U.S. cell carriers are probably still selling your real-time phone location data
Facebook and Google grab headlines for their roles in the massively profitable “personal data economy.” You know, the business of buying and selling your personal browsing habits to advertisers, pollsters, and other deep-pocketed third parties.
But cell phone companies deserve some attention, too.
Last year, news broke that your cellphone service provider is probably selling access to your real-time location. After it came out, Democratic Senator Ron Wyden of Oregon sent a letter demanding that the FCC investigate why the third-party organization Securus Technologies was able to track any phone “within seconds” by using data obtained from cell phone companies, including AT&T, Verizon, T-Mobile, and Sprint, through an intermediary called LocationSmart.
In the wake of Wyden’s inquiry, most of the major cell phone companies claimed to have taken action. For instance, AT&T vowed to “protect customer data” and “shut down” Securus’s access to its real-time store of customer location data. T-Mobile chief executive John Legere tweeted at the time that he “personally evaluated the issue” and promised that the company “will not sell customer location data to shady middlemen.”
Sounds like word hasn’t gotten to you, @ronwyden. I’ve personally evaluated this issue & have pledged that @tmobile will not sell customer location data to shady middlemen. Your consumer advocacy is admirable & we remain committed to consumer privacy. https://t.co/UPx3Xjhwog
— John Legere (@JohnLegere) June 19, 2018
Those companies may not be living up to their promises, though.
New reporting by Motherboard shows that while companies may have severed ties with LocationSmart, most of them overlooked the other big player in the location-tracking business, Zumigo. Motherboard paid a bond company $300 to track down one of their reporters using only a phone number. The bounty hunter quickly obtained the reporter’s location using Zumigo’s location data from his T-Mobile phone. Zumigo, in turn, reportedly shares information with Microbilt, a third-party organization akin to Securus. According to Motherboard, “Microbilt shared that data with a customer using its mobile phone tracking product. The bounty hunter then shared this information with a bail industry source, who shared it with Motherboard.”
Sounds like word hasn’t gotten to you, @ronwyden. I’ve personally evaluated this issue & have pledged that @tmobile will not sell customer location data to shady middlemen. Your consumer advocacy is admirable & we remain committed to consumer privacy. https://t.co/UPx3Xjhwog
— John Legere (@JohnLegere) June 19, 2018
While they didn’t test the other companies, Microbilt’s product documentation suggested it would work on AT&T and Verizon as well as T-Mobile. For its part, T-Mobile told Motherboard it “does not have a direct relationship” with Microbilt, but admitted one with Zumigo.
In a tweet, Wyden called T-Mobile and Legere to task for failing to live up to Legere’s pledge not “to sell customer location data to shady middlemen.”
Major carriers pledged to end these practices, but it appears to have been more empty promises to consumers. It’s time for Congress to take action by passing my bill to safeguard consumer data and hold companies accountable. https://t.co/CKQJ04C3XX
— Ron Wyden (@RonWyden) January 8, 2019
When reached for comment, T-Mobile directed us to Legere’s Twitter feed, where he wrote that the company has “blocked access to device location data for any request submitted by Zumigo on behalf of Microbilt” and that the company is nearly finished with the process of “terminating the agreements” it has with third-dfparty data aggregators.
I keep my word, @RonWyden. T-Mobile IS completely ending location aggregator work. We’re doing it the right way to avoid impacting consumers who use these types of services for things like emergency assistance. It will end in March, as planned and promised.
— John Legere (@JohnLegere) January 9, 2019
(10)