The Federal Communications Commission announced Monday that it will fine four major U.S. wireless carriers a total of about $200 million for “unlawfully” sharing and selling customers' real-time location data without their consent.
According to the FCC, AT&T was fined more than $57 million, Verizon was fined nearly $47 million, T-Mobile was fined more than $80 million, and Sprint was fined more than $12 million.
“Our communications providers have access to some of the most sensitive information about us. These carriers have failed to protect the information entrusted to them. We're talking about some of the highest data in the world: the real-time location of our customers, revealing where they go and who they are,'' FCC Chair Jessica Rosenworcel said in the announcement. I mentioned it inside.
According to the FCC, its investigative division, the Enforcement Division, said the four companies sold access to their customers' location data to third-party companies, which the FCC calls “aggregators,” who then resold the location data to other companies. announced that it had concluded that These series of sales and resales have effectively created a complete gray market for mobile phone subscriber historical and real-time location data. Most customers did not even know that a market for such data existed, let alone consent to the sale of their data.
Mobile phone carriers are required by law to “maintain the confidentiality of such customer information and obtain affirmative, explicit customer consent before using, disclosing, or permitting access to such information.” ”, the FCC wrote.
The fines were imposed after a media investigation revealed years later that the four news agencies shared this type of data with organizations such as law enforcement and bounty hunters.
In 2018, the New York Times reported that law enforcement and corrections officials across the country are using a company called Securus Technologies to track people's locations. Securus' solution relied on “systems typically used by marketers and other companies to obtain location data from major mobile carriers,” the NYT wrote.
The following year, Motherboard's research revealed that bounty hunters could geolocate cell phone customers for as little as $300. Motherboard's Joseph Cox, who now works for 404 Media, wrote at the time that “these surveillance capabilities are sometimes sold through word-of-mouth networks.”
The FCC said that despite these public reports, the four carriers “ensure that the dozens of location service providers that have access to their customers' location information do in fact have their customers' consent.” The company wrote that the company failed to take safety measures and continued to sell the data. .
All four airlines criticized the decision and said they would appeal.
“This industry-wide third-party aggregator location services program is a step to ensure the delivery of critical services such as roadside assistance, fraud prevention, and emergency response,” T-Mobile spokeswoman Tara Darrow said in a statement. It was discontinued more than five years ago after taking steps to prevent this.” It won't be confusing. ”
Darrow said T-Mobile, which merged with Sprint in 2020, will appeal the decision.
“We take our responsibility to keep our customer data secure very seriously and have always supported the FCC's efforts to protect consumers, but this decision is wrong and the fine is excessive. We intend to take on that challenge,” the statement said.
AT&T spokesman Alex Byers also said the company would appeal, calling the FCC's decision “lacking legal and factual merit.”
“Unreasonably hold us accountable for another company’s violation of our contractual requirements to obtain consent, ignore immediate steps we take to address that company’s failures, and ignore actions such as emergency medical alerts and roadside assistance.” It unfairly penalizes us for supporting life-saving location services, which the FCC itself has previously encouraged. We plan to appeal this order after conducting a legal review,” Byers said in a statement to TechCrunch.
“The FCC's order is wrong on both fact and law, and we plan to appeal this decision,” Verizon spokesman Rich Young said in a statement.
“In this case, one malicious actor gained unauthorized access to information about a very small number of customers, and we quickly and proactively blocked the fraudster and shut down the program to ensure that something like this never happens. We worked hard to ensure it never happened again,” the statement read. “Keep in mind that the FCC's order pertains to an old program that Verizon shut down more than five years ago. The program required affirmative opt-in consent from customers and was used for things like roadside assistance and medical alerts. It was intended to support the services of