Last spring, Robert Xiao got a tour of Hawaii from a bird’s-eye view. He wasn’t flying a drone. He wasn’t in a plane. No helicopters, either.

Then a Ph.D. student at Carnegie Mellon University’s Human-Computer Interaction Institute, he sat in Pittsburgh and — on his computer -— watched a friend drive around the island. All Mr. Xiao needed was the friend’s cell phone number to track his location in real time.

It was a test. Mr. Xiao wanted to ensure he had really found a security breach that exposed nearly every American’s real-time location, just using a phone number.

What resulted was a “bizarre” tour of the island, he said, and a slew of questions about LocationSmart, the Carlsbad, Calif.-based company he was checking up on. It aggregates location data from cell phone providers and, in turn, sells that information to other parties — even bounty hunters.
More>>