Location-data selling reined in by key carriers
Move spurred by unauthorized tracking
NEW YORK/WASHINGTON • Verizon Communications Inc. will rein in thirdparty selling of its phonelocation data after a prison contractor let law enforcement officers track wireless customers without authorization.
The two largest U.S. wireless carriers announced the move in response to a plea from Senator Ron Wyden, a Democrat from Oregon. The legislator had demanded last month that carriers and the Federal Communications Commission investigate the practice of tracking phones by Securus Technologies Inc., which provides telecom services to prisons and jails.
The situation has renewed concerns about user privacy in the U.S., following revelations this year about Cambridge Analytica, a political consulting firm that used Facebook Inc. customer data without consent.
“When these issues were brought to our attention, we took immediate steps to stop it,” Rich Young, a Verizon spokesman, said in an email.
“Customer privacy and security remain a top priority for our customers and our company. We stand by that commitment to our customers.”
Securus’s primary purpose is letting inmates communicate with the outside world. For instance, it offers prepaid debit cards for prisoners to make phone calls and helps set up video conferencing between inmates and their families.
But it drew outcry after developing a website that let law enforcement officials find people — including non-inmates — using the location of their phones.
For instance, a Missouri sheriff used the tracking service to target a judge and other law enforcement officers, according to a New York Times story.
When Wyden voiced concerns about Securus last month, he noted that wireless carriers are only supposed to provide real-time location data to law enforcement agencies after a court order is obtained.
Securus users — typically law enforcement and correctional facilities — were able to sidestep the usual courtauthorized requirements on tracking customer locations.
The practice skirts the carriers’ “legal obligation to be the sole conduit by which the government conducts surveillance of Americans’ phone records, and needlessly exposes millions of Americans to potential abuse and surveillance by the government,” Wyden said at the time.
The Securus flap also spotlighted the use of thirdparty data aggregators by Verizon and AT&T. Verizon has worked with two such firms, LocationSmart and Zumigo, which provide location-based services to corporate customers.
Those services have many legitimate purposes, including using data to route a customer’s call or prevent identify fraud, the company said. About 75 intermediaries have received services through those two brokers.
But Securus purchased Verizon customer data through LocationSmart and Zumigo. And that has prompted Verizon to end its agreement with the two companies. AT&T took a similar step on Tuesday, though it said it would have to make sure that roadside assistance and other services are preserved.
Verizon said that it immediately blocked Securus once it determined the company was accessing location information for unauthorized purposes. AT&T, meanwhile, said it never authorized Securus to use its data and is investigating how the company gained access.
“Our top priority is to protect our customers’ information,” said Jim Greer, an AT&T spokesman. “To that end, we will be ending our work with aggregators for these services as soon as practical in a way that preserves important, potential life-saving services.”
T-Mobile US Inc., the third-largest U.S. carrier, said it too shut down location data to Securus. The company is now reviewing its policies.
Sprint Corp., No. 4 in the industry, also sent a letter to Wyden, saying that it only provides location information to aggregators under privacy safeguards — and in response to court-approved requests. Sprint didn’t mention Securus.