On Tuesday, Motherboard published an article exposing the jaw-dropping ease of data collection and commercialization practices that can allow a stranger to find a cell phone’s location with just a phone number and $300. Motherboard’s investigation found that telecommunications companies, including T-Mobile, AT&T, and Sprint, would sell location data with an aggregator, which sold the data to MicroBilt, which then sold it to a Motherboard investigator for “dirt cheap.”
It was just last year when Senator Ron Wyden wrote to the Federal Communications Commission about Securus, a firm that that was offering geolocation of phones to low-level law enforcement without a warrant, thereby jeopardizing cell phone locations of not only inmates, but anyone with a phone number – which is pretty much everyone.
In response, major wireless carriers (Verizon, T-Mobile, Sprint, and AT&T) all made promises to limit data access to companies not using it for legitimate purposes. However, we’ve now learned that a different “Securus” — MicroBilt — has been selling phone geolocation services with little oversight to a spread of different private industries.
As FCC Commissioner Jessica Rosenworcel pointed out, “I haven’t consented to this, and I bet you haven’t either.” Senators Wyden, Harris, and Warner also expressed outrage about these developments. And they are right – what mobile operators are doing with our location data endangers not only consumer privacy, but also personal safety and U.S. national security. Why does this keep happening?
A Predictable Consequence of Deregulation
When Congress repealed the FCC broadband privacy rules two years ago, Public Knowledge predicted that “without the FCC’s broadband privacy rules, Americans go from being internet users to marketing data.” And that is exactly what has happened.
If the FCC still had those privacy protection powers, then it could have required wireless carriers to get opt-in consent from consumers prior to sharing geolocation data, and taken affirmative action, including imposing sanctions on the broadband providers that would be responsible for selling data to a chain of companies with disruptive data collection practices.
However, without these rules, the broadband providers are not incentivized to change anything despite their aloof public ideals of prioritizing consumer data privacy – even with Securus last year and Motherboard’s exposé about MicroBilt a few days ago, a representative of T-Mobile’s response was that it is only “nearly finished the process of terminating its agreements with location aggregators.” The situation feels like being in a traffic jam. It is yet another example that highlights the importance of a specialized federal agency enforcement, and the need for a comprehensive privacy legislation.
The FCC could still take some action under its Customer Proprietary Network Information (CPNI) rules. It would at least allow the Commission to investigate the matter with MicroBilt, but with the current government shutdown, unfortunately there is not much that can be done at the very moment — and there’s no guarantee this FCC would do that anyway.
Americans Need Privacy Protection
While telecommunications companies are trying to avoid liability by claiming that they do not “have a direct relationship with MicroBilt,” another stalker is potentially learning about the whereabouts of a vulnerable woman, when she comes and leaves her home, or where a White House official stops after work, as Senator Wyden noted. When any consumer’s geolocation data is easily sold for “dirt cheap” and when such sale can jeopardize personal safety and national security, it’s clear Americans are in dire need of strong and functional privacy protections. Congress should act on passing comprehensive legislation and empowering specialized agencies like the FCC.
Image credit: Thought Catalog