A flow chart showing how AT&T, T-Mobile, and Sprint customers' location data ended up in the hands of around 250 bounty hunters and related businesses. Image: Motherboard

A screenshot obtained by Motherboard of a phone being located via its cell tower data. Motherboard has cropped parts of the image to protect individuals’ privacy. Image: Motherboard
Got a tip? You can contact this reporter securely on Signal on +44 20 8133 5190, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.
A screenshot of CerCareOne's fake landing page. Image: Motherboard
Even if CerCareOne is no longer operational, it still provides vital context on how American cell phone users’ data has been sold and traded without their knowledge or proper consent.“This is an issue of national and personal security,” Jessica Rosenworcel, a commissioner at the Federal Communications Commission told Motherboard in an email. “The FCC needs to act with urgency. There have been press reports calling out the sale of consumer location data since May. I’ve asked for the letters of inquiry that typically kick off an investigation like this. They have not yet provided them.”Geoffrey Starks, another recently appointed commissioner of the FCC, told Motherboard in an email that “the for-profit location data industry has flourished in the shadows without any government oversight. The lights are starting to come on, and I believe that the FCC should use its authority to stop this practice, safeguard the public, and hold those responsible for this outrageous conduct accountable.”"If the carriers are turning around and using that access to sell information to bounty hunters or whomever else, it is a shocking abuse of the trust that the public places in them to safeguard privacy while protecting public safety."
A Federal Trade Commission (FTC) spokesperson told Motherboard in an email that it “cannot comment on specific companies’ practices. And we generally do not comment on whether we are investigating a particular company.”Senator Mark Warner, presented with Motherboard’s new findings, said in statement that “we have a systemic problem across the digital economy, where consumers remain totally in the dark about how their data is collected, sold or shared, and commercialized.”“Whether it’s a major smartphone operating system tracking users’ every move, or a weather app selling users’ location data to hedge funds, or cell phone providers allowing intermediaries to sell smartphone location data to bounty hunters, we routinely see companies abusing consumer trust and we’re witnessing a complete failure of by the relevant agencies—the FCC and FTC—to address these practices,” he added.Galperin from the EFF said that she’s “glad that the company is shut down, but that just leaves me to wonder how many more CerCareOnes we have out there.”Subscribe to our new cybersecurity podcast, CYBER."The scale of this abuse is outrageous."
