&T, for example, told Motherboard the use of its customers’ data by
bounty hunters goes explicitly against the company’s policies, raising questions about
how AT&T allowed the sale for this purpose in the first place.
4 of 26
4/4/19, 3:43 PM
T-Mobile, Sprint, and AT&T Are Selling Customers' Real-Time...
https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bou...
Moveable Hacking Environment
Space Gaming Health Tech
WATCH NOW
“The allegation here would violate our contract and Privacy Policy,” an AT&T
spokesperson told Motherboard in an email.
In the case of the phone we tracked, six different entities had potential access to the
phone’s data. T-Mobile shares location data with an aggregator called Zumigo, which
shares information with Microbilt. Microbilt shared that data with a customer using its
mobile phone tracking product. The bounty hunter then shared this information with a
bail industry source, who shared it with Motherboard.
The CTIA, a telecom industry trade group of which AT&T, Sprint, and T-Mobile are
members, has official guidelines for the use of so-called “location-based services” that
“rely on two fundamental principles: user notice and consent,” the group wrote in
those guidelines. Telecom companies and data aggregators that Motherboard spoke to
said that they require their clients to get consent from the people they want to track,
5 of 26
4/4/19, 3:43 PM
T-Mobile, Sprint, and AT&T Are Selling Customers' Real-Time...
https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bou...
Moveable Hacking Environment
Space Gaming Health Tech
A flowchart showing how the phone location data trickled down from T-Mobile to Motherboard. Image: Motherboard.
6 of 26
4/4/19, 3:43 PM
T-Mobile, Sprint, and AT&T Are Selling Customers' Real-Time...
https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bou...
Moveable Hacking Environment
Space Gaming Health Tech
A second source who has tracked the geolocation industry told Motherboard, while
talking about the industry generally, “If there is money to be made they will keep
selling the data.”
“Those third-level companies sell their services. That is where you see the issues with
going to shady folks [and] for shady reasons,” the source added.
Frederike Kaltheuner, data exploitation programme lead at campaign group Privacy
International, told Motherboard in a phone call that “it’s part of a bigger problem; the
US has a completely unregulated data ecosystem.”
ADVERTISEMENT
Microbilt buys access to location data from an aggregator called Zumigo and then sells
it to a dizzying number of sectors, including landlords to scope out potential renters;
motor vehicle salesmen, and others who are conducting credit checks. Armed with
just a phone number, Microbilt’s “Mobile Device Verify” product can return a target’s
full name and address, geolocate a phone in an individual instance, or operate as a
continuous tracking service.
7 of 26
4/4/19, 3:43 PM
T-Mobile, Sprint, and AT&T Are Selling Customers' Real-Time...
https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bou...
Moveable Hacking Environment
Space Gaming Health Tech
company brochure Motherboard found online reads.
Posing as a potential customer, Motherboard explicitly asked a Microbilt customer
support staffer whether the company offered phone geolocation for bail bondsmen.
Shortly after, another staffer emailed with a price list—locating a phone can cost as
little as $4.95 each if searching for a low number of devices. That price gets even
cheaper as the customer buys the capability to track more phones. Getting real-time
updates on a phone’s location can cost around $12.95.
“Dirt cheap when you think about the data you can get,” the source familiar with the
industry added.
A section of the price list Motherboard obtained. Image: Motherboard.
It’s bad enough that access to highly sensitive phone geolocation data is already being
sold to a wide range of industries and businesses. But there is also an underground
market that Motherboard used to geolocate a phone—one where Microbilt customers
resell their access at a profit, and with minimal oversight.
“Blade Runner, the iconic sci-fi movie, is set in 2019. And here we are: there's an
unregulated black market where bounty-hunters can buy information about where we
8 of 26
4/4/19, 3:43 PM
T-Mobile, Sprint, and AT&T Are Selling Customers' Real-Time...
https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bou...
Moveable Hacking Environment
Space Gaming Health Tech
Hopkins University, told Motherboard in an online chat.
