Law enforcement is grabbing that information without a warrant. Hedge funds apparently are getting that as well. I found Google & Neustar (North American Numbering Plan) are also LocationSmart partners.
ZDNet headlines "US cell carriers are selling access to your real-time phone location data The company embroiled in a privacy row has "direct connections" to all major US wireless carriers, including AT&T, Verizon, T-Mobile, and Sprint -- and Canadian cell networks, too." Jennifer Valentino-DeVries at the NY Times has some of the story "Service Meant to Monitor Inmates’ Calls Could Track You, Too." Interesting comments at Hacker News as well.
Brenda Schafer of LocationSmart emailed, "LocationSmart provides an enterprise mobility platform that strives to bring secure operational efficiencies to enterprise customers. All disclosure of location data through LocationSmart’s platform relies on consent first being received from the individual subscriber.
The vulnerability of the consent mechanism recently identified by Mr. Robert Xiao, a cybersecurity researcher, on our online demo has been resolved and the demo has been disabled. We have further confirmed that the vulnerability was not exploited prior to May 16th and did not result in any customer information being obtained without their permission. On that day as many as two dozen subscribers were located by Mr. Xiao through his exploitation of the vulnerability. Based on Mr. Xiao’s public statements, we understand that those subscribers were located only after Mr. Xiao personally obtained their consent. LocationSmart is continuing its efforts to verify that not a single subscriber’s location was accessed without their consent and that no other vulnerabilities exist. LocationSmart is committed to continuous improvement of its information privacy and security measures and is incorporating what it has learned from this incident into that process."
Personally. I don't think consent buried in the fine print or required for an important service is acceptable.