AT&T among mobile carriers to quit selling customers’ location data

The announcement comes amid fears of a federal investigation into privacy practices

AT&T has announced that it will stop selling customers' location data to third-parties after reports that the data is being auctioned off on the dark web.

A Motherboard investigation showed AT&T, as well as fellow carriers T-Mobile and Sprint, had been selling location data which can then be bought elsewhere for $300, meaning it was possible to work out where people were at any given time. 

Advertisement - Article continues below

Federal lawmakers have called for investigations into the carriers in question following the expos which showed a complex chain of information-sharing which led to the data landing in the wrong hands.

AT&T has now announced that all agreements and deals it had to share data with 'location aggregators' will now terminate by March - including those that were beneficial to its customers.

This comes after the company suspended some of its existing agreements last year as a result of a congressional probe which found that Verizon's location data was being misused by US prison officials to spy to the American public.

"In light of recent reports about the misuse of location services, we have decided to eliminate all location aggregation services - even those with clear consumer benefits," AT&T said in a statement. "We are immediately eliminating the remaining services and will be done in March."

Advertisement - Article continues below

T-Mobile's CEO John Legere tweeted on Tuesday that the carrier would also cease location sharing agreements by March, citing roadside assistance as one of the helpful services the sharing supports.

When the agreements are terminated, users will be required to opt-in to location data sharing in order to carry on benefitting from such services.

Advertisement - Article continues below

So how did the data get in the hands of criminals? Telcos sell location data to aggregators who then sell data to specific clients and industries - a deal which supposedly only happens when a customer has given explicit consent, according to a letter from AT&T to Senator Ron Wyden earlier this year.

Other instances where users don't have to give consent include roadside assistance and bank fraud prevention companies - the organisations that are lawfully allowed to receive such data and use it to carry out their business.

So the data goes from carrier to aggregator and from the aggregator, location data can go to myriad destinations. One of the aggregators involved in the Motherboard investigation allegedly sells data to clients ranging from landlords scoping out potential renters to car salespeople conducting credit checks.

Frederike Kaltheuner, data exploitation programme lead at campaign group Privacy International, said that "it's part of a bigger problem; the US has a completely unregulated data ecosystem."

Advertisement - Article continues below

Reports of location data ending up in the wrong hands also surfaced in May 2018 when aggregator LocationSmart was believed to have sold data to Securus, a company which distributed real-time location data to low-level law enforcement officers such as Sherriff Cory Hutcheson who used the data to spy on judges and other police officers.

Securus was the same company that also sold Verizon's data to prison officials which became the catalyst for the aforementioned congressional probe.

"Securus is neither a judge nor a district attorney, and the responsibility of ensuring the legal adequacy of supporting documentation lies with our law enforcement customers and their counsel," Securus said in a statement issued to the NY Times.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now

Most Popular

Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020
Server & storage

Dell EMC PowerEdge R7525 review: An EPYC core density to make Intel weep

26 May 2020
Network & Internet

Intel releases Wi-Fi and Bluetooth driver updates for Windows 10

26 May 2020