After scandal, only Verizon stops sharing real-time location data of cell phone users

(Image: file photo) A senator has strongly criticized three of the US’ largest cell carriers that have not promised to stop selling their customers’ real-time location data to third party companies. Sen.

Ron Wyden (D-OR) welcomed Verizon’s move to end its agreements with data aggregators, including LocationSmart, which sold location data to a prison tech company that claimed to be able to track any cell phone in the US “within seconds.” But the senator rebuked AT&T, T-Mobile, and Sprint for continuing the practice. “Verizon did the responsible thing and promptly announced it was cutting these companies off,” said Wyden in a statement Tuesday, following an investigation by his office.

“In contrast, AT&T, T-Mobile, and Sprint seem content to continuing to sell their customers’ private information to these shady middle men, Americans’ privacy be damned,” he said. Letters from the four cell giants were published Tuesday after Wyden demanded last month to know why millions of Americans’ real-time location data was being shared with so-called aggregators, which manage data requests for customer data across the carriers. The phone giants say it’s “common” to share data, such as when motorists are stranded or as part of workforce and fleet tracking, but said that customer data should have more tightly controlled.

The carriers partnered with LocationSmart, which claimed it had “direct connections” to the cell giants’ cache of location data.

Aggregators could then share location data with their own customers. But the carriers found that one of LocationSmart’s customers, 3Cinteractive, shared location data with another company, Securus, a prison technology company, which used the data in violation of the carriers’ policies. Aggregators must obtain consent from the customer before their location data can be used, such as by sending a one-time text message or allowing a user to hit a button in an app.

But The New York Times found that police and correctional officers could track anyone’s location without their consent, because Securus turned over the data without verifying that a warrant had been obtained. The phone giants said they took “prompt steps to protect customer data and shut down” location data access to 3Cinteractive and Securus. Spokesperson for LocationSmart and 3Cinteractive did not respond to a request for comment.

But the phone giants remained vague on exactly how the companies obtained customers’ consent to provide data to LocationSmart in the first place. ZDNet previously asked how each carrier obtains consent from their customers, but none offered concrete answers. Sprint hinted that its privacy policy allows the phone giant to share customers’ personal data, “including location information,” with third-parties.

Verizon, in its letter to Wyden’s office, also hinted that customers give their consent by agreeing to the company’s privacy policy. Customers, unable to opt out of the phone giants’ privacy policies, may be locked in to sharing their location data with aggregators. “I don’t believe that there is anything consumers can do to opt-out of having their location data shared with third-parties like LocationSmart,” said Stephanie Lacambra, staff attorney at the Electronic Frontier Foundation, in an email.

LocationSmart was later forced to pull part of its website offline after a vulnerability allowed a security researcher to obtain real-time location data without obtaining consent from the user. Robert Xiao said that the company had “no security oversight” before the site served location data. LocationSmart said that “did not result in any customer information being obtained without their permission” beyond the researcher’s queries.

The Federal Communications Commission is investigating the website flaw.

Got a tip?

You can send tips securely over Signal and WhatsApp at 646-755-8849.

You can also send PGP email with the fingerprint: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Read More

ZDNET INVESTIGATIONS

ZDNET INVESTIGATIONS

You may also like...

Leave a Reply

Your e-mail address will not be published. Required fields are marked *

       
Apps & Games Clothing Electronics & Photo Large Appliances
Baby Womens Apparel Garden Lighting
Beauty Mens Apparel Outdoors Luggage
Books Girls Apparel Health & Personal Care Pet Supplies
Car Boys Apparel Home Shoes & Bags
Motorbike Computers & Accessories Kitchen Equipment Sports & Outdoors
Fashion DIY & Tools Jewellery Toys & Games