ADVERTISEMENT
The bail industry source said his middleman used Microbilt to find the phone. This
middleman charged $300, a sizeable markup on the usual Microbilt price. The Google
Maps screenshot provided to Motherboard of the target phone’s location also included
its approximate longitude and latitude coordinates, and a range of how accurate the
phone geolocation is: 0.3 miles, or just under 500 metres. It may not necessarily be
enough to geolocate someone to a specific building in a populated area, but it can
certainly pinpoint a particular borough, city, or neighborhood.
In other cases of phone geolocation it is typically done with the consent of the target,
perhaps by sending a text message the user has to deliberately reply to, signalling they
accept their location being tracked. This may be done in the earlier roadside
assistance example or when a company monitors its fleet of trucks. But when
Motherboard tested the geolocation service, the target phone received no warning it
was being tracked.
The bail source who originally alerted Microbilt to Motherboard said that bounty
hunters have used phone geolocation services for non-work purposes, such as tracking
their girlfriends. Motherboard was unable to identify a specific instance of this
happening, but domestic stalkers have repeatedly used technology, such as mobile
phone malware, to track spouses.
9 of 26
4/4/19, 3:43 PM
T-Mobile, Sprint, and AT&T Are Selling Customers' Real-Time...
https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bou...
Moveable Hacking Environment
Space Gaming Health Tech
To print the document, click the "Original Document" link to open the original
PDF. At this time it is not possible to print the document with annotations.
10 of 26
4/4/19, 3:43 PM
T-Mobile, Sprint, and AT&T Are Selling Customers' Real-Time...
https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bou...
Moveable Hacking Environment
Space Gaming Health Tech
obtain consent of the consumer. Microbilt also confirmed it found an instance of abuse
on its platform—our phone ping.
“The request came through a licensed state agency that writes in approximately $100
million in bonds per year and passed all up front credentialing under the pretense that
location was being verified to mitigate financial exposure related to a bond loan being
considered for the submitted consumer,” Microbilt said in an emailed statement. In
this case, “licensed state agency” is referring to a private bail bond company,
Motherboard confirmed.
ADVERTISEMENT
“As a result, MicroBilt was unaware that its terms of use were being violated by the
rogue individual that submitted the request under false pretenses, does not approve of
such use cases, and has a clear policy that such violations will result in loss of access to
all MicroBilt services and termination of the requesting party’s end-user agreement,”
Microbilt added. “Upon investigating the alleged abuse and learning of the violation of
our contract, we terminated the customer’s access to our products and they will not
be eligible for reinstatement based on this violation.”
Zumigo confirmed it was the company that provided the phone location to Microbilt
and defended its practices. In a statement, Zumigo did not seem to take issue with the
practice of providing data that ultimately ended up with licensed bounty hunters, but
wrote, “illegal access to data is an unfortunate occurrence across virtually every
industry that deals in consumer or employee data, and it is impossible to detect a
fraudster, or rogue customer, who requests location data of his or her own mobile
devices when the required consent is provided. However, Zumigo takes steps to
protect privacy by providing a measure of distance (approx. 0.5-1.0 mile) from an
actual address.” Zumigo told Motherboard it has cut Microbilt’s data access.
"People are reselling to the wrong people."
11 of 26
4/4/19, 3:43 PM
T-Mobile, Sprint, and AT&T Are Selling Customers' Real-Time...
https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bou...
Moveable Hacking Environment
Space Gaming Health Tech
ADVERTISEMENT
“We take the privacy and security of our customers’ information very seriously and will
not tolerate any misuse of our customers’ data,” A T-Mobile spokesperson told
Motherboard in an emailed statement. “While T-Mobile does not have a direct
relationship with Microbilt, our vendor Zumigo was working with them and has
confirmed with us that they have already shut down all transmission of T-Mobile data.
T-Mobile has also blocked access to device location data for any request submitted by
Zumigo on behalf of Microbilt as an additional precaution.”
