The FINANCIAL — The Federal Communications Commission proposed fines against the nation’s four largest wireless carriers for apparently selling access to their customers’ location information. Multiple investigations, including by major media outlets, have found that wireless companies once sold real-time geolocation information to middlemen known as “location aggregators.”
The Federal Communications Commission on Friday proposed $200 million in fines against the big four U.S. mobile carriers for allegedly selling customers’ location data, which T-Mobile said it “fully intends to dispute.” The commission has not made a final decision on the fines and said it would listen to the carriers’ responses. The issue of sharing location data with third parties without customer consent has become one of concern since mobile phone users began to realize that location data, which is always visible to networks when a customer uses data instead of Wi-Fi, can reveal sensitive information about individual schedules and even medical visits, FOX Business reported.
The Federal Communications Commission proposed fines against the nation’s four largest wireless carriers for apparently selling access to their customers’ location information without taking reasonable measures to protect against unauthorized access to that information. As a result, T-Mobile faces a proposed fine of more than $91 million; AT&T faces a proposed fine of more than $57 million; Verizon faces a proposed fine of more than $48 million; and Sprint faces a proposed fine of more than $12 million. The FCC also admonished these carriers for apparently disclosing their customers’ location information, without their authorization, to a third party, is written in FCC’s statement.
After word of the fines leaked Thursday, U.S. Sen. Ron Wyden, D-Ore., who had investigated the carriers, said the fines were “comically inadequate” and wouldn’t stop phone companies from abusing Americans’ privacy. He said that big companies “take reckless disregard for Americans’ personal information, knowing they can write off comparatively tiny fines as the cost of doing business,” according to USA Today.
All four carriers mentioned above sold access to their customers’ location information to “aggregators,” who then resold access to such information to third-party location-based service providers (like Securus). Although their exact practices varied, each carrier relied heavily on contract-based assurances that the location-based services providers (acting on the carriers’ behalf) would obtain consent from the wireless carrier’s customer before accessing that customer’s location information, according to FCC.
The FCC’s Enforcement Bureau opened this investigation following public reports that a Missouri Sheriff, Cory Hutcheson, used a “location-finding service” operated by Securus, a provider of communications services to correctional facilities, to access the location information of the wireless carriers’ customers without their consent between 2014 and 2017. In some cases, Hutcheson provided Securus with irrelevant documents like his health insurance policy, his auto insurance policy, and pages from Sheriff training manuals as evidence of his authorization to access wireless customer location data. American consumers take their wireless phones with them wherever they go. And information about a wireless customer’s location is highly personal and sensitive, FCC wrote.
The F.C.C.’s proposal is not the final word on how much the companies will pay. A T-Mobile spokeswoman said the company intended “to dispute the conclusions” of the F.C.C. investigation, including the fine. The other companies, which will also have the chance to contest the findings, did not respond to requests for comment. The carriers already have argued against the finding that they broke the law, contending that the rules apply only when a phone is making a call, not when it’s communicating with a network for purposes like sending data, according to the documents. Michael O’Rielly, a Republican commissioner, said in a statement that he found the argument persuasive and was approving the measure with “serious reservations,” according to The New York Times.
Multiple investigations, including by major media outlets, have found that wireless companies once sold real-time geolocation information to middlemen known as “location aggregators,” who would then make that data available to third parties. In 2018, a probe by Sen. Ron Wyden found that this information had found its way to Securus, a provider of prison phone services. In the hands of prison officials, the data could be abused to spy on virtually all Americans. Following Wyden’s report, all four of the nation’s major wireless carriers quickly promised to terminate their contracts with the carrier aggregators that were involved. But last year, Vice reported that location information was still being shared through other outlets, and ending up with bounty hunters. Soon, the carriers announced they would suspend all location aggregation contracts, not just those with the problematic companies Wyden identified, CNN reported.
The Communications Act requires telecommunications carriers to protect the confidentiality of certain customer data related to the provision of telecommunications service, including location information. The FCC’s rules make clear that carriers must take reasonable measures to discover and protect against attempts to gain unauthorized access to this data, FCC wrote.