- YouTube/Google Maps
- The four major US cellular network carriers have pledged to stop selling customer location data to data brokers after a glitch was found in one of the broker’s websites.
- The glitch gave access to customers’ real-time location data to anyone.
- It was also alleged that law enforcement was using the data in a way that the carriers did not authorize.
All four of the major US carriers, including Verizon, AT&T, T-Mobile, and Sprint have declared that they’ll stop selling customer location data to certain data brokers on Tuesday after it was discovered that the data was being mishandled, according to Ars Technica.
The carriers’ announcements come in response to an investigation by Senator Ron Wyden’s (D-Ore.), as well as the beginnings of an FCC investigation.
Prison telecommunication firms Securus and 3Cinteractive were accused of mishandling location data they bought from data aggregator LocationSmart. LocationSmart brokers smartphone location data for “specific, approved purposes, like roadside assistance, cargo tracking and elder safety,” the company told Business Insider.
Securus and 3Cinteractive were only approved to provide smartphone location data for prisons to confirm that “call recipients were not within a certain distance of the prison from which the collect phone call was placed,” Verizon said in a letter to Wyden. But Securus and 3Cinteractive also provided the data to law enforcement for investigative purposes, according to Verizon and AT&T’s letter to Wyden. “Use of location information for investigative purposes was not an approved use case in our agreement with LocationSmart,” Verizon added in its letter.
Here’s how each company has responded to the issue:
Verizon responded to Wyden’s request in a letter on Tuesday saying that it will stop selling its customers’ location data to the two data brokers it deals with, including LocationsSmart and Zumigo.
By preventing the sale of customer location data to LocationSmart, Verizon is also restricting Securus and 3C from accessing the data, too.
In a statement to Business Insider, Verizon said “When these issues were brought to our attention, we took immediate steps to stop it. Customer privacy and security remain a top priority for our customers and our company. We stand-by that commitment to our customers.”
AT&T is no longer selling its customer location data to location data aggregators.
In a statement to Business Insider, AT&T said “Our top priority is to protect our customers’ information, and, to that end, we will be ending our work with aggregators for these services as soon as practical in a way that preserves important, potential lifesaving services like emergency roadside assistance.”
The company also said in its letter to Wyden that it “shut down 3Cinteractive and Securus’s access to AT&T customer location data.”
The company also shut down Securus’ access to T-Mobile customer location data, as well as other location data brokers per the company’s statement to Business Insider:
“We ended all transmission of customer data to Securus and are terminating our location aggregator agreements.”
Sprint says it’s terminating contracts with data aggregators, but it didn’t specifically mention the company contracts it’s terminating in its statement or its letter to Wyden.
In a statement to Business Insider, Sprint said:
“Protecting our customers’ privacy and security is a top priority at Sprint. Based on our current internal review, Sprint is beginning the process of terminating its current contracts with data aggregators to whom we provide location data. This will take some time in order to unwind services to consumers, such as roadside assistance and fraud prevention services. Sprint previously suspended all data sharing with LocationSmart on May 25, 2018. We are taking this further step to ensure that any instances of unauthorized location data sharing for purposes not approved by Sprint can be identified and prevented if location data is shared inappropriately by a participating company.”