Sheriff from Mississippi caught abusing (phone)tracking service

[Bsmith]

A US (ex)sheriff has been caught abusing a tracking service, while on duty, without warrant to track multiple people including a judge and other police officers.
Said sheriff however has been fired since, due to a unrelated case where a inmate has died, but earlier has been charged with forging of documents and similar cases.

 

Quote

Mr. Hutcheson, the defendant in the surveillance case, was charged with forgery in state court last year and also by a federal grand jury in March over similar offenses related to the phone pinging. He was removed from his duties as sheriff in 2017 after an inmate’s death, though he was not charged with a crime in that matter. The Highway Patrol officers who were allegedly tracked filed suit in federal court. Mr. Hutcheson’s lawyer declined to comment on the litigation.

 

Although this might be a isolated case where it's just a single individual abusing his powers, it is still slightly worrying about how potent those programs are and how easy it is for them to use these services without warrant.

 

Quote

Thousands of jails and prisons across the United States use a company called Securus Technologies to provide and monitor calls to inmates. But the former sheriff of Mississippi County, Mo., used a lesser-known Securus service to track people’s cellphones, including those of other officers, without court orders, according to charges filed against him in state and federal court.

The service can find the whereabouts of almost any cellphone in the country within seconds. It does this by going through a system typically used by marketers and other companies to get location data from major cellphone carriers, including AT&T, Sprint, T-Mobile and Verizon, documents show.

Between 2014 and 2017, the sheriff, Cory Hutcheson, used the service at least 11 times, prosecutors said. His alleged targets included a judge and members of the State Highway Patrol. Mr. Hutcheson, who was dismissed last year in an unrelated matter, has pleaded not guilty in the surveillance cases.

As location tracking has become more accurate, and as more people carry their phones at every waking moment, the ability of law enforcement officers and companies like Securus to get that data has become an ever greater privacy concern.

Securus offers the location-finding service as an additional feature for law enforcement and corrections officials, part of an effort to entice customers in a lucrative but competitive industry. In promotional packets, the company, one of the largest prison phone providers in the country, recounts several instances in which the service was used.

In one, a woman sentenced to drug rehab left the center but was eventually located by an official using the service. Other examples include an official who found a missing Alzheimer’s patient and detectives who used “precise location information positioning” to get “within 42 feet of the suspect’s location” in a murder case.

 

The article also goes on about possible implications within the law and how it is possible for the company to have access to all this data without problems, which is legally allowed up to the point where they can even sell location data without issues, it however is a vague situation since they are also legally obliged to protect costumer's personal information and location data falls within a grey area, whether it is or isn't considered personal information that they can(and probably will) sell.

 

Quote

Phone companies have a legal responsibility under the Telecommunications Act to protect consumer data, including call location, and can provide it in response to a legal order or sell it for use with customer consent. But lawyers interviewed by The New York Times disagreed on whether location information that was not gathered during the course of a call had the same protections under the law.

As long as they are following their own privacy policies, carriers “are largely free to do what they want with the information they obtain, including location information, as long as it’s unrelated to a phone call,” said Albert Gidari, the consulting director of privacy at the Stanford Center for Internet and Society and a former technology and telecommunications lawyer. Even when the phone is not making a call, the system receives location data, accurate within a few hundred feet, by communicating with the device and asking it which cellphone towers it is near.

Other experts said the law should apply for any communications on a network, not just phone calls. “If the phone companies are giving someone a direct portal into the real-time location data on all of their customers, they should be policing it,” said Laura Moy, the deputy director of the Georgetown Law Center on Privacy & Technology.

 

It also opens up the dialogue on how well companies like Securus or isps do actually check warrants to see if they are legal, since in this situation the tracking was done without legal permission or use of warrants that forced them to give access to said locations.

 

Quote

Mr. Wyden, in his letter to the F.C.C., also said that carriers had an obligation to verify whether law enforcement requests were legal. But Securus cuts the carriers out of the review process, because the carriers do not receive the legal documents.

