A loophole designed to protect lives is actually endangering them.
While cell phone companies typically require a court order before they’ll give law enforcement officials a customer’s real-time location data, they will make exceptions under “exigent circumstances” — for example, if turning over the data might prevent someone from being harmed.
Now, Motherboard is reporting that phone companies are also turning over this data to people impersonating officials — another troubling example of how little tech companies are doing to protect your personal data.
According to Motherboard’s sources — which included Valerie McGilvrey, a skip tracer hired to find people’s locations — Verizon, T-Mobile, and Sprint have all turned over real-time location data to scammers who claimed to be law enforcement officials.
In some instances, the scammers were bounty hunters or debt collectors. In others, they were stalkers and domestic abusers trying to track down their victims. The stories they spin vary, but fake child kidnappings seem to be common approach.
“So many people are doing that and the telcos have been very stupid about it,” McGilvrey told Motherboard. “They have not done due diligence and called the police [departments] directly to verify the case or vet the identity of the person calling.”
This is far from the first example of tech companies inadequately protecting user data — from Facebook to Google, we constantly hear about companies experiencing data breaches, with users’ personal data ending up in the hands of people who were never meant to have access to it.
The issue has now gotten to the point that some legislators are suggesting bills to jail the execs of companies that don’t adequately protect user data — and if there’s one thing more worthy of punishment than accidentally leaking personal data, it might be willingly handing it over like these telephones companies are doing.
More on data breaches: New Bill Would Let FTC Jail Execs for Data Breaches