Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Verizon, AT&T and Sprint Cease Selling Customer Location Data

June 21, 2018

On May 17^th, I wrote a blog post which expressed my unhappiness with U.S. cell carriers selling access to your real-time phone location data. It appears that I wasn't the only one who was pissed off.

The Washington Post (sub. req.) reported on June 19^th that Verizon, AT&T and Sprint will no longer share their customers' location information with several third-party companies who failed to handle the data appropriately.

This move follows an investigation by Sen. Ron Wyden (D-Ore.) into the commercial relationships between Verizon; a pair of obscure data vendors, LocationSmart and Zumigo; and those companies' corporate customers.

Wyden's investigation found that one of Verizon's indirect corporate customers, a prison phone company called Securus, had used Verizon's customer location data in a system that effectively let correctional officers spy on millions of Americans. In a letter to the Federal Communications Commission last month highlighting the probe, Wyden said prison officials using Securus' surveillance system could obtain real-time location data on Americans with little more than a "pinky promise" of propriety, leading to "activities wholly unrelated" to prison management.

To gain access to the data, prison officers simply visited an online portal and uploaded an "official document" showing they had permission to access the information. But, Wyden told the FCC, senior Securus officials admitted that the company did not review the requests for information or require that supporting documents reflect the decision of a judge or other legal authority.

In the wake of questions from Wyden's staff, Verizon filed a letter Tuesday saying that it is suspending its data-sharing agreement with LocationSmart and Zumigo until further notice. It will also refrain from signing new data-sharing contracts with third parties.

"Our review of our location aggregator program has led to a number of internal questions about how best to protect our customers' location data," Verizon wrote to Wyden. "We will not enter into new location aggregation arrangements unless and until we are comfortable that we can adequately protect our customers' location data through technological advancements and/or other practices."

"Verizon did the responsible thing," Wyden said in a statement. "In contrast, AT&T, T-Mobile, and Sprint seem content to continuing to sell their customers' private information to these shady middle men, Americans' privacy be damned."

That must have resonated, because AT&T then said in a statement that it also will be ending its relationship with location data aggregators "as soon as practical" while ensuring that location-based services that depend on data sharing, such as emergency roadside assistance, can continue to function. Sprint said in a statement that it cut ties with LocationSmart on May 25th, and has begun cutting ties with the data brokers who received its customers' location data.

T-Mobile chief executive John Legere tweeted: "I've personally evaluated this issue & have pledged that @tmobile will not sell customer location data to shady middlemen."

Under its program, known internally as Location Data Integration, Verizon shared rough location data on its customers — information the customers had previously agreed to share — to LocationSmart, which in turn provided the information to Securus. Typically, Verizon said, the data sharing helps car rental companies provide roadside assistance and allows financial services companies to combat fraud.

Progress. And congratulations to Senator Wyden. I am rapidly becoming a big fan.

Faithful RTL readers: Every once in a while, the blog and I take a small sabbatical. We will be taking one next week and will return on July 2^nd.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

Verizon, AT&T and Sprint Cease Selling Customer Location Data

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer