Wireless phones are great for a number of reasons, not the least of which being there is no cord to trip over, get wrapped around the cat or a stray child, and an unbounded range.
The price paid for this convenience by all wireless (WiFi) cell phone users is the possible loss of information and violation of privacy rights. Although 60% of American users (of 1,025 people) surveyed in May 2016 thought their data was safe when transmitted over public WiFi, these unsecured networks have no password or other online security protections of any kind.
This means that anyone who is tech-savvy can set up a device which can “sniff” unencrypted text transmissions of data over unsecured Wi-Fi channels can be intercepted, modified, and stolen.
In plain English, thieves using a public internet wireless network or hotspot can make off with all your cell phone’s personal communications, corporate data, images, media files, intellectual property, and the contents of all your unencrypted email or instant messages.
Navigation apps on cell phones need your permission to allow access to your cell phone’s location. Once granted, they have to stay on while you are using a map app to go from here to there. During that time, your phone is sending your location data out over unsecured WiFi networks everywhere there’s a cell phone tower or hotspot nearby.
Now, to make matters worse, Motherboard has exposed a very serious cell phone scam: “phone companies are also turning over this data to people impersonating officials — another troubling example of how little tech companies are doing to protect your personal data.”
In most places, cell phone companies must see a court order before they will furnish any customer data to law enforcement representatives. But John or Joan Law might skirt this legal technicality by advising the cell phone company that there are “exigent circumstances” which requires making an exception and providing private location information without court authorization. (A person in danger, such as an abducted child, is in exigent circumstances.)
Now, as reported by Motherboard, con artists claiming to be law enforcement officials are contacting cell phone providers who are giving out the requested real-time location data of the phone number associated with a certain call number – and therefore, probably the actual location of the cell phone user.
Social predators and other thieves can find out where you are, right now, if they pose as someone legally authorized to have access to personal information and convince your cell phone provider that they are legit.
All sorts of people talked their way into other people’s personal, private, and supposed-to-be protected information, from legitimate bounty hunters and debt collectors to criminal stalkers and domestic abusers hunting down their prey.
Valerie McGilvrey is a skip tracer, someone who locates another person’s whereabouts. She said Verizon, T-Mobile, and Sprint all accommodated fraudsters who never proved their legal authority by handing over customer location data.
McGilvrey believes that the telephone companies have been “very stupid” about this type of con to get cell phone location data without legal authorization to do so. She pointed a finger at poor procedure:
“They have not done due diligence and called the police [departments] directly to verify the case or vet the identity of the person calling.”
So many people have been victims of data theft or phone fraud that lawmakers are now considering bills that would send corporate CEOS of errant telcos to jail when they fail to protect customer data.
Senator Ron Wyden, (D-Oregon) released a draft bill on November 1, 2018, “that would give the Federal Trade Commission the ability to place harsher penalties on tech companies that violate users’ privacy.”
The proposed “Consumer Data Protection Act” defines personal information as “any information, regardless of how the information is collected, inferred, or obtained that is reasonably linkable to a specific consumer or consumer device.”
Unlawful sharing of any consumer’s personal information would be grounds for a cease and desist order that could include an assessment of a civil penalty “which shall be not more than an amount that is the greater of $50,000 per violation, taken as an aggregate sum of all violations, and 4 percent of the total annual gross revenue of the person, partnership, or corporation for the prior fiscal year.”
While toughening up laws that protect telco customer data from being shared illegally with third parties is necessary and beneficial, the stone cold truth is that cell phones operating over unsecured WiFi channels are vulnerable to hacking and there’s very little we, the users, can do about it.