Vote 2020 graphic
Everything you need to know about and expect during
the most important election of our lifetimes

Verizon, AT&T, T-Mobile, and Sprint Pledge to Stop Selling Your Real-Time Location to Data Brokers

Illustration for article titled Verizon, ATT, T-Mobile, and Sprint Pledge to Stop Selling Your Real-Time Location to Data Brokers
Photo: AP

AT&T, Sprint, T-Mobile, and Verizon say they won’t provide their customers’ location data to third-party data brokers, AP reported on Tuesday. A New York Times report in May touched off a major scandal by describing the ways location data, which all four major carriers in the U.S. share with data brokers like LocationSmart, can be abused.

Advertisement

Senator Ron Wyden, an Oregon Democrat who called for an investigation into the practice after the news first broke, praised Verizon and AT&T following the companies’ announcements today.

In the past, American carriers have given location data to brokers who then shared it with third parties, with the understanding that customer consent is obtained. However, LocationSmart has worked with Securus Technologies, which offered software used by law enforcement to track phones without user knowledge. All four carriers have since stopped supplying Securus with data, the Associated Press reports.

Advertisement

At the time of New York Times’ discovery, carriers tried to mitigate public outrage by saying the practice was routine, the data itself was secure, and couldn’t be used to maliciously track private citizens. All three claims were challenged in a matter of days.

A Missouri sheriff used data from Securus to track former co-workers and a journalist investigating corruption accusations against him. Days later, a Carnegie Mellon researcher discovered a security flaw in the Location Smart website that “could have allowed any reasonably sophisticated hacker to secretly track almost any phone in the U.S. or Canada,” AP reports. LocationSmart disabled parts of its website in response.

Quoting an EFF researcher, ZDNet reports that carriers may have obtained consent from users by burying the practice into their privacy policies, abdicating customers of the option to opt-out of having their information shared.

[ZDNet & AP]

Advertisement

Of course I have pages. I had pages five years ago. How anyone can believe I don’t defies belief.

Share This Story

Get our newsletter

DISCUSSION

Krebs on Security has this two weeks ago.