Carriers in the U.S. have been indiscriminately selling their customers location data to third parties for years, and the FCC is most definitely not happy about it.
While it shouldn’t really have come as much of a surprise, we first heard revelations about U.S. carriers selling location data early last year as the result of an investigation by Motherboard. The report noted that while carriers officially only sold location data to financial institutions and data aggregators, they had virtually no procedures in place that would prevent just about anybody from getting access to it from there with nothing more than a few hundred bucks and a phone number.
The data generally leaked out through sketchy third-party companies that were buying the data, which the carriers had acknowledged broke their policies, but in reality it should never have been allowed to go that far in the first place. The three carriers involved in the original scandal—AT&T, Sprint, and T-Mobile—all pledged to improve their procedures, but the FCC was not impressed, and not long after it began demanding answers from all of them.
In letters sent last spring to the heads of AT&T, Sprint, T-Mobile, and Verizon, FCC Commissioner Jessica Rosenworcel expressed concern that “the public still has very little detail about how much geolocation data is being saved and stored—including in ways that may be far too accessible to others.”
The FCC asked some fairly pointed questions to the carriers, asking them to provide an update on their efforts to stop selling location data, when exactly they decided that this was a problem, and also what steps they take to ensure that location data sold to data aggregators is deleted or destroyed properly.
The FCC followed this up by launching a formal investigation into what the carriers were doing after the U.S. Committee on Energy and Commerce accused the FCC of “failing in its duty to enforce the laws Congress passed to protect consumers’ privacy.”
Dropping the Hammer
Now it looks like the FCC has wrapped up its investigation and is preparing to levy a huge fine on the carriers, who may even have been lying to Congress when they promised to curtail the behaviour.
According to Reuters, after FCC Chairman Ajit Pai confirmed back in January that “one or more wireless carriers apparently violated federal law,” sources have revealed that the Commission is preparing to levy fines of over $200 million collectively on the four U.S. mobile phone companies for “improperly disclosing some consumer real-time location data.”
The FCC could formally announce the proposed fines today, and while the carriers would be able to challenge the fines before they become final, sources say that the total is still expected to add up to “just over $200 million.”
Elements within the FCC have been pushing for this resolution for some time, with Commissioner Jessica Rosenworcel saying last month that it was a “shame” that the FCC has taken this long to act on what she refers to as the fact that “shady middlemen could sell your location within a few hundred meters based on your wireless phone data.”
It’s chilling to consider what a black market could do with this data.
The Wall Street Journal has heard from its own sources that the FCC has already sent out “pending notices of apparent liability” and hasn’t offered the carriers any opportunities to come to settlements, suggesting that it doesn’t believe a compromise is possible, or that it wants to hit the carriers as hard as possible with the fines, although it also increases the probability that the carriers will fight the fines, which would come under the purview of the U.S. Justice Department.
These fines would also come at a pretty significant point for at least two of the carriers. While T-Mobile and Sprint may have just cleared the last obstacle to a proposed merger, the need to split a hundred million dollar fine could throw a spanner into the works, delaying it past its current expected closing data of April 1.