Telecom Giants Promise to Limit Selling Customer Location Data After Prison Officials Were Caught Spying on Americans
Verizon, AT&T, Sprint, and T-Mobile have pledged to limit sharing their customers' location data with third party companies who have continued to fail to handle that data properly. The announcement follows an investigation led by Senator Ron Wyden (D-Ore) looking into the relationship between Verizon and data vendors.
Wyden's investigation discovered location privacy issues and demanded telecom giants to audit their relationships with data companies that buy and then sell consumer data. "As a result of this review, we are initiating a process to terminate our existing agreements for the location aggregator program,” Verizon’s chief privacy officer, Karen Zacharia, wrote in a letter to Wyden.
However, this doesn't mean that all relationships will come to an end as data sharing for operations like call routing and fraud prevention will continue.
"After my investigation and follow-up reports revealed that middlemen are selling Americans' location to the highest bidder without their consent or making it available on insecure Web portals, Verizon did the responsible thing and promptly announced it was cutting these companies off," Wyden said in response to Verizon's pledge. "In contrast, AT&T, T-Mobile, and Sprint seem content to continuing to sell their customers' private information to these shady middle men, Americans' privacy be damned."
AT&T changes stance; others follow suit
After Wyden's statement, other telecom companies also released their statements changing their earlier position of continuing to work with data vendors. "Our top priority is to protect our customers' information, and, to that end, we will be ending our work with aggregators for these services as soon as practical in a way that preserves important, potential lifesaving services like emergency roadside assistance," AT&T spokesperson, Michael Balmoris, said.
While the investigation had focused on Verizon, which put the pressure on the company, other companies were also brought in the conversation for employing similar tactics that affect user privacy. After AT&T released the above statement, Sprint also promised having initiated "process of terminating its current contracts with data aggregators to whom we provide location data."
"This will take some time in order to unwind services to consumers, such as roadside assistance and fraud prevention services," the company added.
T-Mobile has also said that it will "wind down" its agreements with location aggregators.
Telecom companies forced to make changes after it was discovered that anyone could track real-time phone location data
The data privacy issue was highlighted last month when it was revealed that a prison phone company Securus was offering a service that enabled prison officers to locate American cell phones within seconds. Their service relied on data obtained from LocationSmart, which had, in turn, obtained it from Verizon.
In short, Securus had used Verizon's customer location data enabling prison officers to spy on millions of Americans. However, since Securus was represented by Ajit Pai, current chairman of the Federal Communications Commission, in 2012, some alleged that the FCC wasn't taking action on the matter.
"Chairman Pai's total abandonment of his responsibility to protect Americans' security shows that he can't be trusted to oversee an investigation into the shady companies that he used to represent," Wyden had said. "If your location information falls into the wrong hands, you - or your children - can be vulnerable to predators, thieves, and a whole host of people who would use that knowledge to malicious ends."
Pai also played a critical role in getting privacy rules rolled back that would have required telecom companies to receive consent from their consumers before selling or sharing their personal data. [It’s Official: President Trump Signs to Roll Back FCC’s Online Privacy Rules for ISPs]
Not only was this data used by Securus to offer services that weren't related to prison management, it was also reported that a LocationSmart bug could have enabled just about anyone to secretly track location data of phone users.
While consumer data sharing and selling continues, at least these ISPs have promised to limit selling location data of their phone users. It won't, however, be a longterm promise since they are already saying that they won't enter "into new location aggregation arrangements" until they are "comfortable" that they can "adequately protect" their "customers’ location data through technological advancements and/or other practices." Since we know how much these companies really care about these "adequate" protections, it is likely these relationships with data companies will be back in full force once the attention is diverted to another issue.