Reports emerged a year ago that all the major cellular carriers in the U.S. were selling location data to third-party companies, which in turn sold them to pretty much anyone willing to pay. New letters published by the FCC show that despite a year of scrutiny and anger, the carriers have only recently put an end to this practice.
We already knew that the carriers, like many large companies, simply could not be trusted. In January it was clear that promises to immediately “shut down,” “terminate” or “take steps to stop” the location-selling side business were, shall we say, on the empty side. Kind of like their assurances that these services were closely monitored — no one seems to have bothered actually checking whether the third-party resellers were obtaining the required consent before sharing location data.
Similarly, the carriers took their time shutting down the arrangements they had in place, and communication on the process has been infrequent and inadequate.
FCC Commissioner Jessica Rosenworcel has been particularly frustrated by the foot-dragging and lack of communication on this issue (by companies and the commission).
“The FCC has been totally silent about press reports that for a few hundred dollars shady middlemen can sell your location within a few hundred meters based on your wireless phone data. That’s unacceptable,” she wrote in a statement posted today.
To provide a bit of closure, she decided to publish letters (PDF) from the major carriers explaining their current positions. Fortunately it’s good news. Here’s the gist:
T-Mobile swiftly made promises last May, and in June of 2018, CEO John Legere said in a tweet that he “personally evaluated this issue,” and pledged that the company “will not sell customer location data to shady middlemen.”
That seems to have been before “T-Mobile undertook an evaluation last summer of whether to retain or restructure its location aggregator program… Ultimately, we decided to terminate it.” That phased termination took place over the next half a year, finishing only in March of 2019.
AT&T immediately suspended access to location data by the offending company, Securus, but continued providing it to others. One hopes they at least began auditing properly. Almost a year later, the company said in its letter to Commissioner Rosenworcel that “in light of the press report to which you refer… we decided in January 2019 to accelerate our phase-out of these services. As of March 29, 2019, AT&T stopped sharing any AT&T customer location data with location aggregators and LBS providers.” Read more