Carriers to halt location sales to brokers
Verizon, AT&T and Sprint have pledged to stop providing information on phone owners’ locations to data brokers, stepping back from a business practice that has drawn criticism for endangering privacy.
The data has apparently allowed outside companies to pinpoint the location of wireless devices without their owners’ knowledge or consent. Verizon said that about 75 companies have been obtaining its customer data from two little-known brokers that Verizon supplies directly: Zumigo of San Jose and LocationSmart of Carlsbad (San Diego County).
Verizon became the first major carrier to declare it would end sales of such data to brokers that then provide it to others. It did so in a Friday letter to Sen. Ron Wyden, DOre.,
who has been probing the phone location-tracking market. AT&T followed suit Tuesday after the Associated Press reported the Verizon move.
Neither company said it was getting out of the business of selling location data. Verizon and AT&T are the two largest U.S. mobile carriers in terms of subscribers.
Chief privacy officer Karen Zacharia said Verizon would be careful not to disrupt “beneficial services” such as fraud prevention and emergency roadside assistance. In an email to AP, AT&T spokesman Jim Greer cited similar reasons for cutting off the intermediaries “as soon as practical.”
Last month, Wyden revealed abuses in the lucrative but loosely regulated field involving Securus Technologies of Texas and its Florida affiliate 3C Interactive. Verizon says their contract was approved only for the location tracking of outside mobile phones called by prison inmates.
Verizon notified LocationSmart and Zumigo, both privately held, that it intends to “terminate their ability to access and use our customers’ location data as soon as possible,” Zacharia wrote.
Location data from
Verizon and other carriers makes it possible to identify the whereabouts of nearly any phone in the U.S. within seconds. Popular commercial uses for the information include keeping tabs on packages, vehicles and employees; bank fraud prevention; and marketing offers.
The cutoff won’t affect users’ ability to share locations directly with apps and other services. Rather, it deals with the practice of providing data to third parties with which users have no direct contact.
Wyden wrote all four major U.S. wireless carriers on May 8 after learning about a web portal that let law officers track Americans’ locations without proper oversight. A former sheriff in Missouri has been accused of using Securus data for unauthorized surveillance of a judge, a sheriff and state highway patrol officers.
Days later, a Carnegie Mellon University security researcher discovered a security flaw in LocationSmart’s website that could have allowed any reasonably sophisticated hacker to secretly track almost any phone in the U.S. or Canada.