Northwest Arkansas Democrat-Gazette
Location-data sales prompt call for inquiry
Several Democratic senators are calling for government action to restrict the sale of Americans’ phone location data.
The calls for a federal investigation and new regulations followed a report published by
Motherboard earlier this week in which one of the news outlet’s reporters posed as a customer seeking a phone’s location. The investigation revealed a complex chain of unauthorized information-sharing that ended with a bounty hunter tracking down a reporter’s device.
“The American people have an absolute right to the privacy of their data, which is why I’m extraordinarily troubled by reports of this system of repackaging and reselling location data to unregulated third party services for potentially nefarious purposes,” Sen. Kamala Harris, D-Calif., said in a statement after the report was published. “If true, this practice represents a legitimate threat to our personal and national security.”
Harris called on the Federal Communications Commission to immediately open an investigation.
Motherboard reported that major U.S. wireless carriers TMobile, AT&T and Sprint have been selling the location data of its customers in an unregulated market in which Americans’ personal information travels through several layers of thirdparty entities that buy the location data but are not authorized to handle such information.
After the report, FCC Commissioner Jessica Rosenworcel said on Twitter, “The fcc needs to investigate. Stat.” In a subsequent post in which she agreed with Harris and others calling for an investigation, Rosenworcel added: “It shouldn’t be that you pay a few hundred dollars to a bounty hunter and then they can tell you in real time where a phone is within a few hundred meters. That’s not right. This entire ecosystem needs oversight.”
The FCC did not immediately respond to requests for comment; the agency’s operations are limited because of the ongoing government shutdown.
The sharing of the phone location data at the center of the report began at T-Mobile, which shared it with a so-called location aggregator, which shared it with a phone location service, which shared it with a bounty hunter, who shared it with a source, who ultimately sent the phone’s location to
Motherboard, according to the report.
“We take the privacy and security of our customers’ information very seriously and will not tolerate any misuse of our customers’ data,” T-Mobile said in a statement. Chief executive John Legere said on Twitter that T-Mobile is “completely ending location aggregator work,” which will terminate in March.
As Motherboard reported, there are legitimate uses for the sharing of location data, including detecting financial fraud or locating motorists who need roadside assistance. But according to the report, in some cases the sensitive information was resold without authorization for purposes that violated data-sharing policies and without the knowledge of the phone company and its third-party partners.
Sprint said in a statement: “Protecting our customers’ privacy and security is a top priority, and we are transparent about that in our Privacy Policy. We do not knowingly share personally identifiable geolocation information except with customer consent or in response to a lawful request such as a validated court order from law enforcement.”
Responding to the report, AT&T said in a statement, “We only permit sharing of location when a customer gives permission for cases like fraud prevention or emergency roadside assistance, or when required by law. Over the past few months, as we committed to do, we have been shutting down everything else.”