of US Federal Communications Commission The (FCC) today imposed fines totaling nearly $200 million against four major carriers. AT&T, sprint, T-mobile and verizon — If you unlawfully share access to your customers' location information without their consent.
The fines are the culmination of a more than four-year investigation into the conduct of major carriers. In February 2020, the FCC notified all four wireless providers that sharing access to their customers' location data may violate the law.
The FCC said it found that each carrier sold access to its customers' location information to “aggregators,” who then resold access to that information to third-party location service providers. .
“In doing so, carriers sought to shift the burden of obtaining customer consent to downstream recipients of location information, which in many cases indicated that valid customer consent was not obtained. “This means,” the FCC statement said. “This initial failure was compounded by the fact that once we realized that our security measures were ineffective, we continued to sell access to location information without taking reasonable steps to protect it from unauthorized access. did.”
For example, the FCC's findings against AT&T show that AT&T sold customer location data, directly or indirectly, to at least 88 third-party entities. The FCC found that Verizon sold access to customer location data (indirectly or directly) to 67 third-party entities. Location data for Sprint customers was sent to 86 third-party organizations, and for T-Mobile customers to 75 third parties.
The commission said it then took action. Senator Ron Wyden (D-Oregon) sent a letter to the FCC detailing how the companies made the calls. Securus Technologies sold location data of customers of virtually every major mobile provider to law enforcement authorities.
In the same month, KrebsOnSecurity announced the following news: location smart The data aggregation company, which works with major wireless carriers, has posted free, unsecured demos of its service online that could be used by anyone to access nearly every cell phone in North America. I was able to find almost the exact location of.
The carrier has pledged to “wind down” location data sharing agreements with third-party companies. But a 2019 Vice.com report shows that little has changed, detailing how reporters were able to find a test phone after paying a bounty hunter $300. The bounty hunter simply purchased the data through a little-known third-party service.
Sen. Wyden said no one believes that people who sign up for a cell phone plan are giving their phone company permission to sell a detailed record of their movements to anyone with a credit card.
“I commend the FCC for pursuing my investigation and holding accountable the companies that put the lives and privacy of their customers at risk,” Wyden said in a statement today.
The FCC fined Sprint and T-Mobile $12 million and $80 million, respectively. AT&T was fined more than $57 million, and Verizon was fined $47 million. Still, these fines represent only a small portion of each carrier's annual revenue. For example, $47 million is less than 1 percent of Verizon's total wireless service revenue in 2023 (about $77 billion).
The fines differ because they are calculated based in part on the number of consecutive days since the carrier was notified that sharing a customer's location data was illegal (authorities may We also took into account the number of third-party location data sharing agreements). The FCC notes that AT&T and Verizon each took more than 320 days to terminate their data-sharing agreements after the Times article was published. For T-Mobile, it took him 275 days. Sprint continued to share customer location data for 386 days.
Updated at 6:25pm ET: The FCC has announced that it has begun an investigation at the request of Senator Wyden.