Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

FCC Finds That Most Top Mobile Carriers Retain Geolocation Data for Two Years

August 30, 2022

So much for privacy. CyberScoop reported on August 26 that ten of the top 15 mobile carriers collect geolocation data and provide no way for consumers to opt-out, according to information from the telecom companies the Federal Communications Commission published on August 25.

The carriers’ answers to questions about data collection and retention from the FCC come in response to a July request from the agency seeking information on geolocation practices stemming from concerns about how law enforcement could use phone data to arrest abortion-seekers in states where the procedure is now illegal or will soon be outlawed.

AT&T, Best Buy Health, Charter, Comcast, Consumer Cellular, C-Spire, DISH Network, Google FI, H2O Wireless, Lycramobile, Mint Mobile, Red Pocket, T-Mobile, U.S. Cellular and Verizon responded to the FCC inquiry.

“Our mobile phones know a lot about us. That means carriers know who we are, who we call, and where we are at any given moment,” said FCC chairwoman Jessica Rosenworcel. “This information and geolocation data is really sensitive . . . That’s why the FCC is taking steps to ensure this data is protected.”

In their responses, companies cited the need to comply with law enforcement requests as well as FCC rules as their reason for being unable to allow consumers to opt-out of collection and retention.

The responses also provided a glimpse into data retention practices, which ranged from two months to five years for cellular tower data for the responding companies. Only seven of the companies explicitly mentioned securing that data with encryption.

Geolocation data offers a detailed look into the lives of users, including everything from where they shop to what medical providers they seek out.

The agency isn’t relying on the carriers’ responses, however. Rosenworcel has tasked the agency’s Enforcement Bureau with a follow-up investigation to make sure carriers follow the FCC rules that require them to disclose how they are using and sharing geolocation data.

Justin Brookman, director of technology policy at Consumer Reports, said the order is an “appropriate step” but consumers still need more protections.

“I’m glad that there’s some more transparency now but that transparency only goes so far,” said Brookman. “I think the next step is the FCC needs to say when is holding on too long, when are the secondary uses to which they’re using the data too much?”

Carriers have misled consumers about how they use their geolocation data before. In 2020, the FCC proposed more than $200 million in fines against several major carriers for selling customer location data to bail bond companies and other third parties.

Very likely, similar practices occur today. Data is the new black gold – highly profitable.

Hat tip to Dave Ries.

Sharon D. Nelson, Esq., PresidentSensei Enterprises, Inc.
3975 University Drive, Suite 225Fairfax, VA 22030
Email:   Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson