After the four largest carriers in the US — AT&T, Verizon, T-Mobile, and Sprint — were found to be selling their consumers’ real-time location data last year, the firms stated they would do away with the practice.
More specifically, they said they’d stop selling data to outside brokers, who aggregate data to be resold. However, a recent report by Motherboard discovered that the carriers are still selling location information to these aggregators, opening up the risk that this data could get into the hands of bad actors.
For more context, last year, AT&T, Verizon, T-Mobile, and Sprint sold data to LocationSmart, a Location-as-a-Service company, which in turn sold this information to prison technology firm Securus via a broker, 3Cinteractive. Securus then used the data to track individuals, despite not having their permission.
Seven months later, Motherboard found that public outrage was enough to get carriers to examine who they passed data off too, but not enough for them to stop the practice; in a test, a bounty hunter was able to track down a participating reporter’s location using data from Zumigo, another major Location-as-a-Service company, that was acquired by Microbilt, a credit reporting company.
What is the official position of carriers on the sale of location data?
- Carriers appear to understand the severity of the issue, and have pledged to scale back relationships with third-party brokers. Following last year’s report, T-Mobile CEO John Legere stated that his company would evaluate the issue and “…not sell customer location data to shady middlemen.” After this most recent incident revealed that T-Mobile has a relationship with Zumigo, Legere said the company will end relationships with third-party location aggregators by March. The other three carriers have made similar statements vowing to continue trying to protect consumer data from trickling down.
- However, carriers haven’t said they’ll completely stop selling or sharing data, even touting the benefits of this practice to consumers. Not all brokers engage in shady behavior; in fact, some of the services consumers rely on for protection use this data. For example, firms use location data to perform real-time background checks to combat financial fraud and for roadside assistance to reach drivers potentially in emergency situations.
To overcome public scrutiny and the potential deterioration of consumer trust, US carriers should proactively ensure consumer data is used properly and educate consumers.The current system for validating that a broker is properly using consumer location data is clearly flawed.
US carriers need to put safeguards in place, like binding contracts with severe consequences, that limit who can access or acquire their consumers’ data. They also need to educate users on their rights when it comes to data. Although consumers have the opportunity to consent, consumer advocates claim that individuals are often ignorant of how exactly their data is being used.