Source: The FCC has finished investigating carriers’ unauthorized disclosure and sale of subscribers’ real-time location data, Chairman Ajit Pai has shared with (PDF) lawmakers in the House of Representatives. In his letters, he told Energy and Commerce Committee Chairman Frank Pallone, Jr. and others that the agency has come to a conclusion after an extensive probe: one or more carriers “apparently violated federal law.” Pai has also promised the lawmakers that the agency is going to take action against the offending carriers to ensure that they comply with laws that protect consumers’ sensitive information.
Back in 2018, it came to light that carriers sell their customers’ real-time location data to aggregators, which then resold it to other companies or even gave it away. Last year, a Motherboard report also revealed that bail bond companies and bounty hunters have been buying people’s location data for years, allowing them to use that information to track their targets.
All four major US carriers promised to stop selling customer location data to aggregators after the information first came out. The companies made good on their word, though it took them a year to do so: They informed FCC Commissioner Jessica Rosenworcel that they had already halted sales to aggregators after she requested for an update in 2019.
Pallone said in a statement:
“Following our longstanding calls to take action, the FCC finally informed the Committee today that one or more wireless carriers apparently violated federal privacy protections by turning a blind eye to the widespread disclosure of consumers’ real-time location data. This is certainly a step in the right direction, but I’ll be watching to make sure the FCC doesn’t just let these lawbreakers off the hook with a slap on the wrist.”
Rosenworcel, who repeatedly brought the issue up over the past years, also said that it was a “shame that it took so long for the FCC to reach a conclusion that was so obvious.” Especially when “shady middlemen could sell your location within a few hundred meters based on your wireless phone data.”
We’ve reached out to AT&T, Verizon, T-Mobile, Sprint and CTIA, the trade group representing the wireless communications industry in the US, for a statement.
House Commerce Committee Chairman Frank Pallone, Jr. (D-N.J.) said that Pai’s response to lawmakers “is a step in the right direction, but I’ll be watching to make sure the FCC doesn’t just let these lawbreakers off the hook with a slap on the wrist.”
Sen. Ron Wyden (D-Ore.) said that he is “eager to see whether the FCC will truly hold wireless companies accountable or let them off with a slap on the wrist.”
Source: An investigation by Motherboard in January 2019 found that “T-Mobile, Sprint, and AT&T are [still] selling access to their customers’ location data and that data is ending up in the hands of bounty hunters and others not authorized to possess it, letting them track most phones in the country.”
The carriers made further promises to stop selling the data and later confirmed to the FCC that they had phased out the data-selling programs.
Pai’s letter today did not say exactly which federal law the carriers broke, but Section 222 of the Communications Act says that carriers may not use or disclose location information “without the express prior authorization of the customer.” Carriers have also been accused of violating rules on the usage of 911 location data.