On Thursday, AT&T said in a statement to WSJ that it will stop selling customers’ location data to third-party service following a report published by Motherboard. This recent investigation by Motherboard disclosed that how selling location information by telecom companies can eventually reach the wrong hands putting customer’s privacy and safety in danger.
What Motherboard’s investigation revealed?
Motherboard’s investigation revealed that many telecommunication companies like T-Mobile, AT&T, and Sprint are selling users’ real-time location data that can ultimately reach the wrong hands like stalkers or criminals. This investigation showed that mobile networks and the data they generate are not as secure as we want them to be.
Telecom companies in US sell user’s location data to other companies, who are called location aggregators. These companies can then sell this information to their clients and industries. This basically forms a complex supply chain of data that shares user’s most sensitive data. And, in some cases telecommunication companies, which are the originators, may not even have any idea how this data is being used by the eventual end user.
A similar scenario happened in May last year, when Sen. Ron Wyden in a letter to FCC revealed that Securus, Verizon’s indirect corporate customer had used its customer location data to effectively allow officers to spy on millions of Americans. As a reply, Verizon filed a letter saying that it is ending its data-sharing agreement with LocationSmart and Zumigo. Following that AT&T and Sprint also announced that they are cutting ties with location aggregators.
How the companies reacted?
AT&T in a statement said, “In light of recent reports about the misuse of location services, we have decided to eliminate all location aggregation services — even those with clear consumer benefits. We are immediately eliminating the remaining services and will be done in March.” John Legere, T-Mobile chief executive tweeted that his organization will also completely end the location aggregator work in March:
Sprint responded to WSJ, “Protecting our customers’ privacy and security is a top priority, and we are transparent about that in our Privacy Policy. We do not knowingly share personally identifiable geolocation information except with customer consent or in response to a lawful request such as a validated court order from law enforcement.”
A victory for privacy advocates
Sen. Ron Wyden believes that telecom companies cannot just put the blame on the third-party companies. He remarked that we need to enforce strong legislations to ensure our data is secure. He said, “Congress needs to pass strong legislation to protect Americans’ privacy and finally hold corporations accountable when they put your safety at risk by letting stalkers and criminals track your phone on the dark web.” Sen. Kamala D. Harris called for an immediate investigation by the Federal Communications Commission (FCC) against this case. She also feels that this is a major threat to user security, “I’m extraordinarily troubled by reports of this system of repackaging and reselling location data to unregulated third party services for potentially nefarious purposes. If true, this practice represents a legitimate threat to our personal and national security.”
One of the users in a MetaFilter discussion said, “The greatest thing that U.S. law needs in the age of privacy concerns is a broadening of the category referred to in the law as “innkeepers and common carriers,” which is basically an olde-tyme recognition that there are sorts of private businesses that are central enough to everyday life and serve such a purpose as to need to be held to a higher duty of care than others. Cell phones, social media, and bank records all should fall under this duty of care in any sensible modern society.”
Read Next
FCC grants Google the approval for deploying Soli, their radar-based hand motion sensor
Mozilla v. FCC: Mozilla challenges FCC’s elimination of net neutrality protection rules