Ransomware

FCC Fined AT&T, Verizon, T-Mobile Over Illegal Data Sharing

, Sprint, and sold location data to third parties without customer consent and without reasonable safeguards, the said.

by Mihir Bagwe April 30, 2024 in Compliance, Cyber Essentials, Cybersecurity News, Governance, Regulations Reading Time: 3 mins read 0

590 SHARES 3.3k VIEWS Share on LinkedInShare on Twitter

The Federal Communications Commission has fined the largest phone carriers in the country – AT&T, Sprint, T-Mobile and Verizon – $200 million over of its customers location with third parties, and that with inadequate safeguards in place.

Of the four, T-Mobile was fined the most with more than $80 million but it will pay another $12 million as Sprint, which was acquired by them in April 2020 was fined separately for its malpractices prior to the acquisition. AT&T was fined more than $57 million and Verizon nearly $47 million.

The FCC Enforcement Bureau investigations of the four carriers found that each of them sold access to its customers' location information to aggregators, who then resold access of such information to third-party location-based service providers.

For example, AT&T had arrangements with two location information aggregators: LocationSmart and Zumigo, which in turn, had arrangements with location-based service providers.  “In total, AT&T sold access to its customers' location information (directly or indirectly) to 88 third-party entities,” the FCC said.

“The largest wireless carriers in the country were selling our real-time location information to data aggregators, allowing this highly sensitive data to wind up in the hands of bail-bond companies, bounty hunters, and other shady actors,” said FCC Chair Jessica Rosenworcel.

The agency stated, “Each carrier attempted to offload its obligations to obtain customer consent onto downstream recipients of location information, which in many instances meant that no valid customer consent was obtained.”

Furthermore, when the carriers became aware of the inadequacy of their procedures, they failed to halt the sale of access to location information or adequately safeguard it from unauthorized access.

AT&T and Verizon revealed their intention to appeal the FCC's decision, citing legal and factual discrepancies in the agency's order, while T-Mobile planned to challenge the decision, emphasizing its commitment to safeguarding customer data and labeling the fine as excessive.

All three companies highlighted that the program for which they were fined ended approximately five years ago.

Views of the Illegal Data Sharing Whistleblower

Senator Ron Wyden (D-OR), commenting on Monday's action praised the FCC for penalizing wireless carriers.

“No one who signed up for a cell plan thought they were giving permission for their phone company to sell a detailed record of their movements to anyone with a credit card ,” Wyden said. “I applaud the FCC for following through on my investigation and holding these companies accountable for putting customers' lives and privacy at risk.”

The issue first came to light in 2018 when Wyden discovered the carriers' practices, revealing instances of abuse by government officials and others who obtained location data without proper authorization.

The FCC found the telecom companies' practices in violation of section 222 of the Federal Communications Act, which mandates confidentiality of customer information and affirmative consent before sharing or accessing customer location data.

FCC's action comes weeks after the House of Representatives passed the Fourth Amendment Is Not For Sale Act, which would prohibit law enforcement agencies from buying location data and other sensitive information about Americans, without a court order. Privacy advocates cheered the bill's passage but it now faces an uphill task in the Senate and the White House.

Source

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button