AT & T defended the sale of user location data in a letter published today, saying the practice was technically legal because it did not involve the type of information that the Federal Communications Commission prohibits vendors from selling without the user's consent. Despite that defense, the company states that, in recent months, it has accelerated its plan to stop providing such data, which, again, AT & T would like to remind everyone that they were not against the law.
The FCC is investigating telecommunications companies and airlines T-Mobile, Sprint and Verizon for the long-standing practice that only came to light in the last two years after press inquiries. The four major operators said they would halt the practice in June 2018 after a security breach exposed users' confidential data, but new revelations about location information acquired by black market bounty hunters have undermined promises made by companies
Verizon was the first company to say it would stop providing such data to aggregators and would only give it to vendors. roadside assistance. The other carriers followed with similar provisions for law enforcement and emergency requests. However, earlier this year, it was discovered that the data was still available to some third-party companies such as Zumigo and Microbilt, which could easily be accessed by bounty hunters, Motherboard . Operators said the blame lies with their partners for not handling data properly and eliminating them when necessary, and lawmakers have put more pressure on companies to fulfill the promise to take action and end agreements.
According to AT & T's letter, the type of data you have provided to third parties without the user's consent does not violate federal law, specifically your use of data known as A-GPS. The company is basing this on a bit of technicality, saying that the A-GPS data, which is compiled according to the company's claims for use by both emergency services and GPS-based services such as applications of transportation, are not under the same umbrella as the data that the FCC prohibits carriers from selling or the data stored in what is known as the National Emergency Address Database (NEAD). AT & T says that NEAD data can be more granular and can use Wi-Fi and Bluetooth data to identify the location on the door, while A-GPS is more general.
"While 911 dispatchers use A-GPS to help locate people in emergency situations, it is also an important feature that application developers commonly use to provide location services. For example, travel-sharing applications use A-GPS to make sure the car is displayed in the correct location. For these reasons, reports of alleged misuse of A-GPS are incorrect, "writes AT & T Joan Marsh, executive vice president of regulatory and state external affairs at AT & T.
However, AT & T said it stopped sharing location data. with third-party services and aggregators by the end of March. "Our contracts require that all parties that have received the location data of the AT & T customer in connection with those agreements remove that information and are verifying that they have done so, subject to any its conservation obligations, "concludes Marsh The decision to reduce its sale of such data is likely because, although AT & T may be technically correct in its interpretation of the FCC rules, its sale of the data may still violate Section 222 of the Communications Act, as noted Ars Technica . AT & T did not immediately respond to a request for comment.
AT & T's defense comes to light today because the FCC is Struggling internally to advance the investigation. "The FCC has been silent about press reports that, for a few hundred dollars, intermediaries can sell their location within a few hundred meters according to the data on their wireless phone, which is unacceptable," Commissioner Jessica writes. Rosenworcel, a Democrat, who accused the FCC, controlled by the Republicans, of withholding vital information about the progress of the agency's investigation.
"I do not remember accepting this surveillance when I enrolled in wireless, and I bet you do not either." This is a problem that affects the privacy and security of all Americans with a wireless phone, "Rosenworcel added. "It is chilling to think what a black market could mean for this information in the hands of criminals, stalkers and those who wish to harm us." I will continue to press this agency to make public what it knows about what happened, but I do not believe that consumers should stay in the dark, that's why I'm making these letters available today. "
T-Mobile, Sprint and Verizon were less defensive in the cards that Rosenworcel published today. Verizon says it stopped all sales of such data to third parties in November 2018 and finalized its agreements with the roadside assistance companies in March. T-Mobile says it took a similar action, notifying its suppliers last fall that it would finalize its contracts with location-based service providers and would do so in March.
Sprint, on the other hand, says it is in the process of terminating its contracts. "In response to your questions. Sprint currently uses only one location aggregator to provide [location-based services] to two customers with a public interest: a roadside assistance provider for Sprint customers and a provider that facilitates compliance with state requirements for a lottery that funds the state government ", Sprint privacy Chief Maureen Cooney wrote. "As of May 31, 2019, Sprint will no longer contract with any location aggregator to provide LBS. Sprint anticipates that after May 31, 2019, it can provide LBS services directly to customers such as those described above, but there are no firm plans at this time. "