One of the pieces of the giant data puzzle that carriers are able to routinely obtain from a smartphone on its network is geo-location, but unfortunately for customers that data hasn’t been handled all that well.
In a report from The Verge, two of the three wireless carriers that were specifically named in a recent in-depth report regarding the misuse of customer geo-location data have responded in a hopefully meaningful way, indicating that change is (finally) coming. As a quick recap, it was recently reported this week by Motherboard that all it took was paying $300 to a bounty hunter and supplying a phone number to track down a device, and its owner, to a specific location.
That bounty hunter picked up the data, which required no hacking at all, from a third-party company called Zumigo, which was providing data access from major phone carriers by way of another company called Microbilt — which has been offering its services to several companies for quite some time. The phone in question that was tracked was connected to the T-Mobile network.
As such, T-Mobile’s CEO, John Legere, has commented on the story in a tweet, saying that the un-carrier was “ending location aggregator work”.
I keep my word, @RonWyden. T-Mobile IS completely ending location aggregator work. We’re doing it the right way to avoid impacting consumers who use these types of services for things like emergency assistance. It will end in March, as planned and promised.
— John Legere (@JohnLegere) January 9, 2019
A spokesperson for T-Mobile said that the company has “blocked access to device location data for any request submitted by Zumigo on behalf of Microbilt”. On a broader scale, the company will also be ending all access from third-party aggregators from this point on. T-Mobile’s plans are to end these ties with the third-party companies by March of this year.
Meanwhile, Sprint, one of the other wireless carriers named in the original report, told The Verge that it will no longer “knowingly share personally identifiable geo-location information” to these third-party aggregators, except when it is tied to a legal request. Sprint also said that Microbilt and Zumigo had violated its own privacy policies:
Sprint spokesperson’s statement:
“We took immediate action to ensure Microbilt no longer had access to Sprint location data, and have notified Zumigo that we are immediately terminating our contract.”
Meanwhile, the last carrier named in the article, AT&T, did not provide a statement on the matter.
Verizon confirmed that it had ended its location aggregation service with Zumigo sometime in the past, before the article was published. The big red carrier has also ended other relationships with third-party companies, and will be doing so with others in the future as well, including location tracking data accessible by roadside assistance companies.
That’s all well and good. However, as noted in the original report, this is not the first time the carriers have dealt with this situation:
“The companies have already made similar pledges in the past. After another scandal over location tracking last year, all four major carriers said in letters to Sen. Ron Wyden (D-OR) that they would end location-sharing agreements with data aggregators like Zumigo. “Major carriers pledged to end these practices, but it appears to have been more empty promises to consumers,” Wyden said in a tweet this week.”
Will the carriers actually do something about it this time around? It sounds like Verizon has already started on the work. Sprint and T-Mobile, meanwhile, are telling us that they will be ending these relationships, but only time will tell if that’s actually the case. AT&T’s silence on the matter doesn’t bode well, does it? We’ll have to hope the big blue carrier is doing right by its customers, especially after the revelations discovered in the original report earlier this week.
[via The Verge]