Microbilt’s product documentation suggests the phone location service works on all
mobile networks, however the middleman was unable or unwilling to conduct a search
for a Verizon device. Verizon did not respond to a request for comment.
AT&T told Motherboard it has cut access to Microbilt as the company investigates.
“We only permit the sharing of location when a customer gives permission for cases
like fraud prevention or emergency roadside assistance, or when required by law,” the
AT&T spokesperson said.
Sprint told Motherboard in a statement that “protecting our customers’ privacy and
security is a top priority, and we are transparent about that in our Privacy Policy [...]
Sprint does not have a direct relationship with MicroBilt. If we determine that any of
our customers do and have violated the terms of our contract, we will take appropriate
action based on those findings.” Sprint would not clarify the contours of its
relationship with Microbilt.
ADVERTISEMENT
These statements sound very familiar. When The New York Times and Senator Ron
Wyden published details of Securus last year, the firm that was offering geolocation to
low level law enforcement without a warrant, the telcos said they were taking extra
measures to make sure their customers’ data would not be abused again. Verizon
12 of 26
4/4/19, 3:43 PM
T-Mobile, Sprint, and AT&T Are Selling Customers' Real-Time...
promises.
https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bou...
Moveable Hacking Environment
Space Gaming Health Tech
After Wyden’s pressure, T-Mobile’s CEO John Legere tweeted in June last year “I’ve
personally evaluated this issue & have pledged that @tmobile will not sell customer
location data to shady middlemen.”
"It appears these promises were little more than worthless spam
in their customers’ inboxes."
Months after the telcos said they were going to combat this problem, in the face of an
arguably even worse case of abuse and data trading, they are saying much the same
thing. Last year, Motherboard reported on a company that previously offered phone
geolocation to bounty hunters; here Microbilt is operating even after a wave of outrage
from policy makers. In its statement to Motherboard on Monday, T-Mobile said it has
nearly finished the process of terminating its agreements with location aggregators.
“It would be bad if this was the first time we learned about it. It’s not. Every major
wireless carrier pledged to end this kind of data sharing after I exposed this practice
last year. Now it appears these promises were little more than worthless spam in their
customers’ inboxes,” Wyden told Motherboard in a statement. Wyden is proposing
legislation to safeguard personal data.
ADVERTISEMENT
Due to the ongoing government shutdown, the Federal Communications Commission
(FCC) was unable to provide a statement.
“Wireless carriers’ continued sale of location data is a nightmare for national security
and the personal safety of anyone with a phone,” Wyden added. “When stalkers, spies,
and predators know when a woman is alone, or when a home is empty, or where a
White House official stops after work, the possibilities for abuse are endless.”
13 of 26
4/4/19, 3:43 PM
T-Mobile, Sprint, and AT&T Are Selling Customers' Real-Time...
https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bou...
Moveable Hacking Environment
Space Gaming Health Tech
SHARE
TWEET
TAGGED: SPYING, CYBERSECURITY, BOUNTY HUNTER, STALKING, VERIZON, T-MOBILE, AT&T, SECURUS,
MICROBILT
Watch This Next
!
CREATED WITH GEICO
Wa n t t o go t o g r a d s ch o o l ? L e a r n t h e c o m m o n
p i t f a l l s o f s t u d e n t d eb t .
14 of 26
4/4/19, 3:43 PM
T-Mobile, Sprint, and AT&T Are Selling Customers' Real-Time...
https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bou...
Moveable Hacking Environment
Space Gaming Health Tech
Sign up for Motherboard Premium.
Your email
SUBSCRIBE
ADVERTISEMENT
SURVEILLANCE
Google Demanded That T-Mobile, Sprint
Not Sell Google Fi Customers' Location
Data
Google’s phone, text, and data service relies on infrastructure
provided by T-Mobile and Sprint. A Motherboard investigation found
both telcos selling customers’ location data that ultimately ended up
in the hands of bounty hunters.
