AT&T, Sprint, T-Mobile, and Verizon say they won’t provide their customers’ location data to third-party data brokers, AP reported on Tuesday. A New York Times report in May touched off a major scandal by describing the ways location data, which all four major carriers in the U.S. share with data brokers like LocationSmart, can be abused.
Senator Ron Wyden, an Oregon Democrat who called for an investigation into the practice after the news first broke, praised Verizon and AT&T following the companies’ announcements today.
In the past, American carriers have given location data to brokers who then shared it with third parties, with the understanding that customer consent is obtained. However, LocationSmart has worked with Securus Technologies, which offered software used by law enforcement to track phones without user knowledge. All four carriers have since stopped supplying Securus with data, the Associated Press reports.
At the time of New York Times’ discovery, carriers tried to mitigate public outrage by saying the practice was routine, the data itself was secure, and couldn’t be used to maliciously track private citizens. All three claims were challenged in a matter of days.
A Missouri sheriff used data from Securus to track former co-workers and a journalist investigating corruption accusations against him. Days later, a Carnegie Mellon researcher discovered a security flaw in the Location Smart website that “could have allowed any reasonably sophisticated hacker to secretly track almost any phone in the U.S. or Canada,” AP reports. LocationSmart disabled parts of its website in response.
Quoting an EFF researcher, ZDNet reports that carriers may have obtained consent from users by burying the practice into their privacy policies, abdicating customers of the option to opt-out of having their information shared.