This is a call that mobile carriers won’t be happy to get.
Several lawmakers are demanding that the Federal Communications Commission investigate companies like T-Mobile, AT&T, Sprint and Verizon after a Motherboard story Tuesday revealed that major mobile carriers were still selling customer location data to third parties, which would then offer the sensitive information to shady buyers.
Your phone is a window into your whereabouts, as cell towers and GPS data provide nearly pinpoint accuracy on your every move. It’s why law enforcement rely on it to build cases. Abusive stalkers use it too.
While privacy issues have affected tech giants, such as Google and Facebook, you can opt out of those platforms. With phone location data tracking, though, there aren’t many options for opting out of tracking other than not having a device to begin with.
Mobile carriers have been selling location data linked to people’s phone numbers even though major carriers said seven months ago that they were ending this practice. Motherboard’s report showed the practice was still going on.
Several senators and an FCC commissioner now want an investigation.
“It’s not that people ‘don’t care about privacy,’ as some have argued – it’s that customers, along with policymakers, have been kept in the dark for years about data collection and commercialization practices,” Sen. Mark Warner, a Democrat from Virginia, said in a statement.
He called for regulation to ensure that companies are upfront with customers about how their data is being used and sold. Multiple lawmakers have drafted privacy legislation, including Sen. Ron Wyden, a Democrat from Oregon. His bill, introduced in November, would include a “Do Not Track” database, allowing Americans to opt out of data tracking.
Wyden initially requested an FCC investigation last spring when the sale of phone location data was first revealed. At the time, the FCC said it was investigating LocationSmart, a company that provided geolocation data on nearly any phone in the US.
Now, Wyden’s doubling down on his request.
“Sen. Wyden has previously called on the FCC to investigate wireless carriers’ relationships with location aggregators and data brokers, and believes an investigation is even more necessary given the news this week. He also believes the FTC must investigate these clear abuses of Americans’ personal data,” a spokesman for the senator said in a statement.
While location data from your phone can be used for legitimate purposes, like emergency roadside assistance and finding your lost device, it is often sold to data aggregators that use the information for purposes outside of your control.
T-Mobile noted that it didn’t have a relationship with location aggregator MicroBilt — which indirectly provided location data to Motherboard through a series of handoffs — but did have a relationship with location aggregator Zumigo. According to Motherboard, Zumigo gave that location data to MicroBilt without notifying the tracked person.
“The American people have an absolute right to the privacy of their data, which is why I’m extraordinarily troubled by reports of this system of repackaging and reselling location data to unregulated third party services for potentially nefarious purposes,” Sen. Kamala Harris, a Democrat from California, said in a statement.
Harris also called on the FCC needed to “immediately investigate these serious security concerns.”
Jessica Rosenworcel, an FCC commissioner, said in a tweet Tuesday that the agency “needs to investigate. Stat.”
— Jessica Rosenworcel (@JRosenworcel) January 8, 2019
The FCC didn’t immediately respond to a request for comment.
T-Mobile CEO John Legere, who originally promised Wyden that his company would stop selling customer location data in June, set a new deadline on Wednesday. Legere tweeted that the practice would end this March. The delay is to make sure that customers who use the data for safety services aren’t hurt by the changes, he explained.
AT&T said that it cut off access to MicroBilt and was continuing to end partnerships with other location data aggregators.
“We only permit sharing of location when a customer gives permission for cases like fraud prevention or emergency roadside assistance, or when required by law,” an AT&T spokesman said.
Sprint and Verizon didn’t immediately respond to requests for comment.
None of the companies clarified how customers were giving consent to their data to be sold to third parties, or how much the companies were selling that data for.