AT&T, T-Mobile Will Stop Giving Your Location Data to Third Parties

Postado Janeiro 12, 2019

The sensitive data was available because AT&T, T-Mobile, and Sprint sell the information to third-party "location aggregators".

In June, Verizon, AT&T, Sprint and T-Mobile pledged to end the practice of selling location data through intermediary companies.

Verizon says that it ended its agreement with Zumigo before the original report came out this week. "We have followed through on our commitment to terminate aggregation arrangements and provide location information only with the express consent of our customers", the company wrote in a statement. "Nonetheless, we are reviewing these issues carefully to ensure the proper handling of all AT&T customer information".

T-Mobile made a similar announcement yesterday, saying that it had already blocked location data requests from aggregator Zumigo (which was specifically mentioned in Motherboard's report) and that it was nearly done severing ties with other third-party data aggregators.

But, just as we warned at the time, it was all weasel words.

In a report Tuesday, Motherboard reporter Joseph Cox described the process he had used to acquire the location data of a mobile phone from a source in the bail bond industry.

"The American people have an absolute right to the privacy of their data, which is why I'm extraordinarily troubled by reports of this system of repackaging and reselling location data to unregulated third party services for potentially nefarious purposes", the junior senator from California said. Wyden has found another supporter in the form of Senator Kamala Harris (D-CA).

T-Mobile offered a similar promise, as we noted in an update to our story on Tuesday. For instance, AT&T vowed to "protect customer data" and "shut down" Securus's access to its real-time store of customer location data.

After repeat questions on what that actually meant, a few days later T-Mobile US clarified that it was "winding down our location aggregation agreements".

Following this week's outcry, Legere repeated the same argument as months earlier, and claimed that his telco was "doing it the right way to avoid impacting consumers".

"Sadly, most of us assume not only that what we deliberately put on the Internet will fall into unauthorized hands but that data generated by our devices, services and even our human networks will be utilized in various ways we haven't authorized". It also said that it will not "knowingly share personally identifiable geo-location information" except when it comes to legal requests.

"We only permit sharing of location when a customer gives permission for cases like fraud prevention or emergency roadside assistance, or when required by law". Verizon told The Washington Post on Thursday that it, too, is ending its remaining location-sharing agreements.

As things stand, despite what appears, again, to be unambiguous promises to end location data selling, there is nothing to stop mobile telcos from simply coming up with a different name or spin for their location-peddling services, and firing it all up again. These companies then sold that data to other companies, and so on and so forth. "I'll believe it when I see it", said US Senator Ron Wyden, who called on the FCC to investigate the issue past year.