Latest Data-Privacy Scandal Fizzles on Capitol Hill

Cambridge Analytica was meant to be America’s wake-up call on data privacy. But the muted response to new cell-phone tracking revelations shows that not all privacy issues are created equal.

AP Photo/Martin Mejia
May 29, 2018, 8 p.m.

It’s the biggest privacy scandal you’ve never heard of—a series of new discoveries detailing the surprising scope and scale of the unauthorized location-tracking programs operated by the largest wireless carriers in America, and the flimsy protections they and their third-party partners place on your hypersensitive location data.

Anyone with a cell phone is likely at risk, making its impact potentially broader than Facebook’s notorious Cambridge Analytica firestorm. And because the unsanctioned data collection tracks the real-time movements of nearly every cell phone in the country, the misuse of that data could put consumers’ physical safety at risk.

Yet the scandal has elicited barely a whimper in the halls of power and across the country. Few in Congress seem aware of the issue, and even fewer interested in investigating it. The Federal Communications Commission has begun a probe into some of the allegations, but does not appear to be moving with any particular haste. And in the chaos surrounding last week’s rollout of new European privacy rules, the revelations appeared to slide under the radar of even some data-privacy experts.

Robert Xiao—a researcher from Carnegie Mellon University who this month discovered a security flaw on the website of tracking firm LocationSmart allowing anyone with internet access to triangulate the real-time location of nearly every mobile phone in America—is frustrated that the issue isn’t being taken seriously.

“People were suggesting that I should’ve gone on there and downloaded the locations for 100 million Americans, or whatever, and dumped it online,” Xiao told National Journal. “That might’ve had the desired effect.”

Some experts say the steady drumbeat of new privacy breaches may be paradoxically causing consumers to lose interest. Ernesto Falcon, the legislative counsel at the Electronic Frontier Foundation, noted that the public has been hit over the last several years with news of massive breaches at Yahoo, Equifax, Facebook and now the wireless carriers.

“People are getting fatigued,” he said. “They’re still angry, but they’re getting kind of fatigued by the fact that they just don’t have control.”

While the fundamentals of this incident and the Cambridge Analytica scandal are similar, Xiao believes the breach of mobile-tracking data hasn’t sparked a Facebook-style fracas because it fails to feed the public’s fascination with President Trump and his campaign.

In the wake of the Facebook scandal, some commentators mused that Americans may finally be waking up to the problems caused by a lack of data privacy. Xiao disputes that notion, arguing that any privacy issue lacking a Trumpian bent simply doesn’t have the staying power in today’s news cycle. He pointed to the lack of major public outcry or legislative action following last fall’s massive Equifax breach as a prime example.

“Equifax is still happily in business, doing what they’ve always done. They haven’t really changed anything about their processes,” Xiao said. “They sort of weathered the storm by being very quiet and, frankly, not being related to Trump.”

LocationSmart is one of an indeterminate number of third-party firms partnering with AT&T, Verizon, T-Mobile, and Sprint to better track the real-time location of their customers’ mobile phones. The technology is used to accurately rout emergency responders, and its utilization by law enforcement has at times sparked controversy.

The extent to which users’ location data is shared with or sold to other firms remains unclear, and there’s no way for cell-phone subscribers to opt out of the tracking. Experts have long worried that the databases were poorly secured and at risk of abuse or cyberattacks.

Those concerns crystallized this month, when it was revealed that a Missouri sheriff allegedly used the services of another firm called Securus Technologies to improperly track the movements of fellow police officers and a judge.

Then came the news of a successful hack against Securus, which saw the usernames and passwords of more than 2,800 law enforcement users stolen. Just days later, Xiao discovered anyone could use LocationSmart’s free trial version to look up the location of nearly any cell phone in America. Xiao alerted the company, which moved to quickly close that particular loophole.

Privacy experts say the sudden surge of allegations surrounding the abuse and mismanagement of Americans’ location data raise additional questions, including the scope of data-sharing with insecure third parties and the need to update outdated privacy laws that fail to protect the new types of data constantly streaming from smartphones.

“What these scandals reveal to me is that we don’t have very much information at all about how these things are handled, and the few examples that we have should raise alarm bells,” said Neema Singh Guliani, a legislative counsel at the American Civil Liberties Union.

Sen. Ron Wyden sent a letter to the FCC this month over the Securus scandal, helping kickstart an investigation. The Oregon Democrat also sent a list of questions to the four major wireless carriers, and his office says that as of Thursday, the senator has yet to receive a response from any of them.

