Verizon Halts Sale of Some Phone-Location Data

Yolanda Curtis
June 22, 2018

Major wireless carriers are allowed to sell real-time location data to third-parties, which is often used for targeted advertising from advertisers.

Last month, Wyden revealed abuses in the lucrative but loosely regulated field involving Securus Technologies, whose contract Verizon says was approved only for the location tracking of outside mobile phones called by prison inmates. But The New York Times found that police and correctional officers could track anyone's location without their consent, because Securus turned over the data without verifying that a warrant had been obtained. Verizon recently acknowledged that data acquired by two brokers - LocationSmart and Zumigo - allowed about 75 companies to access information about its customers.

Hours later, T-Mobile chief executive John Legere tweeted his company's commitment to "not sell customer location data to shady middlemen".

Days later, a Carnegie Mellon University security researcher discovered a security flaw in LocationSmart's website that could have allowed any reasonably sophisticated hacker to secretly track nearly any phone in the US or Canada.

LocationSmart said in a statement Tuesday that it was reviewing the letters from the carriers, and denied that it buys and sells location data.

Wireless carriers have a lot of information about its subscribers, including data pertaining to customer location.

That security incidents involved a pair of companies, including LocationSmart, a California data broker that claims to have a "direct connection" into cell carrier networks, and Securus Technologies, a Texas-based "prison technology" company that works with LocationSmart.

But once that data is readily available and people are willing to pay...

In a small victory for your privacy, the nation's four largest telecom companies announced Tuesday that they will stop providing customer location information to companies that aggregate data on their customers. Typically, the company said, the data sharing helps vehicle rental companies provide roadside assistance and allows financial services companies to combat fraud.

The phone giants say it's "common" to share data, such as when motorists are stranded or as part of workforce and fleet tracking, but said that customer data should have more tightly controlled.

The move by Verizon could put pressure on its rivals to follow suit, especially as Wyden continues his very public campaign for the practice to end. Wyden said the company was not properly vetting law enforcement requests for location data provided by national wireless providers.

Aggregators must obtain consent from the customer before their location data can be used, such as by sending a one-time text message or allowing a user to hit a button in an app. It was, after all, the abuse of this data that sparked the letters in the first place. Ron Wyden, who's asked the big four US wireless carriers about privacy practices.

"Verizon deserves credit for taking quick action to protect its customers' privacy and security", Wyden said.

"Verizon did the responsible thing and promptly announced it was cutting these companies off", Wyden said in a statement of his own.

Adding to the fun, following pressure from Wyden, the FCC made a decision to open an investigation into the unauthorized use of location data. Wyden called on FCC Chairman Ajit Pai, who represented Securus in 2012, to recuse himself from the investigation. His office shared the companies' responses with The AP.

This leak was particularly worrisome because consumers have no way of stopping companies like LocationSmart and Zumigo from collecting this information. Or promise to introduce stronger auditing measures. After some back and forth and a little public shaming courtesy of a USA senator, AT&T, Sprint, and T-Mobile pledged to do the same.

Other reports by iNewsToday