A year after outcry, carriers are finally stopping sale of location data, letters to FCC show

Mobile

Reports emerged a year ago that all the major cellular carriers in the U.S. were selling location data to third party companies, which in turn sold them to pretty much anyone willing to pay. New letters published by the FCC show that despite a year of scrutiny and anger, the carriers have only recently put to end this practice.

We already knew that the carriers, like many large companies, simply could not be trusted. In January it was clear that promises to immediately “shut down,” “terminate,” or “take steps to stop” the location-selling side business were, shall we say, on the empty side. Kind of like their assurances that these services were closely monitored — no one seems to have bothered actually checking whether the third party resellers were obtaining the required consent before sharing location data.

Similarly, the carriers took their time shutting down the arrangements they had in place, and communication on the process has been infrequent and inadequate.

FCC Commissioner Jessica Rosenworcel, who has been particularly frustrated by the foot-dragging and lack of communication on this issue (by companies and the commission).

“The FCC has been totally silent about press reports that for a few hundred dollars shady middlemen can sell your location within a few hundred meters based on your wireless phone data. That’s unacceptable,” she wrote in a statement posted today.

To provide a bit of closure, she decided to publish letters (PDF) from the major carriers explaining their current positions. Fortunately it’s good news. Here’s the gist:

T-Mobile swiftly made promises last May and in June of 2018 CEO John Legere said in a tweet that he “personally evaluated this issue,” and pledged that the company “will not sell customer location data to shady middlemen.”

That seems to have been before “T-Mobile undertook an evaluation last summer of whether to retain or restructure its location aggregator program… Ultimately, we decided to terminate it.” That phased termination took place over the next half a year, finishing only in March of 2019.

AT&T immediately suspended access by the offending company, Securus, to location data, but continued providing it to others. One hopes they at least began auditing properly. Almost a year later, the company said in its letter to Commissioner Rosenworcel that “in light of the press report to which you refer… we decided in January 2019 to accelerate our phase-out of these services. As of March 29, 2019, AT&T stopped sharing any AT&T customer location data with location aggregators and LBS providers.”

Sprint said shortly after the initial reports that it was in the “process of terminating its current contracts with data aggregators to whom we provide location data.” That process sure seems to have been a long one:

As of May 31, 2019, Sprint will no longer contract with any location aggregators to provide LBS. Sprint anticipates that after May 31. 2019, it may provide LBS services directly to customers like those described above [i.e. roadside assistance], but there are no firm plans at this time.

Verizon (the parent company of TechCrunch) managed to kill its contracts with all-purpose aggregators LocationSmart and Zumigo in November of 2018… except for a specific use case through the former to provide roadside assistance services during the winter. That agreement ended in March.

It’s taken some time, but the carriers seem to have finally followed through on shutting down the programs through which they resold customer location data. All took care to mention at some point the practical and helpful use cases of such programs, but failed to detail the apparent lack of oversight with which they were conducted. The responsibility to properly vet customers and collect mobile user consent seems to have been fully ceded to the resellers, who as last year’s reports showed, did nothing of the kind.

Location data is obviously valuable to consumers and many services can and should be able to request it — from those consumers. No one is arguing otherwise. But this important data was clearly being irresponsibly handled by the carriers, and it is probably right that the location aggregation business gets a hard stop and not a band-aid. We’ll likely see new businesses and arrangements appearing soon — but you can be sure that these too will require close monitoring to make sure the carriers don’t allow them to get out of hand… again.

Products You May Like

Articles You May Like

Startups Weekly: #CodeCon, the ‘techlash’ and ill-prepared CEOs
Comcast adds gaze control to its accessible remote software
Apply to the TechCrunch Hackathon at Disrupt SF 2019
Monzo, the UK challenger bank with over 2 million users, expands to the US
Privacy policies are still too horrible to read in full

Leave a Reply

Your email address will not be published. Required fields are marked *