Security News

US mobile carriers know a lot about where their customers are located, and according to letters sent to the Federal Communications Commission, they routinely store such data for years, willingly hand it over to law enforcement if served a proper subpoena, and say users can't opt out. News that cellular carriers are storing sensitive location data isn't surprising given previous actions taken against AT&T, Verizon, T-Mobile US and Sprint by the FCC in 2020 for selling location data to third parties.

The U.S. Federal Trade Commission on Monday said it filed a lawsuit against Kochava, a location data broker, for collecting and selling precise geolocation data gathered from consumers' mobile devices. The complaint alleges that the U.S. company amasses a "Wealth of information" about users by purchasing data from other data brokers to sell to its own clients.

The Australian Competition and Consumer Commission announced that Google was fined $60 million for misleading Australian Android users regarding the collection and use of their location data for almost two years, between January 2017 and December 2018. "Google, one of the world's largest companies, was able to keep the location data collected through the 'Web & App Activity' setting and that retained data could be used by Google to target ads to some consumers, even if those consumers had the"Location History" setting turned off," said ACCC Chair Gina Cass-Gottlieb.

How each side collects the adversary's smartphone location data and shields their own can mean the difference between victory and defeat. Because mobile app location data is often sold to commercial data brokers and then repackaged and sold to individual customers, a country can access such a database and then pick out the phones likely belonging to soldiers.

A group of senators wants to make it illegal for data brokers to sell sensitive location and health information of individuals' medical treatment. "When abortion is illegal, researching reproductive health care online, updating a period-tracking app, or bringing a phone to the doctor's office all could be used to track and prosecute women across the US," Sen. Ron Wyden, a co-sponsor of the Health and Location Data Protection Act, said in a statement.

"We solve something that had previously been thought impossible - achieving location privacy in mobile networks," said Paul Schmitt, an associate research scholar at the Center for Information Technology Policy at Princeton University, told The Register. In "Pretty Good Phone Privacy," [PDF] a paper scheduled to be presented on Thursday at the Usenix Security Symposium, Schmitt and Barath Raghavan, assistant professor of computer science at the University of Southern California, describe a way to re-engineer the mobile network software stack so that it doesn't betray the location of mobile network customers.

A Catholic priest was outed through commercially available surveillance data. The news starkly demonstrates not only the inherent power of location data, but how the chance to wield that power has trickled down from corporations and intelligence agencies to essentially any sort of disgruntled, unscrupulous, or dangerous individual.

Google violated Australian law by misleading users of Android mobile devices about the use of their location data, a court ruled Friday in a landmark decision against the global digital giant. The federal court found that in 2017 and 2018 Google misled some users of phones and tablets featuring its Android operating system by collecting their personally identifiable location information even when they had opted out of sharing "Location History" data.

Vice has a long article about how the US military buys commercial location data worldwide. The U.S. military is buying the granular movement data of people around the world, harvested from innocuous-seeming apps, Motherboard has learned.

Spain's highways agency is using bulk mobile phone data for monitoring speeding hotspots, according to local reports. Equipped with data on customers handed over by local mobile phone operators, Spain's Directorate-General for Traffic may be gathering data on "Which roads and at what specific kilometer points the speed limits are usually exceeded," according to Granadan newspaper Ideal.