Why telcos 'handed over' people's GPS coords to a bounty hunter: He just had to ask nicely

Privacy slip allegations dog US cellular network giants... while FCC twiddles its thumbs

A bounty hunter was able to get the live location of a number of different individuals from American cellphone networks through a single phone call, it is claimed.

Matthew Marre was charged [PDF] last month with allegedly obtaining "confidential phone record information ... by making false and fraudulent statements and representations." It is claimed he called a hotline run by various mobile networks, and asked for the GPS location of specific cellphones – all of which belonged to people that were wanted for skipping bail.

The ruse was apparently extremely successful, according to Colorado federal court documents that have subsequently been restricted from public view. The paperwork, submitted by prosecutors, alleged that, last year, he successfully persuaded T-Mobile USA to hand over location data for six phone numbers, and as a result he collared three people who were using the numbers.

In one extraordinary tale, Marre allegedly contacted the police when he believed one person he was tracking was breaking into a house. The cops turned up but were unable to find the suspect, so Marre returned to his laptop, updated the GPS tracking on the suspect's phone, and apparently found the person hiding in bushes at the back of the property.

The same ruse also seemingly worked with Verizon and Sprint, leaving only AT&T as a company that did not hand over highly confidential information on the basis of a single phone call – and that may only be because none of the people Marre was tracking used AT&T. The now-restricted court filing was noticed and discussed publicly earlier today by terrorism expert and PACER-whisperer Seamus Hughes.

But while the story is fascinating, Marre's apparent ability to obtain the data has put a further spotlight on the sharing of location data by mobile operators: an issue that privacy groups and an FCC Commissioner are calling for a full investigation into.

What is remarkable is that Marre was seemingly able to get the information at all. As the prosecutors' court doc notes, every mobile network operator has "24-hour law enforcement assistance operators that are available to assist in emergencies across the US to aid any law enforcement agency that is involved in an emergency that potentially involves death or serious bodily injury."

The police are required to follow a "legal court process compelling the companies to assist law enforcement" i.e. get a warrant before mobile operators are supposed to hand over location data. But there is an exception for emergencies.


"In an emergency, without legal process if the situation potentially involves death or serious bodily injury that could occur without immediate action," then operators are allowed to forego the normal legal process. This, in theory, is the bar that Marre should have jumped: an emergency that involved potential death. But it would appear that Marre didn’t even give a solid representation that he was a police officer, let alone one in the midst of a life-threatening situation.

The prosecution's court doc indicates that one mobile operator, in explaining its decision to hand over location data, said that "a male who identified himself as a Matthew Marre, claiming to be an investigator for the 'Colorado Department of Public Safety' and the 'Colorado Task Force'," contacted them and asked for the information, which they then handed over.

Senator Wyden goes ballistic after US telcos caught selling people's location data yet again


When Marre was interviewed following the bush-tracking incident, he told a police officer that he was the owner of "Colorado PSC LLC" and had been contracted by a bail bond company to track the man in question.

We haven't been able to find a limited liability company called "Colorado PSC" but it is possible that Marre simply implied he was a police officer by saying he was from "Colorado PSC" and was given the information by the mobile operator. It is notable that he used his real name rather than a pseudonym.

The indictment against him also claims that he "provided a document… knowing such document was false and fraudulent." It's not clear what that is in reference to and it may be a further check run by mobile operators before approving location data, but it is not clear at this stage since neither law enforcement nor mobile operators want their verification processes to become public knowledge.

Either way, Marre was apparently able to get hold of information that should been restricted only to law enforcement officers in an emergency situation – and was able to do so repeatedly with three of the four mobile operators, suggesting at the very least that those companies have lax data protection systems in place.

Next page: Groundhog Day

Keep Reading

Tech Resources

How backup modernization changes the ransomware game

If the thrill of backing up your data and wondering if you will ever see it again has worn off, start the new year by getting rid of the lingering pain of legacy backup. Bipul Sinha, CEO of the Cloud Data Management Company, Rubrik, and Miguel Zatarain, Director of Global Infrastructure Technology at PACCAR, Fortune 500 manufacturer of trucks and Rubrik customer, are talking to the Reg’s Tim Phillips about how to eliminate the costly, slow and spotty performance of legacy backup, and how to modernize your implementation in 2021 to make your business more resilient.

The State of Application Security 2020

Forrester analyzed the state of application security in 2020 and found over 75% of external attacks are attributed to web application and software exploits.

Webcast Slide Deck | Three reasons you need a hybrid multicloud

Businesses need their IT teams to operate applications and data in a hybrid environment spanning on-premises private and public clouds. But this poses many challenges, such as managing complex networking, re-architecting applications for the cloud, and managing multiple infrastructure silos. There is a pressing need for a single platform that addresses these challenges - a hybrid multicloud built for the digital innovation era. Just this Regcast to find out: Why hybrid multicloud is the ideal path to accelerate cloud migration.

Top 20 Private Cloud Questions Answered

Download this asset for straight answers to your top private cloud questions.

Biting the hand that feeds IT © 1998–2021