Block on Trump's Asylum Ban Upheld by Supreme Court
There is a lot of data tied up in the location of your cell phone -- far more than just a dot on a map. "Mapping a cell phone's location ... provides an all-encompassing record of the holder's whereabouts," the Supreme Court noted last year, when it ruled that police need a warrant to obtain such location information. "As with GPS information, the timestamped data provides an intimate window into a person's life, revealing not only his particular movements, but through them his 'familial, political, professional, religious, and sexual associations.'"
With that in mind, you would think that cell service carriers would be especially careful about sharing it with anyone, law enforcement included. But, as two recent stories illustrate, it's incredibly easy for people (inside and outside the government) to gain access to your cell phone location data.
Following the death of her husband, Ruth Johnson was behind on a few car payments. That's when a debt collector began calling, stalking, and harassing her, claiming she had stolen the car. That man was John Edens, who claimed to be a U.S. Marshal. According to Vice:
It later turned out John Edens didn't have a warrant, nor was he from law enforcement at all. Instead, he was a debt collector with a history of stalking and domestic violence who had managed to get ahold of Johnson's phone location data. He did this by pretending to be a U.S. Marshal with the "Georgia Fugitive Task Force" to T-Mobile, which then provided Edens with the location of Johnson's phone in a handy Google Maps interface—"pinging" the phone, in industry parlance.
All Edens needed to convince T-Mobile he was legit was a dummy domain name, "gafugitivetaskforce1.net", which should appear dubious even to an untrained eye. "Carriers should check credentials before giving out customers' location data," Eva Galperin, director of cybersecurity at activist group the Electronic Frontier Foundation (EFF), told Vice. "Failure to do so is irresponsible and puts their customers in danger. There is no question that it is used to perpetuate abuse."
"I was very upset with the phone company, because I was under the impression that you had to get [a] court order in order to get information such as that out," Johnson said, noting that her daughter moved to her grandmother's to feel safe after Edens started showing up at Johnson's house. T-Mobile "put my life in danger," she said. "You cost me my family."
Edens was eventually sentenced to a year in jail for impersonating an officer. But it seems that real officers can gain access to your cell location just as easily. While law enforcement does need a warrant to obtain cell phone location information, the EFF revealed this week that the FBI has been using secret subpoenas to access that, and a whole lot more personal information. These subpoenas, also known as national security letters, are nothing new. But the scope of the information obtained, and the companies the FBI obtained it from, is more expansive than many thought.
As the New York Times reported, fewer than 20 companies have ever admitted to receiving a national security letters, yet documents obtained under a Freedom of Information Act lawsuit included more than 120 entities. And these were not just tech and phone companies -- banks, credit agencies, cellphone carriers, and universities were handing over usernames, locations, IP addresses and records of purchases, all with little or no judicial oversight. And because these secret subpoenas usually include a gag order, you may never know if your personal data is being shared.
"This is a pretty potent authority for the government," University of Texas law professor Stephen Vladeck told the Times. "The question is: Do we have a right to know when the government is collecting information on us?"
After recent studies have shown how unreliable cell phone location information can be, the fact that it can be so easily accessed and used against someone without their knowledge or consent is troubling. If you feel that your cell data has been illegally accessed or used, contact a civil rights attorney to discuss your legal options.