AT&T among mobile carriers to quit selling customers’ location data

The announcement comes amid fears of a federal investigation into privacy practices

AT&T has announced that it will stop selling customers' location data to third-parties after reports that the data is being auctioned off on the dark web.

A Motherboard investigation showed AT&T, as well as fellow carriers T-Mobile and Sprint, had been selling location data which can then be bought elsewhere for $300, meaning it was possible to work out where people were at any given time. 

Advertisement - Article continues below

Federal lawmakers have called for investigations into the carriers in question following the expos which showed a complex chain of information-sharing which led to the data landing in the wrong hands.

AT&T has now announced that all agreements and deals it had to share data with 'location aggregators' will now terminate by March - including those that were beneficial to its customers.

This comes after the company suspended some of its existing agreements last year as a result of a congressional probe which found that Verizon's location data was being misused by US prison officials to spy to the American public.

"In light of recent reports about the misuse of location services, we have decided to eliminate all location aggregation services - even those with clear consumer benefits," AT&T said in a statement. "We are immediately eliminating the remaining services and will be done in March."

Advertisement - Article continues below

T-Mobile's CEO John Legere tweeted on Tuesday that the carrier would also cease location sharing agreements by March, citing roadside assistance as one of the helpful services the sharing supports.

When the agreements are terminated, users will be required to opt-in to location data sharing in order to carry on benefitting from such services.

Advertisement - Article continues below

So how did the data get in the hands of criminals? Telcos sell location data to aggregators who then sell data to specific clients and industries - a deal which supposedly only happens when a customer has given explicit consent, according to a letter from AT&T to Senator Ron Wyden earlier this year.

Other instances where users don't have to give consent include roadside assistance and bank fraud prevention companies - the organisations that are lawfully allowed to receive such data and use it to carry out their business.

So the data goes from carrier to aggregator and from the aggregator, location data can go to myriad destinations. One of the aggregators involved in the Motherboard investigation allegedly sells data to clients ranging from landlords scoping out potential renters to car salespeople conducting credit checks.

Frederike Kaltheuner, data exploitation programme lead at campaign group Privacy International, said that "it's part of a bigger problem; the US has a completely unregulated data ecosystem."

Advertisement - Article continues below

Reports of location data ending up in the wrong hands also surfaced in May 2018 when aggregator LocationSmart was believed to have sold data to Securus, a company which distributed real-time location data to low-level law enforcement officers such as Sherriff Cory Hutcheson who used the data to spy on judges and other police officers.

Securus was the same company that also sold Verizon's data to prison officials which became the catalyst for the aforementioned congressional probe.

"Securus is neither a judge nor a district attorney, and the responsibility of ensuring the legal adequacy of supporting documentation lies with our law enforcement customers and their counsel," Securus said in a statement issued to the NY Times.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now

Most Popular

video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Mobile Phones

Apple lifts iPhone purchase restrictions

23 Mar 2020