AT&T, T-Mobile, Sprint seek to make amends over location breach


All of the carriers-including Verizon, which was not among the companies cited in the report-have since issued another round of apologetic and sometimes ambiguous statements about how private location data end up in the wrong hands and what they're doing to stop abusive behavior.

AT&T had already suspended its data-sharing agreements with a number of so-called "location aggregators" a year ago in light of a congressional probe finding that some of Verizon's location data was being misused by prison officials to spy on innocent Americans. Motherboard paid a bond company $300 to track down one of their reporters using only a phone number.

"I'm extraordinarily troubled by reports of this system of repackaging and reselling location data to unregulated third-party services for potentially nefarious purposes", Sen.

Previous year we stopped most location aggregation services while maintaining some that protect our customers, such as roadside assistance and fraud prevention.

'We have maintained the prior arrangements for four roadside assistance companies during the winter months for public safety reasons, but they have agreed to transition out of the existing arrangements by the end of the March.

"It turns out that they're selling that information to companies called location aggregators who in turn are selling that to shady middlemen who for a few hundred dollars will sell to anyone, your location within a few hundred meters". But they already missed the June 2018 deadline (via ArsTechnica). Wyden has found another supporter in the form of Senator Kamala Harris (D-CA).

Tweet from T Mobile CEO John Legere says that T Mobile plans on ending sales of its customers real-time location data to third party firms in March
Tweet from T Mobile CEO John Legere says that T Mobile plans on ending sales of its customers real-time location data to third party firms in March

But those assurances are unlikely to dissuade privacy hawks in Congress who've always been critical of the way companies such as T-Mobile, AT&T, and Sprint appear to exert few controls over how private phone data is handled once its sold off in bulk to "middlemen" companies, which serve among others, marketing firms, emergency services, and, apparently, bounty hunters. The FTC could also probably ding T-Mobile for being "unfair and deceptive" under Section 5 of the FTC act, yet has been similarly mute as carriers bullshit their way around their failures on this front.

Earlier this week, AT&T said it "only permit [s] sharing of location when a customer gives permission for cases like fraud prevention or emergency roadside assistance or when required by law". "It will end in March", Legere added.

Tweeting a response to the Motherboard article, Rosenworcel wrote: "The @fcc needs to investigate".

However, these recent demands from lawmakers come almost seven months after Verizon, AT&T, Sprint and T-Mobile originally pledged to stop providing information on phone owners' locations to data brokers. "We have followed through on our commitment to terminate aggregation arrangements and provide location information only with the express consent of our customers".

The commission's senior Democrat, Jessica Rosenworcel, concurs. They also need to educate users on their rights when it comes to data. Back then, Senator Ron Wyden (D-OR) discovered that a company called Securus Technologies was selling people's location data to the cops, and insisted that America's telecoms watchdog the FCC investigate.

The FCC did not immediately respond to requests for comment; the agency's operations are limited because of the ongoing government shutdown.