Today, we are all aware of the means that governments use to spy on citizens, but this should not be so simple. To allow surveillance; by law, authorities must provide an order to cell phone companies to collect data.
Now it is possible to track data from a cell phone in real time with Securus. Information security experts say that Securus is a prison telecommunications firm that helps government agencies monitors cell phones in the United States. Using a web interface that takes advantage of its location API, Securus can successfully access cellular site databases in real time. The records are used to obtain cell phone data to allow tracking.
In the process, third-party data intermediaries are taken to receive data from the cell phone while monitoring is done through a web interface, which favors the authorities to start tracking any cell phone in a matter of seconds, say information security professionals.
The third-party brokers involved in this process are highly connected to telecommunications companies and are usually based on the exploitation of ads to get users to enable GPS tracking to see ads based on their location.
Securus admitted that he normally gets data from 3CInteractive, who gets data from LocationSmart. Therefore, it can be assumed that Securus uses the LocationSmart API to initiate web-based tracking.
According to the New York Times, the problem is that this process is carried out without any legal verification that can monitor and prevent the abuse of confidential data. The New York Times said the Securus service was used by Cory Hutcheson, a former sheriff in Mississippi County, Missouri, to track target cell phones. Its objectives included a judge and several government officials. According to information security researchers, the monitoring began three years ago and an order was never obtained.
The system used by Securus is similar to the system offered by mobile phone companies to marketing specialists, who need to obtain micro-lenses according to data matrices, such as location data. We know that this system is much more invasive since it provides uncontrolled access to location tracking.
Now, Securus says it has limited the use of its system to encourage legally permitted surveillance. This has made it necessary for system users to take court orders or warranties before using it. The company said it never reviews orders before granting access to use the system and does not show court orders to operators before entering their databases.
“Securus is not a judge, the responsibility for ensuring the legality of supporting documentation rests with law enforcement clients and their attorneys Securus offers services only to law enforcement and correctional facilities, and not all officials they have access to the system, “said a spokesman for Securus.
Telephone operators are involved in abusing a hole in privacy laws that allegedly prohibit selling this type of data. The gap is present in the contracts of telephone operators, which are not read by users, information security experts said.
In these contracts, a term has been included where the user has given his consent for the sale of location data. So, by selling your private data to operators, you are actually allowing companies like Securus to exploit it without permission.
Senator Ron Wyden has sent letters to telecommunications companies and the FCC to provide details of the program. AT & T published the content of the letter received.
“I am writing to insist that AT & T take proactive measures to prevent unrestricted disclosure and possible abuse of private customer data, including real-time location information, from another company to the government.”
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.