I See You

Bail Bond Company Let Bounty Hunters Track Verizon, T-Mobile, Sprint, and AT&T Phones for $7.50

Low-level enforcement were able to monitor phones nationwide with minimal legal oversight. But the predatory bail bonds industry provided a similar, and cheap, service to bounty hunters to track down individuals.

Joseph Cox

Joseph Cox

Image: Ann Hermes/The Christian Science Monitor via Getty Images

This week Verizon and other major telcos announced they would stop the sale of customers’ location data to certain third parties. The move came after a wave of media reports and scrutiny from Senator Ron Wyden, which showed that data was ultimately ending up in the hands of low-level law enforcement, letting them track nearly any phone in the US with minimal oversight.

But it wasn’t just cops. Before going through what appears to be a serious rebranding and discontinuing the product, at least one company, Captira, was selling phone geolocation to another market, according to website archives: bounty hunters. The online records highlight the wide spread of use cases for phone location information; data that customers and ordinary citizens likely did not understand has been sold and re-used by multiple industries for years.

Captira caters to the bail bondsman market. That is, people who put money forward to pay for a criminal suspect’s bail and demand a percentage of that bail amount as payment, and those who hunt down defendants to make sure they attend a court date. The industry has faced intense criticism due to concerns its for-profit motive may push low-income defendants into debt as they feel pressured to take money from a bondsman that they ultimately may not be able to pay back. In other words, low-income defendants don't only end up in debt because they can't afford bail, but those who used bail bond agents could face a bounty hunter who then tracks their phone’s location.

“There are two general ways in which we can harness technology: gaining knowledge and gaining efficiency. Of course, we can also seek to exploit new technology to gain a unique advantage,” Matthew Phillips, CTO of Captira, wrote in a 2014 article in a trade publication.

Captira allowed customers to “instantly locate defendant cell phone,” for as little as $7.50, according to a July 2011 archive of the company’s website. The “Cell Phone Locator” product worked on all major carriers, such as Verizon, AT&T, Sprint and T-Mobile, and displayed results in a Google Maps interface, the website adds.

Caption: A screenshot of Captira's previously offered cell phone locator product.

Another webpage unearthed by Motherboard shows Captira claiming its phone product could geolocate targets to an accuracy of 2 metres.

“This is especially useful for people who try to jump locations by changing cities in order to avert court hearings,” another archive discussing Captira’s products reads.

When using a similar service called Securus, law enforcement officials were required to upload some sort of authorization document, such as a warrant, but Securus previously confirmed that it did not conduct any review of these surveillance requests. With Captira, it is not clear what steps customers had to take to access the service.

But Captira’s bounty hunter customers have successfully used the cell phone locator product to track down defendants, judging by Captira’s tweets.

“North Carolina agent chases a defendant through 3 states, using Cell Phone Locator the whole way. Finally caught at a truck stop,” one tweet from the company reads. Another tweet claims a customer used the product to catch a ‘skip’—a wanted fugitive—with a $25,000 value.

Got a tip? You can contact this reporter securely on Signal on +44 20 8133 5190, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.

Today, Captira does not explicitly mention the cell phone locator service on its website, but the company does offer a number of other products, including the ability to comb through images captured by nationwide license plate readers, potentially letting a user trace the historical movements of a particular vehicle across the country.

The cell phone locator product “was withdrawn approximately 6 years ago,” Phillips told Motherboard in an email. “Including Captira in any article will be misleading.” Phillips did not respond to a follow-up question asking why Captira scrapped the service.

But a source who has followed the industry of phone location products told Motherboard that several companies stopped advertising their geolocation products in around 2014 and 2015, perhaps due to increased concern that the services may have been illegal. Motherboard granted the source anonymity to talk about industry developments.

We don't know how Captira obtained data to track phones across all major telcos. LocationSmart, the company that provided location information to Securus, told Motherboard Captira did not obtain its telco data from LocationSmart, nor was Captira a customer of Locaid, a company that LocationSmart acquired in 2015. Zumigo, another location data company, and which Verizon recently mentioned as one of their main middlemen vendors, told Motherboard Captira was not a customer.

In tweets, Captira said it had obtained approval for its cell phone location service from both Verizon and T-Mobile. Neither telco responded to questions on whether they gave Captira customer location data.

Senator Wyden, whose office investigated the sale and exploitation of phone location information, has asked the Federal Communications Commission (FCC) to investigate how companies such as Securus have abused such data, as well as what sort of customer consent each wireless carrier requires from other companies before providing location information.

The FCC has referred reports about LocationSmart to its enforcement bureau to formally investigate. Robert Xiao, a security researcher at Carnegie Mellon University, discovered that LocationSmart ran a faulty website that let anyone look up the location of nearly any phone in the US without authorization.

“For far too long, wireless companies sold sensitive location data about Americans to middlemen and then looked the other way when our information was abused. While I am glad to see the carriers have promised to start cleaning up the location data industry, I strongly doubt that Securus was the only company to abuse its access to Americans’ information,” Senator Wyden told Motherboard in a statement.

“It is long past time for the FCC to step up and actually go to work for American consumers, by investigating the shadowy marketplace for our private data. Consumers’ security and privacy shouldn’t be the last item on an agenda that seems larded with items designed to please corporate shareholders,” it added.