By Joseph Cox | Jan 11 2019, 8:47am
15 of 26
4/4/19, 3:43 PM
T-Mobile, Sprint, and AT&T Are Selling Customers' Real-Time...
https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bou...
Moveable Hacking Environment
Space Gaming Health Tech
Image: Shutterstock
SHARE
TWEET
On Thursday, AT&T announced it was stopping the sale of its customers’ real-time
location data to all third parties, in response to a Motherboard investigation showing
how data from AT&T, T-Mobile, and Sprint trickled down through a complex network of
companies until eventually landing in the hands of bounty hunters and people
unauthorized to handle it. To verify the existence of this trade, Motherboard paid $300
on the black market to successfully locate a phone.
ADVERTISEMENT
Google, whose Google Fi program offers phone, text, and data services that use
T-Mobile and Sprint network infrastructure in the United States, told Motherboard that
it asked those companies to not share its customers’ location data with third parties.
“We have never sold Fi subscribers' location information,” a Google spokesperson told
Motherboard in a statement late on Thursday. “Google Fi is an MVNO (mobile virtual
network operator) and not a carrier, but as soon as we heard about this practice, we
required our network partners to shut it down as soon as possible.” Google did not say
16 of 26
4/4/19, 3:43 PM
T-Mobile, Sprint, and AT&T Are Selling Customers' Real-Time...
https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bou...
Moveable Hacking Environment
Space Gaming Health Tech
An MVNO is essentially a company that provides the usual telecommunication services
such as calls and texts, but which uses infrastructure from a telco carrier. Launched in
2015, Fi has international coverage in 170 countries and also offers data only SIMs.
Google recently announced an expansion of Fi’s availability to more Android devices
as well as iPhones.
I Gave a Bounty Hunter $300. Then He Located Our Phone
T-Mobile, Sprint, and AT&T are selling access to their customers’ location data, and that
data is ending up in the hands of bounty hunters and others not authorized to possess
it, letting them track most phones in the country.
Motherboard / Joseph Cox / Jan 8
17 of 26
4/4/19, 3:43 PM
T-Mobile, Sprint, and AT&T Are Selling Customers' Real-Time...
https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bou...
Moveable Hacking Environment
Space Gaming Health Tech
T-Mobile which sold to a so-called location aggregator named Zumigo. Zumigo then
sold the access to Microbilt, a firm which offers phone location services to the bounty
hunter industries as well as other sectors. A Microbilt customer then offered a phone
lookup to a source, and that source provided Motherboard with a Google Maps
screenshot showing the location of the phone itself. The location data was accurate to
a range of around 500m, enough to, in our case, correctly point to a specific area of
Queens, New York.
T-Mobile had previously said it was cutting its relationships with location aggregators.
In tweets posted in response to Motherboard’s story, T-Mobile CEO John Legere
reiterated that the company is continuing to ramp down all of its location aggregator
contracts, and plans to have this completed by March.
ADVERTISEMENT
Sprint has not responded to Motherboard’s request for comment on whether it plans to
mirror the actions of T-Mobile and AT&T and shut down all location aggregator access.
Google suggested the telco may be taking some action: Google told Motherboard its
partners, namely T-Mobile and Sprint, have already stopped the practice or plan to do
so in the coming months (Google clarified to Motherboard that the company told
T-Mobile and Sprint to shut down the sale of Fi customers’ data, rather than the telcos’
customers more widely.)
Got a tip? You can contact Joseph Cox securely on Signal on +44 20 8133 5190,
OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.
In a previous, more general statement to Motherboard, a Sprint spokesperson said
“Protecting our customers’ privacy and security is a top priority, and we are
transparent about that in our Privacy Policy. We do not knowingly share personally
identifiable geo-location information except with customer consent or in response to a
lawful request such as a validated court order from law enforcement.”
This isn’t the first time telcos have said they will take action against location
18 of 26
4/4/19, 3:43 PM
T-Mobile, Sprint, and AT&T Are Selling Customers' Real-Time...
https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bou...
