This week, Federal Communications Commission Chairwoman Jessica Rosenrocel announced that the agency had sent letters of inquiry to the top 15 mobile providers requesting information about their data retention, data privacy policies, and general practices.
According to the agency, the letters ask providers to share information about geolocation data policies, including how long geolocation data is retained and why and what the current safeguards are to protect this sensitive information. The letters also probe providers about their processes for sharing subscriber geolocation data with law enforcement and other third parties, and how the carriers combine geolocation data with other data to which they have unique access. Finally, the letters ask if and how consumers are notified when their geolocation data is shared with third parties. Carriers have until August 3 to respond to the inquiry.
Unlike application access to GPS location data, carriers have access to uniquely precise geolocation data (A-GPS, or “assisted GPS”) to facilitate 911 response. Additionally, carriers can combine geolocation data with other customer-related data to provide more accurate information on a customer’s location and activities. This is why law enforcement and others, such as bounty hunters, prefer access to carrier information over that made available by applications on the phone.
Public Knowledge commends the FCC for taking this action at a time when malicious actors could use geolocation data to target people for seeking healthcare, but urges the agency to use its authority to improve privacy by design for carriers and enhance transparency of law enforcement requests.
The following can be attributed to Harold Feld, Senior Vice President at Public Knowledge:
“Carriers have unique access to highly accurate geolocation information – known as A-GPS – designed so that 911 responders can find a caller with pinpoint accuracy. Additionally, they have access to other information that can be combined with geolocation to produce a detailed picture of a person’s activities far beyond what applications on the handset can provide.
“As the FCC has made clear for more than two decades, it is important that providers ‘ensure the confidentiality and protection of their personal and proprietary information’ of this highly accurate data. Consumers simply do not expect that their every move will be collected and sold. They do not expect that when and how often they visit the grocery store, or go to happy hour, receive kidney dialysis, receive chemotherapy, or go to any doctor’s appointment, that their mobile service provider is selling that information.
“In light of the long history of abuses by carriers selling this kind of detailed and hyper-accurate information to law enforcement, bounty hunters, and even stalkers, Chairwoman Rosenworcel is to be praised for conducting this inquiry.
“This inquiry also underscores the importance of the FCC’s oversight of the privacy of the phone industry. The FCC has specialized power to force carriers to respond. It has the power to impose transparency requirements to reveal when law enforcement abuses the legal process to obtain deeply personal phone information. It has the power to require specific data minimization and data protection obligations if necessary. The FCC has used this power in the past to create new rules in response to revelations that stalkers had access to carrier information, and should not hesitate to use its regulatory powers again if necessary.”