FCC fines major US wireless carriers for selling customer location data – Krebs on Security

the US Federal Communications Commission The FCC today imposed fines totaling nearly $200 million on the four major carriers — including AT&T, Sprint, T-Mobile And Verizon – To illegally share access to customers' location information without consent.

The fines represent the culmination of a more than four-year investigation into the actions of major carriers. In February 2020, the FCC notified all four wireless providers that their practices in sharing access to customer location data likely violated the law.

The FCC said it found that each of the carriers sold access to their customers' location information to “aggregators,” who then resell access to the information to third-party location-based service providers.

“By doing so, each carrier attempted to offload its obligations to obtain customer consent onto recipients of location information, which in many cases meant that valid customer consent was not obtained.” FCC statement On reads the work. “This initial failure was exacerbated when the carriers, realizing that their safeguards were ineffective, continued to sell access to location information without taking reasonable measures to protect it from unauthorized access.”

Federal Communications Commission (FCC). Results against AT&TFor example, it shows that AT&T sold customer location data directly or indirectly to at least 88 third-party entities. Federal Communications Commission is found Verizon sold access to customer location data (directly or indirectly) to 67 third-party entities. Location data for Sprint customers found its way to 86 third parties, and to 75 third parties in the case of T-Mobile customers.

The committee said it took action after that Senator Ron Wyden (d-raw.) Send a letter to the FCC. Details of how the company was called Secure Technologies He would sell the location data of customers of almost any major mobile phone service provider to law enforcement officials.

See also  Police say a ticketless passenger was removed from a Delta flight in Salt Lake City

In the same month, KrebsOnSecurity published the news that The site is smart — a data aggregator that works with major wireless carriers — had a free, insecure demo of its online service that anyone could abuse to find the exact location of almost any cell phone in North America.

Carriers have promised to end location data sharing agreements with third-party companies. But in 2019, it was reported Show Vice.com Little Has Changed, detailing how reporters were able to locate a test phone after paying $300 to a bounty hunter who simply purchased the data through an unknown third-party service.

Senator Wyden said no one who signed up for a cellular plan believed they were giving permission for their phone company to sell a detailed record of their movements to anyone with a credit card.

“I applaud the FCC for pursuing my investigation and holding these companies accountable for putting customers’ lives and privacy at risk,” Wyden said in a statement today.

The FCC fined Sprint and T-Mobile $12 million and $80 million, respectively. AT&T was fined more than $57 million, while Verizon received a fine of $47 million. However, these fines represent a small portion of each airline's annual revenue. For example, the $47 million represents less than one percent of Verizon's total wireless services revenue in 2023, which was about $77 billion.

The fine amounts varied because they were calculated in part based on the number of days carriers continued to share a customer's location data after being notified that doing so was illegal (the agency also took into account the number of active third-party location data sharing agreements). The FCC notes that AT&T and Verizon took more than 320 days after the Times story was published to terminate their data-sharing agreements; T-Mobile took 275 days; Sprint continued to share customer location data for 386 days.

See also  The United States is opening a special investigation into the Tesla crash

Updated at 6:25 PM ET: She explained that the FCC began its investigation at the request of Senator Wyden.

Leave a Reply

Your email address will not be published. Required fields are marked *