Moveable Hacking Environment
Space Gaming Health Tech
level law enforcement to track down phones without a warrant. In response, AT&T,
Verizon, T-Mobile, and Sprint cut access to Securus, the company that was acting as a
middleman between LocationSmart and the end users. Since then, the telcos have
continued to provide location data access for other purposes, such as to roadside
assistance firms for locating stranded customers for fraud prevention.
ADVERTISEMENT
On Thursday Verizon told The Washington Post it is winding down its own four
remaining location aggregator contracts, which are all with roadside assistance
companies. After that, customers will have to give Verizon permission to share their
location with the firms. Verizon has not responded to Motherboard’s multiple requests
for comment over the past week.
Motherboard’s investigation showed there is still clear room for abuse with location
aggregators. These new steps will, T-Mobile and AT&T say, see them cutting off the
sale of location data to all third parties. Multiple senators called for the Federal
Communications Commission (FCC) to investigate the issue on Wednesday.
“For the second time in six months, carriers are pledging to stop sharing American’s
location with middlemen without their knowledge,” Wyden told Motherboard Thursday.
“I’ll believe it when I see it. Carriers are always responsible for who ends up with their
customers data—it’s not enough to lay the blame for misuse on downstream
companies.”
Subscribe to our new cybersecurity podcast, CYBER.
SHARE
TWEET
TAGGED: PRIVACY, CYBERSECURITY, BOUNTY HUNTERS, VERIZON, T-MOBILE, AT&T, CELL PHONE TRACKING,
LOCATIONSMART, ZUMIGO
19 of 26
4/4/19, 3:43 PM
T-Mobile, Sprint, and AT&T Are Selling Customers' Real-Time...
https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bou...
Moveable Hacking Environment
Space Gaming Health Tech
!
CREATED WITH GEICO
Wa n t t o m a ke a m ov i e ? L e a r n h ow t o d o i t
w i t h o u t g o i n g i n t o d eb t .
Where we're going, we don't need email.
Sign up for Motherboard Premium.
Your email
SUBSCRIBE
ADVERTISEMENT
20 of 26
4/4/19, 3:43 PM
T-Mobile, Sprint, and AT&T Are Selling Customers' Real-Time...
https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bou...
Moveable Hacking Environment
Space Gaming Health Tech
SURVEILLANCE
AT&T to Stop Selling Location Data to
Third Parties After Motherboard
Investigation
After Motherboard found that AT&T, T-Mobile, and Sprint are selling
their customers' phone location data ultimately to bounty hunters,
AT&T has decided to stop service for all location aggregators, an
essential part of the data supply chain.
By Joseph Cox | Jan 10 2019, 6:13pm
21 of 26
4/4/19, 3:43 PM
T-Mobile, Sprint, and AT&T Are Selling Customers' Real-Time...
https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bou...
Moveable Hacking Environment
Space Gaming Health Tech
Image: Shutterstock
SHARE
TWEET
On Tuesday, Motherboard revealed that T-Mobile, AT&T, and Sprint were all selling
their customers’ phone location data that ultimately ended up in the hands of bounty
hunters, as well as people unauthorized to handle it at all. We found this by purchasing
the capability to locate a phone from the black market for just $300. In response,
several senators called for the Federal Communications Commission (FCC) to
investigate, and brought up the prospect of greater regulation of the
telecommunications industry.
ADVERTISEMENT
Now, AT&T says it is stopping the sale of all location data to so-called location
aggregators, companies that sit in the supply chain between the telcos and clients, and
which play a vital role in having that data trickle down to end users.
"Last year we stopped most location aggregation services while maintaining some that
protect our customers, such as roadside assistance and fraud prevention. In light of
recent reports about the misuse of location services, we have decided to eliminate all
22 of 26
4/4/19, 3:43 PM
T-Mobile, Sprint, and AT&T Are Selling Customers' Real-Time...
https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bou...