The letter called for an F.C.C. investigation into Securus, as well as the phone companies and their protections of user data. Mr. Wyden also sent letters to the major carriers, seeking audits of their relationships with companies that buy consumer data. Representatives for AT&T, Sprint, T-Mobile and Verizon said the companies had received the letters and were investigating.

“If this company is, in fact, doing this with our customers’ data, we will take steps to stop it,” said Rich Young, a Verizon spokesman. T-Mobile said it “would take appropriate action” if it found any misuse of data.

T&T also said it followed industry “best practices” in handling data, and Sprint said it shared location information only with customer consent or in response to lawful requests.

 

Although Securus only operates within the USA and it (so far I'm aware) is one of the few modern nations where it is allowed to sell information from your costumers to a third party, I find it pretty concerning that it is possible for people to have access to things like this without the decent checks being carried out.

But I guess this will just be another small drop in the bucket of questionable practices within the United States; of course tools like this have benefits in search and rescue situations, although then it still has to be carried out the proper way, something that here hasn't been the case.

 

source: https://www.nytimes.com/2018/05/10/technology/cellphone-tracking-law-enforcement.html

[suicidalfranco]

Called it.

[GDRRiley]

Wow it took this long to have someone abuse this?  Not surprised. 

Real question is now can we get some laws made to stop this and fix the patret act 

[AresKrieger]

2 minutes ago, GDRRiley said:

Wow it took this long to have someone abuse this?

Well it took this long for someone to be caught abusing it

 

It probably been abused since the creation of such tracking programs, though most likely by the Feds initially

[AshleyAshes]

8 hours ago, Bsmith said:

sheriff has been caught abusing a tracking service, while on duty, without warrant to track multiple people including a judge and other police officers...has been fired since, due to a unrelated case where a inmate has died...charged with forging of documents and similar cases.

America, this is your tax dollars at work.

[Bsmith]

19 minutes ago, GDRRiley said:

Wow it took this long to have someone abuse this?  Not surprised. 

Real question is now can we get some laws made to stop this and fix the patret act 

I believe with the original Snowden leaks there was evidence of that happening within the NSA, so not the first time and probably impossible to stop it with current laws regarding privacy in the US.

[Christophe Corazza]

6 hours ago, Bsmith said:

I believe with the original Snowden leaks there was evidence of that happening within the NSA, so not the first time and probably impossible to stop it with current laws regarding privacy in the US.

 

 

Completely agree. Those current laws only ease the use (or better yet: abuse) of such technology.

I’m wondering what’s the situation in the EU though...

 

As far as I can remember, I’m not aware of a similar case in the EU. Although, that does not say a darn thing, since they might as well not have been caught yet.

[sof006]

He pleaded not guilty?

 

Judge: "we have evidence, physical proof you've been misusing equipment by using it without a warrant"

 

Me : "nah wasn't me, not guilty lol"

[Bsmith]

11 hours ago, Christophe Corazza said:

 

Completely agree. Those current laws only ease the use (or better yet: abuse) of such technology.

I’m wondering what’s the situation in the EU though...

 

As far as I can remember, I’m not aware of a similar case in the EU. Although, that does not say a darn thing, since they might as well not have been caught yet.

in the EU it varies by country, I can only speak for the Netherlands on this.
Earlier this your the government tried to pass a law which would allow the AIVD(dutch spy agency) to tap all calls, messages and what not, this gave a huge backlash within the country and even let to a referendum about it and people voted massively against it(except the elderly who didn't get it) it lead to the law being retracted in it's current shape and being looked at, since the opposition(politicians who didn't get elected) and some elected officials saw flaws in the law after the tech sector pointed them out.

[Christophe Corazza]

32 minutes ago, Bsmith said:

tap all calls, messages and what not

 

Tapping calls is one thing, tracking someone and misusing the obtained information is obviously another one.

Since I live in Belgium, I can only tell you about that: the national security agency needs to have the permission of a commission of 3 magistrates and the tapping is always under surveillance of an investigating judge.

However, only the content of the conversation is registered. Positional data and alike are, as far as I know, not tracked.

 

I assume that you can read dutch? 

This is the current situation here: Afgeluisterd? Misschien komt u het nooit te weten