Several Democratic senators are calling for government action to restrict the sale of Americans' phone location data.
The calls for a federal investigation and new regulations followed a report published by Motherboard earlier this week in which one of the news outlet's reporters posed as a customer seeking a phone's location. The investigation revealed a complex chain of unauthorized information-sharing that ended with a bounty hunter tracking down a reporter's device.
"The American people have an absolute right to the privacy of their data, which is why I'm extraordinarily troubled by reports of this system of repackaging and reselling location data to unregulated third party services for potentially nefarious purposes," Sen. Kamala Harris, D-Calif., said in a statement after the report was published. "If true, this practice represents a legitimate threat to our personal and national security."
Harris called on the Federal Communications Commission to immediately open an investigation.
Motherboard reported that major U.S. wireless carriers T-Mobile, AT&T and Sprint have been selling the location data of its customers in an unregulated market in which Americans' personal information travels through several layers of third-party entities that buy the location data but are not authorized to handle such information.
After the report, FCC Commissioner Jessica Rosenworcel said on Twitter, "The fcc needs to investigate. Stat." In a subsequent post in which she agreed with Harris and others calling for an investigation, Rosenworcel added: "It shouldn't be that you pay a few hundred dollars to a bounty hunter and then they can tell you in real time where a phone is within a few hundred meters. That's not right. This entire ecosystem needs oversight."
The FCC did not immediately respond to requests for comment; the agency's operations are limited because of the ongoing government shutdown.
The sharing of the phone location data at the center of the report began at T-Mobile, who shared it with a so-called location aggregator, who shared it with a phone location service, who shared it with a bounty hunter, who shared it with a source, who ultimately sent the phone's location to Motherboard, according to the report.
"We take the privacy and security of our customers' information very seriously and will not tolerate any misuse of our customers' data," T-Mobile said in a statement. Chief executive John Legere said on Twitter that T-Mobile is "completely ending location aggregator work," which will terminate in March.
As Motherboard reported, there are legitimate uses for the sharing of location data, including detecting financial fraud or locating motorists who need roadside assistance. But according to the report, in some cases the sensitive information was resold without authorization for purposes that violated data-sharing policies and without the knowledge of the phone company and its third-party partners.
Sen. Ron Wyden, D-Ore., has previously called on the FCC to investigate the relationship between wireless carriers and data brokers. He sees the new report as another urgent motivation for government action, including an investigation by the Federal Trade Commission. "Major carriers pledged to end these practices, but it appears to have been more empty promises to consumers," Wyden said on Twitter. He said Congress should advance his legislation that would grant the FTC greater authority to safeguard consumer data and fine companies for privacy and security violations.
Responding to the report, AT&T said in a statement, "We only permit sharing of location when a customer gives permission for cases like fraud prevention or emergency roadside assistance, or when required by law. Over the past few months, as we committed to do, we have been shutting down everything else."
Business on 01/11/2019
Print Headline: Location-data sales prompt call for inquiry