Moveable Hacking Environment
Space Gaming Health Tech
AT&T did not respond to Motherboard’s request to elaborate on why it has decided to
block those data uses as well. But it may be due to how difficult this industry has
proven to police: several parts of the data supply chain were all unaware of the
particular case of abuse taking place before Motherboard informed them. Clearly,
there is an issue with companies keeping tabs on how customers’ location data is being
used, and who it is ending up with.
I Gave a Bounty Hunter $300. Then He Located Our Phone
T-Mobile, Sprint, and AT&T are selling access to their customers’ location data, and that
data is ending up in the hands of bounty hunters and others not authorized to possess
it, letting them track most phones in the country.
Motherboard / Joseph Cox / Jan 8
23 of 26
4/4/19, 3:43 PM
T-Mobile, Sprint, and AT&T Are Selling Customers' Real-Time...
https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bou...
Moveable Hacking Environment
Space Gaming Health Tech
assistance firms to find stranded customers, or financial companies to detect fraud.
But AT&T’s new stance will cut those off as well.
In Motherboard’s investigation, the phone we located was on the T-Mobile network.
That data access travelled through a complex chain of different companies, starting
with T-Mobile, before going to a location aggregator called Zumigo. Zumigo then sold it
to a company called Microbilt, which provides the access to a variety of industries,
including bounty hunters. A bounty hunter then sold it to a source, and that source
finally provided the phone’s location to Motherboard.
ADVERTISEMENT
In several different tweets posted after Motherboard’s investigation, T-Mobile CEO
John Legere reiterated that the company is also going to cut off all location
aggregators.
"T-Mobile [...] is completely ending locations aggregation work in March as planned and
promised," a T-Mobile spokesperson told Motherboard in an email.
Got a tip? You can contact Joseph Cox securely on Signal on +44 20 8133 5190,
OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.
“MicroBilt suspended delivery of its mobile device geolocation verification service
while we work with the wireless carriers and relevant technology partners to mitigate
fraud risks," Microbilt, the company in the supply chain that sold location data access
to a bail bondsman company, told Motherboard in a statement. "We also look forward
to cooperating with governmental authorities to insure [sic] that these types of
breaches do not occur again.”
Zumigo and LocationSmart, another location aggregator, did not immediately respond
to a request for comment.
Senator Ron Wyden, who along with the New York Times previously revealed other
24 of 26
4/4/19, 3:43 PM
T-Mobile, Sprint, and AT&T Are Selling Customers' Real-Time...
https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bou...
Moveable Hacking Environment
Space Gaming Health Tech
“For the second time in six months, carriers are pledging to stop sharing American’s
location with middlemen without their knowledge. I’ll believe it when I see it. Carriers
are always responsible for who ends up with their customers data—it’s not enough to
lay the blame for misuse on downstream companies,” Wyden said in a statement.
ADVERTISEMENT
He added “The time for taking these companies at their word is long past—Congress
needs to pass strong legislation to protect Americans’ privacy and finally hold
corporations accountable when they put your safety at risk by letting stalkers and
criminals track your phone on the dark web.”
Update: This piece has been updated to include additional comment from T-Mobile
and Microbilt.
Subscribe to our new cybersecurity podcast, CYBER.
SHARE
TWEET
TAGGED: PRIVACY, CYBERSECURITY, BOUNTY HUNTERS, SENATOR RON WYDEN, T-MOBILE, AT&T, ΣΠΡΙΝΤ,
CELL PHONE TRACKING, MICROBILT
Watch This Next
25 of 26
4/4/19, 3:43 PM
T-Mobile, Sprint, and AT&T Are Selling Customers' Real-Time...
https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bou...
Moveable Hacking Environment
Space Gaming Health Tech
!
Where we're going, we don't need email.
Sign up for Motherboard Premium.
Your email
SUBSCRIBE
ADVERTISEMENT
26 of 26
4/4/19, 3:43 PM
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?