Four US communications giants sold users’ location data

Federal Communications Commission (FCC) said that four US communications giants sold users’ location data. So, the commission suggested it might fine the nation’s four major wireless carriers, for selling the data without safeguards to prevent misuse. AT&T, Sprint, T-Mobile US, and Verizon can respond to FCC, so that the regulator’s commissioners may consider the carriers’ arguments and evidence.

AT&T might be forced to pay a fine of $57m; Sprint could pay $12m; T-Mobile US, $91m; while Verizon’s future bill could come to $48m. But after hearing from the companies, the FCC could adjust these amounts downward. T-Mobile US has already said it would fight the charges. “We were the first wireless provider to commit to ending the program and terminated it in February 2019 after first ensuring that valid and important services were not adversely impacted,” T-Mobile US stated for The Register.

In May 2018, the authorities discovered that Securus Technologies was buying data about telecom customers’ whereabouts. Then, they used to share the details with law enforcement agencies. It turned out the company had obtained the data from another firm – LocationSmart. Both were offering the data through online portals.

The cellular giants said they had taken steps to prevent abuse. Still, bounty hunters managed to obtain the sensitive personal data from systems supposedly restricted to authorized law enforcement personnel. After ongoing pressure from lawmakers, the FCC has finally come up with a plan to penalize America’s Big Wireless. “This FCC will not tolerate phone companies putting Americans’ privacy at risk,” said FCC chairman Ajit Pai in a statement.

Too much tolerance for the communications giants

Jessica Rosenworcel, one of the five FCC commissioners, suggested the regulator tolerated just that for quite some time and continues to go easy on the phone companies. Pai is an ex-cellular industry executive: he was associate general counsel at Verizon.

The agency found that all four networks sold customer location data to aggregators. Those resold the information to third-party location-based service providers like Securus. According to their contracts, these third-parties should get permission from wireless carrier customers before accessing their location data. But the carriers did so “without putting in place reasonable safeguards. So they did not ensure that the dozens of location-based services providers acting on their behalf were actually obtaining consumer consent,” the FCC said.

“We take the privacy and security of our customers’ data very seriously,” a T-Mobile US spokesperson said in a statement provided to The Register. “When we learned that our location aggregator program was being abused by bad actor third parties, we took quick action. While we strongly support the FCC’s commitment to consumer protection, we fully intend to dispute the conclusions of this NAL and the associated fine.”

The other three US communications giants, AT&T, Sprint, and Verizon did commented on the charges.