And Thursday, Rep. Frank Pallone, the ranking member on the House Energy and Commerce Committee, called on Chairman Greg Walden to hold a hearing on the issue of unauthorized cell phone tracking.

But outside of Wyden and Pallone, almost no one on Capitol Hill is discussing the issue. Walden’s office told National Journal last week that the committee was “considering [Pallone’s] request,” but could not provide further information. And a spokesman for Sen. John Thune, chairman of the Senate Commerce Committee, said the senator was not considering holding a hearing at this time.

In a statement provided to National Journal, Wyden expressed disappointment that his fellow lawmakers and the public seemed largely unconcerned by the issue.

“This is an extremely complicated issue, maybe more complex than the Facebook/Cambridge Analytica scandal, so it can take time to educate members of Congress and the public about just how dangerous these leaks are,” Wyden said. “You can choose to close your Facebook account, but it’s much harder to go without a cell phone in 2018 America.”

“The privacy and security of nearly every adult American is impacted by the LocationSmart leak and the entire ecosystem of selling Americans’ location data, so it would be well worth the Commerce Committee’s time to investigate the issue,” Wyden added.

Wyden did note that he was glad the FCC has opened an investigation into unauthorized cell-phone tracking. But he worried that Republican Chairman Ajit Pai “is more interested in protecting the wireless carriers than protecting the privacy and security of Americans.”

Some data-privacy experts are similarly put out by the lack of attention on this issue. “It is disappointing that there hasn’t been a more urgent response, but we’ll keep working on it,” said Michelle Richardson, the deputy director at the Center for Democracy and Technology’s Freedom, Security, and Technology Project. “This is a long arc.”

Falcon said that if Xiao had decided to download and release the real-time location data for tens of millions of Americans—instead of working to quickly plug the hole—the response would’ve likely been quite different. “If someone downloaded everything LocationSmart did and then uploaded it to a website for all to see, suddenly you would have a riot,” Falcon said.

“It reaches general, mass population when there’s a fire,” Falcon added. “I have complete confidence that the fire’s coming. It’s just a matter of when.”

What We're Following See More »
Trump Signs Border Deal
1 weeks ago

"President Trump signed a sweeping spending bill Friday afternoon, averting another partial government shutdown. The action came after Trump had declared a national emergency in a move designed to circumvent Congress and build additional barriers at the southern border, where he said the United States faces 'an invasion of our country.'"

Trump Declares National Emergency
1 weeks ago

"President Donald Trump on Friday declared a state of emergency on the southern border and immediately direct $8 billion to construct or repair as many as 234 miles of a border barrier. The move — which is sure to invite vigorous legal challenges from activists and government officials — comes after Trump failed to get the $5.7 billion he was seeking from lawmakers. Instead, Trump agreed to sign a deal that included just $1.375 for border security."

House Will Condemn Emergency Declaration
1 weeks ago

"House Democrats are gearing up to pass a joint resolution disapproving of President Trump’s emergency declaration to build his U.S.-Mexico border wall, a move that will force Senate Republicans to vote on a contentious issue that divides their party. House Judiciary Committee Chairman Jerrold Nadler (D-N.Y.) said Thursday evening in an interview with The Washington Post that the House would take up the resolution in the coming days or weeks. The measure is expected to easily clear the Democratic-led House, and because it would be privileged, Senate Majority Leader Mitch McConnell (R-Ky.) would be forced to put the resolution to a vote that he could lose."

Where Will the Emergency Money Come From?
1 weeks ago

"ABC News has learned the president plans to announce on Friday his intention to spend about $8 billion on the border wall with a mix of spending from Congressional appropriations approved Thursday night, executive action and an emergency declaration. A senior White House official familiar with the plan told ABC News that $1.375 billion would come from the spending bill Congress passed Thursday; $600 million would come from the Treasury Department's drug forfeiture fund; $2.5 billion would come from the Pentagon's drug interdiction program; and through an emergency declaration: $3.5 billion from the Pentagon's military construction budget."

House Passes Funding Deal
1 weeks ago

"The House passed a massive border and budget bill that would avert a shutdown and keep the government funded through the end of September. The Senate passed the measure earlier Thursday. The bill provides $1.375 billion for fences, far short of the $5.7 billion President Trump had demanded to fund steel walls. But the president says he will sign the legislation, and instead seek to fund his border wall by declaring a national emergency."


Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.