FCC Commissioner Jessica Rosenworcel on Wednesday sent letters to CEOs of the top four U.S. carriers, seeking updates on the companies’ respective efforts to stop selling customers’ real-time location information to third-party data aggregators.
Press reports first uncovered the practice a year ago, and in January an investigation by Motherboard revealed that with a phone number and a $300 payment to a bounty hunter, an individual could gain the exact location of a smartphone.
Access to customers’ real-time data location was being sold by T-Mobile, Sprint, and AT&T, to third-party data aggregators, with unauthorized parties able to get hold of it as information “trickled down” from the wireless carriers into a large web of smaller, sometimes unregulated players, and eventually could make its way to bounty hunters and sold on the black market, Motherboard reported.
In addition to cell phone tower data, Motherboard in February found that former location data seller CerCareOne also sold extremely precise and highly sensitive assisted-GPS (A-GPS) data, which is used to locate 911 cell phone calls.
AT&T, Verizon, T-Mobile, and Sprint, in June 2018 had vowed to end sales of customer location data to third-party brokers in response to an inquiry from Sen. Ron Wyden, D-Ore. Still, some continued to make exceptions for certain services like roadside assistance. Following the Motherboard report this year, AT&T committed to ending those sales as well.
Both T-Mobile and AT&T set a March deadline to end the practice, Sprint committed to a May 31 timeline, while Verizon said it would stop location aggregation services in 2019.
In her letters, Rosenworcel asked the carriers for information about steps the companies have each taken to meet their commitments, and in the case of Verizon, to confirm a specific date of when the carrier plans to end sales of customer location data.
Rosenworcel also requested more details on the amount of geolocation data stored and saved, whether agreements allow permitted aggregators to keep customer location data, or steps the carriers are taking to prevent unauthorized use of customers’ location data that was already sold to third parties.
She asked all four carriers to respond by May 15.
Rosenworcel asserted that the FCC itself has not done enough to ensure carriers have stopped the practice if sharing customers’ location data.
“The FCC needs to do more to protect the privacy and security of American consumers. It needs to do more to provide the public with basic information about what is happening with their real-time location information,” Rosenworcel said in a statement. “That’s why I’m taking steps to ensure for the public that carriers are living up to their commitments to protect their customers’ most sensitive information, because this agency has failed to do so to date.”