Saying there is no legal reason why Ajit Pai should rebuff an invitation to brief lawmakers during the government shutdown, the chairman of the House Energy and Commerce Committee on Monday criticized the FCC head for refusing to appear for a briefing about the ongoing controversy over Americans’ real-time location data being disclosed to unauthorized third-parties.
In a call on Monday, Pai’s staff told Democrats that he would not appear to discuss his agency’s progress in tackling the issue due to the shutdown. His presence was requested last week for an “emergency briefing” by the committee’s chair, Rep. Frank Pallone, Jr., who, citing a threat to law enforcement, military personnel, and domestic abuse victims, said the matter could not wait for the shutdown to be resolved.
Significant portions of the federal government have been closed since December 22, as President Trump has refused to sign any spending bill that doesn’t include billions of dollars to construct a wall along the U.S.-Mexico border. The House of Representatives and Senate have both passed bills excluding the money. After FCC funds dried up on Jan. 3, the commission said it would cease all work irrelevant to “the protection of life and property.”
Attention spiked over the phone-tracking issue last week after Motherboard revealed that one of its reporters managed to acquire the location of a cellphone in Queens, New York, through a $300 back-alley deal. The report followed a New York Times story last April that disclosed how phone-location data was being funneled by “middleman” companies from carriers such as AT&T and T-Mobile to law enforcement officials who would otherwise require a warrant to obtain it.
Motherboard security reporter Joseph Cox wrote that he had acquired phone-location data from a source in the bail bond industry during the course of an undercover investigation and that the sensitive data was being routinely acquired by bond agents (read “bounty hunters”) without a subpoena or prior approval from the courts.
In a letter to the FCC chairman last week, Pallone said it was paramount his committee investigate the matter at once and that it could not wait “until President Trump decides to reopen the government.” However, committee members said on Monday that Pai had declined to brief them citing the shutdown, while asserting (in Pallone’s words) that the matter was “not a threat to the safety of human life or property.”
Neither Pai nor his chief of staff, Matthew Berry, placed the call notifying Pallone’s office of his refusal, according to a senior Democratic aide, who said the news came instead from a lower-level staffer.
Pallone responded to Pai’s decision in a statement, saying, “There’s nothing in the law that should stop the Chairman personally from meeting about this serious threat that could allow criminals to track the location of police officers on patrol, victims of domestic abuse, or foreign adversaries to track military personnel on American soil.”
The FCC told Gizmodo, “As we told Committee staff today, the Commission has been investigating wireless carriers’ handling of location information. Unfortunately, we were required to suspend that investigation earlier this month because of the lapse in funding, and pursuant to guidance from our expert attorneys, the career staff that is working on this issue are currently on furlough. Of course, when the Commission is able to resume normal operations, the investigation will continue.”
Sen. Ron Wyden, who raised questions about the extralegal sale of location data to correctional officers last spring, criticized Pai for having “enough time to tweet cat videos and tired memes,” while refusing “to brief Congress about a real threat to every American’s security.”
“It’s a new low for someone who has spent his tenure at the FCC refusing to do his job and stand up for American consumers,” he said.
In his letter to Pai last week, Pallone wrote:
Bad actors can use location information to track individuals’ physical movements without their knowledge or consent. If recent reports detailing the cheap, accurate, and easy accessibility of legally protected, real-time location data are true, we must work expeditiously to address these public safety concerns. If we don’t, the privacy and security of everyone who subscribes to wireless phone service from certain carriers—including government officials, military personnel, domestic violence victims, and law enforcement officials—may be compromised.
Pallone noted that one of Pai’s colleagues—Commissioner Jessica Rosenworcel—had offered to make herself available to the committee, though she lacks the authority to direct agency resources.
“This is an issue of personal and national security,” Rosenworcel, a Democrat, told Gizmodo by phone. “It needs an FCC investigation, the public deserves answers. There’s absolutely no excuse for delay.” She also concurred with Pallone’s assessment that nothing in the law prevents Pai from briefing the committee during a shutdown.
“What strikes me most, having spent some time studying this, is that this is a data ecosystem with no oversight,” she said. It’s also very troubling, she said, that wireless carriers, which have legitimate use for location data, have so easily turned it over to “shady middlemen,” who seem to have little compunction about how it used, or by whom.
“It’s not clear to me that I ever consented to that happening, and I bet you didn’t either,” she said, adding, “The FCC should be investigating from top to bottom, we should be auditing to identify every one of those third parties that had access to that information, and we should be figuring out if consumers ever gave their consent for this to occur.”
T-Mobile, Sprint, and AT&T have each said publicly that they plan to terminate all contracts with location aggregators—the companies, like Zumigo, which have been implicated in handing location data over to unauthorized parties (including the bond agents). T-Mobile, whose underhanded data practices were central to the Motherboard investigation, has said it will finish terminating its contracts with the location companies in March. (It first claimed to be doing so last May.)
The nation’s other major wireless carrier, Verizon, whose data was not available for purchase in Motherboard’s story, told Gizmodo its ties to the companies were all cut last year.
“As you’re most likely aware, Verizon is not among the companies cited in recent media accounts regarding issues with location tracking. We have followed through on our commitment to terminate aggregation arrangements and provide location information only with the express consent of our customers,” a Verizon spokesperson said.
The company added that it had maintained prior arraignments with four roadside assistance companies during the winter “for public safety reasons,” but that those companies “agreed to transition out of the existing arrangements by the end of March.”
Update, 1/15: Added statement from FCC.