Lawyer warned FCC of Securus phone-tracking risks 10 months ago

Legal concerns over platform were floated back in July


Some ten months before Sen. Ron Wyden would request the FCC examine legal concerns over the service, a US lawyer had alerted the agency to potential problems with the Securus THREADS database.

Law360 found that Lee Petro, a Washington DC-based attorney at Drinker, Biddle, and Reath LLP, noted in a July 25, 2017 filing (PDF) to the US comms watchdog that THREADS, a monitoring tool Securus offered to US prison systems to help track inmate calling activity, was possibly violating US law.

securus

US prison telco accused of selling your phone's location to the cops

READ MORE

"To the extent that the THREADS database and Location-Based Service offering provides the name and billing address for more than 600,000 non-incarcerated people, access to 100 million calling records and the location data (both real-time and historical) of the recipients of ICS calls, there are serious concerns that Securus is in violation of Section 222 of the Act," Petro noted at the time.

Petro told The Register he came upon details of the platform as part of his work on rulemaking for caps on the rates inmates pay for calls. While researching proposals and contract submissions, he found that the THREADS database was being advertised as a location-tracking service.

"As the companies started to implement more investigative services, details on the location-based tracking and the THREADS database began to be incorporated into the proposals," Petro explained.

Designed to let prison administrators search out suspicious call patterns between inmates and people on nearby phones, THREADS also seemed to be able to extend to other private devices. This potentially allows the system to be used by prison staff or other law enforcement officials to keep tabs on private citizens without any sort of warrant or court order.

Time to call in the regulators

The lawyer brought his concerns to the FCC as part of an objection to a pending transaction involving Securus.

"The issue was raised in connection with the 2017 sale of Securus from ABRY Partners to Platinum Equity (both are private equity funds)," Petro explained.

"We had opposed the transaction, and in the course of the filings, Securus indicated that it would provide the location-based service and THREADS as an enhanced offering."

While the FCC acknowledged the concerns, Petro said that, in the context of the transaction, it decided not to look into the matter and, when the deal closed in October of last year, so did the objection.

It was only months later, when the Securus was brought into the limelight over revelations the service was in fact being illegally used to track private individuals, that the FCC would again be prodded to take action.

Petro is hopeful that this revived effort to get the FCC scrutinizing Securus will prove more successful.

"Now that Senator Wyden has raised the issue, there is a chance that the FCC will review this issue," Petro said.

"Recent press reports also indicate that the matter has been referred to the FCC’s Enforcement Bureau, which is a positive step in resolving the concerns."

The FCC acknowledged its Enforcement Bureau was looking into the matter, but had no further comment. ®

Similar topics

Narrower topics


Other stories you might like

  • Abortion rights: US senators seek ban on sale of health location data
    With Supreme Court set to overturn Roe v Wade, privacy is key

    A group of senators wants to make it illegal for data brokers to sell sensitive location and health information of individuals' medical treatment.

    A bill filed this week by five senators, led by Senator Elizabeth Warren (D-MA), comes in anticipation the Supreme Court's upcoming ruling that could overturn the 49-year-old Roe v. Wade ruling legalizing access to abortion for women in the US.

    The worry is that if the Supreme Court strikes down Roe v. Wade – as is anticipated following the leak in May of a majority draft ruling authored by Justice Samuel Alito – such sensitive data can be used against women.

    Continue reading
  • Tim Hortons collected location data constantly, without consent, report finds
    Hortons hears a sue

    From May 2019 through August 2020, the mobile app published by multinational restaurant chain Tim Hortons surveilled customers constantly by gathering their location data without valid consent, according to a Canadian government investigation.

    In a report published Wednesday, Office of the Privacy Commissioner (OPC) of Canada and the privacy commissioners from three provinces – Alberta, British Columbia, and Quebec – presented the results of an inquiry that began shortly after the publication of a June 2020 National Post article.

    That article revealed the Tim Hortons app tracked location data every few minutes even when relegated to the background, and the report compiled by Canadian privacy officials confirmed as much.

    Continue reading
  • Behind Big Tech's big privacy heist: Deliberate obfuscation
    You opted out, but you didn't uncheck the box on page 24, so your data's ours...

    Opinion "We value your privacy," say the pop-ups. Better believe it. That privacy, or rather taking it away, is worth half a trillion dollars a year to big tech and the rest of the digital advertising industry. That's around a third of a percent of global GDP, give or take wars and plagues. 

    You might expect such riches to be jealously guarded. Look at what those who "value your privacy" are doing to stop laws protecting it, what happens when a good law  gets through, and what they try to do to close it down afterwards. 

    The best result for big tech is if laws are absent or useless. The latest survey of big tech lobbying in the US reveals a flotilla of nearly 500 salespeople/lawyers touring the US state legislatures, trying to either draw up tech friendly legislation to insert into privacy bills, water then down through persuasion, or just keep them off the books.

    Continue reading
  • TikTok US traffic defaults to Oracle Cloud, Beijing can (allegedly) still have a look
    Alibaba hinted the gig was worth millions each year

    The US arm of Chinese social video app TikTok has revealed that it has changed the default location used to store users' creations to Oracle Cloud's stateside operations – a day after being accused of allowing its Chinese parent company to access American users' personal data.

    "Today, 100 percent of US user traffic is being routed to Oracle Cloud Infrastructure," the company stated in a post dated June 18.

    "For more than a year, we've been working with Oracle on several measures as part of our commercial relationship to better safeguard our app, systems, and the security of US user data," the post continues. "We still use our US and Singapore datacenters for backup, but as we continue our work we expect to delete US users' private data from our own datacenters and fully pivot to Oracle cloud servers located in the US."

    Continue reading

Biting the hand that feeds IT © 1998–2022