Phone carriers collect a minute-by-minute record of everywhere you go. If you use GPS on your phone, that may be obvious. But carriers are also selling that information to companies that don’t do much to keep it secure. One of those companies, Securus Technologies, was hacked this month. Securus gets its information from a company called LocationSmart. On Friday, security researcher Brian Krebs reported a bug on LocationSmart’s website that would make it possible to track any phone on the four major carriers using only a phone number. Krebs spoke with Marketplace Tech host Molly Wood about the dangers this kind of data can pose in the wrong hands. The following is an edited transcript of their conversation.
Molly Wood: These companies have a long history of sharing data with the government, but I don’t think people realize, and I didn’t realize — your privacy settings on any individual app don’t matter.
Brian Krebs: Or on the phone itself. Indeed, it doesn’t. You can turn off location services, that isn’t going to stop the phone companies from knowing exactly where you are. Consider what happens when anybody can look up the location of anybody else — what this means for law enforcement people and their families. What this means for their kids. People who are victims of stalking, confidential sources could be witnesses to a prosecution.
Wood: Is it true that if you own a smartphone and you use a major carrier that as you said, even if you turn off location tracking on your phone, you still can’t opt out of the carrier tracking your location?
Krebs: That’s correct. Nor would you want to because your phone wouldn’t work. You would have unreliable service. Your phone wouldn’t know which towers to switch to when you’re driving so that the call doesn’t drop. If you got into an accident somewhere remote and you dial 911, but you couldn’t complete the call, they wouldn’t be able to find you. I mean there are good and useful reasons that we want the telecommunications providers to have this information. They absolutely need it. But third-party for-profit companies do not need this information and they shouldn’t have it.
Wood: And then, let’s just drive it home why people should care about this. You know, you think about all the places you bring your phone with you and the picture you can put together about a person if you know all those things. Can you just make that crystal clear for that segment of the population out there who is going to say, this is just modern life right now?
Krebs: I feel like a lot of people would be OK. Like, if you gave them a choice between getting something of a commercial or a financial benefit, they would say, “You know what? I don’t care if you know where I am, that’s fine. You can have it.” And there are probably other people who would think that maybe the best thing to do for this is to not give it away to anybody, but let people give it away if that’s what they want to do. It’s clear that the default needs to be changed to not sharing this information, unless people affirmatively opt in to doing that. What we have now is not even an opt-out system. It’s a default opt in and there isn’t any way to opt out.
Wood: Do you think it gets resolved? What would it take?
Krebs: What would it take to get this resolved? Two things: One would be unequivocal statements by the carriers that they have suspended all third-party sharing of this information without a warrant or court order, or two, Congress directs the regulators to say this is no longer OK. It’s very difficult for many people to put a price on this information. How do you value how valuable this information is? It all depends on who you are and where you are and what you’re doing at the moment. And again, it may not be you, it might be somebody you care for.
|The Data Economy: How we gave up on privacy|
|Europe’s top antitrust official: If there’s no regulation, “you have just the laws of the jungle and not the laws of democracy”|
|Erasing your digital footprint is hard|
If you’re a member of your local public radio station, we thank you — because your support helps those stations keep programs like Marketplace on the air. But for Marketplace to continue to grow, we need additional investment from those who care most about what we do: superfans like you.
Your donation — as little as $5 — helps us create more content that matters to you and your community, and to reach more people where they are – whether that’s radio, podcasts or online.
When you contribute directly to Marketplace, you become a partner in that mission: someone who understands that when we all get smarter, everybody wins.