Without your knowledge or consent, the leading mobile phone carriers in the United States – including T-Mobile, Sprint, Verizon and AT&T – may be actively selling your location data to third-party vendors. And, in turn, these vendors are re-selling this data to an expanding network of shady middlemen, including bounty hunters, used car salesmen, property managers and potential stalkers or criminals. The bottom line here is that your personal location data is often ending up in the hands of people not authorized to possess it, all while the big mobile carriers continue to protest that they are not enabling this to happen.
Big mobile carriers are continuing to sell location data
Despite protests to the contrary, recent high-profile cases show that mobile carriers are, indeed, enabling this shady location data ecosystem to grow and prosper. In some cases, all it takes is a single mobile phone number and anywhere from $100-$300, and an unauthorized location data broker can track down the current, real-time location of that phone, often down a few hundred meters of the actual physical location. And it’s all done without sophisticated hacking equipment or elaborate online cyber surveillance. The data is there for the taking – all you need to do is ask for it.
As proof that this problem really exists and that real-time location tracking can be done within a matter of minutes, a journalist from VICE showed that it was possible to track down the precise location of a mobile phone anywhere in the United States, thanks to the ease and convenience of buying location data from unauthorized location data vendors (known within the industry as “location aggregators”).
Obviously, that is pretty alarming news. It means that a jilted lover could use that location data to stalk an ex-girlfriend or ex-wife. It means that criminals could track the comings and goings of people and get updates when people are away from home. And it means that a whole lot of unsavory folks – including professional bounty hunters – are essentially conducting around-the-clock surveillance of individuals using location information.
Mobile carriers claim they are terminating all data-sharing deals
As these stories and incidents leak out into the media, the major mobile carriers have tried to gloss over their policies and procedures. After a flare-up of location data fiascos in 2018 and pressure from Congressional leaders to clean things up, it looked like the big mobile carriers were cleaning things up. T-Mobile said it had reviewed its data-sharing program and found that all appropriate controls were in place. Moreover, after constant criticism and negative PR in the media, T-Mobile CEO John Legere famously tweeted out that, “I’ve personally evaluated this issue.” This equivalent of a PR ad campaign on Twitter was an attempt to convince and persuade T-Mobile customers that their location data was not being sold to the highest bidder. AT&T also pledged that it had suspended all deals with location aggregators. In total, four mobile carriers – AT&T, Verizon, Sprint and T-Mobile – promised to stop selling data.
So, the new flare-up of media attention over location data practices in early 2019 has been particularly embarrassing for the big mobile carriers. It seems like nothing has really changed, despite all the assertions to the contrary by these mobile carriers. In mid-January, after federal lawmakers started calling for an investigation into shady data-sharing practices, AT&T said it would stop selling all location data – not just to the “location aggregators” but also to everyone else (including companies providing roadside assistance to motorists). AT&T was quite clear and emphatic, “We will be done in March.” Not to be outdone, Verizon also promised to do the same.
The case for expanded oversight and regulatory action
But is this really enough? Privacy International, for example, has warned that, “The United States has a completely unregulated data ecosystem.” And privacy-focused legislators, such as Senator Ron Wyden, have been consistently warning about the dangers of location data. As he once warned, “Carriers selling customer location data is a nightmare for national security and the personal safety of anyone with a phone.”
If we are to believe the big mobile carriers, self-regulation is all that is needed. All the big mobile carriers have bought into the idea that location data sharing is wrong and harmful. Companies are terminating their agreements left and right. That should be a major victory for privacy advocates, right?
The answer is a little more complex than that because, as we have seen with other personal data scandals (especially the Facebook Cambridge Analytica data scandal), tech companies are willing to say just about anything in order to avoid federal regulation. Yet, industry insiders acknowledge that, as long as there is money to be made, people will keep selling data.
That would seem to argue for tighter scrutiny over these mobile carriers. As much as the big mobile carriers claim that the problem is with “shady middlemen,” the problem really starts at the top. The only reason why these shady middlemen are getting their hands on this data is because the big mobile carriers are making it available. To date, everything that they have told the public have been empty promises.
Thus, it would not be surprising to see more federal oversight over these mobile carriers. Senator Wyden, for example, has argued that both the FCC and the FTC need to get involved. And members of the U.S. Congress have said that, at a minimum, they need to hold hearings in order to get to the bottom of this. So, just as Facebook CEO Mark Zuckerberg was forced to make a long, painful journey to Washington in order to testify in front of the U.S. Congress (and a live TV audience), it’s no longer out of the question that the CEOs of the top mobile carriers in the nation will also need to testify in front of Congress about location sharing practices, possibly even in 2019.
The good news is that the momentum around personal data privacy appears to be building. People are much more aware now of how their mobile smartphones can be used to track them, often without their knowledge or consent. While there are some legitimate uses for location data sharing – such as location services that provide emergency roadside assistance – the reality is that mobile networks are very exposed and data is a very valuable commodity that a lot of people are willing to pay for. With that in mind, the big mobile carriers need to be doing a much better job of protecting their networks and protecting the location data on their customers’ mobile devices.