A US senator has asked the Federal Communications Commission (FCC) and US telcos to investigate who and how many third-party companies have access to the geo-location data of US phone owners.
The senator, Ron Wyden, Democrat, Oregon, has demanded this investigation after the New York Times published an article yesterday about a Mississippi County sheriff who abused a software provided by a prison contractor to track US citizens —several colleagues and a judge— without a warrant.
The system the sheriff used was created by Securus Technologies, a company that provides phone call monitoring solutions for US jails and prisons.
A side feature of the Securus software allows US law enforcement to accurately pinpoint the location of a phone anywhere in the world.
The feature abuses a system provided by mobile telcos to marketers, which use it to send promotional text messages to users in a specific geographical area. But Securus abused the same feature to get the location of individual phone numbers.
Law enforcement has been using this feature of the Securus software to track down suspects or escapees.
Theoretically, investigators are supposed to get a warrant before using this feature, but Wyden says that Securus didn't bother with verifying if the documents it received were authentic.
"I recently learned that Securus Technologies, a major provider of correctional-facility telephone services, purchases real-time location information from major wireless carriers and provides that information, via a self-service web portal, to the government for nothing more than the legal equivalent of a pinky promise," Wyden says.
"This practice skirts wireless carrier's legal obligation to be the sole conduit by which the government conducts surveillance of Americans' phone records, and needlessly exposes millions of Americans to potential abuse and surveillance by the government.
"Top officials at Securus confirmed to my office that Securus takes no steps to verify that uploaded documents in fact provide judicial authorization for real-time location surveillance," the Senator added.
Now, Wyden is demanding an inquiry into the abuse. In a first letter he sent to the FCC, Wyden has asked the Commission to investigate Securus, and in a second letter sent to US telcos, the Senator wants them to conduct self-audits to discover other companies that may be secretly siphoning Americans' location data.
The Senator wants answers from US telcos by June 15. He also wants telcos to create portals where US consumers can check the names of third-party companies that accessed their phone's location data.